ICANN has implicated a Chinese domain name registrar in the online selling of medications, including Viagra and Cialis, without the required prescription.
The organization’s Compliance department filed a contract breach notice with Nanjing Imperiosus, which does business as DomainersChoice.com, today.
The move follows an allegation from pharmacy watchdog LegitScript in the US Congress that DomainersChoice is “rogue internet pharmacy operator”.
Because ICANN has no authority to police online pharmacies, it’s gone after the registrar based on an obscure part of the Registrar Accreditation Agreement.
Section 3.7.7 of the 2013 RAA says that domains must be registered to a third party, unless they’re used by the registrar in the course of providing its registrar services.
According to ICANN, DomainersChoice has refused to provide evidence that many of its domains are not in fact registered to itself and CEO Stefan Hansmann, in violation of this clause.
It cites 5mg-cialis20mg.com, acheterdutadalafil.com, viagra-100mgbestprice.net and 100mgviagralowestprice.net as examples of domains apparently registered to Hansmann and his company.
Historical Whois records show Hansmann and Nanjing Imperiosus as the registrant of these names until recently.
The domains all refer to erectile dysfunction medicines, which are usually only available in the US with a prescription.
A reverse Whois lookup reveals Hansmann’s name in the records for many more pharmaceuticals-related domains, some of which are for more serious medical conditions.
Several of the domains contain the words “without prescription” or similar, where the drug in question requires a prescription in the US.
Some of the domains do not currently resolve or no longer provide current Whois records and others have been recently transferred, but some resolve to apparently active e-commerce sites.
ICANN’s breach notice (pdf) doesn’t allege any illegal activity.
The same cannot be said for LegitScript CEO John Horton, who lumped DomainersChoice in with a few other registrars he believes are operating “illegal online pharmacies”.
Horton testified (pdf) before Congress last month that the registrar was playing host to 2,300 such sites.
The testimony was filed September 14, the same day ICANN began its compliance investigation.
ICANN’s notice, which alleges a handful of other relatively trivial breaches, asks that Hansmann provide a full list of domains registered in his and his company’s name via DomainersChoice.
It also demands evidence that the domains were either used to provide registrar services or were registered to a third party.
It wants all that by November 2, after which it may start to terminate the company’s RAA.
The world’s third-largest mobile phone company, worth some $14 billion a year, is the first new gTLD registry operator to refuse to pay ICANN fees.
That’s according to ICANN’s compliance department, which last night slapped Bharti Airtel with the new gTLD program’s first public contract breach notices.
The notices, which apply to .bharti and .airtel, claim that the Indian company has been ignoring demands to pay past due fees since February.
The ICANN quarterly fee for registries is $6,250. Given .airtel and .bharti were delegated 11 months ago, the company, which has assets of $33 billion, can’t owe any more than $37,500.
Bharti Airtel is, according to Wikipedia, the third largest mobile network operator in the world and the largest in India, with 325 million subscribers.
Yet ICANN also claims it has had terrible difficulty getting in touch with staff there, saying:
ICANN notes that Bharti Airtel exhibits a pattern of non-response to ICANN Contractual Compliance matters and, when responses are provided to ICANN, they are often untimely and incomplete.
The compliance notices show that ICANN has also communicated with Verisign, the registry back-end operator for both gTLDs, to try to get the matters resolved.
According to ICANN, the registry is also in breach of terms that require it to publish links to its Whois service, abuse contacts and DNSSEC practice statements on its web site.
The sites nic.airtel and nic.bharti don’t resolve (for me at least) with or without a www., but the Whois services at whois.nic.airtel and whois.nic.bharti appear to work.
These are the first two registries of any flavor emerging from the 2012 application round to receive public breach notices. Only one pre-2012 gTLD, .jobs, has the same honor.
ICANN has given Bharti Airtel 30 days from yesterday to come back into compliance or risk losing its Registry Agreements.
Given that both gTLDS are almost a year old and the nic. sites still don’t resolve, one wonders if the company will bother.
ICANN has charged a registrar with failing to abide by “cyberflight” rules for the first time.
Visesh Infotecnics did not lock down e-campaigner.com within two days of it being hit by a UDRP a couple of weeks ago, ICANN said in a compliance notice (pdf) on Thursday.
Visesh is based in India and does business as Signdomains.com. It has roughly 5,000 gTLD domains under management.
The transfer lock rule became ICANN consensus policy binding on all registrars last July, following four years of policy and implementation work.
It’s designed to prevent cybersquatters switching registrars when a UDRP lands in their inbox, a practice known as cyberflight.
The registrant of e-campaigner.com did not in fact change registrars, judging by Whois records.
The UDRP appears to have been filed in late January by a currently undisclosed entity. Signdomains put the domain on client-hold status February 8, according to Whois records.
