LegitScript, a US company focused on eradicating illegal online pharmacies, which backs the .pharmacy and .health gTLDs, has been given police-like powers to have domain names taken down in Japan.
It has also emerged that when IP Mirror, a brand protection registrar, was hit with an embarrassing ICANN contract-breach notice in November, it was as a result of a LegitScript complaint.
Under section 3.18.2 of ICANN’s 2013 Registrar Accreditation Agreement, registrars must have a 24/7 abuse hotline that can be used by “law enforcement, consumer protection, quasi-governmental or other similar authorities” to report illegal activity.
Registrars must act on complaints made to the hotline within 24 hours, but only authorities designated by national governments get to use it.
Now, it transpires that LegitScript has been formally designated a 3.18.2 authority by the Japanese Ministry of Health, Labor and Welfare.
That means the US company’s complaints about domains hosting potentially illegal pharmacy sites have the same weight as complaints from the Japanese police, when made to registrars that have an office in Japan, even if they’re headquartered elsewhere.
IP Mirror, which was recently acquired by CSC Digital Brand Services, is based in Singapore but has an office in Tokyo.
As far as I can tell, most of the top 10 registrars do not have offices in Japan. KeyDrive (Moniker, Key-Systems etc) may be the exception. GMO is the largest registrar based in Japan.
LegitScript announced its relationship with the Japanese ministry in September (I missed it at the time) and company president John Horton provided some context to the IP Mirror breach notice on CircleID today.
I only report the deal today because it strikes me as noteworthy that a private enterprise has been given the same powers under the 2013 RAA as law enforcement and government consumer protection agencies — and it’s not even in its home territory.
Horton told DI today that while LegitScript is legally based in the US and has offices in the EU, only Japan has so far formally granted it 3.18.2 powers. He said in an email:
We only have formal Section 3.18.2 designation in Japan at present. We have some other endorsements or recommendations by or on behalf of government authorities, although they do not specifically reference Section 3.18.2. We work closely with the Italian Medicines Agency and the Irish Medicines Board, for example, and report rogue Internet pharmacies in consultation with them.
Horton pointed out that anybody is able to to file abuse complaints under the 2013 RAA — and registrars are obliged to “take reasonable and prompt steps to investigate and respond appropriately”.
His CircleID piece cites two instances in which such complaints from LegitScript resulted in ICANN breach notices.
The chief difference is that under 3.18.2 registrars do not have much flexibility in their response times. They have to “take necessary and appropriate actions” within a black-and-white 24-hour deadline.
A small Israeli registrar has had its registrar accreditation suspended by ICANN.
Black Ice domains, which has a few thousand .com and .net domains under management, failed to comply with an ICANN audit and was overdue on its fees by over $5,000, according to the ICANN notice (pdf).
It won’t be allowed to sell gTLD domains or accept inbound transfers from December 19 to March 18, and may be terminated if it fails to come back into compliance.
The registrar is the fourth to have its accreditation suspended by ICANN in 2014. The organization has terminated a further seven registrars, down on the 11 terminated in the whole of 2013.
Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.
Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.
Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.
According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.
Registrars have to respond to such complaints within 24 hours, the RAA says.
The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.
The company has been given until December 5 to come back into compliance or risk losing its accreditation.
IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.
But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.
Top registrar Web.com is seeing disappointing revenue from its domain business due to new gTLDs.
The “increased availability” of names has taken a chunk out of the company’s premium domain sales, CEO David Brown told analysts on the company’s third-quarter earnings call yesterday.
While we continue to expect the recently expanded top-level domain environment to increase our ability to sell domains over the medium to long term, the increased availability of names has had a near-term negative impact on domain-related revenue. This is primarily associated with non-core domain-related revenue such as sales of premium domain names and bulk domain sales.
As a result, the company has reduced its full-year 2014 revenue guidance from between $576 million and $579 million to between $566.7 million and $568.7 million
The company blamed about half of the reduction — about $5 million — on softness in its domain name business.
Brown explained that the new gTLD environment has seen domain investors exercise much more caution when it comes to buying premium names and buying names in bulk:
We’ve seen that market get soft…. The reason the softness is occurring is that this marketplace is looking at all of these new gTLDs coming into place, there are more options available for people and they’re kind of stepping back away, at least temporarily, to see how things settle out.
He said the company expects the market to come back after the uncertainty has passed.
Web.com yesterday reported third-quarter net income of $33.9 million, up from $29.3 million a year ago, on revenue that was up to $137.4 million from $125.2 million in 2013.
The company, which owns brands including Register.com and Network Solutions, announced a $100 million share repurchase at the same time, to prop up the inevitable hit its stock was to take.
Its shares are trading down 25% at time of publication.
DreamHost, a web hosting provider which says it hosts over 1.3 million web sites, has been hit with a lengthy ICANN compliance notice, largely concerning alleged Whois failures.
The breach notice raises questions about the company’s popular free Whois privacy service.
Chiefly, DreamHost has failed to demonstrate that it properly investigates Whois inaccuracy complaints, as required by the Registrar Accreditation Agreement, according to ICANN.
The notice contains numerous other complaints about alleged failures to publish information about renewal fees, its directors and abuse contacts on its web site.
The domain highlighted by ICANN in relation to the Whois failure is senect.com
ICANN sent three compliance notices to DreamHost concerning a Whois inaccuracy report for the domain name
and requested DreamHost demonstrate that it took reasonable steps to investigate the Whois inaccuracy claims. DreamHost’s failure to provide documentation demonstrating the reasonable steps it took to investigate and correct the alleged Whois inaccuracy is a breach of Section 3.7.8 of the RAA.
Weirdly, senect.com has been under private registration at DreamHost since the start of 2012.
ICANN seems to be asking the registrar to investigate itself in this case.
DreamHost offers private registration to its customers for free. It populates the Whois with proxy contact information and the registrant name “A Happy DreamHost Customer”.
DomainTools associates “A Happy DreamHost Customer” with over 710,000 domain names.
As an accredited registrar, DreamHost had over 822,000 gTLD domain names at the last count. According to its web site, it has over 400,000 customers.
The breach notice also demands the company immediately start including the real contact information for its privacy/proxy customers in its data escrow deposits.
ICANN has given the company until November 21 to resolve a laundry list of alleged RAA breaches, or risk losing its accreditation.