Canadian registrar EasyDNS has amended its take-down policy after a customer of one of its registrants died of an overdose.
In a frank blog post today, CEO Mark Jeftovic said that the man had died using a “controlled substance” ordered online. The web site in question used a domain registered via EasyDNS.
As a result of the death, and conversations with ICANN and the US Food and Drug Administration, EasyDNS has changed its policy.
It will now turn off any domain used for a pharmacy web site unless the registrant can produce a license permitting it to sell pharmaceuticals in the territories it sells to.
Previously, the company would only turn off a pharmacy-related domain with a court order.
It’s a notable U-turn for the company because Jeftovic is an outspoken critic of unilateral take-down notices.
In January, he referred to the National Association of Boards of Pharmacy as a “batch of clowns” for demanding that EasyDNS and other registrars take down unlicensed pharmacies without court orders.
He also has an ongoing beef with the UK police over its repeated requests for file-sharing and counterfeiting-related domains to be taken down without judicial review.
Jeftovic blogged today:
[I]n one case we have people allegedly pirating Honey Boo Boo reruns and on the other we have people dying. We don’t know where exactly, but the line goes somewhere in between there.
We have always done summary takedowns on net abuse issues, spam, botnets, malware etc. It seems reasonable that a threat to public health or safety that has been credibly vetted fits in the same bucket.
As a private company we feel within our rights to set limits and boundaries on what kinds of business risk we are willing to take on and under what circumstances. Would we tell the US State Department to go to hell if they wanted us to take down ZeroHedge? Absolutely. Do we want to risk criminally indicted by the FDA because of unregulated vicodin imports? Not so much.
You can read his full blog post here.
The City of New York is working with Panama-based registrar CCI REG to reserve government-related domains in the new .nyc gTLD, despite imposing residency requirements on registrants.
CCI REG director Gerardo Aristizabal tells us it has already handled over 100 registrations during the “City Government-Affiliated Reserve List” phase of .nyc’s protracted launch schedule.
While it’s not technically an exclusive deal, the registrar does appear to be the registrar of choice for the City.
Aristizabal says that he’s in the process of setting up a New York-based registrar to handle .nyc-related business in future.
But today CCI REG is incorporated in Panama and is perhaps best-known to DI readers for being one of .CO Internet’s launch registrars. .CO is now of course owned by Neustar, .nyc’s back-end.
The registrar operated my.co, which focused on the Colombian market. for .co. For .nyc, it’s operating at hellodotnyc.com.
It amuses me that the City of New York, which is also the contracted registry for the gTLD, would choose to use an overseas registrar, given .nyc’s restricted policies.
To buy a .nyc name during general availability, currently slated for October, you’ll need a New York mailing address.
The beneficiary of the long-running Domain Registry of America scam is finally at risk of losing its ICANN accreditation.
ICANN has suspended Brandon Gray Internet Services, which does business as NameJuice.com, due to the “deceptive” marketing practices carried out by its “resellers”.
The company won’t be able to register any gTLD names or receive transfers for 90 days.
If NameJuice hasn’t sorted out its act by October 17, it faces the risk of losing its accreditation permanently.
The company, you will recall, is the primary beneficiary of the “slamming” scam, which tricks customers of other registrars into transferring their names with confusing, invoice-style junk mail.
Slammers have been operating under various names including Domain Registry of America, Domain Registry of Europe and Domain Registry of Canada for close to 15 years.
I received one in 2011 from the “Domain Renewal Group”, which I blogged about here.
It was sued by Register.com in 2002 over the practice, was forced into a settlement with the US Federal Trade Commission in 2003, and has been involved in tangles with regulators all over the world for the last decade.
But it seems ICANN’s hands were tied until Brandon Gray signed the new 2013 Registrar Accreditation Agreement, which gives ICANN’s compliance department more power over resellers.
Since at least 2009, ICANN has received numerous complaints from Registered Name Holders, registrars, and various ICANN Supporting Organizations and Advisory Committees regarding the business solicitation practices of Brandon Gray’s resellers. Such practices were not specifically prohibited under the 2001 and 2009 RAAs. Section 3.12 of the 2013 RAA, however, requires registrars to ensure its reseller’s actions comply with the RAA, as well as the Registrants’ Benefits and Responsibilities Specification, which protects Registered Name Holders from false or deceptive practices.
ICANN fingered “reseller” Registration Services Inc as the party behind DROA and the other slamming scams.
In order to cure the latest breach, NameJuice has until August 8 to provide a tonne of information about Registration Services, including its certificate of incorporation, samples of its mailshots, and details of how a sample of specific domains came to be transferred.
In order to avoid losing its accreditation by October 10, the company will also have to promise to force its reseller to stop its deceptive marketing and provide ICANN with samples of future mailings.
