Facebok.com given to Facebook despite “theft” claim

ICANN says registrar contract trumps national court. Registrar warns of legal consequences.
The typo domain name facebok.com has finally been returned to Facebook, over eight months after it was subject to a successful cyberquatting complaint.
The domain does not currently resolve, but Whois records show it was transferred to Facebook from its previous registrant, one “Franz Bauer”, last Thursday.
The case was marked by controversy, after ICANN threatened to shut down its sponsoring registrar, EuroDNS, for failing to transfer the domain last within 10 days, as required by UDRP rules.
EuroDNS had resisted the transfer after being named in a lawsuit, in its native Luxembourg, filed by a suspicious Panama shell company going by the name Facebok.com. The plaintiff claimed the domain had been “stolen” by Bauer.
But ICANN told the registrar last week that the Registrar Accreditation Agreement only allows the registrar to defer a transfer if the original registrant – not a third party – sues.
In a letter noting that EuroDNS is “a long-standing and respected member of the ICANN community”, the ICANN compliance department said:

the only kind of documentation that will stop the registrar from implementing a panel decision ordering a transfer is evidence that the registrant/respondent has commenced a lawsuit against the complainant in a jurisdiction to which the complainant has submitted under UDRP Rules. The mere filing of a complaint by a third party does not excuse the registrar from fulfilling its obligations under the policy.
…
in recognition that there has been a court filing, ICANN must reiterate that failing to comply with the relevant contractual provisions of the RAA subjects EuroDNS to escalated compliance action up to and including termination of the EuroDNS accreditation.

That seems to have been sufficient clarity for EuroDNS to push through the transfer, but the registrar is not happy about the situation, which may leave it in a tricky legal position in Luxembourg.
In a reply to ICANN, EuroDNS CEO Xavier Buck suggested that the story may not be over yet:

the action you demand from EuroDNS will have tremendous consequences for our company in the pending judiciary case.
Consequently, EuroDNS reserves all rights to seek indemnification from ICANN for any damages or loss caused by the action we have been forced to take not to lose our Registrar accreditation.

The lawsuit was filed last September, just days after the UDRP case was decided, but has not yet gone to court.
Under its previous ownership, facebok.com redirected to a series of scam sites that may have proved rather lucrative.

Could VeriSign be banned from new TLDs?

Governments have proposed stricter background checks on new top-level domain operators that could capture some of the industry’s biggest players.
Top-five registrar Network Solutions and .com manager VeriSign may have reason to be concerned by the latest batch of Governmental Advisory Committee recommendations.
The GAC wants checks on new gTLD applicants expanded to include not only criminal convictions and intellectual property violations but also government orders related to consumer fraud.
The GAC advised ICANN, with my emphasis:

The GAC believes that the categories of law violations that will be considered in the background screening process must be broadened to include court or administrative orders for consumer protection law violations. If an applicant has been subject to a civil court or administrative order for defrauding consumers, it should not be permitted to operate a new gTLD.

This is not new – the GAC has proposed similar provisions before – but it seems to be the only GAC advice on applicant screening that ICANN has not yet adopted, and the GAC is still pushing for it.
Why could VeriSign and NetSol be worried by this?
One reason that springs to mind is that, back in 2003, NetSol was officially barred by the US Federal Trade Commission from the practice known as “domain slamming”.
Domain slamming, you may recall, was one of the dirtiest “marketing” tactics employed by the registrar sector during the early days of competition.
Registrars would send fake invoices with titles such as “Renewal and Transfer Notice” to the addresses of their rivals’ customers, mined from Whois data.
The letters were basically tricks designed to persuade customers ignorant of the domain name lifecycle to transfer their business to the slamming registrar.
Respectable registrars have nothing to do with such practices nowadays, but a decade ago companies including NetSol and Register.com, the two largest registrars at the time, were all over it.
At the time NetSol was carrying out its slamming campaign, it was part of VeriSign. It was spun off into a separate company earlier in 2003, before the FTC entered its order.
The order (pdf) was approved by a DC judge as part of a deal that settled an FTC civil lawsuit, alleging deceptive practices, against the company.
NetSol was not fined and did not admit liability, but it did agree to be permanently enjoined from any further slamming, and had to file compliance notices for some time afterward.
It seems plausible that this could fall into the definition of a “civil court or administrative order for defrauding consumers” that the GAC wants added to the Applicant Guidebook’s background checks.
Whether the GAC’s advice, if implemented by ICANN, would capture NetSol and/or VeriSign is of course a matter of pure speculation at the moment.
I think it’s highly unlikely that ICANN would put something in the Guidebook that banned VeriSign, its single largest source of funding (over a quarter of its revenue) from the new gTLD program.
Sadly, I think I may also be unfairly singling out these two firms here – I’d be surprised if they’re the only companies in the domain name industry with this kind of black mark against their names.
Existing background checks in the Applicant Guidebook governing cybersquatting are already thought to pose potential problems for registrars including eNom and Go Daddy.
UPDATE: It looks like NSI and VeriSign are probably safe.

