Neustar is to impose the Uniform Rapid Suspension policy on the .us ccTLD.
This means trademark owners are going to get a faster, cheaper way to get infringing .us domains taken down.
From July 1, all existing and new .us names will be subject to the policy.
Neustar’s calling it the usRS or .us Rapid Suspension service, but a blog post from the company confirms that it’s basically URS with a different name.
It will be administered by the National Arbitration Forum and cost mark owners from $375 per complaint, just like URS.
Neustar becomes the second ccTLD operator to support URS after PW Registry’s .pw, which implemented it from launch.
URS and usRS only permit domains to be suspended, not transferred to the mark owner, so there’s less chance of it being abused to reverse-hijack domains.
The burden of proof is also higher than UDRP — “clear and convincing evidence”.
Clear-cut cases of cybersquatting seem to be among those .xyz domain names that Network Solutions has registered to its customers without their explicit request.
Some of the domains I’ve found registered in .xyz, via NetSol to the registrants of the matching .com or .net names, include my-twitter.xyz, facebook-liker.xyz and googledia.xyz.
They’re all registered via NetSol’s Whois privacy service, which lists the registrant’s “real” name in the Whois record, but substitutes mailing address, email and phone number with NetSol-operated proxies.
I think the chance of these names being paid for by the registrant is slim. It seems probable that many (if not all) of the squatty-looking names were registered via NetSol’s promotional program for .xyz.
As previously reported, NetSol has been giving away domain names in .xyz to owners of the matching .com names. Tens of thousands of .xyz names seem to have been registered this way in the last week.
The “registrants” did not have to explicitly accept the offer. Instead, NetSol gave them the option to “opt-out” of having the name registered on their behalf and placed into their accounts.
But it’s not clear how much, if any, support NetSol has received from the registry, XYZ.com. CEO Daniel Negari told Rick Schwartz, in a coy interview last week:
The Registry Operator is unable to “give away” free domain names. I never even saw the email that the registrar sent to its customers until I discovered it on the blogs.
The opt-out giveaway has also prompted speculation about NetSol’s right to register domains without the explicit consent of the registrant, both under the law and under ICANN contract.
Under the Registrar Accreditation Agreement, in order to register a domain name, registrars “shall require” the registrant “to enter into an electronic or paper registration agreement”.
That agreement requires the registrant to agree to, among many other things, the transfer or suspension of their domains if (for example) they lose a UDRP or URS case.
But that doesn’t seem to be happening with the opt-out names,
Barry Shein, president of The World, had shein.xyz registered on his behalf by NetSol on Saturday. He already owns shein.com, also registered with NetSol.
NetSol’s email informing him of the registration, which Shein forwarded to DI, reads as follows:
Dear Valued Network Solutions Customer,
Congratulations, your complimentary SHEIN.XYZ domain has arrived!
Your new .XYZ domain is now available in your Network Solutions account and ready to use. To go along with your new .XYZ domain, you have also received complimentary access to Professional Email and Private Registration for your .XYZ domain.
If you choose not to use this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.
We appreciate your business and look forward to serving you again.
Network Solutions Customer Support
Importantly, a footnote goes on to describe how NetSol will take a refusal to opt out as “continued acceptance” of its registration agreement:
Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at http://www.networksolutions.com/legal/static-service-agreement.jsp, and its application to the domain.
So, if you’re a NetSol customer who was picked to receive a free .xyz name but for whatever reason you don’t read every marketing email your registrar sends you (who does?) you’ve agreed to the registration agreement without your knowledge or explicit consent, at least according to NetSol.
I am not a lawyer, but I’ve studied enough law to know that this is a dubious way to make a contract. Lawyers I’ve shown this disclaimer to have laughed out loud.
Of course, because each registrant already owns a matching .com, they’ve already accepted NetSol’s registration agreement and terms of service at least once before.
This may allow NetSol to argue that the initial acceptance of the contract also applies to the new .xyz domains.
But there are differences between .com and .xyz.
Chiefly, as a new gTLD, .xyz registrants are subject to policies that do not apply to .com, such as the Uniform Rapid Suspension policy.
URS differs from UDRP in that there’s a “loser pays” model that applies to complaints involving over 15 domains.
So these .xyz registrants have been opted into a policy that could leave them out of pocket, without their explicit consent.
Of course, we’re talking about people who seem to be infringing famous trademarks in their existing .com names, so who gives a damn, right?
But it does raise some interesting questions.
