ICANN has moved closer to cracking down on cybersquatters who try to flip their domains when they discover they’ve been hit with a UDRP complaint.
Under recommendations approved by the GNSO Council yesterday, registrars would be bound by a much stricter set of UDRP-related domain locking rules in future.
So-called “cyberflight” — where squatters transfer their domains to a new registrar or registrants — appears to be a relatively infrequent problem, but when it does happen it causes big headaches for UDRP providers and trademark owners.
A survey of UDRP providers carried out as part of the GNSO’s policy development process discovered that the vast majority of registrars already lock domains hit by UDRP.
The problem is, they said, that locking practices are not uniform. Some registrars take well over a week to lock domains, and what the “lock” entails differs by registrar.
The recommendations of the GNSO’s Final Report on the Locking of a Domain Name Subject to UDRP Proceedings Policy Development Process, adopted by the Council yesterday, seek to standardize the process.
After being told about a complaint against one of its domains, the registrar in future would have a maximum of two business days to put a lock — preventing any changes in registrant or registrar — in place.
The lock would remain until the UDRP was resolved, but there would be various safeguards in place to enable complainants and respondents to settle their differences outside of the UDRP.
The lock would not prevent registrars or proxy/privacy services revealing the true identity of the registrant — that wouldn’t count as a change of registrant.
To prevent registrants abusing the two-day window to sell their domains or switch registrars, they would not be told about the existence of the UDRP until the domain had been locked.
The UDRP rules currently require the complainant to send a copy of their complaint to the domain owner at the same time it is filed with the UDRP provider.
But the GNSO has now recommended getting rid of this rule, stating: “as a best practice, complainants need not inform respondents that a complaint has been filed to avoid cyberflight.”
The registrant would be informed later by the UDRP provider instead.
Registrars would be prohibited from tipping off the registrant until the lock was in place.
The July 2013 recommendations (pdf) came out of a working group that was formed in April 2012, in response to policy ideas floated in 2011.
The GNSO’s resolution calls for ICANN staff to work with members of the working group on an implementation plan, which would eventually be put to the ICANN board for approval.
Once through the board, the new policy would become binding on all ICANN-accredited registrars.
ICANN seems to have changed its mind about requiring Uniform Rapid Suspension providers to sign enforceable contracts, angering the Internet Commerce Association.
As we reported in May, the ICA claimed a victory when ICANN said in a written answer to its persistent inquiries that URS providers would be bound by contract.
An ICANN Q&A, referring to a question the ICA’s Phil Corwin asked at the ICANN meeting in Beijing, said:
[Q] As regards Uniform Rapid Suspension (URS) providers, will there be a contract developed that goes beyond the non-enforceable memorandum of understanding? Will there be other URS providers?
[A] Yes, a contract is being developed and additional URS providers will be added.
It’s difficult to interpret that as anything other than “Yes, a contract is being developed.” The fact that the question draws the distinction between a contract and an MoU seems to remove any ambiguity.
But at the ICANN 47 meeting in Durban last week, ICANN appeared to backtrack on this position.
During a URS demo session, gTLD registry services director Krista Papac said that URS providers will only have to agree to an MoU.
“This breach of a written commitment is unacceptable,” Corwin later said at the Public Forum on Thursday.
In response, ICANN deputy general counsel Amy Stathos said:
An MoU is a contract. I recognize that you don’t necessarily recognize that as the full contract that you were contemplating or that had been contemplated. But that is a contract. And it calls and requires the URS providers to comply with all the rules and procedures that are in the Guidebook.
On Friday, ICANN then published a (hastily written?) document that sought to spell out its position on contracts for URS and UDRP providers. It says:
ICANN has carefully considered whether the introduction of contracts is feasible or useful in the scope of UDRP proceedings, and has determined that contracts would be a cumbersome tool to assert to reach the same outcome that exists today.
It goes on to address some of the concerns that the ICA and others have put forward in the past. The organization, which represents big-volume domainers, is worried that some UDRP providers find more often in favor of complainants in order to secure their business. Enforceable contracts, it says, would help prevent that.
ICANN said in its new position statement (pdf) that it has never seen behavior from UDRP providers that would require it to take action, but added:
Of course, there is always the future possibility that an issue of non-compliance will arise that will require corrective action. In recognition of that potential, ICANN commits that substantiated reports of UDRP provider non‐compliance with the UDRP or the Rules will be investigated.
Contracts, it said, would not stop forum shopping.
