Was Facebok.com really stolen?

The domain name’s strange history raises questions.
The typo domain facebok.com is currently at the center of an unusual legal battle that has put a respected domain name registrar’s ICANN accreditation at risk.
EuroDNS, as I reported last week, has been handed an ICANN breach notice for failing to transfer the domain to Facebook, which won it in a slam-dunk UDRP complaint last September.
If it does not hand over the domain by May 11, it stands to lose its ability to sell domain names.
But the registrar says it is a defendant in a lawsuit, filed in its native Luxembourg, which has put a jurisdictional question mark over its ability to legally transfer the domain.
According to EuroDNS, the suit was filed by a company calling itself “Facebok.com Inc”, on September 24 last year, just one week after the UDRP case was decided.
This suspiciously named company alleges that the domain is its rightful property, and that it was stolen by the respondent in the UDRP case, one Franz Bauer of Munich, Germany.
The suit names Bauer, Facebook and EuroDNS as defendants.
A review of historical Whois records shows that Bauer has been associated with the domain facebok.com since August 2009, after it emerged from a few years behind a Whois privacy shield.
The address in the Whois, then and now, seems to be a hotel in Munich.
However, on September 21, 2010, a few days after WIPO informed Bauer he had lost the UDRP, the contact information in the Whois changed to a Hushmail email address and:

Company: FACEBOK.COM, INC.
Name: Facebok Domains Facebok Admininstrator
Address: IPASA Building, 3rd Floor, 41 Street Off Balboa Avenue, Bella Vista District
City: Panama City
Country: PANAMA
Postal Code: 83256

That address is shared by Panama Offshore Legal Services, a company that offers corporate formation services to individuals outside of Panama, with the promise of “global asset protection, privacy, investment diversification, tax minimization, affordability and convenience.”
Facebok.com Inc, which is suing EuroDNS, Facebook and Bauer, therefore appears to be an offshore shell company. The question is: who’s behind it?
At the time the domain’s Whois changed from Bauer to Facebok.com Inc, it was in ClientTransferProhibited status, meaning it could not be transferred to another registrar, but that the registrant was free to change his contact information at will.
By early October, the Whois record had reverted back to Bauer.
The domain facebok.com currently directs fat-fingered web surfers to a variety of affiliate scams, depending on where they live, that rely upon users completing spurious surveys and not reading the fine print when they sign up for pricey mobile phone messaging services.
With 500 million Facebook users, many of whom will be youngsters, silver surfers, or may not use ASCII as their primary script, the site is likely to be getting a fair bit of traffic.
Compete.com estimates it received roughly 4,000 to 8,000 visits per month last year. Alexa gives the site a rank of roughly 154,000. Both sites show a huge traffic spike in March.

Two-horse race for ICANN board seat

A seat on ICANN’s board of directors opens up in June, and two people have been nominated to fill it.
Avri Doria and Bill Graham will face a ballot to see who will replace Rita Rodin Johnson, whose term expires at the end of ICANN’s Singapore meeting, June 24.
It’s not an open ballot, of course. The seat is designated to be occupied by a member of ICANN’s Generic Names Supporting Organization’s Non-Contracted Parties House.
That’s basically the half of the GNSO policy-making body made up of representatives of organizations that are not domain name registrars or registries — they have no contracts with ICANN.
Doria works at a Swedish university. She sits in the Non-Commercial Stakeholders Group, and is a former chair of the GNSO Council.
Graham was once Canada’s representative on and vice-chair of ICANN’s Governmental Advisory Committee, and is now head of strategic global engagement at the Internet Society.
Only 13 members of the NCPH get to vote. Whichever candidate receives eight votes or more, wins.

