Latest news of the domain name industry

Recent Posts

Domain registrars pressured into huge shakeup

Kevin Murphy, October 26, 2011, Domain Registrars

Domain name registrars have agreed to negotiate big changes to their standard contract with ICANN, after getting a verbal kicking from the US and other governments.

While the decision to revamp the Registrar Accreditation Agreement was welcomed by intellectual property interests, it was criticized by non-commercial users worried about diluting privacy rights.

The ICANN registrar constituency said in a statement today that it will enter into talks with ICANN staff in an effort to get a new RAA agreed by March next year.

It’s an ambitious deadline, but registrars have come under fire this week over the perception that they have been using ICANN’s arcane processes to stonewall progress.

So, what’s going to change?

The registrars said that the negotiations will focus on 12 areas, originally put forward by international law enforcement agencies, that have been identified as “high priority”.

They cover items such as an obligation to disclose the names of registrants using privacy services, to work with law enforcement, and to tighten up relationships with resellers.

Here’s a list of all 12, taken from a recent ICANN summary report (pdf).

Prohibition on registrar cybersquatting
Malicious conduct – registrar duty to investigate
Designation and publication of technically competent point of contact on malicious conduct issues, available on 24/7 basis
Registrar disclosure of privacy/proxy services made available in connection with registration; and responsibility of registrar for compliance by such services
Obligations of privacy/proxy services made available in connection with registration re data escrow; Relay function; Reveal function
Registrar responsibility for cancellation under appropriate circumstances of registrations made by other privacy/proxy services for noncompliance with Relay and Reveal
Define circumstances under which registrar is required to cancel registration for false Whois data and set reasonable time limits for registrar action
Require PCI compliance in registration process
Define “reseller” and clarify registrar responsibility for reseller compliance
Require greater disclosure of registrar affiliates/multiple accreditations
Require greater disclosure of registrar contact information, information on form of business organization, officers, etc.
Clarification of registrar responsibilities in connection with UDRP proceedings

The changes were first suggested two years ago, and ICANN’s increasingly powerful Governmental Advisory Committee this week expressed impatience with the lack of progress.

There’s a US-EU cybercrime summit coming up next month, and GAC members wanted to be able to report back to their superiors that they’ve got something done.

As I reported earlier in the week, the GAC gave the registrars a hard time at the ICANN meeting in Dakar on Sunday, and it took its concerns to the ICANN board yesterday.

“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” US GAC representative Suzanne Radell told the board.

She won support from Steve Crocker who, in his first meeting as ICANN’s chairman, has shown a less combative style than his predecessor when talking with governments.

He seemed to agree that progress on RAA amendments through the usual channels – namely the Generic Names Supporting Organization – had not met expectations.

“One of the things that is our responsibility at the board level is not only to oversee the process, not only to make sure rules are followed and that everything is fair, but at the end of the day, that it’s effective,” he said.

“If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.

An immediate result of the registrars’ decision to get straight into talks was the removal of an Intellectual Property Constituency motion from today’s GNSO Council meeting.

The IPC had proposed that the RAA should be revised in a trilateral way, between the registrars, ICANN, and everyone else via the GNSO.

Yanking the motion, IPC representative Kristina Rosette warned that the IPC would bring it back to the table if the RAA talks do not address the 12 high-priority items.

It would be unlikely to pass – registrars and registries vote against anything that would allow outside interests to meddle in their contracts, and they have the voting power to block such motions.

The ideas in the motion nevertheless stirred some passionate debate.

Tucows CEO Elliot Noss described the GAC’s heavy-handed criticisms as “kabuki theater” and “an attempt to bring politics as usual into the multi-stakeholder process” and said the RAA is not the best way to add protections to the DNS.

“Getting enforcement-type provisions, be they law enforcement or IP protections, into the RAA accomplishes only one thing. It turns the ICANN compliance department into a police department,” he said.

Wendy Seltzer, representing the Non-Commercial Users Constituency, said the changes proposed to the RAA “would reduce the privacy of registrants” and put them at increased risk of domain take-downs.

A broader issue is that even after a new RAA is negotiated registrars will be under no obligation to sign up to it until their current contracts expire.

Because many leading registrars signed their last contract after it was revised in 2009, it could be three or four years before the new RAA has any impact.

I’m not sure it’s going to be enough to fully satisfy the GAC.

Radell, for example, said yesterday that some items – such as the registrar obligation to publish an abuse contact – should be brought in through a voluntary code of conduct in the short term.

She also called for the 20% of registrars deemed to be bad actors (not a scientifically arrived-at number) should be de-accredited by ICANN.

UPDATE (October 27): Mason Cole of the registrars constituency has been in touch to say that the RAA talks will not only look at the 12 “high priority” or law enforcement recommendations.

Rather, he said, “there will be consideration of a broader range of issues.”

This appears to be consistent with the registrars’ original statement, which was linked to in the above post:

The negotiations are in response to the development of a list of recommendations made by law enforcement agencies and the broader Internet community to provide increased protections for registrants and greater security overall.

Facebok.com given to Facebook despite “theft” claim

Kevin Murphy, May 30, 2011, Domain Policy

ICANN says registrar contract trumps national court. Registrar warns of legal consequences.

The typo domain name facebok.com has finally been returned to Facebook, over eight months after it was subject to a successful cyberquatting complaint.

The domain does not currently resolve, but Whois records show it was transferred to Facebook from its previous registrant, one “Franz Bauer”, last Thursday.

The case was marked by controversy, after ICANN threatened to shut down its sponsoring registrar, EuroDNS, for failing to transfer the domain last within 10 days, as required by UDRP rules.

