Latest news of the domain name industry

Recent Posts

Who runs the internet? An ICANN 49 primer

Kevin Murphy, March 24, 2014, Domain Policy

The ICANN 49 public meeting is kicking off here in Singapore right now, and control of the domain name system is going to be the hottest of hot topics for the next four days.

Two Fridays ago the US government announced its plan to remove itself from oversight of key internet functions currently managed by ICANN, causing a firestorm of controversy in the US.

A lot of the media commentary has been poorly informed, politically motivated and misleading.

According to this commentary, the move means that regimes more repressive that the United States government are going to take over the internet, killing off free speech.

Here I present a backgrounder on the issue, a primer for those who may not be familiar with the history and the issues. ICANN addicts may find the latter half of the piece interesting too, but first…

Let’s go back to basics

The issue here is control over the DNS root zone file. Basically, the root zone file is a 454K text file that lists all the top-level domains that are live on the internet today.

Each TLD is listed alongside the DNS name servers that it is delegated to and control it. So .com has some name servers, .uk has some name servers, .info has some name servers, etc.

If an internet user in San Francisco or London or Ulan Bator tries to visit google.com, her ISP finds that web site by asking the .com zone file for its IP address. It finds the location of the .com zone file (managed by Verisign) in turn by asking the root zone file.

The root zone files are served up by 13 logical root zone servers named A through M, managed by 12 different entities. Verisign runs two. ICANN runs one. Most are US-based entities.

Every root server operator agrees that Verisign’s root is authoritative. They all take their copies of the root zone file from this server. This keeps the data clean and consistent around the world.

So Verisign, in terms of actually sitting at a keyboard and physically adding, deleting or amending entries in the root zone file, has all of the power over the internet’s DNS.

Verisign could in theory assign .uk or .xxx or .com to name servers belonging to Canada or the Vatican or McDonalds or me.

But in practice, Verisign only makes changes to the root zone when authorized to do so by the US National Telecommunications and Information Administration, part of the Department of Commerce.

That’s because Verisign’s power to amend the root zone comes from its Cooperative Agreement with NTIA.

Amendment 11 (pdf) of this agreement dates from 1999, a time before Verisign acquired Network Solutions (NSI) and before ICANN had a name and was known as “NewCo”. It states:

NSI agrees to continue to function as the administrator for the primary root server for the root server system and as a root zone administrator until such time as the USG instructs NSI in writing to transfer either or both of these functions to NewCo or a specified alternate entity.

While NSI continues to operate the primary root server, it shall request written direction from an authorized USG official before making or rejecting any modifications, additions or deletions to the root zone file. Such direction will be provided within ten (10) working days and it may instruct NSI to process any such changes directed by NewCo when submitted to NST in conformity with written procedures established by NewCo and recognized by the USG.

So the power to amend the root zone — and therefore decide which TLDs get to exist and who gets to run them — actually lies in NTIA’s hands, the hands of the US government.

NTIA says its role is “largely symbolic” in this regard.

That’s because the power to decide what changes should be made to the root zone has been delegated to ICANN via the “IANA functions” contract.

What you’re looking at here is a diagram, from the latest IANA contract, showing that whatever changes ICANN proposes to make to the root (such as adding a new gTLD) must be authorized by NTIA before somebody at Verisign sits at a keyboard and physically makes the change.

In the diagram, “IANA Functions Operator” is ICANN, “Administrator” is NTIA, and “Root Zone Maintainer” is Verisign.

What NTIA now proposes is to remove itself from this workflow. No longer would ICANN have to seek a US government rubber stamp in order to add a new TLD or change ownership of an existing TLD.

It’s possible that Verisign will also be removed from the diagram. ICANN runs a root server already, which could replace Verisign’s A-root as the authoritative one of the 13.

NTIA says that the Cooperative Agreement and the IANA contract are “inextricably intertwined” and that it will “coordinate a related and parallel transition in these responsibilities.”

If this all sounds dry and technical so far, that’s because it is.

So why is it so important?

An entry in the DNS root zone has economic value. The fact that the record for .com points to Verisign’s name servers and not yours means that Verisign is worth $7 billion and you’re not.

Whoever has power over the root therefore has the ability to dictate terms to the entities that want their TLD listed.