The price of ICANN transparency: $2.6m

ICANN has estimated that it will need an extra $2.6 million on its fiscal 2012 budget to cover the cost of becoming more transparent and accountable.
In March, the organization decided to implement the 27 recommendations of its Accountability and Transparency Review Team, and last week the board asked its finance committee to look into budgeting the project.
The cost is estimated at $2.6 million for fiscal 2012, which begins in July, according to the resolution passed by the board on Thursday.
That’s much more than the initial estimate of $965,000 mentioned in staff briefing documents (pdf) provided to the board before its meeting in March, which excluded the ATRT recommendation that ICANN’s directors receive compensation.
The extra cash is required to hire additional staff and pay for consulting services. Presumably some of it will now also be needed to pay the board.

Niue: the myth of the “Wifi Nation”

The tiny Pacific island of Niue is commonly referred to as the world’s first and only “Wifi Nation”.
There was a lot of feel-good press coverage back in 2003, when the Massachusetts-based manager of the .nu country-code top-level domain started deploying wireless internet on the island.
NU Domain said at the time that it was “building the world’s first nation-wide wifi Internet access service, all at no cost to the public or the local government” (pdf)
This led to major media outlets, such as the BBC, reporting the line: “The free wi-fi link will be accessible to all of Niue’s 2,000 residents as well as tourists and business travellers.”
This story has remained in the media consciousness to this date, encouraged by the registry.
Just this week, NU Domain’s charitable front operation, the IUSN Foundation, was fluffily claiming that it has provided Niue with “the world’s only nation-wide free Internet”.
Even ICANN’s Kiwi chairman, Peter Dengate Thrush, spread the meme during a recent interview (audio), saying Niue had “installed free wifi across the entire island”.
There is just one problem with the “Wifi Nation” story: it’s bollocks.
This is what Niue’s Premier, Toke Talagi, had to say to Australian radio (audio) this week:

The internet services are unreliable, they’re not available throughout the island, and if you do want internet services connected up to your home you have to pay for it. Some people as I understand it have been paying up to $3,000 [$2,400] just for the installation of the wifi.
…
We’re never quite certain about what that “free” internet services is about, because we’ve had to pay.

According to Talagi, the wifi network provided by IUSN does not cover every village on the island, and users have to pay for it. The free wifi nation is neither free nor nationwide.
Even IUSN, while continuing to make its claims about nationwide wifi, admitted a year ago, seven years after the “wifi nation” claims were first made, that “villagers have been waiting to get online for some time”.
According to Talagi, the lack of reliable internet access is such a big problem that the Niuean government has had to take matters into its own hands and build its own ISP.
It is close to completing its own wired and wireless internet infrastructure, at the cost of $4.8 million, according to reports.
Niue discussed its needs with IUSN in 2009 and 2010, Talagi said, but “they felt they didn’t need to discuss these particular matters, that the services they were providing for us were adequate”.
It appears that IUSN doesn’t even pay to maintain its own equipment. This quote comes from a locally produced newsletter dated April 2009:

While IUSN is committed to provide free internet for its residents it is up to the users of this service to look after and maintain the internet enabling facilities.

