Nominet

Nominet is the company that operates the .uk domain registry and manages common second-level domains such as .co.uk. It also operates UK-relevant TLDs including .wales and .cymru.

It has sponsored the annual Parliament and Internet Conference.

Statutory duties

Although a private body, its management of the .uk registry and of other UK-relevant registries is governed by the Communications Act 2003, as amended by the Digital Economy Act 2010. Sections 124O and 124P allow the Secretary of State to intervene in the case of serious failures and appoint a new organisation to run the registry. As such, it can be argued that Nominet’s delivery of the registry is a public function and could be subject, among other things, to the Human Rights Act 1998.

Despite this public function, Nominet is not subject to the Freedom of Information Act 2000. Nevertheless, Nominet acts in many ways as a public interest body, and has a good degree of transparency in its formation of new policies.

Governance

Nominet is a private company limited by guarantee.^[1] It owns a for-profit company to manage domain services^[2] and currently controls a charity.^[3] Nominet has indicated that the charity will move away from Nominet control.^[4]

Nominet has around 2,500 members, who pay an annual subscription.^[5] Membership is open to anyone, rather than just organisations or persons operating a registry.

Nominet’s voting structure favours the larger registries. 25% of the votes are equally distributed, while the remaining 75% are weighted according to the size of the registries, size being defined by the number of Nominet-registered domains looked after by each registry. Votes per registry are capped at a maximum of 10%.^[6]

Public purpose

Transparency

Nominet has generally operated reasonably transparently, setting policies in public and conducting consultation processes. However, it decided in summer 2017 ceased to publish board minutes and reports produced to inform decisions.^[7] The Register concludes:

Critics observed that would also mean that conflict-of-interest statements from board members would no longer be published – a critical issue since, due to Nominet's unusual voting structure, several board members represent the largest companies in the domain-name market and those same companies possess an effective veto on board decisions.

The end result is that the finances and decision-making of what is supposed to be a member-friendly organization are largely invisible to anyone but board members and staff.^[4]

Governance review 2016

See Nominet/Governance review 2016

In 2015, Nominet’s Board commissioned an independent review by Sir Michael Lyons into its governance.^[8] It reported in 2016.^[9]

There exists a rather complicated voting system at Nominet. Essentially one quarter of the votes are allocated on a ‘one member, one vote’ basis, and the remaining three quarters calculated by reference to the domains which a member administers as a Nominet registrar. On top of this allocation, any individual member (or associated group of members), has their maximum voting rights capped at 3% of the total votes cast for most votes. With a relatively small number of Nominet’s members participating in votes (12% at the 2015 AGM), and over 90% of the .uk domain registrations administered by less than 25 members, the current arrangements have been subject to criticism.^[10]

Strategy 2020

Nominet is running a multi-year strategy to 2020, which includes diversification of its activities. The diversification strategy was raised by Howarth in 2016.^[11]

At a high-level, our strategy has three concentric rings. At our core is ‘registry’, the middle ring focuses on ‘new markets’ developed from our DNS expertise, and the outer ring focuses on ‘applied innovation’.^[11]

Howarth expands that:

Our work in ‘new markets’ is focused on network analytics. Originally developed to keep .UK safe, (which it continues to do on a daily basis), our turing product already has great potential to help other businesses running a large DNS network. We are investing in supporting the commercial success of what we believe is a unique product.

Within ‘applied innovation’, our R&D team are exploring new technologies and opportunities. Again, our focus is on internet infrastructure, within the context of the internet of things. While we are involved with innovative projects from flood prevention to smart car parking, those projects are under-pinned by a clear logic – finding solutions to the infrastructure problems posed by gathering, securing, accessing and processing information from a large number of devices. While it is inaccurate to say the team are tasked solely with producing products for our channel, we are working hard to identify viable opportunities for our members downstream. In this respect, I hope the upcoming ‘cloud’ version of turing is the shape of things to come. ^[11]

In practice, this strategy includes work on automated cars in the DRIVEN project^[12] and drones, including a call for a centralised drone ownership database.^[13]

