Dodgy domainer owns 40% of .ceo’s new names

Kevin Murphy, March 30, 2014, Domain Registries

What do Mark Zuckerberg, Oprah Winfrey, Donald Trump, Jeff Bezos and the Saudi royal family have in common?

Their .ceo domain names all belong to the same guy, a registrant from Trinidad and Tobago who as of last night was responsible for 40% of hand-registered .ceo domains.

Andrew Davis has registered roughly 100 of the roughly 250 .ceo names sold since the new gTLD went into general availability on March 28, spending at least $10,000 to do so.

I hesitate to call him a cyberquatter, but I have a feeling that multiple UDRP panels will soon be rather less hesitant.

Oh, what the hell: the dude’s a cyberquatter.

Here’s why I think so.

According to Whois records, Davis has registered dozens of common given and family names in .ceo — stuff like smith.ceo, patel.ceo, john.ceo, wang.ceo and wolfgang.ceo.

So far, that seems like fair game to me. There are enough CEOs with those names out there that to register matching domains in .ceo, or in any TLD, could easily be seen as honest speculation.

Then there are domains that start setting off alarm bells.

zuckerberg.ceo? zuck.ceo? oprah.ceo? trump.ceo? bezos.ceo?

Sure, those are names presumably shared by many people, but in the context of .ceo could they really refer to anyone other than Mark Zuckerberg, Oprah Winfrey, Donald Trump and Jeff Bezos?

I doubt it.

Then there are a class of names that seem to have been registered by Davis purely because they show up on lists of the world’s wealthiest families and individuals.

The domains slim.ceo, walton.ceo, and adelson.ceo match the last names of three of the top ten wealthiest people on the planet; arnault.ceo matches the name of France’s second-richest businessman.

getty.ceo, rockefeller.ceo, hearst.ceo, rothschild.ceo… all family names of American business royalty.

Then there’s the names of members of actual royalty, the magnificently wealthy Saudi royal family: alsaud.ceo, saud.ceo and alwaleed.ceo.

Still, if Davis had registered any single one of these names he could make a case that it was a good faith registration (if his name was Walton or Al Saud).

Collectively, the registration strategy looks very dodgy.

But where any chance of a good-faith defense falls apart is where Davis has registered the names of famous family-owned businesses where the name is also a well-defended trademark.

bacardi.ceo… prada.ceo… beretta.ceo… mars.ceo… sennheiser.ceo… shimano.ceo… swarovski.ceo… versace.ceo… ferrero.ceo… mahindra.ceo… olayan.ceo…

There’s very little chance of these surviving a UDRP if you ask me.

Overall, I estimate that at least half of Davis’ 100 registrations seem to deliberately target specific high net worth individuals or famous brands that are named after their company’s founder.

The remainder are generic enough that it’s difficult to guess what was going through his mind.

On his under construction web site at andrewdavis.ceo, Davis says:

I am the owner of Hundreds of the Best .CEO Domains available on the web.

My collection comprises of the Top Premium .CEO Domains (in my opinion).

My list of domains contains the First or Last names of well over 1 Billion people around the world.

I offer Email and Web Link Services on each of these sites, so that these Domains can be shared with many people around the world, particularly CEOs, Business Owners and Leaders, or those aspiring to become one.

On each of Davis’ .ceo sites, he offers to sell email addresses (eg contact@bacardi.ceo) for $10 a month and third-level domain names (eg blog.walton.ceo) for $5 a month.

A UDRP panelist is going to take this as evidence of bad faith, despite Davis’ disclaimer, which appears on each of his web sites. Here’s an example from bacardi.ceo:

This Website (Bacardi.CEO) is NOT Affiliated with, nor refers to, any Trademark or Company named “Bacardi”, that may or may not exist.

This Website does NOT refer to any Specific Individual Person(s) named “Bacardi”.

This Website aims to provide Services for ANY Person named “Bacardi”, particularly: CEOs, Business Owners and Leaders.

Bacardi.CEO is an Independent and Personal Project/Service of Andrew Davis.

I must admit I admire his entrepreneurship, but I fear he has stepped over the line into cybersquatting that a UDRP panelist will have no difficulty at all recognizing.

Davis has already been hit with a Uniform Rapid Suspension complaint on mittal.ceo, presumably filed on behalf of billionaire Indian steel magnate Lakshmi Mittal and/or his company ArcelorMittal.

It’s not clear from the name alone whether mittal.ceo is a losing domain under URS’ higher standard of evidence, but I reckon the pattern of registrations described in this blog post would help make for a pretty convincing case that would put it over the line.

I should add, in fairness to .ceo registry PeopleBrowsr, that the other 60% of its zone, judging by Whois records, looks pretty clean. Small, but clean.