ICANN’s contract with Verisign makes Verisign pay ICANN $0.25 for every .com name sold, for example.

The contract also forces Verisign to only sell its names via registrars that have been accredited by ICANN.

This gives ICANN, by indirect virtue of its control of the root, power over registrars too.

The Registrar Accreditation Agreement contains terms that require registrars to publish, openly, the names and addresses of all of their customers, for example.

Suddenly, control of the root is not only about lines in a database, it’s about consumer privacy too.

The same goes for other important issues, such as free speech.

Should people have the right to say that a company or a politician “sucks”? Most of us would agree that they should.

However, if they want to register a .sucks domain name in future they’re going to have to abide by rules, developed by ICANN and its community, that protect trademark owners from cybersquatting.

Over the course of many years, ICANN has decided that trademark owners should always have the right to preemptively register any domain name that matches their brands. This will apply to .sucks too.

If I, militant vegetarian that I am, wanted to register mcdonalds.sucks after .sucks becomes available, there’s a significant probability that I’m not going to get the opportunity to do so.

Of course, there’s nothing stopping you and I publishing our opinion of a worthless politician or corrupt company in other ways using other domain names, but it remains true that ICANN has essentially prioritized, for very good reasons, the rights of trademark owners over the rights of other internet users.

Theoretically, at some point in the future, ICANN could amend the Registrar Accreditation Agreement to require registrars to, for example, always deactivate a domain name when they receive a cease and desist letter, no matter how unfounded or spurious, from a trademark lawyer.

Suddenly, the web belongs to the IP attorneys, free speech is damaged, and it’s all because ICANN controls the DNS root.

I’m not saying that’s going to happen, I’m just using this as an example of how ruling the root has implications beyond adding records to a database.

What does US oversight have to do with this?

The question is, does the US removing itself from the root zone equation have any impact on what ICANN does in future? Has the US in fact been a good custodian of the root?

Commentators, many of them Republicans apparently seizing on the NTIA’s move as the latest opportunity to bash President Obama’s administration, would have you believe that the answer is yes.

I’m not so sure.

The US in fact has a track record of using its power in ways that would reduce free speech on the internet.

Back in 2005, there was a controversy about ICANN’s decision to add .xxx — a top-level domain for pornography — to the root zone. Whatever you think about porn, this is undeniably a free speech issue.

The US government, under the Bush administration, was initially ambivalent about the issue. Then a bunch of right-wing religious groups started lobbying the NTIA en masse, demanding .xxx be rejected.

The NTIA suddenly switched its position, and actually considered (ab)using its power over the root zone to block .xxx’s approval and therefore appease the Republican base.

This all came out due to .xxx operator ICM Registry’s Freedom of Information Act requests, which were detailed in the the declaration (pdf) of an Independent Review Panel — three neutral, respected judges — that oversaw ICM’s appeal against ICANN:

Copies of messages obtained by ICM under the Freedom of Information Act show that while officials of the Department of Commerce concerned with Internet questions earlier did not oppose and indeed apparently favored ICANN’s approval of the application of ICM, the Department of Commerce was galvanized into opposition by the generated torrent of negative demands, and by representations by leading figures of the so-called “religious right”, such as Jim Dobson, who had influential access to high level officials of the U.S. Administration. There was even indication in the Department of Commerce that, if ICANN were to approve a top level domain for adult material, it would not be entered into the root if the United States Government did not approve

US lobbying via ICANN’s Governmental Advisory Committee and other channels had the effect that ICANN rejected ICM’s .xxx application. It’s only because ICM was prepared to spend years and millions of dollars appealing the decision that .xxx was finally added to the root.

When you read an article claiming that the US government relinquishing its root oversight role will have a negative effect on free speech, ask yourself what the record actually shows.

The .xxx case is the only example I’m aware of the US leveraging or preparing to leverage its oversight role in any way. On free speech, USG is 0 for 1.

The US is also a powerful member of the Governmental Advisory Committee, the collection of dozens of national governments that have a strong voice in ICANN policy-making.

Under the rules of the new gTLD program, the GAC has right to veto any new gTLD — prevent it being added to the DNS root zone — if all the governments on the GAC unanimously agree to the veto.

Currently, there’s a controversy about the proposed gTLD .amazon, which has been applied for by the online retail behemoth Amazon.

