Monday, 30 September 2013

"Consultation" process on second-level .uk domains - is anyone listening?

I recently attended one of the consultation meetings organised by Nominet, this time with the Digital Policy Alliance and the British Computer Society, at the rather swanky Sofitel on St James' Square in London.  I have pondered long and hard about the events of that evening and have come to the conclusion that more people need to know about what is happening with the .uk domain and also about the events of that evening...

Firstly, the proposal from Nominet is that current owners of third level domains such as oscar.co.uk etc should be given the opportunity to purchase a second level domain like oscar.uk.  The original proposition was that additional checks would be made on purchases of the second level domains to ensure that (a) they were who they said they were and (b) they have a legitimate base of operations in the UK.  This original proposition was quietly dropped a while back because of the total lack of support from existing domain owners to the proposal.

One might legitimately ask why such identity checks are not required to purchase a third level .uk domain?

In the early summer, the proposal for second level .uk domains reappeared, only this time without the identity or location checks.  I became aware of this via the BCS, of which I am a Fellow and so requested a place at the Sofitel consultation meeting.  The room had space for about 35 people.  Nominet sent 8 participants including the Chair, COO, CTO, Legal Director, a smattering of non-executive directors and a couple of admin staff to take notes.  The Digital Policy Alliance sent one representative and the BCS SIG sent three.  Six others, including myself were there.

I have not seen a transcript of the meeting nor have Nominet been in contact to even thank me for attending - which I consider to be discourteous at best.

Upon arrival, I was witness to the entirely inappropriate treatment of two Nominet members who were seeking admittance to the meeting.  I had no idea why they were being refused entry - as it turns out, they were apparently denied an invitation from Nominet.  Sources close to the matter inform me that they had attended a previous consultation meeting and voiced serious concerns about the motivations for the second level domain proposal.  Apparently, one of them had also attended the AGM and were amongst many voices critical of the Nominet Board.  In any event, Nominet, in their wisdom called the hotel's security guard and I heard him threaten (and I use the term advisedly) to physically eject the two members from the hotel if they did not voluntarily vacate the premises.  Voices were raised by both Nominet staff and the security guard and the two gentlemen were very obviously highly distressed by the whole episode.  Personally I thought it a completely disgraceful way to treat people in a public space.  Another example of Nominet being high-handed and disingenuous in my opinion.

So, to the meeting itself... the purpose of the meeting, as set out by Nominet, was to discuss the proposal to market second-level .uk domains.  The discussion began with an outline of the proposal from Nominet's CTO, which was then followed by a fairly robust discussion.  Before highlighting a couple of issues raised from the floor, a couple of interesting questions were posed by Nominet:

- If you were offered the equivalent second-level domain to the third-level domain you already own, would you purchase it?  This got a unanimous YES.

- Why?  This got a unanimous answer too... "to prevent anyone else from getting it."

I'm sure you'll agree that this does not really constitute support for the proposal.

In fact, now that the identity checks have been removed from the proposal, none of the non-Nominet participants in the meeting had anything encouraging to say about the proposal.  Several of us challenged the approach Nominet took to the meeting, which was to explain how they were planning to market the new domains and deal with contention... of which there will obviously be lorryloads.  What we wanted to discuss was why the proposal was being made at all.  Surely, the argument went, this idea was 20 years past its sell-by date and was in fact not going to add anything positive to the UK's online economy.

On at least three occasions Nominet's motivation for this proposal was challenged.  Given the number of existing third-level domains, this proposal essentially represents a potential revenue stream for Nominet of something like £50m and given that several of their non-executive directors represent large registrars there would appear to be the potential for serious conflicts of interest here.  This point was debated at some length and the financial motive was hotly denied by each Nominet representative in turn, but I for one did not find their arguments convincing.  If not motivated by the potential revenue, surely they must have some other compelling reason for returning to this proposal?  Well, if they do, they weren't sharing it with the meeting.

The conflict of interest point was made and the non-executive directors were forceful in stating that when such conflicted issues are raised in board meetings they absent themselves.  The Chair, Baroness Fritchie, was also clear that she was entirely comfortable with the governance regime at Nominet.  This last point caused me to bite my lip to avoid either laughing or shouting her down... but it seemed neither the time nor the place to challenge such a flawed assertion.  Why flawed?  Because at a recent industrial tribunal, four charges were levelled at Nominet and her directors and the judge ruled against Nominet on all four allegations.  They immediately went to press stating, incorrectly, that other than one minor point the judge had largely exonerated them.  The judgment included criticism of both the company and several of her officers who were adjudged misleading, high-handed and deceitful.  

