[gnso-rpm-wg] TMCH followup

[George Kirikos]

Hi folks,

After yesterday's call, I did some additional research on some of the
issues that were raised. Here's what I found (long message ahead, but
it'll be worth it):

1. Several times it's been argued that if there was competition for
Deloitte, or if Deloitte was replaced entirely with a less expensive
provider, that might entail compensation to Deloitte for intellectual
property, etc. It turns out that argument is not correct.

When ICANN entered into agreements with IBM and Deloitte, Fadi Chehade
blogged about it, see:

https://www.icann.org/news/blog/concluding-the-series-of-trademark-clearinghouse-meetings

That page was hard to find (and I don't think was part of our working
groups's institutional memory) given that it has moved from where it
used to be; see contemporaneous reporting at:

http://domainincite.com/11309-deloitte-confirmed-as-first-trademark-clearinghouse-provider
http://www.ebrandservices.com/icann-signs-tmca-with-deloitte-as.html

and I don't believe appears in our PDP wiki. In particular, the
announcement clearly states that "ICANN retains all intellectual
property rights in the Trademark Clearinghouse data. (Note this is as
between ICANN and Deloitte….)."

This fact handles that argument.

2. In the same ICANN link as above, it was specifically stated that
"Deloitte’s validation services are to be non-exclusive. ICANN may add
additional validators after a threshold of minimum stability is met."

I think it's clear, after 3+ years, that there's stability. Additional
validators should be added, to drive down costs and fees, if the TMCH
is retained (it might turn out that the TMCH is eliminated, due to our
work; that's an open question).

3. In the same ICANN link as above, most crucially, it stated "ICANN
may audit Deloitte’s performance (and revenues/costs) to confirm that
the costs and fees for validation services are reasonable."

Obviously, this should be done, if it hasn't been done already, and
with immediacy, to inform our work and recommendations. This is a
multi-million dollar per year contract, with apparently limited or no
oversight, and my calculations (see below) suggest it can be
replicated for multi-hundreds of thousands of dollars, at most.

4. Yesterday, it was brought up whether "costs" of the TMCH were even
a complaint. The actual independent TMCH review should have been
brought up, see:

https://newgtlds.icann.org/en/reviews/tmch/revised-services-review-22feb17-en.pdf

where the survey responses were clear, see page 64 (bottom):

"Fees and costs: Most registries and trademark owners felt that fees
and the costs associated with working with the TMCH are too high."

This is what the community has told us. We should not ignore it. Why
are we  paying for surveys, and not utilizing the results in followup
work? I'm not an advocate for trademark holders, however I am an
advocate for economic efficiency and eliminating waste and excess
fees. This is low hanging fruit.

5. This is a question for the registry operators -- on page 45, it
mentions that there's a one-time for of $5,000 per TLD to access the
TMCH. Is that fee being paid to Deloitte, or is it being paid to IBM,
or … ? (affects the calculations of what is "reasonable") With 1000+
new gTLDs, clearly this is another  multi-million dollar cost, for a
function which is mostly automated --- huge potential for cost
savings.

It's unclear if the actual cost is $5,000, by the way. I believe
somewhere else I might have seen a figure of $7,000 per TLD, although
perhaps that's an outdated fee. If someone has the definitive number,
please post.

6. Unrelated to costs (but central to our work), on page 9 of the
independent TMCH review, the top ten most frequently downloaded
trademark strings are published, along with the trademark holders:

1. smart  15,198    Smart Communications, Daimler AG
2. forex  14,823    Forex Bank AB
3. hotel  14,690    Hotel Top Level Domain GMBH
4. one    14,205    American Acedemy of Opthamology
5. love   13,912    Cartier International AG, The Conde Nast Publications
6. cloud  13,821    individual
7. nyc    13,622    City of New York, NYC & Company
8. london 13,343    London & Partners
9. abc    13,331    LV Insurance Management Limited
10. luxury 13,125   ILUX Holdings


While the EFF highlighted the example of "THE" in their excellent
submission, I think the above data makes it clear that there are a lot
of commonly used phrases that are generating notices, and/or being
used in sunrise periods. In particular, none of the top 10 above are
famous or fanciful marks like Verizon, Exxon, Google or Lego, or marks
that are routinely subject of cybersquatting complaints. Rather, they
are commonly used terms that should be open to many potential
registrants. If there is a "deterrent" effect on registrants, it's
clear that commonly used terms are ones that actual registrants are
interested in, and not terms like "facebook" or "google" or "Verizon",
given the stats above.