A UDRP decision to scare the pants off domainers

Is this the most blatant case of UDRP abuse you’ve seen?
A company has won a generic domain name using a trademark it has had registered for less than a year, despite the fact that the current registrant has owned it for well over a decade.
The domain medicalexpo.com was first registered in 1997. It has been in the control of the same registrant since at least 2000, according to historical Whois records, but has never resolved to a web site.
The complainant, Benoit Thiercelin, who has has a history of attempted reverse domain name hijacking, was granted a European trademark on the term “Medical Expo” in June 2010.
In April 2011, Thiercelin filed a UDRP complaint with the little-used ADR Center of the Czech Arbitration Court, citing its European trademark and a US trademark as proof of its rights.
The US trademark was not fully “registered” until May 3, 2011, a month after the UDRP was filed, according to USPTO records.
On May 15, CAC ruled in his favor and awarded him the domain.
The panelist, Joseph Cannataci, found that the domain was registered “or at least re-registered” in bad faith, simply on the grounds that it had never been used.

If one is in good faith when registering a domain name, then the intention is understandably to use it for the purposes of one’s business or activity. If it remains unused for an unreasonable length of time then such registration is open to accusation of constituting “passive holding”. Irrespective of whether the domain name was registered before or after some of the Complainant’s marks, the current holder of the domain name does not seem to have used it or currently be using it.

The decision goes on to refer to the domain as a “TLD”.
The registrant did not help his cause by not responding to the complaint.
But it beggars belief that a UDRP panelist could infer bad faith registration of a generic domain that was registered 13 years before the complainant first acquired a trademark.
The idea that “re-registration” – presumably the panelist means the domain was renewed at some point after the trademark rights were acquired – could show bad faith does not even hold water.
The domain has been due to expire in 2012 since at least 2008, historical Whois records show. The registrant clearly bought a multi-year registration at some point before then, likely in 2002.
The complainant did not form his Medical Expo company until 2009, and did not file for his trademarks until December 2009 and February 2010. The registrant has not renewed the domain since then.
What we have here is a generic domain name, registered for 14 years, seized by complainant with only recently acquired rights, based on non-use and a flimsy piece of panelist reasoning.
Under other circumstances, it would be a slam-dunk case of reverse domain name hijacking.
In fact, Thiercelin has form when it comes to domain hijacking.
Last year, WIPO ruled that that he had attempted to use UDRP to hijack VirtualExpo.com, which also had been registered 10 years before he acquired his trademark rights.
The case was virtually identical to the MedicalExpo.com case, but the panelist ruled in exactly the opposite way, saying:

In the view of the Panel this is a Complaint which should never have been launched. The Complainant knew that the Domain Name was registered nearly 10 years before the Complainant acquired his registered rights, no attempt was made to demonstrate the existence of any earlier rights nor was any attempt made to address the issue arising from the disparity in dates. It simply was not mentioned. Instead, a flagrantly insupportable claim was made as to the Respondent’s bad faith intent at time of registration of the Domain Name and the Panel can only assume that it was hoped that the Panel would miss the point.

Can anybody say “forum shopping”?
This should be enough to scare the pants off of any domainer.