That came from a report about residents of one of the island’s villages holding a fund-raiser in order to collect the $2,400 required to fix a wifi mast that had been damaged in a lightning storm (a common problem).
The per capita GDP of Niue, incidentally, is $5,800. Its citizens are not starving, but by the measure of its estimated GDP, about $10 million, it’s one of the poorest nations on the planet, reliant heavily on aid from nearby New Zealand.
According to Talagi and other sources, good internet access is not only required for economic reasons such as boosting the tourism industry.
Fast, reliable connectivity would also enable important human services, such as remote video diagnoses to be performed by overseas medical specialists, which the island lacks.
Niue’s ongoing economic problems come about largely because, other than fishing, it has very few natural resources to exploit.
A notable industry in the past has been the export of postage stamps to overseas collectors.
That business made headlines recently when a stamp was issued, celebrating the marriage of Prince William to Kate Middleton, which featured a perforation separating bride and groom.
There’s also talk of setting up a casino on the island, to boost revenues.
One asset it does have, at least on paper, is its top-level domain, .nu, which has proven popular in Sweden, where the word “nu” means “now”.
However, other than the lackluster internet connectivity provided by IUSN, Niue apparently does not see any significant revenue from the sale of .nu domain names.
According to IANA records, the .nu domain is officially delegated to the IUSN Foundation, previously known as the Internet Users Society – Niue.
The technical back-end provider is WorldNames Inc, which also operates as a registry/registrar under the brand NU Domain.
IUSN’s contact address is a PO Box in Niue, probably due to the fact that all ccTLD registry operators have to be based in the country they purport to represent.
The IUSN’s domain name, iusn.org, is registered to the same address as WorldNames and NU Domain, in the leafy Boston suburb of Medford, MA.
Most of the company’s business is done in Sweden, where most of its staff are based.
WorldNames has been in control of .nu since 1997, when its founder, Bill Semich, in partnership with a American ex-pat living on the island, managed to acquire the IANA delegation, pre-ICANN.
By several accounts, Niue has been trying to reclaim .nu from Semich for almost as many years.
In 2003, the government hired an American lawyer, Gerald McClurg, to be its representative on ICANN’s Governmental Advisory Committee and attempt to secure a redelegation.
That same year, McClurg made a submission to the International Telecommunications Union (.doc), in which he alleged that the nation was tricked out of its domain:

In 1997 IANA, without the approval of the Niuean Government, delegated the ccTLD for Niue to a businessman, William Semich, who lives in the United States. The advisor to the Government at that time was an ex-peace corp volunteer named Richard Saint Clair. Mr Saint Clair told the Government that the name meant nothing, that it was of no value or significance, and there was nothing that could be done. Shortly thereafter, Mr. Saint Clair then left his post as advisor and joined with Mr Semich in his organization – IUSN. The Government of Niue has been working every since to regain its ccTLD.

The Niuean government has actually passed a law, the Communications Amendment Act 2000, which states: “.nu is a National resource for which the prime authority is the Government of Niue”.
It also established the Niue Information Technology Committee, which “shall be the only designated Registry Manager of the Niue ccTLD .nu.”
Yet, eleven years on, IUSN is still the registry manager for .nu.
Talagi said in his radio interview this week that Niue was preparing to submit a redelegation request to ICANN/IANA in February last year, which is in line with what I was hearing at the time.
I have in my possession documentation from a European domain name registrar, dated March 2010, offering to take over the management of .nu on a not-for-profit basis.
It’s not clear to me whether Niue’s redelegation request is still active. Under current IANA practices, ICANN does not discuss pending ccTLD redelegation requests.
But I suspect IUSN has little interest in handing .nu back to Niue.
While registration data is not easy to come by, the number that has been reported frequently over the years, and as recently as 2008, is 200,000.
At 30 euros ($44) per year for the standard service from NU Domain, that’s close to a $9 million business just from domain registration fees.
That may not be much on the grand scheme of things, but it would certainly be material to a nation so reliant on hand-outs as Niue.
But IUSN is very protective of its asset.
Take a look at the Accountability Framework – one of the methods by which ICANN establishes formal relationships with ccTLD managers – that IUSN and ICANN signed in 2008 (pdf).
ICANN has signed 26 Accountability Frameworks over the last five years. They’re all very similarly worded, but the one it signed with IUSN has a notable addition not found in any of the others.
All ccTLDs’ Accountability Frameworks call for the TLD to be managed “in a manner that is consistent with the relevant laws of [insert country name]”.
But the .nu agreement is the only one to also make a specific reference to RFC 1591 and ICP-1, two rules dating from the 1990s that govern how ccTLDs are redelegated from one organization to another.
While ICP-1 gives governments a significant voice in redelegation requests, both documents state that IANA should only redelegate a TLD when both the winning and losing parties agree to the transfer.
The only notable exception to the rule is when the incumbent registry manager has been found to have “substantially misbehaved”, which I understand to be quite a high bar.
With that in mind, it’s far from obvious whether Niue stands any chance of getting its ccTLD redelegated to an approved registry any time soon.
According to a recent report (pdf) from ICANN’s ccNSO, IANA has redelegated ccTLDs in cases where the losing registry fought the decision, but its procedures for doing so are utterly opaque.