NameJuice has 13 tasks in total to comply with to avoid termination proceedings; it’s looking promising that ICANN will finally shut down this blight on the industry just a few months from now.
The irony is, of course, if NameJuice loses its accreditation, all of the names that were obtained under false pretenses will not revert naturally to their original registrar. Instead, if ICANN follows its standard practice, they’ll be transferred in bulk to a third registrar.
Almost half of accredited domain name registrars were found “deficient” during a recent ICANN compliance survey.
Results of an audit published today show that 146 of 322 registrars (45%) picked at random for the September 2013 to May 2014 study had to carry out some form of remediation in order to comply with their contracts.
The report comes at the end of the second year of ICANN’s audit program, which aims to bring all accredited registrars and gTLD registries into compliance over three years.
The deficiencies noted at 146 registrars cover areas ranging from compliance with ICANN consensus policies to the availability of Whois services over the web and port 43.
In almost every instance the numbers were down on last year.
For example, ICANN documented 86 registrars who could not initially show compliance with requirements on the retention of registrant data, down from 105 a year ago.
Only 15 registrars of the 322 (4.6%) flunked the audit and will be re-tested. The others were all able to bring their systems into line with ICANN’s requirements during the course of the audit.
Three registrars were terminated as a result of deficiencies identified during this phase of the program.
The full report, along with the list of participating registrars, can be found here.
Over 800,000 domain names have been suspended since the beginning of the year as a result of Whois email verification rules in the new ICANN Registrar Accreditation Agreement.
That’s according to the Registrars Stakeholder Group, which collected suspension data from registrars representing about 75% of all registered gTLD domain names.
The actual number of suspended domains could be closer to a million.
The 2013 RAA requires registrars to verify the email addresses listed in their customers’ Whois records. If they don’t receive the verification, they have to suspend the domain.
The RrSG told the ICANN board in March that these checks were doing more harm than good and today Tucows CEO Elliot Noss presented, as promised, data to back up the claim.
“There have been over 800,000 domains suspended,” Noss said. “We have stories of healthcare sites that have gone down, community groups whose sites have gone down.”
“I think we can safely say millions of internet users,” he said. “Those are real people just trying to use the internet. They are our great unrepresented core constituency.”
The RrSG wants to see contrasting data from law enforcement agencies and governments — which pushed hard for Whois verification — showing that the RAA requirement has had a demonstrable benefit.
Registrars asked at the Singapore meeting in March that law enforcement agencies (LEA) be put on notice that they can’t ask for more Whois controls until they’ve provided such data and ICANN CEO Fadi Chehade said “It shall be done by London.”
Noss implied that the majority of the 800,000 suspended names belong to innocent registrants, such as those who had simply changed email addresses since registering their names.
“What was a lovely political win that we said time and time again in discussion after discussion was impractical and would provide no benefit, has demonstrably has created harm,” Noss said.
He was received with cautious support by ICANN board members.
Chair Steve Crocker wonder aloud how many of the 800,000 suspended domains are owned by bad guys, and he noted that LEA don’t appear to gather data in the way that the registrars are demanding.
“We were subjected, all of us, to heavy-duty pressure from the law enforcement community over a long period of time. We finally said, ‘Okay, we hear you and we’ll help you get this stuff implemented,’”, he added. “That creates an obligation as far as I’m concerned on their part.”
“We’re in a — at least from a moral position — in a strong position to say, ‘You must help us understand this. Otherwise, you’re not doing your part of the job’”, he said.
Chehade also seemed to support the registrars’ position that LEA needs to justify its demands and offered to take their data and concerns to the LEA and the Governmental Advisory Committee.
“They put restrictions on us that are causing harm, according to these numbers,” he said. “Let’s take this back at them and say, hey, you ask for all these things, this is what happened.”
“If you can’t tell me what good this has done, be aware not to come back and ask for more,” he said. “I’m with you on this 100%. I’m saying let’s use the great findings you seem to have a found and well-package them in a case and I will be your advocate.”
Director Mike Silber also spoke in support of the RrSG’s position.
“My view is if what you are saying is correct, the LEA’s have blown their credibility,” he said. “They’re going to have to do a lot of work before we impose similar disproportional requirements on actors that are not proven to be bad actors.”
So what does this all mean for registrants?
I don’t think there’s any ongoing process right now to get the Whois verification requirements overturned — that would require a renegotiation of the RAA — but it does seem to mean demands from governments and police are going to have to be much more substantiated in future.
Noss attempted to link the problem to the recommendations of the Whois Expert Working Group (EWG), which propose a completely revamped, centralized Whois system with much more verification and not much to benefit registrants.
To paraphrase: if email verification causes so much harm, what harms could be caused by the EWG proposal?
The EWG was not stuffed with LEA or governments, however, so it couldn’t really be characterized as another set of unreasonable demands from the same entities.