Latin American countries that count the Amazonia region and Amazon river as part of their territories don’t want it approved; they believe they have the better rights to the .amazon string.

Despite this outrage, the GAC initially could not find unanimous consensus to veto .amazon. It transpired that the US, no doubt protecting the interests of a massive US-based corporation, was the hold-out.

Last July, NTIA decided to drop its opposition to the veto, leading to a GAC consensus that .amazon should be rejected.

In its position paper (pdf) announcing the .amazon veto block reversal, NTIA said the US “affirms our support for the free flow of information and freedom of expression”.

By its own definitions, the US made a decision that harmed free expression (not to mention Amazon’s business interests). It seems to have done so, again, in the name of political expediency.

I’m not saying that the US decision was right or wrong, merely that the record again shows that it’s not the great protector of free speech that many commentators are making it out to be.

What should replace the US?

The question for the ICANN community this week in Singapore and over the coming months is what, if anything, should replace the US in terms of root zone oversight.

The NTIA has been adamant that a “multi-stakeholder” solution is the way to go and that it “will not accept a proposal that replaces NTIA’s role with a government-led or an inter-governmental solution.”

The weirdness in this statement, and with the whole transition process in general, is ICANN is already a multi-stakeholder system.

In light of the US’ longstanding “hands off” approach (with the aforementioned exception of .xxx), does ICANN even need any additional oversight?

Today, legislative power in ICANN resides with its board of directors. The ICANN staff wield executive control.

In theory and under ICANN’s extensive governance rules, the board is only supposed to approve the consensus decisions of the community and the staff are only supposed to execute the wishes of the board.

In practice, both board and staff are often criticized for stepping beyond these bounds, making decisions that do not appear to have originated in the community policy-making process.

The ruling on vertical integration between registries and registrars, where the community could not even approach consensus, appears to have originated with ICANN’s legal department, for example.

There has also been substantial concern about the extent of the power handed to hand-picked advisory panels created by CEO Fadi Chehade recently.

In that light, perhaps what ICANN needs is not oversight from some third party but rather stronger community accountability mechanisms that prevent capture and abuse.

That’s certainly my view today. But I don’t have any particularly strong feelings on these issues, and I’m open to have my mind changed during this week’s discussions in Singapore.

CentralNic kicks out ARI as back-end for four new Radix gTLDs

Kevin Murphy, March 23, 2014, Domain Registries

CentralNic has replaced ARI Registry Services as the exclusive back-end registry services provider for four new gTLDs.

Radix, the new gTLD portfolio applicant formerly affiliated with Directi, will use CentralNic “exclusively” for .press, .host, .website and .space, according to a press release this morning.

ARI was originally listed on Radix’s applications as the technical services provider for all four, but as a result of change requests submitted in January ARI is out and CentralNic is in.

All four were either originally uncontested strings or have since been won by Radix at auction.

The news of the switch follows the announcement last month that CentralNic has also become a “preferred” back-end for portfolio applicant Famous Four Media, alongside ARI and Neustar.

New gTLD registries given way to free up millions of blocked names

Kevin Murphy, February 27, 2014, Domain Tech

Up to 9.8 million new gTLD domain names are to get a get-out-of-jail card, with the publication yesterday of ICANN’s plan to mitigate the risk of damaging name collisions.

As a loyal DI reader, the details of the plan will not come as a great surprise. It was developed by JAS Global Advisors and previewed in a guest post by CEO Jeff Schmidt in January

Name collisions are scenarios where a TLD delegated by ICANN to the public DNS matches a TLD that one or more organizations already uses on their internal networks.

Verisign, in what many view as protectionist propaganda, has been arguing that name collisions could cause widespread technical and economic damage and even a risk to life.

Things might stop working and secret data might leak out of corporate networks, Verisign warns.

JAS’ proposed solution, which ICANN has opened for public comment, is quite clever, I think.

Called “controlled interruption”, it will see new gTLD registries being asked to wildcard their entire second level of their TLDs to point to the IP address 127.0.53.53.

If there’s a name collision on example.corp the company using that TLD on its network will notice unusual behavior and will have an opportunity to fix the problem.

Importantly, no data apart from the DNS look-up will leak out of their networks — the 127/8 IP address block is reserved by various standards for local uses only.

