Microsoft & Yahoo Tells ICANN Not To Allow Google’s Dotless .Search App

In its eight part comment to ICANN, Microsoft gave plenty of reasons, actually 7 points, why Google should not be allowed to amend its application to run the .Search registry.

Yahoo followed with its own comments also objecting to the application.

Here are Microsoft’s comments:

“Microsoft Corporation (“Microsoft”) objects to ICANN’s preliminary approval of the application change request submitted by Charleston Road Registry Inc., for its .SEARCH application.

Google’s requested amendment does not meet ICANN’s Application Change Request Criteria.

Further, Google’s Amended .SEARCH Application will result in a gTLD registry that threatens the security and stability of the Internet. It will create ambiguity and confusion, and materially adversely impact consumers, public and private enterprises, and providers of critical infrastructure. Finally, contrary to Google’s characterization of it, Google’s proposed amendment does not truly “open” the .search gTLD to third parties. Accordingly, Microsoft requests that ICANN withdraw its preliminary approval of Google’s requested amendment to the .SEARCH Application.

ICANN’s Application Change Request Process requires ICANN to balance seven criteria to determine if an application change should be approved. Google’s requested amendment fails these criteria. ICANN should have denied the amendment request, especially because the amendment contains a new registry service and a significant new functionality – dotless domain – that ICANN’s own Security & Stability Advisory Committee (“SSAC”) recommended be contractually prohibited in new gTLDs because of the threats to security and stability posed by dotless domains.

1. Google did not provide a “reasonable explanation” for the requested amendment.

Google’s application change request for its Amended .SEARCH Application identified three possible explanations for the requested amendment: (a) to “propose a revised registration policy that allows for registration by any search website providing a simple query service”; (b) to “propose a new redirect service at the ‘dotless’ search domain (http://search/)”; and (c) to “provide users with a powerful new tool to make use of the search-related services online” New gTLD App. Change Request Form at 1 (emphasis added).

The true purpose of the amendment, however, is to evade and circumvent criticism of Google’s original .SEARCH Application by the GAC and the search community. The timing of the application change request – during the GAC’s deliberations to provide GAC Advice to the ICANN Board on new gTLD applications and three weeks after two Community Objections were filed against its original .SEARCH Application – make this clear. Such efforts at evasion and circumvention are not reasonable and ICANN should not treat them as reasonable.

Moreover, Google’s proposed amendment to its .SEARCH Application to add a new registry service – “search redirect service” – that operates on the dotless search domain is itself unreasonable. Amended .SEARCH Application at ¶ 23.10. This entirely new registry service is not properly a function of ICANN’s Application Change Request Process. Instead, as demonstrated herein, it is properly considered as part of a new application – even if Google must wait until the second new gTLD application round – because the amendment exceeds the scope of the Application Change Request Process.

2. Google’s requested amendment is material because it should “affect the evaluation score or require re-evaluation of some or all of the application.”

If Initial Evaluation of Google’s Amended .SEARCH Application had already been completed, the addition of the new dotless domain registry service would require re-evaluation by at least the Technical Evaluation Panel and, in all likelihood, the Registry Services Technical Evaluation Panel. Similarly, the change to a restricted registry model would require re-evaluation by at least the Technical Evaluation Panel, Financial Evaluation Panel, and, in all likelihood, the Registry Services Technical Evaluation Panel.

If an existing gTLD registry operator sought to offer the dotless domain service, that proposed new service would be subject to the Registry Services Evaluation Process. That process, which is governed by the Registry Services Evaluation Policy, requires ICANN to assess whether the proposed registry service raises “significant competition issues” or “significant security or stability issues.” As discussed further below, Google’s dotless domain service will introduce both “significant competition issues” and “significant security or stability issues” as well as significant user confusion. ICANN should not permit Google to elude this two-pronged substantive evaluation by adding a dotless domain registry service through the application change process.

In its February 23, 2012 SAC053 “Report on Dotless Domains,” ICANN’s Security and Stability Advisory Committee (“SSAC”) recommended “strongly against” the use of dotless domains because “they will not be universally reachable.”

The SSAC further recommended that “the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) be contractually prohibited where appropriate and strongly discouraged in all cases.” Id.

The SSAC’s recommendations garnered support from a wide variety of sources. Two operators of major Internet browsers – Mozilla and Microsoft – supported the SSAC’s recommendations. Dan Kaminsky, a computer security expert renowned for discovering the DNS cache poisoning vulnerability (and also an ICANN-selected Trusted Community Representative for the DNSSEC root), and ICANN’s At-Large Advisory Committee, which considers and provides advice on ICANN’s activities as they relate to the interests of individual Internet users, also supported SSAC’s recommendations regarding the use of dotless domains. Even Google’s own engineers have either specifically supported the SSAC’s recommendation (as is the case with Warren Kumari, an SSAC member) or expressed concern about the use of dotless domains (as is the case with Ian Fette and Harald Alvestrand, a former ICANN Board Member).

