Afilias wins $10m judgment in Architelos “trade secrets” case
Afilias has won a $10 million verdict against domain security startup Architelos, over claims its flagship NameSentry abuse monitoring service was created using stolen trade secrets.
A jury in Virginia today handed Afilias $5 million for “misappropriation of trade secrets”, $2.5 million for “conversion” and another $2.5 million for “civil conspiracy”.
The jury found (pdf) in favor of Architelos on claims of business conspiracy and tortious interference with contractual relations, however.
Ten million dollars is a hell of a lot of cash for Architelos, which reportedly said in court that it has only made $300,000 from NameSentry.
If that’s true, I seriously doubt the four-year-old, three-person company has even made $10 million in revenue to date, never mind having enough cash in the bank to cover the judgment.
“We’re disappointed in the jury’s verdict and we plan to address it in some post-trial motions,” CEO Alexa Raad told DI.
The lawsuit was filed in January, but it has not been widely reported on and I only found out about its existence today.
The original complaint (pdf) alleged that three Architelos employees/contractors, including CTO Michael Young, were previously employees or contractors of Afilias and worked on the company’s own abuse tools.
It claimed that these employees took trade secrets with them when they joined Architelos, and used them to build NameSentry, which enables TLD registries to monitor and remediate abuse in their zones.
Architelos denied the claims, saying in its March answer (pdf) that Afilias was simply trying to disrupt its business by casting doubt over the ownership of its IP.
That doubt has certainly been cast, though the jury verdict says nothing about transferring Architelos’ patents to Afilias.
The $5 million portion of the verdict deals with Afilias’ claim that Architelos misappropriated trade secrets — ie that Young and others took work they did for Afilias and used it to build a product that could compete with something Afilias had been building.
The other two counts that went against Architelos basically cover the same actions by Architelos employees.
The company may be able to get the amount of the judgment lowered in post-trial, or even get the jury verdict overturned, so it’s not necessarily curtains yet. But Architelos certainly has a mountain to climb.
Two legit registrars held to account for lack of abuse tracking
ICANN Compliance’s campaign against registrars that fail to respond to abuse reports continued last week, with two registrars hit with breach notices.
The registrars in question are Above.com and Astutium, neither of which one would instinctively bundle in to the “rogue registrar” category.
Both companies have been told they’ve breached section 3.18.1 of their Registrar Accreditation Agreement, which says: “Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”
Specifics were not given, but it seems that people filed abuse reports with the registrars then complained to ICANN when they did not get the response they wanted. ICANN then was unable to get the registrars to show evidence that they had responded.
Both companies have until February 12 to come back into compliance or risk losing their accreditations.
Domain investor-focused Above.com had over 150,000 gTLD domains on its books at the last official count. UK-based Astutium has fewer than 5,000 (though it says the current number, presumably including ccTLD names, is 53,350).
It’s becoming increasingly clear that registrars under the 2013 RAA are going to be held to account by ICANN to the somewhat vague requirements of 3.18.1, and that logging communications with abuse reports is now a must.
IP Mirror rapped for failing to deal with abuse
Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.
Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.
Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.
According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.
Registrars have to respond to such complaints within 24 hours, the RAA says.
The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.
The company has been given until December 5 to come back into compliance or risk losing its accreditation.
IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.
But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.
Pirate Bay a victim as Go Daddy suspends hundreds of new gTLD domains
New gTLDs may have only been in general availability for a few weeks, but there’s already evidence of substantial abuse.
Go Daddy has suspended at least 305 new gTLD domain names, putting them on its spam-and-abuse.com name servers, standard Go Daddy practice for domains suspected of abuse.
Over 250 of these were put on the naughty step in the last 24 hours.
The suspended names include, notably, thepiratebay.guru, which matches the name of controversial torrent site frequented by people who like downloading copyrighted material for free.
The Pirate Bay has been like crazy recently, as one ccTLD after another shuts down its latest attempt to find a reliable home.