Since the independent review has already crunched the numbers, and
there were apparently no issues of confidentiality, our working group
should be given access to the much larger set of top queries, perhaps
the top 100 or even the top 500 or 1000, and not just the top 10. If
we are to properly and deliberately weigh and consider the costs and
benefits of the TMCH, measuring the "chilling effect" on commonly used
terms, it makes sense to see which terms are generating the most
claims notices. ICANN didn't have this data before the new gTLD
program was launched. We do have it now, and this should affect our
policymaking. Scaremongering about "what might happen" should be set
aside, since we have facts as to what *did* happen, through
experience.

We can then also compare those top queries against sunrise
registrations, and against the relevant marks themselves to check for
'gaming' behaviour, and thus measure the deleterious effects on other
prospective registrants.

Let's take a look at one of the above. The most obvious and striking
example  seems to be #3, "hotel"

Using TMView (searching by Applicant Name), I see multiple
registrations, some figurative and some word marks for that applicant,
for hotel/hotels (singular/plural). (although, conceivably they could
be using a registration in a country not part of TMView, so the below
analysis could be open to challenge. But, stay with me...). Some of
those marks include either the word "dot" or a "." in the marks. The
TMCH criteria clearly state that:

http://www.trademark-clearinghouse.com/content/registered-trademarks

they won't accept marks that include a dot. Thus, the only remaining
possibility from TMView is EM 007502891, which is a figurative mark:

https://www.tmdn.org/tmview/get-detail?st13=EM500000007502891

Using the automated translation, into English, it's for:

"Class 35: On line advertising on a computer network; Class 38:
Provision of information relating to telecommunications., Class 45:
Registration of domain names (legal services)."

You'll notice the original proprietor details, Dirk Krischenowski, no
stranger to the ICANN community.

https://icannwiki.org/Dirk_Krischenowski
http://domainincite.com/18613-berlin-ceo-prime-suspect-in-icann-data-breach

Who, ironically, is a critic of the TMCH!

https://www.thedomains.com/2014/03/31/berlin-dirk-krischenowski-blasts-icann-over-tmhc-which-has-largely-failed/

Using DomainTools paid version (NB: my paid subscription is running
out soon, and I likely won't renew given egregious price increases --
perhaps ICANN or this working group should compensate those putting in
the work for for their future research costs), I can see:

a) hotel.black, registered currently by "Hotdom GMBH" listed for sale
on Sedo for  2990 Euros:

https://sedo.com/search/details/?language=us&domain=hotel.black

Doesn't look like a "defensive" registration to prevent cybersquatting to me.

HotDomain GMBH also owns hotelregistry.org, although the historical
WHOIS for that shows "Hotel Top-Level-Domain GMBH" too, on the same
street in Berlin.

The page at:

http://dotzon.com/dotzon/team/

shows both "Katrin Ohlmer" (currently listed for HotDom GMBH) and
(here's a shocker) Dirk Krischenowski!

The oldest archived WHOIS record for hotel.black is from 2014-08-15 (2
days after the creation date), and it's in the name of (wait for it….)
Dirk Krischenowski (shocker, I know!).

This was clearly registered in the Sunrise period, which began July 22, 2014:

http://www.circleid.com/posts/20140625_afilias_announces_start_of_black_sunrise_period/


b) hotel.domains: Current registrant -- here's a shocker, it's (drum
roll) Dirk Krischenowski !! And if you visit that website:

https://hotel.domains/

you'll see a list of domains for sale:

hotel.cologne EUR 15,000
hotel.partners $3,000
hotel.black $4,000 (remember, current registrant in WHOIS is slightly
different, from above)

and dozens more (singular and plural). I've posted screenshots
(multiple, in order to make sure all the domains were visible) at:

http://www.loffs.com/images/hoteldomains/

(ICANN staff might want to put them on our Wiki, so they're part of
the record of this group)

I leave it as an exercise to the reader to check how many of them were
obtained via sunrise (grunt work at DomainTools), although the answer
is likely very obvious to everyone, without even having to check.