After badgering ICANN for a few weeks, I’ve finally got a firm “no comment” on the question of how new gTLD applicant Demand Media managed to pass its background checks.
The question of whether it’s possible for serial cybersquatters to bypass ICANN screening and be awarded new gTLDs just by setting up shell companies is still open, it seems.
As DI and other blogs have been reporting for the past few years, there was a question mark over Demand Media’s eligibility for the new gTLD program due to its history of cybersquatting.
Under ICANN rules, any company that lost three or more UDRP decisions with at least one loss in the last three years would not pass its background screening. The Applicant Guidebook states:
In the absence of exceptional circumstances, applications from any entity with or including any individual with convictions or decisions of the types listed in (a) – (m) below will be automatically disqualified from the program.
m. has been involved in a pattern of adverse, final decisions indicating that the applicant or individual named in the application was engaged in cybersquatting as defined in the Uniform Domain Name Dispute Resolution Policy (UDRP), the Anti-Cybersquatting Consumer Protection Act (ACPA), or other equivalent legislation, or was engaged in reverse domain name hijacking under the UDRP or bad faith or reckless disregard under the ACPA or other equivalent legislation. Three or more such decisions with one occurring in the last four years will generally be considered to constitute a pattern.
Demand Media subsidiary Demand Domains has lost over 30 UDRP cases, most recently in 2011, but its United TLD Holdco subsidiary has sailed through its Initial Evaluations.
Technically, shouldn’t it have failed screening and therefore IE?
Domain Name Wire speculated in November 2010 that ICANN had deliberately introduced loopholes in order to let Demand — and, at the time, Go Daddy — into the new gTLD program.
At that time, ICANN had just removed references to “any person or entity owning (or beneficially owning) fifteen percent or more of the applicant” in the background screening section of the Guidebook.
That might have introduced a loophole allowing subsidiaries of cybersquatters to apply.
But Demand Media seemed to think it was still at risk, asking ICANN in December 2010 to change the background check rules.
ICANN did. In the next version of the Guidebook, published in April 2011, it added the “In the absence of exceptional circumstances” qualifying language.
It’s also possible that this was the loophole that allowed Demand to pass screening.
Judging by the UDRP complaints it was involved in in the past, the company usually argued against the “bad faith” element of the policy. It often said it didn’t know about the complainant’s trademark and/or said it had offered to transfer the domain at no charge.
But more than 30 UDRP panelists didn’t buy that argument and still found against Demand. The company lost far more complaints than it won.
The fact that the company apparently managed to clean its act up a few years ago — not being hit with any complaints since 2011 — suggests that its act wasn’t all that clean to begin with.
Either way, neither ICANN nor Demand wants to talk about how the company passed screening, so I guess we’re still left wondering whether this section of the Guidebook is worth the PDF it’s written on.
ICANN has approved a new UDRP resolution provider, the first to be based in the Arab region, despite the objections of domainers.
The Arab Center for Dispute Resolution will now be able to service UDRP complaints. But it won’t be bound to an ICANN contract, as had been demanded by the Internet Commerce Association and others.
The ACDR was approved by the ICANN board last week, almost three years after it originally applied for the privilege.
The board said in its rationale that the move would be good for geographic diversity and that its rigorous community review process highlighted community accountability.
On the issue of UDRP provider contracts, it merely noted:
commenters suggested that ICANN develop contracts with each of its UDRP providers as a means to require uniformity among providers. Contracts have never been required of UDRP providers.
the proposal now includes an affirmative recognition that if ICANN imposes further requirements on providers, the ACDR will follow those requirements
The ACDR will come as a knock to the ICA, which recently celebrated the fact that ICANN intends to have formal contracts with providers of Uniform Rapid Suspension services.
The Asian Domain Name Dispute Resolution Centre has been approved by ICANN as a provider of Uniform Rapid Suspension services.
The two organizations signed a memorandum of understanding last week, ICANN said.
ADNDRC is the second URS resolution provider to be named, after the US-based National Arbitration Forum. It’s got offices in Beijing, HongKong, Seoul and Kuala Lumpur and tends to hand local cases.
While it’s been a UDRP provider since 2001, it’s only handled about 1,000 cases in that time, according to DI’s records. That’s about 16 times fewer than NAF and 17 times fewer than WIPO.
ICANN said that more providers will be appointed in future.
URS is a faster, cheaper version of UDRP that allows obviously trademark-infringing domains to be suspended — not transferred — for about $500 a pop. It will only apply to new gTLDs at first.