The registry will essentially bounce the DNS request back to the network making the request. If that behavior causes problems, the network administrator will presumably check her logs, notice the odd IP address, and Google it for further information.

Today, she’ll find a Slashdot article about the name collisions plan, which should put the admin on the road to figuring out the problem and fixing her network. In future, maybe ICANN will rank for the term.

Registries would be able to choose whether to wildcard their whole TLD or to only point to 127.0.53.53 those second-level names currently on their collisions block lists.

In either case, the redirection would only last for the first 120 days after delegation. That’s the same duration as the quiet period ICANN already imposes on new delegations, during which only “nic.” may resolve.

After the 120 days are up, the name collisions issue would be considered permanently closed for that TLD.

If this goes ahead, the plan will allow registries to unblock as many as 9.8 million domain names representing 6.8 million unique second-level labels, according to DI PRO collisions database.

It could also put an end to the argument about whether name collisions really were a significant problem (160,000 new gTLD names are already live and we haven’t heard any reports of collisions yet).

Pointing to the fact that new TLDs, some of which showed evidence of collisions, were getting delegated rather regularly before the current new gTLD round, JAS said in its report:

We do not find that the addition of new Top Level Domains (TLDs) fundamentally or significantly increases or changes the risks associated with DNS namespace collisions. The modalities, risks, and etiologies of the inevitable DNS namespace collisions in new TLD namespaces will resemble the collisions that already occur routinely in the other parts of the DNS.

However…

Collisions in all TLDs and at all levels within the global Internet DNS namespace have the ability to expose potentially serious security and availability problems and deserve serious attention.

JAS calls its plan “a conservative buffer between potential legacy usage of a TLD and the new usage”.

As wildcarding is currently prohibited by ICANN’s standard Registry Agreement (ironically, to prevent a repeat of Verisign’s Site Finder) an amendment is going to be needed, as the JAS plan acknowledges.

The drawback of the plan is that if an organization is relying on a colliding internal TLD, whatever systems use that TLD could break under the plan. The 127/8 redirection is a way to help them resolve the breakage, not always to prevent it happening at all.

For new gTLD registries it’s pretty good news, however. There are many thousands of potentially valuable premium names blocked under the current regime that would be made available for sale.

If you’re an applicant for .mail, however, it’s a different story. The JAS report says .mail should be reserved forever, putting it in the same category as .home and .corp:

the use of .corp and .home for internal namespaces/networks is so overwhelming that the inertia created by such a large “installed base” and prevalent use is not likely reversible. We also note that RFC 6762 suggests that .corp and .home are safe for use on internal networks.

Like .corp and .home, the TLD .mail also exhibits prevalent, widespread use at a level materially greater than all other applied-for TLDs. Our research found that .mail has been hardcoded into a number of installations, provided in a number of example configuration scripts/defaults, and has a large global “installed base” that is likely to have significant inertia comparable to .corp and .home. As such, we believe .mail’s prevalent internal use is also likely irreversible and recommend reservation similar to .corp and .home.

In other words, .mail is dead and the five remaining applicants for the string are probably going to be forced to withdraw through no fault of their own. Should these companies get a full refund from ICANN?

Euro registrars miffed about ICANN privacy delays

Kevin Murphy, February 21, 2014, Domain Registrars

Registrars based in the European Union are becoming increasingly disgruntled by what they see as ICANN dragging its feet over registrant privacy rules.

Some are even refusing to sign the 2013 Registrar Accreditation Agreement until they receive formal assurances that ICANN won’t force them to break their local privacy laws.

The 2013 RAA, which is required if a registrar wants to sell new gTLD domains, requires registrars to keep hold of registrant data for two years after their registrations expire.

Several European authorities have said that this would be illegal under EU privacy directives, and ICANN has agreed to allow registrars in the EU to opt out of the relevant provisions.

Today, Luxembourgish registrar EuroDNS said it asked for a waiver of the data retention clauses on December 2, but has not heard back from ICANN over two months later.

The company had provided ICANN with the written legal opinion of Luxembourg’s Data Protection Agency

In a snippy letter (pdf) to ICANN, EuroDNS CEO Lutz Berneke wrote:

Although we understand that your legal department is solely composed of lawyers educated in US laws, a mere translation of the written guidance supporting our request should confirm our claim and allow ICANN to make its preliminary determination.