ICANN advised against director salaries

ICANN’s legal staff advised its board of directors against rushing to grant themselves a pay packet, according to documents released today.
At its San Francisco meeting last month, ICANN’s board voted to adopt a package of 27 measures designed to improve the organization’s accountability and transparency.
One of the recommendations, provided by the Accountability and Transparency Review Team in December, asked the board to quickly implement a “compensation scheme” for ICANN’s voting directors.
Other than salaried president Rod Beckstrom, currently only the chairman, Peter Dengate Thrush, is paid for his work on the board.
But briefing documents provided to the board prior to the San Francisco vote, published today (pdf and pdf), reveal that ICANN staff recommended adopting only 26 of the 27 ATRT recommendation.
The original ATRT recommendation #5 reads:

The Board should expeditiously implement the compensation scheme for voting Directors as recommended by the Boston Consulting Group adjusted as necessary to address international payment issues, if any.

And the ICANN staff recommendation to the board reads:

Staff recommends that the Board not implement ATRT Recommendation #5 – a compensation scheme for voting Board Directors – at this time, but give adoption and implementation further consideration as detailed in the staff’s proposed implementation plan

Regardless, the board voted to adopt all 27 ATRT recommendations in San Francisco, including the board compensation plan idea. This was broadly welcomed by the community.
The precise reasoning behind the staff’s recommendation is not clear – the rationale has been redacted from the briefing documents – but director Bruce Tonkin gave a hint during remarks at the open board meeting in San Francisco, saying:

There are legal requirements for how a board could pass a motion to decide to compensate board members, which is one of the recommendations, and then there are obviously budget implications of doing that.
So just the legal steps that need to be followed will take a bit of time. Not years, but will take some months.

The ATRT report was fairly comprehensive, covering everything from how ICANN selects its board to how it interacts with its Governmental Advisory Committee, to what information it publishes on its web site.
The report also gave ICANN deadlines to hit on many recommendations, many of them June 2011.
But it appears from the just-published briefing documents that ICANN intends to miss those deadlines in several cases, due to the complexity of the work involved, by a few months to as much as a year or more.
In other, simpler, cases, ICANN has already met the recommendations. Many of ICANN’s policy-making processes are still due to get a shake-up, but some changes will take longer than expected.

ICE domain seizures enter second phase

The US Immigration & Customs Enforcement agency seems to be consolidating its portfolio of seized domain names by transferring them to its own registrar account.
Many domains ICE recently seized at the registry level under Operation “In Our Sites” have, as of yesterday, started naming the agency as the official registrant in the Whois database.
ICE, part of the Department of Homeland Security, has collected over 100 domains, most of them .coms, as part of the anti-counterfeiting operation it kicked off with gusto last November.
The domains all allegedly either promoted counterfeit physical goods or offered links to bootleg digital content.
At a technical level, ICE originally assumed control of the domains by instructing registries such as VeriSign, the .com operator, to change the authoritative name servers for each domain to seizedservers.com.
All the domains pointed to that server, which is controlled by ICE, resolve to a web server displaying the same image:

(The banner, incidentally, appears to have been updated this month. If clicked, it now sends visitors to this anti-piracy public service announcement hosted at YouTube.)
Until this week, the Whois record associated with each domain continued to list the original registrant – a great many of them apparently Chinese – but ICE now seems to be consolidating its portfolio.
As of yesterday, a sizable chunk — but by no means all — of the seized domains have been transferred to Network Solutions and now name ICE as the registrant in their Whois database records.
Rather than simply commandeering the domains, it appears that ICE now “owns” them too.
But ICE has already allowed one of its seizures to expire. The registration for silkscarf-shop.com expired in March, and it no longer points to seizedservers.com or displays the ICE piracy warning.
The domain is now listed in Redemption Period status, meaning it is starting along the road to ultimately dropping and becoming available for registration again.
Interestingly, most of the newly moved domains appear to have been transferred into NetSol from original registrars based in China, such as HiChina, Xin Net and dns.com.cn.
After consulting with a few people more intimately familiar with the grubby innards of the inter-registrar transfer process than I am, I understand that the names could have been moved without the explicit intervention of either registrar, but that it would not be entirely unprecedented if the transfers had been handled manually under the authority of a court order.
If I find out for sure, I’ll provide an update.

