ICANN has moved closer to cracking down on cybersquatters who try to flip their domains when they discover they’ve been hit with a UDRP complaint.
Under recommendations approved by the GNSO Council yesterday, registrars would be bound by a much stricter set of UDRP-related domain locking rules in future.
So-called “cyberflight” — where squatters transfer their domains to a new registrar or registrants — appears to be a relatively infrequent problem, but when it does happen it causes big headaches for UDRP providers and trademark owners.
A survey of UDRP providers carried out as part of the GNSO’s policy development process discovered that the vast majority of registrars already lock domains hit by UDRP.
The problem is, they said, that locking practices are not uniform. Some registrars take well over a week to lock domains, and what the “lock” entails differs by registrar.
The recommendations of the GNSO’s Final Report on the Locking of a Domain Name Subject to UDRP Proceedings Policy Development Process, adopted by the Council yesterday, seek to standardize the process.
After being told about a complaint against one of its domains, the registrar in future would have a maximum of two business days to put a lock — preventing any changes in registrant or registrar — in place.
The lock would remain until the UDRP was resolved, but there would be various safeguards in place to enable complainants and respondents to settle their differences outside of the UDRP.
The lock would not prevent registrars or proxy/privacy services revealing the true identity of the registrant — that wouldn’t count as a change of registrant.
To prevent registrants abusing the two-day window to sell their domains or switch registrars, they would not be told about the existence of the UDRP until the domain had been locked.
The UDRP rules currently require the complainant to send a copy of their complaint to the domain owner at the same time it is filed with the UDRP provider.
But the GNSO has now recommended getting rid of this rule, stating: “as a best practice, complainants need not inform respondents that a complaint has been filed to avoid cyberflight.”
The registrant would be informed later by the UDRP provider instead.
Registrars would be prohibited from tipping off the registrant until the lock was in place.
The July 2013 recommendations (pdf) came out of a working group that was formed in April 2012, in response to policy ideas floated in 2011.
The GNSO’s resolution calls for ICANN staff to work with members of the working group on an implementation plan, which would eventually be put to the ICANN board for approval.
Once through the board, the new policy would become binding on all ICANN-accredited registrars.
Go Daddy has become the latest domain name registrar to start accepting expressions of interest from prospective new gTLD registrants.
A “watch list” service launched yesterday allows customers to indicate gTLDs that they are interested in using in future and receive alerts when they launch.
Unlike other registrars, Go Daddy does not appear to be offering users the ability to name the second-level string they’re interested in.
The goal seems to be to help the company select which of the 700 new gTLDs available on the watch list will ultimately be carried in its market-leading store, making it very interesting to applicants.
In a blog post, the company said:
Keep in mind, we might not sell all of the gTLDs listed on the landing page. The “watch” feature gives us a sense of what you’re interested in and what we should sell. We’re taking your needs and market appeal into consideration before we make any final decisions.
There’s no cost for the service, but you do need to be logged in as a Go Daddy customer in order to create a watch list, which should help prevent new gTLD applicants gaming the system.
Key-Systems said yesterday that it plans to make .hiv domain names available at “below net cost price”, in solidarity with would-be new gTLD registry dotHIV.
The registrar said it will also offer free .hiv names at launch to organizations involving in fighting the virus via its Moniker and domaindiscount24.com retail registrars.
dotHIV, also a German company, plans to donate all of its profits to HIV/AIDs charities.
Its application is uncontested and has already passed Initial Evaluation, but is the target of Governmental Advisory Committee advice, which has put its bid on hold.
Despite this uncertainty, Key-Systems said it expects the Sunrise phase for .hiv to start in December.
European privacy regulators have slammed the new 2013 Registrar Accreditation Agreement, saying it would be illegal for registrars based in the EU to comply with it.
The Article 29 Working Party, which comprises privacy regulators from the 27 European Union nations, had harsh words for the part of the contract that requires registrars to store data about registrants for two years after their domains expire.
In a letter (pdf) to ICANN last month, Article 29 states plainly that such provisions would be illegal in the EU:
The fact that these personal data can be useful for law enforcement does not legitimise the retention of these personal data after termination of the contract. Because there is no legal ground for the data processing, the proposed data retention requirement violates data protection law in Europe.
The 2013 RAA allows any registrar to opt out of the data retention provisions if it can prove that to comply would be illegal its own jurisdiction.