I argue, and stand with the EFF on this, that this is not consistent
with the intended purpose of the TMCH, and demonstrates how it's wide
open for abuse and gaming. The entire TMCH database, if it is to be
retained, should be public and transparent, and dubious records should
be able to be challenged easily.

7. I promised above to explore what the TMCH should cost. Here are
some rough back of the envelope calculations and ideas.

(a) if the audit of Deloitte's TMCH (which ICANN is allowed to do) was
to be done properly, besides simply looking at accounting records,
costs and revenues (which can be manipulated), one should look at how
much time it takes to review each application. A proper audit would
look at the date of submissions, and the date of approvasl, so that
Deloitte can't "fudge" the numbers, and then also look at the volume
of applications. This would then allow one to accurately gauge the
time a human being spent to review each application (e.g. if 100
applications were reviewed in one day, by one human, one can then do
the math and see how many minutes each one took, etc.) With a proper
audit, this can't be gamed, since one can look for peak dates of
applications, e.g. 1000 applications one day, all approved within 3
days later, to measure the peak rate of approvals.

(b) Considering the nature of the application itself (there's a
Youtube video at https://www.youtube.com/watch?v=aL0n_pNTVgE showing
the process, and what's collected -- it's really not that much). I
estimate that a reviewer would spend on average 5 minutes per
application. That'd be 12 applications per hour, or 84 applications
per 7 hour work day, or 420 per week, or 20,160 per 48 week year. For
one person. We see from Deloitte's report, they've had approximately
28,549 applications. My rough calculations suggest that one or two
people could easily handle the job. In fact, Deloitte's own website,
where they list their team:

http://trademark-clearinghouse.com/content/clearinghouse-team

shows a very lean team, with only 3 validation experts, so that's the
correct order of magnitude.

Let's be generous, and pay these people $50/hour. If they can manage
even just 5 applications per hour, then the actual verification costs
are $10 each. And, to be clear, this is relatively "easy" grunt work
that could done at lower cost with skilled workers from India, Russia,
or other less expensive countries, instead of in Belgium.

Of course, Deloitte's team includes a bunch of well compensated
managers and overhead of that nature. In an efficient operation, those
are eliminated. But, let's say the costs are tripled (that would
include "real" costs like computers and justifiable overhead --- 6 or
7 figure salaries for managers doing very little don't count). That
still makes it $30/each.

If you look at the rest of their "team", they list 5 people handling
invoicing??!?? That's shocking, and it's unclear why they have more
people handling invoicing than are handling actual validation (the
true "work" ICANN is looking for). Perhaps these are people doing
invoicing for many other companies, and not just dedicated to the
TMCH. Anyhow, I'll add 5% for invoicing/billing (really a part of
overhead), given cloud invoicing tools these days. That'd take us to
$31.50 (with generous assumptions to date).

Note, many applications are for multiple years! It's clear that the
validation/review costs are being generated year after year. Those
essentially happen once at the beginning. So, this would reduce actual
costs even more, to perhaps $10 to $15/year.

Why are trademark owners paying $95 to $150 per years? Because they're
dealing with a monopoly without oversight, and the monopolist is
maximizing profits as any business would do in those circumstances.

This cries out for competition, if the TMCH is even retained (unclear
at this point, an open question). As I said above, I'm not an advocate
for trademark holders, but it seems like they (and perhaps the
registry operators too, if their fees are going to Deloitte) are
getting a raw deal.

We saw with competitive tenders that Neustar lost their numbers contract:

https://www.bloomberg.com/news/articles/2015-03-26/neustar-loses-and-ericsson-wins-on-numbers-contract-vote-at-fcc

For domain names, with new entrants, the cost of domain name
registrations went from $35/yr at Network Solutions (monopoly) to
under $10/yr these days for a .com at GoDaddy, etc.

Afilias stuck with PIR for the .org backend after a tender process,
but certainly at a much better cost:

http://domainnamewire.com/2016/11/14/org-sticks-afilias-backend/

These are basic things that any business would do to save money, so
it's unclear to me why some people within the ICANN community and/or
this working group believe that $95 or $150 is a reasonable price for
the TMCH, without even exploring alternative providers through a rebid
process, or allowing multiple providers.

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/