Dr Martens grabs “sucks” domains from Dr Marten

Shoemaker Dr Martens has won three “sucks” domains from a registrant that may actually be a genuine doctor called Marten.
The company won a UDRP case over drmartensucks.net, as well as the .org and .info equivalents.
The name and address in the Whois records for the domains correspond to a cosmetic surgeon in San Francisco named Dr Timothy Marten (rather than Martens).
The Whois could of course be fake, but what we may have here is a case of a defensive registration made by an individual worried about his reputation being challenged and won equally defensively by a company worried about its reputation.
The respondent did not respond to the complaint, so we’ll probably never know. All three domains were parked with Go Daddy.
Oddly, the .com variant of the domain was not part of the case, and still belongs to the same original “Dr Marten” registrant.

African Union yanks .africa bid support, seeks registries

The African Union has called for registry operators to express their interest in managing the proposed .africa top-level domain.
It has also confirmed that it is not currently backing DotConnectAfrica’s longstanding bid to apply to ICANN to operate .africa.
DCA has for some time been touting its support from a number of African governments, including the AU, which is required for a geographic TLD bid to be approved by ICANN.
But the AU said in a statement last week:

The AU Commission was at some point approached by an organization now known as DCA seeking endorsement and support for in its bid to use of the domain name.
…
The AU Commission would like to hereby categorically state that it is not supporting any one individual or organization in this bid.

The statement glosses over the August 2009 letter from AU Commission chairman Jean Ping, which offers to aid DCA with its efforts to gain government support for .africa.
With its support for DCA no longer applicable, the AU yesterday issued its official call for Expressions of Interest from experienced registry operators:

DotAfrica will serve a community which spans over a large portion of region, therefore providing registrants with accrued possibilities for establishing their Internet presence. It is expected that the Africa small and medium size enterprises will greatly benefit from DotAfrica, as they thrive beyond their local markets to invade the regional and continental marketplace.

The EOI does not set out any guidance on what the AU expects to see in a proposal – it doesn’t even specify whether it’s looking for a sponsor or a back-end operator – it merely asks for audited financial statements and a potted corporate bio.
The deadline for the EOI is June 3.
The .africa bid has become fiercely political recently, with DCA throwing around accusations of corruption and back-room dealing.
Its outrage has been centered largely on an AU task force on .africa that was created last November, and its chairman, Nii Quaynor.
He is the registrant of dotafrica.org, which was previously used in a .africa bid that competed with DCA’s.
Other task force members are involved with AfTLD, the African ccTLD association that has also announced it is preparing a .africa bid.
In a blog post this week, DCA calls for the task force to be abandoned.

Does Obama endorse Whois privacy?

The US government today released its latest International Strategy For Cyberspace, and it seems to acknowledge privacy rights in domain name registration.
The 30-page document (pdf) envisions a future of the internet that is “open, interoperable, secure, and reliable” and “supports international trade and commerce, strengthens international security, and fosters free expression and innovation”.
It calls for the US and its international partners to set norms that value free speech, security, privacy, respect for intellectual property and (because this is America, remember) the right to self-defense.
Domain names get a mention, in a statement that could be read, without much of a stretch of the imagination, as support in principle for private Whois records:

In this future, individuals and businesses can quickly and easily obtain the tools necessary to set up their own presence online; domain names and addresses are available, secure, and properly maintained, without onerous licenses or unreasonable disclosures of personal information.

That’s open to interpretation, of course – you could debate for years about what is “unreasonable” – but I’m surprised Whois privacy merited even an oblique reference.
Most government and law enforcement statements on the topic tend to pull in the opposite direction.
The new strategy also seems to give ICANN – or at least the ICANN model – the Administration’s support, in a paragraph worth quoting in full:

Preserve global network security and stability, including the domain name system (DNS). Given the Internet’s importance to the world’s economy, it is essential that this network of networks and its underlying infrastructure, the DNS, remain stable and secure. To ensure this continued stability and security, it is imperative that we and the rest of the world continue to recognize the contributions of its full range of stakeholders, particularly those organizations and technical experts vital to the technical operation of the Internet. The United States recognizes that the effective coordination of these resources has facilitated the Internet’s success, and will continue to support those effective, multi-stakeholder processes.