The Article 29 letter has been sent to act as blanket proof of this for all EU-based registrars, but it’s not yet clear if ICANN will treat it as such.
The letter goes on to sharply criticize ICANN for allowing itself to be used by governments (and big copyright interests) to circumvent their own legislative processes. It says:
The fact that these data may be useful for law enforcement (including copyright enforcement by private parties) does not equal a necessity to retain these data after termination of the contract.
the Working Party reiterates its strong objection to the introduction of data retention by means of a contract issued by a private corporation in order to facilitate (public) law enforcement.
If there is a pressing social need for specific collections of personal data to be available for law enforcement, and the proposed data retention is proportionate to the legitimate aim pursued, it is up to national governments to introduce legislation
So why is ICANN trying to get many of its registrars to break the law?
While it’s tempting to follow the Article 29 WP’s reasoning and blame law enforcement agencies and the Governmental Advisory Committee, which pushed for the new RAA to be created in the first place, the illegal data retention provisions appear to be entirely ICANN’s handiwork.
The original law enforcement demands (pdf) say registrars should “securely collect and store” data about registrants, but there’s no mention of the period for which it should be stored.
And while the GAC has expressly supported the LEA recommendations since 2010, it has always said that ICANN should comply with privacy laws in their implementation.
The GAC does not appear to have added any of its own recommendations relating to data retention.
However, the European Commission’s GAC representative then seemed to dismiss the WP’s concerns during ICANN’s public meeting in Toronto last October.
Perhaps ICANN was justifiably confused by these mixed messages.
According to Michele Neylon, chair of the Registrars Stakeholder Group, it has yet to respond to European registrars’ inquiries about the Article 29 letter, which was sent June 6.
“We hope that ICANN staff will take the letter into consideration, as it is clear that the data protection authorities do not want create extra work either for themselves or for registrars,” Neylon said.
“For European registrars, and non-European registrars with a customer base in the EU, we look forward to ICANN staff providing us with clarity on how we can deal with this matter and respect EU and national law,” he said.
DomainsBot, which powers the name suggestion feature on most major registrar storefronts, has unveiled a significant update designed to make selling new gTLD domains easier.
The company reckons its new technology will soon be promoted from a follow-up sales tool, rolled out if a customer’s first choice of domain is not available, to “replacing the availability check” entirely.
“The idea is to be at the heart of the process of promoting new gTLDs,” CEO Emiliano Pasqualetti told DI.
The idea is pretty straightforward: a customer types a word into a search box, the service suggests available domain names with conceptually similar TLDs.
While it may not be perfect today, it was pretty good at finding appropriate TLDs for the keywords I tested.
And Pasqualetti said that under the hood is a machine learning engine that will make its suggestions increasingly more relevant as new gTLD domains start to go on sale.
“It tries to predict which TLD we need to show to each individual using a combination of their query, their IP address and as much history as we can legally collect in partnership with registrars,” Pasqualetti said.
If, for example, customers based in London show a tendency to buy lots of .london domains but hardly ever .rome, Londoners will start to see .london feature prominently on their registrar’s home page.
“We learn from each registrar what people search for and what people end up buying,” he said.
Some registrars may start using the software in their pre-registration portals, increasing relevance before anything actually goes on sale, he said.
My feeling is that this technology could play a big role in which new gTLDs live or die, depending on how it is implemented and by which registrars.
Today, DomainsBot powers the suggestion engine for the likes of Go Daddy, eNom, Tucows and Moniker. Pasqualetti reckons about 10% of all the domains being sold are sold via its suggestions.
Judging by today’s press release, registrars are already starting to implement the new API. Melbourne IT, Tucows and eNom are all quoted, but Pasqualetti declined to specify precisely how they will use the service.
It’s been widely speculated that Go Daddy plans to deploy an automated “pay for placement” system — think AdSense for domains — to determine which TLDs get prominence on its storefront.
Pasqualetti said that’s the complete opposite of what DomainsBot is offering.
“We’re relevance for placement,” he said. “We want to give every TLD a chance to thrive, as long as they’re relevant for the end user.”
According to Pasqualetti (and most other people I’ve been talking to recently) there are a lot of new gTLD applicants still struggling to figure out how to market their TLDs via registrars.
There are about 550 “commercially interesting” applied-for gTLD strings in the DomainsBot system right now, he said. New gTLD applicants may want to make sure they’re one of them.
Next week, the company will reveal more details about how it plans to work with new gTLD registries specifically.