The .guru domain is registered under Go Daddy’s Domains By Proxy privacy service, so it’s not clear if it actually belongs to The Pirate Bay or to an opportunistic third party.
Other suspended names include premium-looking names such as electric.guru, sexualhealth.guru, as well as obvious cybersquatted names such as verizon.guru (not registered to Verizon).
But the majority of the suspended names seem to belong to a single registrant in Washington state, all in .guru and largely “pigeon shit” names such as bestdrinksites.guru and bestfashionsites.guru.
While 305 seems like a large number (albeit only 0.2% of the current new gTLD names sold), it appears that so far a single individual is responsible for most of the “abuse” in new gTLDs.
Taryn Naidu is a *%@$! Rightside bans company “ridicule” in its new gTLDs
If you register a domain name in one of Rightside Registry’s new gTLDs, you’ll be banned from using it to mock the company or any of its employees or shareholders.
That’s according to its Acceptable Use (Anti-Abuse) Policy (pdf) published by ICANN today.
As well as prohibiting the usual kinds of malicious hacking and spamming activity, child abuse material and so on, the policy bans:
Holding of [United TLD Holdings] (including its affiliates) or their employees or shareholders up to public scorn, ridicule, or defamation.
I can’t recall seeing that kind of clause in a domain name registration agreement before.
While “defamation” is obviously illegal in most places (as determined by a court), “scorn” seems to be a pretty broad term that could capture a lot of free speech commentary.
Rightside has applied for 26 new gTLDs. Several are the kinds of places you might expect to see some edgy discussion: .republican, .democrat, .army, .actor and .gay to name a few examples.
It seems the simplest route to getting a web site you don’t like shut down in any of these gTLDs would be to buy a single Rightside share and file an abuse complaint.
Also banned by the policy is:
Impersonating any person or entity, including, but not limited to, a UTLDH official, or falsely stating or otherwise misrepresenting your affiliation
Rightside, aka United TLD, is the Demand Media domain name retailer and new gTLD registry currently being spun off into a standalone company under CEO (and thoroughly nice bloke) Tayrn Naidu.
Report names and shames most-abused TLDs
Newish gTLDs .tel and .xxx are among the most secure top-level domains, while .cn and .pw are the most risky.
That’s according to new gTLD services provider Architelos, which today published a report analyzing the prevalence of abuse in each TLD.
Assigning an “abuse per million domains” score to each TLD, the company found .tel the safest with 0 and .cn the riskiest, with a score of 30,406.
Recently relaunched .pw, which has had serious problems with spammers, came in just behind .cn, with a score of 30,151.
Generally, the results seem to confirm that the more tightly controlled the registration process and the more expensive the domain, the less likely it is to see abuse.
Norway’s .no and ICM Registry’s .xxx scored 17 and 27, for example.
Surprisingly, the free ccTLD for Tokelau, .tk, which is now the second-largest TLD in the world, had only 224 abusive domains per million under management, according to the report..
Today’s report ranked TLDs with over 100,000 names under management. Over 90% of the abusive domains used to calculate the scores were related to spam, rather than anything more nefarious.
The data was compiled from Architelos’ NameSentry service, which aggregates abusive URLs from numerous third-party sources and tallies up the number of times each TLD appears.
The methodology is very similar to the one DI PRO uses in TLD Health Check, but Architelos uses more data sources. NameSentry is also designed to automate the remediation workflow for registries.
ICANN offers to split the cost of GAC “safeguards” with new gTLD registries
All new gTLD applicants will have to abide by stricter rules on security and Whois accuracy under government-mandated changes to their contracts approved by the ICANN board.
At least one of the new obligations is likely to laden new gTLDs registries with additional ongoing costs. In another case, ICANN appears ready to shoulder the financial burden instead.
The changes are coming as a result of ICANN’s New gTLD Program Committee, which on on Tuesday voted to adopt six more pieces of the Governmental Advisory Committee’s advice from March.