3. There is no evidence that Google’s original .SEARCH Application was in error.

Indeed, Google makes no claim that it “erroneously” sought to operate .search as a closed registry or that it “erroneously” excluded the dotless domain functionality in its original .SEARCH Application.

4. Google’s requested amendment materially adversely affects numerous third parties – Internet users, search users, other search providers, the GAC, other gTLD applicants public and private enterprises, and providers of critical infrastructure.

Google’s requested amendment constitutes a fundamental change from its original .SEARCH Application. The new dotless search functionality threatens the security and stability of the Internet, which adversely impacts all individuals, enterprises, and entities that use, support, and rely on a secure and stable Internet. The proposed shift to a restricted registry model does not obviate the expected anticompetitive effects of Google’s operation of the .search TLD and will result in additional anticompetitive effects, both of which negatively significantly impact search users and providers of search other than Google. Finally, Google’s proposed shift to a restricted registry model materially disadvantages the GAC, which has already provided most of its GAC Advice on specific new gTLD strings and applications to the ICANN Board and is unlikely to have the opportunity to address the issues raised by the Amended .SEARCH Application.

Individuals, enterprises, and entities that use, support, and rely on a secure and stable Internet will be adversely impacted by Google’s proposed dotless search functionality. As discussed above, ICANN’s SSAC strongly recommended against use of dotless domains because of the threat posed to Internet security and stability. Dotless domains are ambiguous within the Internet Domain Naming System (DNS), which will result in misinterpretation that sends users to unsecure or malicious sites, or sites with varying privacy policies. Custom and commercial applications, services, and systems will resolve dotless domains differently. Users of dotless domains would need enterprises to re-write their scripts to exempt any single label name that has been deployed on the internet. Internet Standard 3 (RFC 1123) recommends that implementations require 2 or more interior dots before sending queries to the global DNS. In conformance with applicable RFCs, Microsoft’s Windows® operating system does not attempt to resolve a Single Label Domain name over DNS. Attackers could exploit a cross-domain (“universal XSS”) defect to inject content into Local Machine Zone frames and execute arbitrary code exposing the browser, as well as other Internet connected applications and services to harm. Enterprises use Certificate Authority to generate SSL certificates for use within their network boundaries.

If any new gTLD that is the same as a commonly used name, such as one used today for root or local host addresses (e.g. //local, //msw), is permitted to operate as a dotless domain, devices could be directed to an insecure Internet domain rather than a trusted internal or local address. Further, false certificates could redirect traffic to a malicious site as noted in ICANN’s SSAC SAC057 report.

In its own words, “Google now runs the biggest DNS system in the world.”’

Allowing Google to extend its current dominance in search and search advertising to the .search gTLD will result in serious harm to competition globally in search and search advertising.

The .search gTLD has the potential to become a significant chokepoint for Internet search queries.

Google states that acquiring the .search gTLD will “make it easier for users to identify and make use of search funct[ionality] on the Internet” as controlled by Google.

In light of outreach and communications efforts Google describes in its Amended .SEARCH Application at 18.b.vi, Google seems to be prepared to invest substantial sums in outreach, communications, and other resources to ensure that the .search domain becomes a major source of search queries.

Further, any effort by Google to leverage its existing dominance in search and search advertising to funnel users to its .search gTLD would quickly create awareness among hundreds of millions – if not billions – of Internet users. Moreover, Google’s stated intention to promote its new gTLDs “collectively,” id., underscores not only the potential scope of a Google outreach and communications campaign but also the potential ability of Google to leverage these related generic-term registries to strengthen its dominance in search and search advertising. Google’s application for .search, bolstered by its 97 other gTLD applications, signifies its silent transition from gateway to gatekeeper and threatens serious competitive harm.

It is in this context that Google’s proposed shift to a restricted registry model does not obviate the expected anticompetitive effects of Google’s operation of the .search TLD. To the contrary, the requested amendment not only does not eliminate the anticompetitive effects of Google’s operation of .search gTLD, it creates new anticompetitive effects, all of which will adversely impact users and providers of search (other than Google). Google’s proposed restricted registry model only marginally expands third-party access to registration and use of .search domains. In fact, Google intends to limit .search domains for use only to “offer search functionality,” and can be registered and used only by those registrants that have previously provided search-related services.

Those registrants will only be permitted to register and use .search domains that correspond to the names and marks they use in connection with their search-related services.

Google further intends to restrict registration and use of .search domains to those registrants that will conform to Google’s technical requirements as specified in 18.b.iv of the Amended .SEARCH Application.