EuroDNS had resisted the transfer after being named in a lawsuit, in its native Luxembourg, filed by a suspicious Panama shell company going by the name Facebok.com. The plaintiff claimed the domain had been “stolen” by Bauer.

But ICANN told the registrar last week that the Registrar Accreditation Agreement only allows the registrar to defer a transfer if the original registrant – not a third party – sues.

In a letter noting that EuroDNS is “a long-standing and respected member of the ICANN community”, the ICANN compliance department said:

the only kind of documentation that will stop the registrar from implementing a panel decision ordering a transfer is evidence that the registrant/respondent has commenced a lawsuit against the complainant in a jurisdiction to which the complainant has submitted under UDRP Rules. The mere filing of a complaint by a third party does not excuse the registrar from fulfilling its obligations under the policy.

in recognition that there has been a court filing, ICANN must reiterate that failing to comply with the relevant contractual provisions of the RAA subjects EuroDNS to escalated compliance action up to and including termination of the EuroDNS accreditation.

That seems to have been sufficient clarity for EuroDNS to push through the transfer, but the registrar is not happy about the situation, which may leave it in a tricky legal position in Luxembourg.

In a reply to ICANN, EuroDNS CEO Xavier Buck suggested that the story may not be over yet:

the action you demand from EuroDNS will have tremendous consequences for our company in the pending judiciary case.

Consequently, EuroDNS reserves all rights to seek indemnification from ICANN for any damages or loss caused by the action we have been forced to take not to lose our Registrar accreditation.

The lawsuit was filed last September, just days after the UDRP case was decided, but has not yet gone to court.

Under its previous ownership, facebok.com redirected to a series of scam sites that may have proved rather lucrative.

Three registrars face the ICANN chop

Kevin Murphy, November 24, 2010, Domain Registrars

ICANN has told three registrars they are in breach of their registrar contracts and will lose their accreditation next month unless they rectify the problems.

These registrars, all of which appear to have negligible numbers of gTLD domains under management, are affected:

Mister Name will be shut down if it does not pay its ICANN fees and escrow its Whois data.

Open System Ltd is accused of not having a functioning Whois service.

Best Bulk Domains Inc also doesn’t have a functioning Whois, ICANN said. It also has not been paying its dues and hasn’t maintained accurate contact information for itself.

All three have dates in mid-December to clean up their acts or lose their right to sell gTLD domains.

You can find ICANN’s compliance letters here.

Two registrars get stay of execution

Kevin Murphy, August 19, 2010, Domain Registrars

ICANN has given two registrars another year of accreditation, after previously threatening to terminate their contracts for non-payment of fees.

Abansys & Hostytec and Namehouse, two small registrars, have had the terms of their registrar accreditation agreements extended to August 15, 2011 and July 6, 2011, respectively.

In June, ICANN had told both companies they would be de-accredited on July 1, 2010. Together, the two firms owed almost $20,000 in unpaid fees.

Yesterday, a small note appeared on ICANN’s compliance page:

18 August 2010: Abansys & Hostytec, S.L. RAA effective date extended to 15 August 2011.
18 August 2010: Namehouse, Inc. RAA effective date extended to 6 July 2011.

It’s not entirely clear to me whether this means the registrars have paid up or not. Unlike previous occasions, there’s no mention of whether the companies “cured all outstanding contract breaches”.

According to DotAndCo.net, neither registrar has any domains under management in the gTLDs, although Abansys & Hostytec claims to run over 100,000 domains.

Registrars responsible for proxy cybersquatters

Domain name registrars can be liable when their customers break the law, if those customers use a privacy service, according to new ICANN guidance.

The ICANN advisory clarifies the most recent Registrar Accreditation Agreement, and seems primarily pertinent to UDRP cases where the registrar refuses to cooperate with the arbitrator’s request for proper Whois records.

The advisory says:

a Registered Name Holder licensing the use of a domain is liable for harm caused by the wrongful use of the domain unless the Registered Name Holder promptly identifies the licensee to a party providing the Registered Name Holder with reasonable evidence of actionable harm

In other words, if a domain gets hit with a UDRP claim or trademark infringement lawsuit, as far as the RAA is concerned the proxy service is the legal registrant unless the registrar quickly hands over its customer’s details.

Law enforcement and intellectual property interests have been complaining about registrars refusing to do so for years, most recently in comments on ICANN’s Whois accuracy study.

ICANN offers a definition of the word “promptly” as “within five business days” and “reasonable evidence” as trademark ownership and evidence of infringement.

I don’t think this ICANN guidance will have much of an impact on privacy services offered by the big registrars, which generally seem quite happy to hand over customer identities on demand.

Instead, this looks like it could be the start of a broader ICANN crackdown on certain non-US registrars offering “bulletproof” registrations to cybersquatters and other ne’er-do-wells.

I wouldn’t be surprised to find the number of ICANN de-accreditations citing refusal to cooperate with UDRP claims increasing in future.

The new ICANN document is a draft, and you can comment on it here.

Twenty registrars canned in 2009

Kevin Murphy, April 30, 2010, Domain Registrars

ICANN shut down 20 domain name registrars in 2009, and is on course to do the same this year, according to numbers released today.

That’s up from seven de-accreditations in 2008, and twice as many as the previous record year, 2003.

ICANN can withdraw accreditation from a registrar, stopping its ability to register domains, if the registrar fails to escrow Whois information or pay its ICANN dues.

It looks like 2010 could well see a similar level of de-accreditations.

Five registrars were shuttered in the first quarter, and ICANN has sent warnings to five more this month.