EuroDNS has actually signed the 2013 RAA, but says it will not abide by the provisions it has been told would be illegal locally.

Elsewhere in Europe, Ireland’s Blacknight Solutions, said two weeks ago that it had requested its waiver September 17 and had not yet received a pass from ICANN.

“Why is it my problem that ICANN doesn’t understand EU law? Why should our business be impacted negatively due to ICANN’s inability to listen?” CEO Michele Neylon blogged. “[W]hile this entire farce plays out we are unable to offer new top level domains to our clients.”

But while Blacknight is still on the old 2009 RAA, other European registrars seem to have signed the 2013 version some time ago, and are already selling quite a lot of new gTLD domains.

Germany’s United-Domains, for example, appears to be the third-largest new gTLD registrar, if name server records are anything to go by, with the UK’s 123-Reg also in the top ten.

ICANN is currently operating a public comment period on the waiver request of OVH, a French registrar, which ICANN says it is “prepared to grant”.

That comment period is not scheduled to end until February 27, however, so it seems registrars agitated about foot-dragging have a while to wait yet before they get what they want.

First new gTLD cybersquatting case goes to IBM

Kevin Murphy, February 14, 2014, Domain Policy

IBM has won the first Uniform Rapid Suspension case to be filed against a new gTLD domain name.

National Arbitration Forum panelist Darryl Wilson handed down the perfunctory decision February 12, just seven days after IBM complained about ibm.ventures and ibm.guru.

Both domains have now been suspended, redirecting to a placeholder web site which states:

This Site is Suspended

The Domain Name you’ve entered is not available. It has been taken down as a result of dispute resolution proceedings pursuant to the Uniform Rapid Suspension System (URS) Procedure and Rules.

For more information relating to the URS, please visit: http://newgtlds.icann.org/en/applicants/urs

It was a slam dunk case, as you might imagine — the URS is designed to handle slam-dunk cases.

The registrant, who we estimate spent $2,500 on the two names, did not do himself any favors by redirecting both names to IBM’s .com site.

As we and Wilson both noted, this showed that he’d registered the names with IBM in mind.

IBM’s mark is included in the Trademark Clearinghouse, so the registrant will have been given a warning at the point of registration that he may be about to infringe someone’s IP rights.

Since the names were registered IBM, we’re told, has purchased a Domain Protected Marks List block from the registry, Donuts, which will prevent the names being re-registered when they expire.

IBM files URS complaints against guy who spent $2,500 on two domains

Kevin Murphy, February 6, 2014, Domain Registries

If you were a cybersquatter, would you spend $2,500 on just two domain names without doing even the most basic research into whether you’d get to keep the names?

One individual from New Jersey has done precisely that, apparently, and has now been hit with what may well be the first new gTLD Uniform Rapid Suspension complaint, according to Donuts.

Donuts VP Mason Cole said in a DI comment today that the company has “been notified of an additional URS action involving two IBM names.”

I believe he’s referring to ibm.guru and ibm.ventures, two new gTLD domains I highlighted earlier today as being registered under Go Daddy’s Whois privacy service.

Privacy protection has since been lifted from both domains, in accordance with Go Daddy policy, revealing the registrant (assuming it’s not a fake name) as one Denis Antipov of New Jersey.

Both domains were redirecting to ibm.com when I checked a few days ago — showing that the registrant clearly had IBM in mind when he bought the names — but now do not resolve for me.

What’s funny is that the registration date of the domains is January 31. Due to Donuts’ Early Access Program, the registrant will have paid Go Daddy a total of $2,479.98 for the pair.

Now, he stands to lose that investment in a URS case that will set IBM back about the same amount.

Donuts’ Cole said: “When infringement is alleged, we want to see the due process tools developed for new TLDs put to use. Registries are not trademark adjudicators — we implement the objective decisions of others.”

UPDATE: An earlier version of this story incorrectly reported the price the registrant will have paid for these names.

Directi joins Domain.com family in $100m deal

Kevin Murphy, January 29, 2014, Domain Registrars

Endurance International, the holding company behind brands such as Domain.com and HostGator has closed the acquisition of top ten registrar Directi and some related companies.