This chunk of advice, which deals exclusively with security-related issues, was found in the GAC’s Beijing communique (pdf) under the heading “Safeguards Applicable to all New gTLDs”.
Here’s what ICANN has decided to do about it.
Mandatory Whois checks
The GAC wanted all registries to conduct mandatory checks of Whois data at least twice a year, notifying registrars about any “inaccurate or incomplete records” found.
Many new gTLD applicants already offered to do something similar in their applications.
But ICANN, in response to the GAC advice, has volunteered to do these checks itself. The NGPC said:
ICANN is concluding its development of a WHOIS tool that gives it the ability to check false, incomplete or inaccurate WHOIS data
…
Given these ongoing activities, ICANN (instead of Registry Operators) is well positioned to implement the GAC’s advice that checks identifying registrations in a gTLD with deliberately false, inaccurate or incomplete WHOIS data be conducted at least twice a year. To achieve this, ICANN will perform a periodic sampling of WHOIS data across registries in an effort to identify potentially inaccurate records.
While the resolution is light on detail, it appears that new gTLD registries may well be taken out of the loop completely, with ICANN notifying their registrars instead about inaccurate Whois records.
It’s not the first time ICANN has offered to shoulder potentially costly burdens that would otherwise encumber registry operators. It doesn’t get nearly enough credit from new gTLD applicants for this.
Contractually banning abuse
The GAC wanted new gTLD registrants contractually forbidden from doing bad stuff like phishing, pharming, operating botnets, distributing malware and from infringing intellectual property rights.
These obligations should be passed to the registrants by the registries via their contracts with registrars, the GAC said.
ICANN’s NGPC has agreed with this bit of advice entirely. The base new gTLD Registry Agreement is therefore going to be amended to include a new mandatory Public Interest Commitment reading:
Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.
The decision to include it as a Public Interest Commitment, rather than building it into the contract proper, is noteworthy.
PICs will be subject to a Public Interest Commitment Dispute Resolution Process (PICDRP) which allows basically anyone to file a complaint about a registry suspected of breaking its commitments.
ICANN would act as the enforcer of the ruling, rather than the complainant. Registries that lose PICDRP cases face consequences up to an including the termination of their contracts.
In theory, by including the GAC’s advice as a PIC, ICANN is handing a loaded gun to anyone who might want to shoot down a new gTLD registry in future.
However, the proposed PIC language seems to be worded in such a way that the registry would only have to include the anti-abuse provisions in its contract in order to be in compliance.
Right now, the way the PIC is worded, I can’t see a registry getting terminated or otherwise sanctioned due to a dispute about an instance of copyright infringement by a registrant, for example.
I don’t think there’s much else to get excited about here. Every registry or registrar worth a damn already prohibits its customers from doing bad stuff, if only to cover their own asses legally and keep their networks clean; ICANN merely wants to formalize these provisions in its chain of contracts.
Actually fighting abuse
The third through sixth pieces of GAC advice approved by ICANN this week are the ones that will almost certainly add to the cost of running a new gTLD registry.
The GAC wants registries to “periodically conduct a technical analysis to assess whether domains in its gTLD are being used to perpetrate security threats such as pharming, phishing, malware, and botnets.”
It also wants registries to keep records of what they find in these analyses, to maintain a complaints mechanism, and to shut down any domains found to be perpetrating abusive behavior.
ICANN has again gone the route of adding a new mandatory PIC to the base Registry Agreement. It reads:
Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.
You’ll notice that the language is purposefully vague on how registries should carry out these checks.
ICANN said it will convene a task force or GNSO policy development process to figure out the precise details, enabling new gTLD applicants to enter into contracts as soon as possible.
It means, of course, that applicants could wind up signing contracts without being fully apprised of the cost implications. Fighting abuse costs money.
There are dozens of ways to scan TLDs for abusive behavior, but the most comprehensive ones are commercial services.
ICM Registry, for example, decided to pay Intel/McAfee millions of dollars — a dollar or two per domain, I believe — for it to run daily malware scans of the entire .xxx zone.