Feds seize billion-dollar poker domains

Five domain names associated with online poker sites have been seized by the FBI as part of an investigation that has also seen 11 people indicted.
The principals of PokerStars, Absolute Poker and Full Tilt Poker, along with third-party “payment processors”, stand accused of engaging in a massive money laundering scheme in order to accept billions of dollars of payments from American gamblers in violation of US laws.
The charges carry possible maximum sentences of between five and 30 years in prison, along with substantial monetary fines. Two men have been arrested, a third is due to be arraigned, and the remainder are currently outside of the US, according to a press release (pdf).
The US Attorney for the Southern District of New York said five domain names have been seized by the FBI in connection with the prosecutions.
It’s not yet clear which domains have been seized.
From where I’m sitting in London, absolutepoker.com already shows an FBI warning banner, but pokerstars.com and fulltiltpoker.com both resolve normally. I may be receiving cached DNS data.
Blogger Elliot Silver, sitting behind a resolver on the other side of the pond, reports that ub.com is among the seized domains.
Unlike previous recent seizures, which were carried out by the US Immigration and Customs Enforcement agency, this time the FBI appears to be the responsible agency.
And this time, these aren’t two-bit file-sharing forums or Chinese knock-off merchandise sites, we’re talking about businesses that are perfectly legal in many jurisdictions, clearing billions in revenue.
But according to US Attorney’s charges, the companies carried out an elaborate plan to cover up the sources of their revenue through third parties and phoney bank accounts.
The companies are even alleged to have made multi-million dollar investments in failing banks in order to get them to turn a blind eye to the illicit gambling activities.
It appears that the FBI went straight to the .com registry, VeriSign, as some of the affected domains appear to be registered through UK-based corporate registrar Com Laude.
If you’re wondering whether this is yet another confirmation that all .com domains are subject to US jurisdiction, this is your takeaway sentence, from Manhattan US Attorney Preet Bharara:

Foreign firms that choose to operate in the United States are not free to flout the laws they don’t like simply because they can’t bear to be parted from their profits.

The suits seek $3 billion in allegedly ill-gotten gains to be returned.

Why ICANN’s CEO did not vote on .xxx

President and CEO Rod Beckstrom has explained his decision to abstain from voting on ICM Registry’s .xxx top-level domain when it came before the ICANN board last month.
As expected, Beckstrom provided substantially the same explanation for his abstention as he did at the Brussels meeting last June – not on the merits of .xxx, but because he had legal concerns.
Specifically, he abstained because he objected to one of the majority findings of an Independent Review Panel, which forced .xxx back to the table last year after ICANN had tried to reject it.
Beckstrom wrote, in a recently published statement (pdf):

while I accept the contribution to ICANN’s accountability and transparency provided by the existence and the use of the independent panel review process, I nonetheless remain concerned about the determination by two of the three panelists that the ICANN board should not use business judgment in the conduct of its affairs.

This refers to the “business judgment rule”, a piece of California law under which courts give deference to the judgment of company directors, unless their decisions were made in bad faith.
If an IRP panel – the last port of appeal for companies upset with ICANN’s decisions – were required to use this rule, it would substantially raise the bar for a successful complaint.
But the panel in the case of ICM Registry versus ICANN (the only such panel to date) decided, by a 2-1 vote, that ICANN’s actions should be “appraised not deferentially but objectively.”
This allowed ICM to win its case by merely showing ICANN had acted outside its bylaws, and not necessarily in bad faith.
The dissenting IRP panelist, Dickran Tevrizian, wrote: “The rejection of the business judgment rule will open the floodgates to increased collateral attacks on the decisions of the ICANN Board of Directors”.
However, the IRP did not specifically rule that ICANN “should not use business judgment” as Beckstrom’s statement suggests, just that the IRP was not obliged to defer to it.
Beckstrom’s statement also gives a shout-out to the Governmental Advisory Committee:

In addition, I note the concerns of the GAC, which while not expressed as a clear decision, was nonetheless directional.