Google’s proposed restricted registry model affords it ample opportunity to operate .search in an anti-competitive manner. On the one hand, Google can exclude competitors that cannot or will not conform to .search registration and use restrictions set forth in the Amended .SEARCH Application. On the other hand, Google clearly intends to “establish an authoritative community of websites that offer search functionality,” which will undoubtedly further bolster its position as the dominant general search engine with significant vertical search offerings.

Google has also reserved the right to charge different prices for different second-level .search domains, which would allow it to charge certain competitors higher prices than it charges others.

Similarly, Google has also reserved the right to audit registrant compliance with Google’s .search registration and use requirements, which could result in uneven and unequal remediation of any issues that Google contends such audits disclose.

Google claims that it will increase competition by using its .search gTLD to “encourage websites with search functionality to adopt common query frameworks.” Amended .SEARCH Application at 18.b.ii.1. This claim is misleading. As the dominant search provider and with a declared intention to operate .search as a restricted registry model, Google will control all access to the .search TLD, including by defining “search functionality” and “common query” and mandating adherence to those definitions. Such control will enable Google to deny access to other providers of search that cannot or will not adhere to Google’s dictates. Depending on how .search domains are hosted, Google could have visibility into the queries posed and responses returned through third-party registrant second level domains on the .search top level domains. Google’s Amended .SEARCH Application does not exclude such visibility, nor does it afford protections to third-party search providers to protect the security and privacy of the search queries and returned responses.

Google’s proposal to operate .search as a restricted registry materially adversely affects the GAC. Google responded to the GAC’s Beijing Communique by taking the position that its proposed change from a closed to restricted registry means that its Amended .SEARCH Application “does not fall under Category 2 – Exclusive Access safeguard advice.”

Yet, Google’s restricted registry model does not permit Google to claim that its Amended .SEARCH Application has “safe harbor” by falling within the GAC’s Category 1 – Restricted Access safeguard advice. The GAC’s Category 1 – Restricted Access safeguard advice — identified “an exception to the general rule that the gTLD domain name space is operated in an open manner,” namely, where the string is “associated with market sectors which have clear and/or regulated entry requirements.”

For such strings, the “registration restrictions should be appropriate for the types of risk associated with the TLD.

The registry operator should administer access in these kinds of registries in a transparent way that does not give an undue preference to any registrars or registrants, including itself, and shall not subject registrars or registrants to an undue disadvantage.” Id. at 11. Google’s .search string is clearly not “associated with market sectors which have clear and/or regulated entry requirements.” Moreover, as demonstrated above, Google’s proposed restricted model inherently subjects “registrants to an undue disadvantage,” yet Google has failed to demonstrate why that restricted model is appropriate.

Further, Google’s proposed amendment effectively permits it to evade any response to the GAC regarding Google’s intention to restrict access to .search. The GAC is not expected to issue any further safeguard advice for Restricted Access gTLD applications. Accordingly, it seems likely that the GAC will not have an opportunity to further consider the public policy implications of the dominant market participant using a restricted registry model for the string that names the industry in which the participant is dominates the market.

5. ICANN’s approval of Google’s requested amendment is likely to create undesirable precedent for this round and future rounds of new gTLD applications.

Google’s requested amendment is not “similar to others that have already been approved,” but granting the request is likely to “lead others to request similar changes that could affect third parties or result in undesirable effects on the program.”

The June 6, 2013 written briefing from the New gTLD Program Committee to the GAC regarding an applicant’s ability to change its applied-for string to address GAC Member concerns provides insight into the concerns about creating precedent through application changes: “In summary, allowing one string change would lead to calls to extend the same treatment to all applications. Providing such would essentially mean that the completed application reviews, and in some cases, published results, would be nullified and processing of applications would need to start over again.”

This same rationale also applies to changes to the registry model from closed to restricted, which impacts the technical and financial responses in an application (and the review of those responses), id., as well as the addition of new registry services such as dotless domain and search redirect (and the review of that response).

The vast majority of approved amendments were requested to change clerical errors or to correct inaccuracies resulting from a change in circumstances.

Here, however, Google did not request an amendment to change a clerical error or correct an inaccuracy resulting from changed circumstances. Google’s requested amendment changes the .search registry business model and adds a new registry service and functionality.

Based on a review of all posted application changes, Google’s Amended .SEARCH Application appears to be the only application for which an amendment to add an entirely new registry service has been approved. Of the 29 updates that identify a change to the Q23 response, two (from the same applicant) sought to correct a typographical error in the applicant name) and twenty-six substitute a new registry service provider. The remaining change is Google’s Amended .SEARCH Application for which an entirely new registry service – search redirect service operating on the dotless search domain – is requested through amendment.