This is the first time ICANN has publicly accused a registrar of failing to abide by the policy.
ICANN also says that the registrar does not display Whois data in the correct format on its web site, and that it owes some accreditation fees.
It has until March 3 to rectify these alleged breaches.
A Chinese registrar has been accused by ICANN of playing games to avoid complying with Whois policy.
In a breach notice from ICANN Compliance last week, Beijing-based 35 Technology is told that it has failed to verify Whois records as required by its accreditation agreement.
The domain in question was shoesbbalweb.com, which DomainTools’ archived screenshots show was once used to sell branded running shoes.
I understand that 35 is believed to have suspended the domain when ICANN first referred a Whois accuracy complaint to it.
It is then said to have un-suspended the domain, without any change to the Whois record, as soon as ICANN closed the complaint.
The breach notice (pdf) instructs 35 to:
Provide records and information demonstrating that 35 Technology took steps to verify and validate the Whois information of the domain name
since 23 March 2015, or provide ICANN with an explanation why the domain name suspension was removed without verifying and validation Whois information
The switcheroo appears to have been brief enough that its suspended state was not recorded by DomainTools.
ICANN has a monitoring program, however, that randomly spot-checks previously complained-about domains for ongoing compliance.
The registrar, which does business at 35.com, is not tiny. It had over 450,000 domains under management, in legacy gTLDs and a handful of Chinese-script new gTLDs, at the last count.
It has until the end of the month to explain itself or risk termination.
ICANN should resist attempts to turn the organization into a content regulator responsible for fighting piracy, counterfeiting and terrorism.
That’s according to CEO Fadi Chehade, speaking in Dublin yesterday at the opening ceremony of ICANN’s 54th public meeting.
His remarks have already solicited grumbles from members of the intellectual property community, which are eager for ICANN to take a more assertive role against registries and registrars.
Speaking to a packed auditorium, Chehade devoted a surprisingly large chunk of his opening address to the matter of content policing, which he said was firmly outside of ICANN’s remit.
He presented this diagram, breaking up the internet into three layers. ICANN plays in the central “logical” section but has no place in the top “societal” segment, he said.
“Where does ICANN’s role start and where does ICANN’s role stop?” Chehade posed. “It’s very clear Our remit starts and stops in this logical yellow layer. We do not have any responsibility in the upper layer.”
“The community has spoken, and it is important to underline that in every possible way, ICANN’s remit is not in the blue layer, it is not in the economic/societal layer,” he said. This is a technical organization.”
That basically means that ICANN has no responsibility to determine which web sites are good and which are bad. That’s best left to others such as the courts and governments.
Chehade recounted an anecdote about a meeting with a national president who demanded that ICANN shut down a list of terrorism-supporting web sites.
“We have no responsibility to render judgement about which sites are terrorists,” he said, “which sites are the good pharmacies, which sites are the bad pharmacies, which sites are comitting crimes, which sites are infringing copyrights…”
“When people ask us to render judgement on matters in the upper layer, we can’t.”
With that all said, Chehade added that ICANN should not shirk its duties as part of the ecosystem, whether through voluntary measures at registries and registrars or via contractual enforcement.
“Once determinations are made, how do we respond the these?” he said. “I hope, voluntarily.”
He gave the example of credit card companies that voluntarily stop doing business with web sites that have been reported to be involved in crime or spam.
The notion of registrars adhering to a set of voluntary principles was first floated by ICANN’s chief compliance officer, Allen Grogan, in a blog post earlier this month.
It was the one bone he threw to IP interests in a determination that otherwise came down firmly on the side of registrars.
Grogan had laid out a minimum set of actions registrars must carry out when they receive abuse reports, none of which contained a requirement to suspend or delete domain names.
The Intellectual Property Constituency appeared to greet Chehade’s speech with cautious optimism, but members are still pushing for ICANN to take a stricter approach to contract compliance.
In a session between the IPC and the ICANN board in Dublin this morning, ICANN was asked to make these hypothetical voluntary measures enforceable.
Marc Trachtenberg disagreed with Chehade’s credit card company example.
“The have an incentive to take action, which is the avoidance of future potential costs,” he said. “That similar incentive does not exist with respect to registries and registrars.”
“In order for any sort of voluntary standards to be successful or useful, there have to be incentives for the parties to actually comply with those voluntary standards,” he said.
“One possibility among many is a situation where those registries and registrars that don’t comply with the voluntary standards are potentially subject to an ICANN compliance action,” he said.
It’s pretty clear that this issue is an ongoing one.
Chehade warned in his address yesterday that calls for ICANN to increase its policing powers will only increase when and if its IANA contract is finally divorced from US government oversight.
Grogan will host a roundtable tomorrow at 10am Dublin time to discuss possible voluntary mechanisms that could be created to govern abuse.