The acquisition, which was announced last September is worth between $100 million and $110 million — $25.5 million in cash and the rest in shares and a promissory note.

The deal includes Directi properties BigRock (a registrar), ResellerClub (the reseller-focused registrar), LogicBoxes (the registrar management service) and webhosting.info.

It does not include Radix Registry, the company that applied for 31 new gTLDs, 28 of which applications are still active.

Directi CEO Bhavin Turakhia “has agreed to be closely involved in the integration of the two companies”, but it doesn’t sound like he’s taking on a permanent role at Endurance.

Endurance may not be a familiar brand in and of itself, but its businesses include Bluehost, HostGator, Domain.com, FatCow, iPage and Mojo Marketplace.

EU body tells ICANN that 2013 RAA really is illegal

Kevin Murphy, January 29, 2014, Domain Registrars

A European Union data protection body has told ICANN for a second time — after being snubbed the first — that parts of the 2013 Registrar Accreditation Agreement are in conflict with EU law.

The Article 29 Data Protection Working Party, which is made up of the data protection commissioners in all 28 EU member states, reiterated its claim in a letter (pdf) sent earlier this month.

In the letter, the Working Party takes issue with the part of the RAA that requires registrars to keep hold of customers’ Whois data for two years after their registrations expire. It says:

The Working Party’s objection to the Data Retention Requirement in the 2013 RAA arises because the requirement is not compatible with Article 6(e) of the European Data Protection Directive 95/46/EC which states that personal data must be:

“kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected”

The 2013 RAA fails to specify a legitimate purpose which is compatible with the purpose for which the data was collected, for the retention of personal data of a period of two years after the life of a domain registration or six months from the relevant transaction respectively.

Under ICANN practice, any registrar may request an opt out of the RAA data retention clauses if they can present a legal opinion to the effect that to comply would be in violation of local laws.

The Working Party told ICANN the same thing in July last year, clearly under the impression that its statement would create a blanket opinion covering all EU-based registrars.

But a week later ICANN VP Cyrus Namazi told ICANN’s Governmental Advisory Committee that the Working Party was “not a legal authority” as far as ICANN is concerned.

The Working Party is clearly a bit miffed at the snub, telling ICANN this month:

The Working Party regrets that ICANN does not acknowledge our correspondence as written guidance to support the Waiver application of a Registrar operating in Europe.

the Working Party would request that ICANN accepts the Working Party’s position as appropriate written guidance which can accompany a Registrar’s Data Retention Waiver Request.

It points out that the data protection commissioners of all 28 member states have confirmed that the letter “reflects the legal position in their member state”.

ICANN has so far processed one waiver request, made by the French registrar OVH, as we reported earlier this week.

Weirdly, the written legal opinion used to support the OVH request is a three-page missive by Blandine Poidevin of the French law firm Jurisexpert, which cites the original Working Party letter heavily.

It also cites letters from CNIL, the French data protection authority, which seem to merely confirm the opinion of the Working Party (of which it is of course a member).

EU registrars seem to be in a position here where in order to have the Working Party’s letter taken seriously by ICANN, they have to pay a high street lawyer to endorse it.

First European registrar to get Whois data opt-out

Kevin Murphy, January 28, 2014, Domain Registrars

ICANN plans to give a French registrar the ability to opt out of parts of the 2013 Registrar Accreditation Agreement due to data privacy concerns.

OVH, the 14th-largest registrar of gTLD domains, asked ICANN to waive parts of the RAA that would require it to keep hold of registrant Whois data for two years after it stops having a relationship with the customer.

The company asked for the requirement to be reduced to one year, based on a French law and a European Union Directive.

ICANN told registrars last April that they would be able to opt-out of these rules if they provided a written opinion from a local jurist opining that to comply would be illegal.

OVH has provided such an opinion and now ICANN, having decided on a preliminary basis to grant the request, is asking for comments before making a final decision.

If granted, it would apply to “would apply to similar waivers requested by other registrars located in the same jurisdiction”, ICANN said.

It’s not clear if that means France or the whole EU — my guess is France, given that EU Directives can be implemented in different ways in different member states.

Throughout the 2013 RAA negotiation process, data privacy was a recurring concern for EU registrars. It’s not just a French issue.