Who’s the registrant here? Is it the person who owns the .com, or is it NetSol? NetSol is the proxy service, but the .com registrant’s name is listed in the Whois.
Who’s liable for cybersquatting here? Who would Twitter file a UDRP or URS against over my-twitter.xyz? Who would it sue, if it decided to opt for the courts instead?
What do Mark Zuckerberg, Oprah Winfrey, Donald Trump, Jeff Bezos and the Saudi royal family have in common?
Their .ceo domain names all belong to the same guy, a registrant from Trinidad and Tobago who as of last night was responsible for 40% of hand-registered .ceo domains.
Andrew Davis has registered roughly 100 of the roughly 250 .ceo names sold since the new gTLD went into general availability on March 28, spending at least $10,000 to do so.
I hesitate to call him a cyberquatter, but I have a feeling that multiple UDRP panels will soon be rather less hesitant.
Oh, what the hell: the dude’s a cyberquatter.
Here’s why I think so.
According to Whois records, Davis has registered dozens of common given and family names in .ceo — stuff like smith.ceo, patel.ceo, john.ceo, wang.ceo and wolfgang.ceo.
So far, that seems like fair game to me. There are enough CEOs with those names out there that to register matching domains in .ceo, or in any TLD, could easily be seen as honest speculation.
Then there are domains that start setting off alarm bells.
zuckerberg.ceo? zuck.ceo? oprah.ceo? trump.ceo? bezos.ceo?
Sure, those are names presumably shared by many people, but in the context of .ceo could they really refer to anyone other than Mark Zuckerberg, Oprah Winfrey, Donald Trump and Jeff Bezos?
I doubt it.
Then there are a class of names that seem to have been registered by Davis purely because they show up on lists of the world’s wealthiest families and individuals.
The domains slim.ceo, walton.ceo, and adelson.ceo match the last names of three of the top ten wealthiest people on the planet; arnault.ceo matches the name of France’s second-richest businessman.
getty.ceo, rockefeller.ceo, hearst.ceo, rothschild.ceo… all family names of American business royalty.
Then there’s the names of members of actual royalty, the magnificently wealthy Saudi royal family: alsaud.ceo, saud.ceo and alwaleed.ceo.
Still, if Davis had registered any single one of these names he could make a case that it was a good faith registration (if his name was Walton or Al Saud).
Collectively, the registration strategy looks very dodgy.
But where any chance of a good-faith defense falls apart is where Davis has registered the names of famous family-owned businesses where the name is also a well-defended trademark.
bacardi.ceo… prada.ceo… beretta.ceo… mars.ceo… sennheiser.ceo… shimano.ceo… swarovski.ceo… versace.ceo… ferrero.ceo… mahindra.ceo… olayan.ceo…
There’s very little chance of these surviving a UDRP if you ask me.
Overall, I estimate that at least half of Davis’ 100 registrations seem to deliberately target specific high net worth individuals or famous brands that are named after their company’s founder.
The remainder are generic enough that it’s difficult to guess what was going through his mind.
On his under construction web site at andrewdavis.ceo, Davis says:
I am the owner of Hundreds of the Best .CEO Domains available on the web.
My collection comprises of the Top Premium .CEO Domains (in my opinion).
My list of domains contains the First or Last names of well over 1 Billion people around the world.
I offer Email and Web Link Services on each of these sites, so that these Domains can be shared with many people around the world, particularly CEOs, Business Owners and Leaders, or those aspiring to become one.
On each of Davis’ .ceo sites, he offers to sell email addresses (eg email@example.com) for $10 a month and third-level domain names (eg blog.walton.ceo) for $5 a month.
A UDRP panelist is going to take this as evidence of bad faith, despite Davis’ disclaimer, which appears on each of his web sites. Here’s an example from bacardi.ceo:
This Website (Bacardi.CEO) is NOT Affiliated with, nor refers to, any Trademark or Company named “Bacardi”, that may or may not exist.
This Website does NOT refer to any Specific Individual Person(s) named “Bacardi”.
This Website aims to provide Services for ANY Person named “Bacardi”, particularly: CEOs, Business Owners and Leaders.
Bacardi.CEO is an Independent and Personal Project/Service of Andrew Davis.
I must admit I admire his entrepreneurship, but I fear he has stepped over the line into cybersquatting that a UDRP panelist will have no difficulty at all recognizing.
Davis has already been hit with a Uniform Rapid Suspension complaint on mittal.ceo, presumably filed on behalf of billionaire Indian steel magnate Lakshmi Mittal and/or his company ArcelorMittal.