The next contentious issue was where several third-level domains share the same prefix, e.g. oxford.co.uk, oxford.sch.uk etc... who gets first refusal?  Well, according to the proposal in its current form, the entity which has the longest continuous registration will get first refusal, so in the example chosen this could go to Oxford Spires Academy, not the University of Oxford, whom I would have thought could justifiably claim to have the greater right to the second-level domain.  The risk of litigation seems to me (and this view was also supported by others) very high indeed and entirely avoidable by simply dropping the proposal in its entirety.  I am also aware that the proposal was discussed at the AGM and that the majority of Nominet's members are vehemently opposed.    Unfortunately the way Nominet's voting system works, the ten largest members (including two represented on the board) carry 60% of the votes.

Back to the plot... We, the noncombatants so to say, challenged Nominet time and time again to justify the proposal in commercial and economic terms.  They failed to do so and this was the general opinion of the meeting.  In fact, we agreed that the proposal was fundamentally conflicted as by marketing the second-level domain as something intrinsically "better" than a third-level domain the obvious inference is that their existing client-base has wasted their money and now needs to spend more money... the cost of the new domains was agreed not to be the issue, the real costs will be in branding, literature and marketing communications.  It was also generally agreed that the money Nominet are spending on this proposal would be far better spent on verifying the identities of their existing domain owners and policing the third-level domains for inappropriate, malicious or illegal content.

As one of the attendees, a colleague of mine from the Information Assurance Advisory Council (http://www.iaac.org.uk) Community of Interest put it so eloquently "this proposal appears to be trying to fix something that is not even remotely broken" - I couldn't agree more.

These last points were made from all corners of the room.  Nominet, in this commentator's opinion, have already made their minds up to go ahead, despite the flaws in both concept and planned implementation.  If they do, it will be despite the feedback from the consultation, not because of it.

5 comments:

  1. Thanks for this report Oscar. Perhaps, and I have been thinking this for a few years, there needs to be an education campaign so that registrants understand that they don't need to own all the extension variations of their main domain name. There is very little mistyping or confusion as most traffic comes via existing bookmarks or Google searches. Other than one international organisation I am involved in I don't bother securing multiple extensions of a domain name as I don't think it makes much difference. If I was concerned about it I would secure rights in the name via international trademarks and then claim all the appropriate domains. I guess this is what large companies do. Smaller businesses don;t need to worry about it - in my opinion.

    ReplyDelete
    Replies
    1. Gordon, you may personally believe that it's unimportant to own many extensions, but the potential for confusion if .uk gets implemented is very real and has been recognised by many organisations including the Information Commissioner's Office - who have the power to impose fines running into the hundreds of thousands of pounds for cases of misdirected emails (which will greatly multiply with quasi-identical name@example.co.uk and name@example.uk email addresses potentially associated with different people at different organisations) I've covered this in detail in my blog post at http://www.webmastering.co.uk/domain-names/ico-warns-nominet-of-misdirected-email-danger-they-should-know-theyre-the-regulator/

      Delete
    2. In the cases cited in that article owning all of the extensions would not have prevented the bad thing happening. Ignoring the .uk second level issue, how many extensions should one organisation own? If the answer is quite a lot then adding an extra .uk will make no difference.

      Delete
    3. Again, that is incorrect.

      If you own example.co.uk and example.uk you can configure things such that all email to anyone@example.co.uk go to anyone@example.uk and vice versa.

      The most significant point is that the ICO themselves have warned Nominet about the danger of misdirected emails that would arise if .uk go ahead.

      In reply to your "how many extensions" question, many experts have concluded that companies will be FORCED to obtain the .uk to match their .co.uk, no matter what the complication or cost, to protect their brand and mitigate customer confusion issues, misdirected emails and the possibility of scammers setting up on a quasi-identical domain.

      .co.uk and .uk are more similar than .co.uk and any other domain extension that is available to register under. Both are available to, and expected to be used by, businesses. One is incredibly familiar, one looks like something's missing but also somehow "right".

      I appreciate you don't personally believe that companies need to exercise this sort of brand protection, but I suggest that when a large number of subject matter experts all say the same thing, they're almost certainly right.

      See for example the BBC's submission to Nominet's first consultation, question 11b https://www.whatdotheyknow.com/request/171912/response/425574/attach/html/4/RFI20131139%20Disclosure%20Document.pdf.html

      Delete
  2. Oh I do believe that companies should have brand protection, but the way to do that is through trade mark application and enforcement, which would then give them rights in certain domain names rather than by trying to be first to bag an appropriate domain name.

    However, my question of "how many domains?" still stands. It is clear that most companies do not feel the need to own *******.org.uk if their company web site is at *******.co.uk. Most do not bother owning *******.ws, unless they are someone like Amazon or Google. There clearly is a limit to how many variations companies are willing to register to protect their brands. They know that people do not mistype. The ICO cases cited were for people sending mail to incorrect email addresses that they had mistyped, not that mail being hijacked by the recipient. I am not saying it is not an issue, but don't get it confused with the brand protection one.

    Disclaimer: I used to run quite a large registrar, so i did used to have a financial interest in selling domain names.

    ReplyDelete