ICANN has more details, including OVH’s request and links for commenting, here.

Cartier sues Nominet hoping to set global domain name take-down precedent

Kevin Murphy, January 22, 2014, Domain Policy

Luxury watchmaker Cartier has taken .uk registry Nominet to court, hoping to set a precedent that would enable big brands to have domain names taken down at a whim.

The company sued Nominet in a London court in October, seeking an injunction to force the registry to take down 12 domain names that at the time led to sites allegedly selling counterfeit watches.

We’ve only become aware of the case today after Nominet revealed it has filed its defense documents.

Judging by documents attached to Nominet’s court filings, Cartier sees the suit as a test case that could allow it to bring similar suits against other “less cooperative” registries elsewhere in the world.

In a letter submitted as evidence as part of Nominet’s defense, Richard Graham, head of digital IP at Cartier parent company Richemont International, said that he was:

seeking to develop a range of tools that can be deployed quickly and efficiently to prevent Internet users accessing websites that offer counterfeit goods… [and] looking to establish a precedent that can be used to persuade courts in other jurisdictions where the registries are less cooperative.

It’s worth noting that Richemont has applied for 13 dot-brands under ICANN’s new gTLD program and that Graham is often the face of the applications at conferences and such.

Pretty soon Richemont will also be a domain name registry. We seem to be looking at two prongs of its brand protection strategy here.

According to the company’s suit, the 12 domains in question all had bogus Whois information and were all being used to sell bogus Cartier goods.

None of them used a Cartier trademark in the domain — this is explicitly about the contents of web sites, not their domains names — and Cartier says most appeared to be registered to people in China.

Rather than submitting a Whois inaccuracy complaint with Nominet — which could have led to the domains being suspended for a breach of the terms of service — Cartier decided to sue instead.

Graham actually gave Nominet’s lawyers over a week’s notice that the lawsuit was incoming, writing his letter (pdf) on October 22 and filing the complaint (pdf) with the courts November 4.

Cartier seems to have grown frustrated playing whack-a-mole with bootleggers who cannot be traced and just pop up somewhere else whenever their latest web host is persuaded to cut them off.

Graham’s letter, which comes across almost apologetic in its cordiality when compared to the usual legal threat, reads:

Cartier therefore believes the most cost effective and efficient way to disrupt access to the Counterfeiting Websites operating in the UK is to seek relief from you, as the body operating the registry of .uk domain names.

Armed with the foreknowledge provided by the letter, Nominet reviewed the Whois records of the domains in question, found them lacking, and suspended the lot.

Ten were suspended before Cartier sued, according to Nominet. Another expired before the suit was filed and was re-registered by a third party. A fourth, allegedly registered to a German whose scanned identity card was submitted as evidence by Nominet, was suspended earlier this month.

As such, much of Nominet’s defense (pdf) relies upon what seems to be a new and obscure legal guideline, the “Practice Direction on Pre-Action Conduct”, that encourages people to settle their differences without resorting to the courts.

Nominet’s basically saying that there was no need for Cartier to sue, because it already has procedures in place to deal with counterfeiters using fake Whois data.

Also offered in the defense are the facts that suspending a domain does not remove a web site, that Nominet does not operate web sites, and the following:

Nominet is not at liberty under its Terms and Conditions of Domain Name Registration to suspend .uk domain names summarily upon mere receipt of a demand from someone unconnected with the domain name registrant.

That seems to me to be among the most important parts of the defense.

If Cartier were to win this case, it may well set a precedent giving registries (in the UK at least, at first) good reason to cower when they receive dodgy take-down orders from multibillion-dollar brands.

Indeed, that seems to be what Cartier is going for here.

Unfortunately, Nominet has a track record of at least accelerating the takedown of domains based on nothing more than third-party “suspicion”. Its defense actually admits this fact, stating:

Inaccurate identity and contact information generally leads to the suspension of a domain within three weeks. Where suspicions of criminality are formally confirmed by a recognised law enforcement agency, suspension may be very significantly expedited.

I wonder if this lawsuit would have happened had Nominet not been so accommodating to unilateral third-party take-down notices in the past.

In a statement to members today, a copy of which was sent to DI, Nominet encouraged internet users to report counterfeiting web sites to the police if and when they find them.