ICANN gets Boing-Boinged over URS

Boing-Boing editor Cory Doctorow caused a storm in a teacup yesterday, after he urged his legions of readers to complain to ICANN about copyright-based domain name seizures and the abolition of Whois privacy services in .net.
Neither change has actually been proposed.
The vast majority of the comments filed on VeriSign’s .net contract renewal now appear to have been sent by Boing-Boing readers, echoing Doctorow’s concerns.
Doctorow wrote: “Among the IPC’s demands are that .NET domains should be subject to suspension on copyright complaints and that anonymous or privacy-shielded .NET domains should be abolished.”
Neither assertion is accurate.
Nobody has proposed abolishing Whois privacy services. Nobody has proposed allowing VeriSign to seize domain names due to copyright infringement complaints.
What has happened is that ICANN’s Intellectual Property Constituency has asked ICANN to make the Uniform Rapid Suspension policy part of VeriSign’s .net contract.
URS is a variation of the long-standing UDRP cybersquatting complaints procedure.
It was created for the ICANN new gTLD Program and is intended to be cheaper and quicker for trademark holders than UDRP, designed to handle clear-cut cases.
While the URS, unlike UDRP, has a number of safeguards against abusive complaints – including an appeals mechanism and penalties for repeat reverse-hijacking trolls.
But the domainer community is against its introduction in .net because it has not yet been finalized – it could still be changed radically before ICANN approves it – and it is currently completely untested.
The IPC also asked ICANN and VeriSign to transition .net to a “thick” Whois, whereby all Whois data is stored at the registry rather than with individual registrars, and to create mechanisms for anybody to report fake Whois data to registrars.
Not even the IPC wants Whois privacy services abolished – chair Steve Metalitz noted during the Congressional hearing on new gTLDs last week that such services do often have legitimate uses.

The 10 dumbest moments from that new TLDs Congressional hearing

The US House of Representatives last week held an oversight hearing into ICANN’s new top-level domains program.
As I may have mentioned, the House Subcommittee on Intellectual Property, Competition and the Internet hearing was set up to be pretty one-sided stuff.
It was clear from the start that ICANN senior vice president Kurt Pritz was going to have his work cut out, given how the panel of five other witnesses was loaded against him.
But as the hearing played out, it quickly became apparent that the real challenge lay not with his fellow witnesses — most of whom were either sympathetic to ICANN from the outset or occasionally forced to leap to its defense — but with the members of the Subcommittee.
While some Congressmen had merely bought into the positions of the trademark lobby, others were so far out of their depth you couldn’t even see the bubbles.
Here, in purely my personal opinion and in no particular order, are the Top 10 Dumbest Moments.
1. Chairman Goodlatte buys the FUD
Subcommittee chairman Bob Goodlatte’s opening statement appeared to have been written with significant input from the intellectual property lobby.
At the very least, he seemed to have accepted some of the more extreme and questionable positions of that lobby as uncontroversial fact.
Two examples:

With every new gTLD that is created, a brand holder will be forced to replicate their internet domain portfolio.
…
The roll-out of these new gTLDs will also complicate copyright enforcement, making it harder and more costly to find and stop online infringers.

He also, on more than one occasion, advocated a “trademark block list” – the Globally Protected Marks List, an idea even the ICANN Governmental Advisory Committee has now rejected.
2. Whois privacy services are Bad
A couple of Congressmen and a couple of witnesses stated that Whois accuracy needs to be enforced more stringently by ICANN, and that Whois proxy/privacy services help criminals.
I took the liberty of doing Whois queries on the official campaign web sites of all 25 members of the Subcommittee, and found that 11 of them use privacy services.
That’s 44% of the committee. Studies have estimated that between 15% and 25% of all registrations use proxy/privacy services, so Congressmen appear to be relatively hard users.
Here’s the list:
Rep. Steve Chabot, Rep. Darrell Issa, Rep. Mike Pence, Rep. Jim Jordan, Rep. Ted Poe, Rep. Jason Chaffetz, Rep. Ben Quayle, Rep. Ted Deutch, Rep. Jerry Nadler, Rep. Zoe Lofgren, Rep. Tim Griffin.
It also turns out that dei.com, the domain name Rep. Issa bragged about owning during the hearing, has phoney data in its Whois record.