Law enforcement domain suspensions

Nominet accedes to UK law enforcement requests for suspension of domains. They began accceding to bulk requests in December 2009^[14][15] in response to requests from SOCA.^[16] They ran a consultation process in 2011 which included ORG alongside various industry partners. ^[16][17] The consultation process broke down, and no agreement was reached.^[18][19]

Nominet formalised its suspension policy in 2014.^[20] Nominet altered their Terms and Conditions for domain registration to include the specific commitment:

7.7 that you will not use the domain name for any unlawful purpose.^[21]

Nominet argue that this permits them to suspend any domain reported to them by the authorities. Nominet at the time said that the policy meant that:

“Nominet can quickly suspend a domain name when alerted to its use for criminal activity by the police or other law enforcement agencies, such as National Crime Agency, Child Exploitation and Online Protection Centre (CEOP) or the Medicines and Healthcare Products Regulatory Agency (MHRA)^[20]

However, their list of authorities making suspensions includes a private company (National Trading Standards) and CTIRU, whose suspension requests relating to extremism could seriously impact free expression.

“Unlawful” is very wide, so could lead to suspension requests for activities including:

• libel claims
• helping people to trespass
• breaching data protection laws
• minor copyright infringements

Domain suspensions doubled from 3,889 in 2014-15^[22] to 8,049 in 2015-16,^[22] and doubled again to 16,632 during the year to October 2017.^[23][24] Nominet produced reports detailing their suspensions in 2015^[25] 2016^[22] and 2017.^[26] PIPCU’s Operation Ashiko creates around 80% of suspension requests.

Russell Haworth, Nominet’s CEO said in 2017:

“A key part of our role in running the .UK internet infrastructure is to ensure that .UK is a difficult space for criminals to operate in. The upward trend in suspended domains confirms that increasingly criminals seek opportunities online, but also shows how our cooperation with the law enforcement community and our expertise in network analytics helps tackle this problem thanks to the established processes and cyber security tools we have in place.”^[26]

Harms to owners and consumers

Unlike a domain seizure, where a domain is in the possession of an authority, and notices can be displayed at the domain’s web address, with a “suspension”, a domain is simply no longer valid and no longer points to any website.

Detective Inspector Nicholas Court, of the Police Intellectual Property Crime Unit (PIPCU), said:

“We work closely with our partners to disrupt the sale of counterfeit goods which put consumers at harm in many ways. Buying fake goods can not only pose as a public safety risk, buying from rogue sites can also put your personal and financial information at risk, meaning that criminals can use your identity for malicious means.

“The dangers of buying fake goods should not be underestimated. As shoppers look for last-minute gifts and bargains online, it is vital that you take extra care and check where you buy from. If an offer looks too good to be true, it probably is.” ^[27]

Thus, although envisaged as a consumer and public protection measure, domain suspension is open to the obvious criticism that somebody who is the victim of a crime will be unable to find out anything when trying to visit the fraudulent website.

Many victims of fraud would be likely to revisit the website to gain clarity over what precisely has happened, only to find the website unreachable, as if the criminals had deliberately disappeared. Other people may visit to attempt repeat purchases.

Suspension is a considerably more risky approach where a site has been supplying dangerous goods.

Seizure and display of information relating to the seizure would provide opportunities to:

• warn victims of crime of what has taken place, and any attendant dangers, such as ongoing credit card fraud or potentially dangerous products
• allow victims a greater chance to report crime and gain redress
• allow law enforcement to gather evidence from victims
• allow law enforcement to educate people about online crime, precisely targeted at people who may be victims
• allow domain seizure errors to be more easily rectified
• uphold legal accountability

European law

EU law envisages legal powers for consumer protection agencies to seize domains in the Consumer Protection Cooperation Regulation. These processes would have to be compatible with Charter of Fundamental Rights standards, so would be likely to require transparency and appeals at a minimum.

Domain suspensions statistics

See Nominet/Domain suspension statistics

Cyber Assist

In 2014 started a pilot of its Cyber Assist service which appears to consist of sending alerts about computer security, proactively monitoring websites for security issues, and making security support available via phone and email.

See also

• Nominet/direct.uk proposal

Links

• Nominet - Homepage
• wikipedia: Nominet UK
• Who's Lobbying entry

References