Panel doesn’t consider TLD in the first-ever new gTLD UDRP case

Kevin Murphy, March 17, 2014, Domain Policy

The first new gTLD domain name has been lost to a UDRP complaint.

The famous German bike maker Canyon Bicycles won canyon.bike from a registrant who said he’d bought the name — and others — in order to protect the company from cybersquatters.

The panelist in the case, WIPO’s Andrew Lothian, declined to consider the fact that the TLD was related to Canyon’s business in making his decision. Finding confusing similarity, he wrote:

The Panel finds that, given the advent of multiple new gTLD domain names, panels may determine that it is appropriate to include consideration of the top-level suffix of a domain name for the purpose of the assessment of identity or similarity in a given case, and indeed that there is nothing in the wording of the Policy that would preclude such an approach. However, the Panel considers that it is not necessary to do so in the present case.

Canyon had argued that the fact that it’s a .bike domain reinforced the similarity between the domain and the mark, but it’s longstanding WIPO policy that the TLD is irrelevant when determining confusing similarity.

The domain was registered under Whois privacy but, when it was lifted, Canyon looked the registrant up on social media and discovered he was very familiar with the world of bikes.

The registrant told WIPO that he’s registered Canyon’s mark “with the best of intentions”.

Apparently, he’s registered more than one famous brand in a new gTLD in the belief that the existence of the program was not wildly known, in order to transfer the domains to the mark holders.

He claimed “that many companies have been content with his actions” according to the decision.

But the fact that he’d asked for money from Canyon was — of course — enough for Lothan to find bad faith.

He also chose to use the fact that the registrant had made no attempt to remove the default Go Daddy parking page — which the registrar monetizes with PPC — as further evidence of bad faith.

The domain is to be transferred.

ICANN to crack down on UDRP “cyberflight”

Kevin Murphy, August 2, 2013, Domain Registrars

ICANN has moved closer to cracking down on cybersquatters who try to flip their domains when they discover they’ve been hit with a UDRP complaint.

Under recommendations approved by the GNSO Council yesterday, registrars would be bound by a much stricter set of UDRP-related domain locking rules in future.

So-called “cyberflight” — where squatters transfer their domains to a new registrar or registrants — appears to be a relatively infrequent problem, but when it does happen it causes big headaches for UDRP providers and trademark owners.

A survey of UDRP providers carried out as part of the GNSO’s policy development process discovered that the vast majority of registrars already lock domains hit by UDRP.

The problem is, they said, that locking practices are not uniform. Some registrars take well over a week to lock domains, and what the “lock” entails differs by registrar.

The recommendations of the GNSO’s Final Report on the Locking of a Domain Name Subject to UDRP Proceedings Policy Development Process, adopted by the Council yesterday, seek to standardize the process.

After being told about a complaint against one of its domains, the registrar in future would have a maximum of two business days to put a lock — preventing any changes in registrant or registrar — in place.

The lock would remain until the UDRP was resolved, but there would be various safeguards in place to enable complainants and respondents to settle their differences outside of the UDRP.

The lock would not prevent registrars or proxy/privacy services revealing the true identity of the registrant — that wouldn’t count as a change of registrant.

To prevent registrants abusing the two-day window to sell their domains or switch registrars, they would not be told about the existence of the UDRP until the domain had been locked.

The UDRP rules currently require the complainant to send a copy of their complaint to the domain owner at the same time it is filed with the UDRP provider.

But the GNSO has now recommended getting rid of this rule, stating: “as a best practice, complainants need not inform respondents that a complaint has been filed to avoid cyberflight.”

The registrant would be informed later by the UDRP provider instead.

Registrars would be prohibited from tipping off the registrant until the lock was in place.

The July 2013 recommendations (pdf) came out of a working group that was formed in April 2012, in response to policy ideas floated in 2011.

The GNSO’s resolution calls for ICANN staff to work with members of the working group on an implementation plan, which would eventually be put to the ICANN board for approval.

Once through the board, the new policy would become binding on all ICANN-accredited registrars.

ICANN backtracks on URS contracts

Kevin Murphy, July 22, 2013, Domain Policy

ICANN seems to have changed its mind about requiring Uniform Rapid Suspension providers to sign enforceable contracts, angering the Internet Commerce Association.

As we reported in May, the ICA claimed a victory when ICANN said in a written answer to its persistent inquiries that URS providers would be bound by contract.

An ICANN Q&A, referring to a question the ICA’s Phil Corwin asked at the ICANN meeting in Beijing, said:

[Q] As regards Uniform Rapid Suspension (URS) providers, will there be a contract developed that goes beyond the non-enforceable memorandum of understanding? Will there be other URS providers?