You can report him to ICANN here, if you’re so inclined.
It’s likely, of course, that these domains were registered by their staff, but I think we’re allowed to hold Congressmen to at least the same high standard they expect of the rest of us.
3. New TLDs will help porn typosquatters
Mei-lan Stark, an IP lawyer from Fox and the International Trademark Association, used the recent UDRP case over myfox2detroit.com as an example of abuse that could happen in new TLDs.
The domain directed visitors to a porn-laden link farm and was rightly deemed by WIPO to be confusingly similar to myfoxdetroit.com, the genuine Fox 2 Detroit site.
But, as Pritz pointed out later in the hearing, myfox2detroit.com is a .com domain. It’s not in a “new” TLD.
Fox, it transpires, has not registered the string “myfoxdetroit” in any other gTLD. Neither have the cybersquatters. It’s clearly not a brand that is, or needs to be, on Fox’s defensive registrations list.
That said, the “typo” myfoxdetroit.co, along with several other Fox .co domains, has been actually cybersquatted, so maybe Stark had a point.
4. Say Watt?
Rep. Mel Watt, the Subcommittee’s ranking member, couldn’t get a handle on why the pesky foreigners aren’t able to use their own non-Latin scripts in existing gTLDs.
I was beating my head against my desk during this exchange:

[After Stark finished explaining that she thinks IDN gTLDs are a good idea]
Watt: So, you think other languages. And that can’t be done in the .com, .net lingo as well?
Stark: Not today. Not the way the system is currently.
Watt: Yeah, well, not the way it’s done today, but what’s the difference? You all keep talking about innovation. Changing somebody’s name is not innovation. Allowing somebody to use a different name is not innovation. That’s not adding anything new to life that I can tell. Mr DelBianco, Mr Metalitz, help me here.
DelBianco: You’re right, just adding a new label to an existing page or content doesn’t really truly create innovation. However, 56% of the planet cannot even type in the domain name…
Watt [interrupting]: That’s not a function of whether you call something “Steve” or whether you call it “net” is it? You can put the Steve in front of the net, or you can put it dot-net, dot-Steve, dot-Watt, Steve, Steven…. you haven’t really created anything new have you?
DelBianco: You haven’t there, but 56% of our planet can’t use our alphabet when they read and write…
Watt [interrupting]: Tell me how this is going to make that better as opposed to what we have right now.
DelBianco: For the first time an Arabic user could type an entire email address in all Arabic, or a web site address in all Arabic.
Watt [interrupting]: Why can’t the current system evolve to do that without new gTLDs?

To Watt’s credit, he did put the witnesses on the spot by asking if any of them were opposed to new gTLDs (none were), but by the time his five minutes were up he was in serious danger of looking like a stereotypically insular American politician.
5. New TLDs are like T-shirts (or something)
Almost everything the NetChoice Coalition’s Steve DelBianco said, whether you agree with his positions or not, was sensible.
But when he started producing props from under the table, including one of the bright yellow custom “TLD-shirts” that AusRegistry International has been printing at recent ICANN meetings, I was giggling too hard to follow his train of thought.
Apparently the new TLDs program is like a T-shirt printing machine because, well… a T-shirt printing machine is more complicated than a label maker, which was the visual simile DelBianco used last time he appeared before the Subcommittee.
It was fun to see Congressmen treated like five-year-old kids for a minute. God knows some of them deserved it.
6. New TLDs will cost Fox $12 million
Stark stated that Fox has about 300 trademarks that it will need to enforce in new TLDs. Given ICANN has predicted 400 new TLDs, and estimating $100 per defensive registration, she “conservatively” estimated that Fox will have to pay $12 million to protects its marks in the first round.
Really?
The same ICANN study that estimated 400 applications being filed in the first round also estimated that as many as 200 of them are likely to be “.brand” TLDs in which Fox will not qualify to register.
A substantial proportion of applications are also likely to have a “community” designation and a restricted registrant policy that, in many cases, will also exclude Fox.
Does Fox really also need to register 300 brands in every city TLD or linguistic TLD that will be approved? Does Fox News broadcast in Riga? Does it have a Basque language TV station?
Not even World Trademark Review was convinced.
7. China is going to take over the internets
The Subcommittee spent far too much time talking around this meme before deciding that China is a sovereign nation that can do pretty much whatever it wants within its own borders and that there’s nothing much a House committee can do about it.
8. Literally everything that came out of Rep. Issa’s mouth
Former car alarm entrepreneur Darrell Issa talked confidently, as if he was the guy on the committee with the geek credentials, but pretty much everything he said was witless, impenetrable waffle.
He started with the premise that it costs a “fraction of a fraction of a fraction of a fraction of a penny” to route traffic to an IPv6 address (why this is relevant, he didn’t say), then asked:

Why, when I go to Go Daddy, do I have to pay between $10 and $10,000 for a name and not from a tenth of a cent to 10 cents for a name?
…
Why in the world are there so many reserved [ie, registered] names? If I want a good name from Go Daddy… the good names, that I might want, have been already pre-grabbed and marketed in an upward way, higher. Why is it that they’re not driven down? Real competition would imply that those names are driven down to a penny for a user and prohibited from being camped on in order to resell.

Issa is a Republican, so I was quite surprised to hear him apparently advocate against the free market and the rule of supply and demand in this way, and with such a poor grasp of the economics.
Issa’s premise that it costs an imperceptible fraction of a cent to resolve a domain may be true, but only if you’re talking about a single resolution. VeriSign alone handles 57 billion such queries every day.
It adds up. And that’s just resolution, ignoring all the costs carried by the registries and registrars, such as payment processing, security, marketing, Whois (and, in the case of Issa’s domains, Whois privacy and accuracy enforcement), paying staff, rent, facilities, hardware, bandwidth…
Pritz told Issa as much, but he didn’t seem interested in the answer. He instead turned to CADNA’s Josh Bourne, to ask a meandering question that, after listening to it several times, I still don’t understand.
9. Rod Beckstrom gets paid millions
Rep. Maxine Waters was very concerned that ICANN CEO Rod Beckstrom has a salary of over $2 million, “guaranteed”.
She flashed up a copy of what I believe was probably Mike Berkens’ The Domains article about ICANN salaries, from early 2010, but she clearly hadn’t read beyond the headline.
Beckstrom’s salary is $750,000 per annum. He can (and does) get a bonus if he hits his undisclosed performance targets, but it still adds up to less than $1 million a year and pales in comparison to what he’s probably going to earn when he leaves ICANN.
As Berkens accurately reported, Beckstrom has a three-year contract, so he gets a minimum of $2.2 million in total over the period he’s employed as ICANN’s CEO.
People can (and do, continually) question whether he’s earning his money, particularly when he does things like not turning up to Congressional hearings, but his salary is not set at anywhere near the level the Subcommitee heard.
10. This is so important we need more hearings (btw, sorry I’m late)
Several Congressmen called for further hearings on new gTLDs. They’re shocked, shocked, that ICANN is considering doing such a thing.
Some of those calling for further scrutiny weren’t even in the room for much of the hearing, yet saw fit to decree that the subject was so important that they needed more time to investigate.
Whether this turns out to be just more political theater remains to be seen.

Princess Kate’s brother registers domain for nude photo take-down threat

The brother of the newly installed Duchess of Cambridge (formerly known as Kate Middleton) reportedly posed as a lawyer in order to get his nude photos yanked from a porn site.
According to Gawker, James Middleton sent a take-down notice to its sister site, the porn blog Fleshbot, after it published some fairly tame photographs of his naked frat-boy antics.
The notice was sent via email, purportedly from “Nice Group London Legal” at nicelawyers.co.uk.
But the Whois record, as Gawker discovered, showed that the company was a phoney, and that Middleton himself was the registrant.
The creation date of the domain, April 10, suggests it was registered precisely in order to send this kind of take-down threat. Fleshbot continues to carry the photographs.
And the lesson here? I’m sure there is one. I’m just blogging it because I think it’s funny.

Did Apple buy iCloud.com for $4.5m?

Apple is rumored to have spent $4.5 million on the domain name icloud.com.
If it’s true, and domain-only sale, the deal, first reported by GigaOm today, would be in the top 15 most-expensive reported domain name transactions of all time, according to my records.
The Whois for icloud.com currently shows Xcerion, a Swedish company, as the registrant, mostly behind Network Solutions’ privacy service.
According to GigaOm, Xcerion recently rebranded its iCloud service as CloudMe, which is a useful indicator that it doesn’t plan on using the domain for much longer.