It’s not clear from the name alone whether mittal.ceo is a losing domain under URS’ higher standard of evidence, but I reckon the pattern of registrations described in this blog post would help make for a pretty convincing case that would put it over the line.
I should add, in fairness to .ceo registry PeopleBrowsr, that the other 60% of its zone, judging by Whois records, looks pretty clean. Small, but clean.
ICANN has angered the Generic Names Supporting Organization and risks angering the Governmental Advisory Committee as it prevaricates over a controversial rights protection mechanism.
It looks like the ICANN board of directors is going to have decide whether to reject either a hard-won unanimous consensus GNSO policy recommendation or a piece of conflicting GAC advice.
ICANN is “stuck in a bind”, according to chairman Steve Crocker, and it’s a bind that comes at a time when the bottom-up multi-stakeholder process is under the global microscope.
The issue putting pressure on the board this week at the ICANN 49 public meeting here in Singapore is the protection of the names and acronyms of intergovernmental organizations.
IGOs pressured the GAC a few years ago into demanding protection in new gTLDs. They want every IGO name and acronym — hundreds of strings — blocked from registration by default.
For example, the Economic Cooperation Organization would have “economiccooperationorganization” and “eco” blocked at the second level in all new gTLDs, in much the same way as country names are reserved.
Other IGO acronyms include potentially useful dictionary-word strings like “who” and “idea”. As I’ve said before, protecting the useful acronyms of obscure IGOs that never get cybersquatted anyway is just silly.
But when ICANN approved the new gTLD program in 2011, for expediency it placed a temporary block on some of these strings and asked the GNSO to run a formal Policy Development Process to figure out a permanent fix.
In November 2012 it added hundreds more IGO names and acronyms to the list, while the GNSO continued its work.
The GNSO concluded its PDP last year with a set of strong consensus recommendations. The GNSO Council then approved them in a unanimous vote at the Buenos Aires meeting last November.
Those recommendations would remove the IGO acronyms from the temporary reserved names list, but would enable IGOs to enter those strings into the Trademark Clearinghouse instead.
Once in the TMCH, the acronyms would be eligible for the standard 90-day Trademark Claims mechanism, which alerts brand owners when somebody registers a name matching their mark.
The IGOs would not, however, be eligible for sunrise periods, so they wouldn’t have the special right to register their names before new gTLDs go into general availability.
The PDP did not make a recommendation that would allow IGOs to use the Uniform Rapid Suspension service or UDRP.
Unfortunately for ICANN, the GNSO recommendations conflict with the GAC’s current advice.
The GAC wants (pdf) the IGOs to be eligible for Trademark Claims on a “permanent” basis, as opposed to the 90-day minimum that trademark owners get. It also wants IGOs — which don’t generally enjoy trademark protection — to be made eligible for the URS, UDRP or some similar dispute resolution process.
Since Buenos Aires, the ICANN board’s New gTLD Program Committee has been talking to the GAC and IGOs about a compromise. That compromise has not yet been formally approved, but some initial thinking has been circulated by Crocker to the GAC and GNSO Council.
ICANN proposes to give IGOs the permanent Trademark Claims service that the GAC has asked for, as well as access to the URS. Both policies would have to be modified to allow this.
It would also create an entirely new arbitration process to act as a substitute for UDRP for IGOs, which are apparently legally unable to submit to the jurisdiction of national courts.
The compromise, while certainly overkill for a bunch of organizations that could hardly be seen as ripe cybersquatting targets, may seem like a pragmatic way for the board to reconcile the GNSO recommendations with the GAC advice without pissing anyone off too much.
But members of the GNSO are angry that the board appears to be on the verge of fabricating new policy out of whole cloth, ignoring its hard-won PDP consensus recommendations.
That’s top-down policy-making, something which is frowned upon within ICANN circles.
Under the ICANN bylaws, the board is allowed to reject a GNSO consensus recommendation, if it is found to be “not in the best interests of the ICANN community or ICANN”. A two-thirds majority is needed.
“That’s not what happened here,” Neustar’s vice president of registry services Jeff Neuman told the board during a meeting here in Singapore on Tuesday.
“Instead, the board on its own developed policy,” he said. “It did not accept, it did not reject, it developed policy. But there is no room in the ICANN bylaws for the board to do this with respect to a PDP.”
He said that the GNSO working group had already considered elements of ICANN’s compromise proposal and specifically rejected them during the PDP. Apparently speaking for the Registries Stakeholder Group, Neuman said the compromise should be taken out of consideration.