As I previously blogged, ICANN approved the .xxx contract over the objections of some members of the GAC, using the fact that the GAC’s official advice was vague enough to be worked around without explicitly rejecting it.
Beckstrom, incidentally, did not even sign the .xxx contract with ICM, which I believe is a first for an ICANN registry contract. It was instead signed by general counsel John Jeffrey.
(via InternetNews.me)

NAF sees rise in UDRP cases

The National Arbitration Forum saw a steep increase in the number of cybersquatting complaints filed under the Uniform Dispute Resolution Policy last year.
According to a NAF announcement, 2,177 cases were filed in 2010, up 24% on the previous year.
That seems to be roughly in line with the experience of the World Intellectual Property Organization, which recently reported a 28% increase in UDRP complaints to 2,696 last year.
On that basis, it appears that WIPO has ever so slightly widened the market share gap between itself and NAF.
Between 1999 and the end of last year, NAF had handled 15,763 domain disputes, compared to WIPO’s over 20,000.
A basic UDRP filing covering a few domain names with a single panelist presiding costs about $1,500 with both providers, not including lawyers’ fees and other expenses.
With roughly 35,000 complaints filed to date, we can estimate that the revenue from UDRP flowing to WIPO and NAF together has been in the ball park of $50 million in slightly over 11 years.

Go Daddy: let registrars seize domain names

Go Daddy has called for domain name registrars, not registries, to be responsible for seizing domain names associated with criminal activity.
In testimony submitted yesterday to the US House Subcommittee on Intellectual Property, Competition and the Internet, general counsel Christine Jones said that instructing registries to turn off domains can sometimes cause more harm than good.
Registrars, she said, often aid law enforcement with investigations into, for example, child pornography, and that registry interference can be dangerous.
In her prepared remarks (pdf), Jones wrote:

The registry in many instances has no knowledge of these highly confidential and sensitive matters, and we have experienced several occasions in which the sudden disabling of a domain name by a registry disrupted weeks or months of work investigating serious criminal activity by the registrant.
We would like to see future government and private industry efforts focused on naming the registrar as the primary contact for courts and law enforcement regarding all criminal and civil matters relating to domain names.

Also testifying was John Morton of US Immigration and Customs Enforcement, the agency responsible for recent controversial domain name seizures under Operation In Our Sites.
The ICE operation has so far bypassed registrars, going directly to registry operators such as VeriSign. This is arguably more efficient, and avoids jurisdictional problems associated with non-US registrars.
Other registrars have previously echoed Jones’ remarks. Registrars have the relationship with the customer, after all. When a domain is seized by a registry, they have to deal with the fallout.
As we saw with the first phase of the ICE seizures last year, the fact that the registrar had no knowledge of the matter led to a misunderstanding and ICANN being blamed in several media reports.
But yesterday’s Congressional hearing, which aimed to gather information for legislation expected to replace the Combatting Online Infringement and Counterfeiting Act (COICA), spent very little time discussing domains.
At one point, Rep. John Conyers took Morton to task for ICE’s accidental seizure of over 80,000 third-level domains as part of a child porn sting.
Jones was also quizzed about the difference between filtering domains at the ISP level (which she said was unworkable and potentially dangerous) and blocking them at the registry-registrar level.
But Google was in the room, in the form of general counsel Kent Walker, and he took most of the flak, with Congressmen lining up to grill him over Google’s apparently happiness to connect users to bootleg digital content and counterfeit physical goods.