In evaluating the precedential value of allowing the broad amendment required by Google, it is important to consider that Google has now relied on the Amended .SEARCH Application to contend that two pending Community Objections are moot and that its application is no longer subject to GAC Advice regarding restricted registration policies. Allowing such broad amendments is certain to open the floodgates to requests from other applicants. Indeed, some of those requested amendments could provide third parties with grounds for formal objection – except for the problem that the objection filing period has now closed. ICANN should not permit any applicant to circumvent application requirements and dispute resolution processes by amendment.

6. Google’s proposed amendment is unfair to other applicants and to the broader ICANN community.

Allowing Google’s requested amendment to proceed is unfair to other applicants that may also wish to amend their registry model for business reasons, to evade objections, or to respond to GAC concerns; or to add new registry services. As a practical matter, the only way to avoid such unfairness is to allow all applicants to request such amendments and for ICANN to approve them. Doing so would mean that, in the words of the New gTLD Program Committee, “completed application reviews, and in some cases, published results, would be nullified and processing of applications would need to start over again.”

Allowing Google’s requested amendment is also unfair to the broader community of ICANN stakeholders that spent almost four years working collectively on the implementation details of the new gTLD program, to those members of community who participate on or provide input to the SSAC, and to the GAC.

7. The timing of Google’s proposed amendment clearly interferes with the evaluation process.

Google’s Amended .SEARCH Application is effectively a new application filed one year late. The Amended .SEARCH Application contains an entirely new registry model and an entirely new registry service – a new registry service that is the subject of an explicit SSAC recommendation against its use. The timing of the amendment request interferes with evaluation process because the Amended .SEARCH Application is undergoing Initial Evaluation. If Google had obtained a low priority number, it is possible that Initial Evaluation could have already been completed. Indeed, for over 625 applications, Initial Evaluation has been completed.

Another timing consideration is that ICANN has commissioned further study on the security and stability concerns about the use of dotless domains identified by the SSAC in SAC053. http://www.icann.org/en/news/announcements/announcement-28may13-en.htm. Microsoft contends that no further study is needed; SAC053 was the study. However, given ICANN’s decision to proceed with this further study, it is imperative that ICANN defer consideration of Google’s dotless domains proposal until the study is completed and the results have been granted fair, thorough, and unbiased consideration. ICANN’s Application Change Request Process and the Applicant Guidebook explicitly permit such deferral.

As demonstrated above, Google’s requested amendment does not meet ICANN’s Application Change Request Criteria. Further, Google’s Amended .SEARCH Application will result in a gTLD registry that threatens the security and stability of the Internet. It will create ambiguity and confusion, and materially adversely impact consumers, public and private enterprises, and providers of critical infrastructure. Finally, contrary to Google’s characterization of it, Google’s proposed amendment does not truly “open” the .search registry. Accordingly, Microsoft requests that ICANN withdraw its preliminary approval of Google’s requested amendment to the .SEARCH Application.””

In an comment to ICANN today Yahoo joined Microsoft in saying that  Google’s application to run .Search as a Dotless Domain should not be allowed to be amended:

Here is the response from Yahoo which basically agreed to its PPC partner Microsoft:

“”Yahoo! Inc. (“Yahoo!”) is writing to join Microsoft Corporation in expressing concern over Google’s amendment (through its Charleston Road Registry subsidiary) to run its gTLD application for .search as a “dotless” domain”

As stated by Microsoft Corporation in its letter to ICANN dated Ma7 17, 2013, we believe Google’s plan runs counter to the recommendations of the SSAC found in the Report on dotless Domains dated February 23, 2013 (“SAC053”) posted at http://www.icann.org/en/groups/ssac/documents/sac-053-en.

In its April 6, 2013 letter, Google requested permission to expand its application for .search to run this TLD as a dotless domain (http://search/).

Dotless domains are currently used by private parties as intranet addresses for internal networks. As Microsoft points out in its letter, Google’s proposed amendment would interfere with that private space, creating security vulnerabilities and impacting enterprise network and systems infrastructure around the globe.

In SAC053, the SSAC advised against dotless domains.

The SSAC Report concluded that dotless domains would create significant security risks and recommended against their use. Specifically, the SSAC stated that dotless domains “would not always work as expected” and “would lead to unpredictable and unexpected dotless domain behavior.” Google was a contributor to this Report and agreed with SSAC recommendation.

Google’s proposed amendment to its .search application is a stunning reversal of its former position and blatantly disregards the security, stability, and reliability concerns raised by the SSAC and its contributors, and explicitly proposes using technical specifications (such as AAAA records) that the SSAC advised against.

Not surprisingly, Google made no mention of its prior positions or the SSAC Report in its April 6, 2013 letter.

We believe this silence is telling.”

 

Comments

  1. says

    Why not? Well, because it was made crystal clear before this all got started that there would be no “dotless” entries into root.

    Why does this proposal by Google piss of their competition? Just think about that a little more…

Join the Discussion