Bret Fausett of Uniregistry added: “The process here is as important to us as the substance. We think procedure wasn’t followed here and we detect a lack of understanding at the board level that process wasn’t followed.”
The GNSO Council seems to agree that the ICANN board can either accept or reject its recommendations, but what it can’t do is just write its own policies for the sake of a quiet life with the GAC.
To fully accept the GNSO’s recommendations would, however, necessitate rejecting the GAC’s advice. That’s also possible under the bylaws, but it’s a lengthy process.
Director Chris Disspain told the GNSO Council on Sunday that the board estimates it would take at least six months to reject the GAC’s advice, during which time the temporary reservations of IGO acronyms would remain active.
He further denied that the board is trying to develop policy from the top.
“It is not top-down, it’s not intended to be top-down, I can’t really emphasis that enough,” he told the Council.
He described the bylaws ability to reject the GNSO recommendations as a “sledgehammer”.
“It would be nice to be able to not have to use the sledgehammer,” he said. “But if we did have to use the sledgehammer we should only be using it because we’ve all agreed that’s what we have to do.”
Chair Steve Crocker summed up the board’s predicament during the Sunday meeting.
“We always do not want to be in the position of trying to craft our own policy decision,” he said. “So we’re stuck in this bind where we’re getting contrary advice from sources that feel very strongly that they’ve gone through their processes and have spoken and so that’s the end of it from that perspective.”
The bind is especially tricky because it’s coming at a time when ICANN is suddenly becoming the focus of a renewed global interest in internet governance issues.
The US government has said that it’s willing to walk away from its direct oversight of ICANN, but only if what replaces it is a “multi-stakeholder” rather than “intergovernmental” mechanism
If ICANN were to reject the proceeds of a two-year, multi-stakeholder, bottom-up, consensus policy, what message would that send to the world about multistakeholderism?
On the other hand, if ICANN rejects the advice of the GAC, what message would it send about governments’ ability to effectively participate as a stakeholder in the process?
Clearly, something is broken when the procedures outlined in ICANN’s bylaws make compromise impossible.
Until that is fixed — perhaps by getting the GAC involved in GNSO policy-making, something that has been talked about to no end for years — ICANN will have to continue to make these kinds of hard choices.
Fielding a softball question during a meeting with the GNSO Council on Saturday, ICANN CEO Fadi Chehade said that “to value the process as much as I value the result” is the best piece of advice he’s received.
“Policies get made here,” Chehade told the Council, “they should not be made at the board level, especially when a consensus policy was made by the GNSO. Akram [Atallah, Generic Domains Division president] today was arguing very hard at the board meeting that even if we don’t think it’s the right thing, but it is the consensus policy of the GNSO, we should stick with it.”
Will the board stick with it? Director Bruce Tonkin told the registries on Monday that the board would try to address their concerns by today, so we may not have to wait long for an answer.
The first controversial Uniform Rapid Suspension decision? Probably not.
An self-described “entrepreneur” from Texas has lost control of the domain dana.holdings after a URS complaint filed by Dana Holding, a vehicle component supplier. The domain has been suspended.
It’s the first URS case where the second-level string, in this case “dana”, has a hypothetical multitude of uses not related to the trademark holder’s brand.
The respondent, one Farris Nawas, said in his URS response:
Dana is a common Middle Eastern female name. My family is of Middle Eastern descent. My intention is to establish a holding company in my native country and not in the United States. Upon my registration of the domain name www.Dana.Holdings, I discovered that Dana Holdings is nationally registered in the United states. Out of Courtesy, I approached Dana Limited corporation myself to let them know that I have registered the domain name with the intention of starting my own holding company.
The National Arbitration Forum URS examiner, Darryl Wilson, didn’t buy it
While Nawas was not wrong about Dana being a common first name, I feel I’m on pretty safe ground saying the excuse about starting his own holding company was utter nonsense.
Nawas owns over 200 domains, most of which were registered during the first days of new gTLDs general availability and many of which appear to be cut-and-dried cases of outright cybersquatting.
He was called out by Forbes for registering tommyhilfiger.clothing. I’ve discovered he also owns such as names 4san.ventures and akfen.holdings, among others, which also seem to match company names.
Evidence of a pattern of cybersquatting can be used by URS panels to find bad faith, but that doesn’t seem to have happened in this case.
Rather, Wilson seems to have taken Nawas’ offer to sell the domain to Dana for “an unspecified amount” as evidence that he’s a wrong ‘un. Wilson found his explanation “dubious at best”.