[A] Yes, a contract is being developed and additional URS providers will be added.

It’s difficult to interpret that as anything other than “Yes, a contract is being developed.” The fact that the question draws the distinction between a contract and an MoU seems to remove any ambiguity.

But at the ICANN 47 meeting in Durban last week, ICANN appeared to backtrack on this position.

During a URS demo session, gTLD registry services director Krista Papac said that URS providers will only have to agree to an MoU.

“This breach of a written commitment is unacceptable,” Corwin later said at the Public Forum on Thursday.

In response, ICANN deputy general counsel Amy Stathos said:

An MoU is a contract. I recognize that you don’t necessarily recognize that as the full contract that you were contemplating or that had been contemplated. But that is a contract. And it calls and requires the URS providers to comply with all the rules and procedures that are in the Guidebook.

On Friday, ICANN then published a (hastily written?) document that sought to spell out its position on contracts for URS and UDRP providers. It says:

ICANN has carefully considered whether the introduction of contracts is feasible or useful in the scope of UDRP proceedings, and has determined that contracts would be a cumbersome tool to assert to reach the same outcome that exists today.

It goes on to address some of the concerns that the ICA and others have put forward in the past. The organization, which represents big-volume domainers, is worried that some UDRP providers find more often in favor of complainants in order to secure their business. Enforceable contracts, it says, would help prevent that.

ICANN said in its new position statement (pdf) that it has never seen behavior from UDRP providers that would require it to take action, but added:

Of course, there is always the future possibility that an issue of non-compliance will arise that will require corrective action. In recognition of that potential, ICANN commits that substantiated reports of UDRP provider non‐compliance with the UDRP or the Rules will be investigated.

Contracts, it said, would not stop forum shopping.

ICANN won’t say how Demand Media passed its new gTLD background check

After badgering ICANN for a few weeks, I’ve finally got a firm “no comment” on the question of how new gTLD applicant Demand Media managed to pass its background checks.

The question of whether it’s possible for serial cybersquatters to bypass ICANN screening and be awarded new gTLDs just by setting up shell companies is still open, it seems.

As DI and other blogs have been reporting for the past few years, there was a question mark over Demand Media’s eligibility for the new gTLD program due to its history of cybersquatting.

Under ICANN rules, any company that lost three or more UDRP decisions with at least one loss in the last three years would not pass its background screening. The Applicant Guidebook states:

In the absence of exceptional circumstances, applications from any entity with or including any individual with convictions or decisions of the types listed in (a) – (m) below will be automatically disqualified from the program.

m. has been involved in a pattern of adverse, final decisions indicating that the applicant or individual named in the application was engaged in cybersquatting as defined in the Uniform Domain Name Dispute Resolution Policy (UDRP), the Anti-Cybersquatting Consumer Protection Act (ACPA), or other equivalent legislation, or was engaged in reverse domain name hijacking under the UDRP or bad faith or reckless disregard under the ACPA or other equivalent legislation. Three or more such decisions with one occurring in the last four years will generally be considered to constitute a pattern.

Demand Media subsidiary Demand Domains has lost over 30 UDRP cases, most recently in 2011, but its United TLD Holdco subsidiary has sailed through its Initial Evaluations.

Technically, shouldn’t it have failed screening and therefore IE?

Domain Name Wire speculated in November 2010 that ICANN had deliberately introduced loopholes in order to let Demand — and, at the time, Go Daddy — into the new gTLD program.

At that time, ICANN had just removed references to “any person or entity owning (or beneficially owning) fifteen percent or more of the applicant” in the background screening section of the Guidebook.

That might have introduced a loophole allowing subsidiaries of cybersquatters to apply.

But Demand Media seemed to think it was still at risk, asking ICANN in December 2010 to change the background check rules.

ICANN did. In the next version of the Guidebook, published in April 2011, it added the “In the absence of exceptional circumstances” qualifying language.

It’s also possible that this was the loophole that allowed Demand to pass screening.

Judging by the UDRP complaints it was involved in in the past, the company usually argued against the “bad faith” element of the policy. It often said it didn’t know about the complainant’s trademark and/or said it had offered to transfer the domain at no charge.

But more than 30 UDRP panelists didn’t buy that argument and still found against Demand. The company lost far more complaints than it won.

The fact that the company apparently managed to clean its act up a few years ago — not being hit with any complaints since 2011 — suggests that its act wasn’t all that clean to begin with.

Either way, neither ICANN nor Demand wants to talk about how the company passed screening, so I guess we’re still left wondering whether this section of the Guidebook is worth the PDF it’s written on.