More recently, Directi’s .PW Registry chose to sign up to Architelos’ NameSentry service to monitor abuse in its newly relaunched ccTLD.
There’s going to be a fight about the implementation details, but one way or the other the PIC would make registries scan their zones for abuse.
What the PIC does not state, and where it may face queries from the GAC as a result, is what registries must do when they find abusive behavior in their gTLDs. There’s no mention of mandatory domain name suspension, for example.
But in an annex to Tuesday’s resolution, ICANN’s NGPC said the “consequences” part of the GAC advice would be addressed as part of the same future technical implementation discussions.
In summary, the NGPC wants registries to be contractually obliged to contractually oblige their registrars to contractually oblige their registrants to not do bad stuff, but there are not yet any obligations relating to the consequences, to registrants, of ignoring these rules.
This week’s resolutions are the second big batch of decisions ICANN has taken regarding the GAC’s Beijing communique.
Earlier this month, it accepted some of the GAC’s direct advice related to certain specific gTLDs it has a problem with, the RAA and intergovernmental organizations and pretended to accept other advice related to community objections.
The NGPC has yet to address the egregiously incompetent “Category 1” GAC advice, which was the subject of a public comment period.
Directi fighting “massive” .pw spam outbreak
Recently relaunched budget TLD .pw is being widely abused by spammers already, but registry manager Directi said it’s enforcing a “zero tolerance” policy.
Anti-spam software makers and users have over the last week reported a “massive” increase in email spam from .pw domain names.
Security giant Symantec reports that .pw jumped to #4 in its rankings of TLDs used in spammed URLs in the week ending April 26.
Anti-spam vendor Fort even recommended its customers block the entire TLD at their mail gateways, blogging:
Since we have yet to see a legitimate piece of mail for the .pw domain but have recently seen massive amounts of spam from this domain, we are recommending that you block mail form this domain as soon as practical.
Anti-spam mailing lists have been full of people complaining about .pw spam, according to spam expert John Levine.
Our own TLD Health Check ranks .pw at #19 in abusive domains (which tracks phishing and malware domains rather than spam) for May, having not ranked it at all before April.
But Sandeep Ramchandani, head of Directi’s .PW Registry unit, told DI that the company has deactivated 4,000 too 5,000 .pw domains for breaching its anti-abuse policy.
He said that a single registrar was responsible for the majority of the abusive names, and that the registrar in question has had its discount revoked, resulting in newly registered domains from it going down to “almost nothing”.
“If you remove that registrar, the percentage of abusive names to non-abusive names is not alarming at all,” Ramchandani said.
He said the company has a “zero tolerance” approach to spam. It’s been communicating with many of its critics to let them know it’s on the case.
He noted that it’s not surprising that people are seeing more bad traffic from .pw than good — spammers tend to start using their domains immediately, whereas legitimate registrants take a bit longer.
Directi, which reported 50,000 names registered in the first three weeks of general availability last week, is now up to 100,000 names.
Many of the names were registered via the same aforementioned registrar, so more are likely to be turned off, Ramchandani said.
.pw is the ccTLD for Palau, but Directi brands it as “Professional Web”. It’s going for the budget end of the market, selling domains for less than .com prices even if you exclude discounts.
Afilias blames security crackdown for massive drop in .info domains
Afilias says a new anti-abuse policy is responsible for .info losing almost a million domains in 2012.
The .info space ended the year down 914,310 domains, an 11% decline on 2011, the biggest gTLD shrinkage in actual domain terms and second only to .tel in percentage terms, according to DI’s TLD Health Check.
The TLD ended the year with 7,402,557 domains under management, still the runaway leader of “new” gTLDs in terms of total domains.
An Afilias spokesperson blamed the DUM decline on a crackdown on abusive domain use, which impacted sales. He said in a statement:
To fight the growing scourges of spam, phishing and other Internet problems, .INFO established an industry-leading anti-abuse policy and began aggressively working with its registrar partners to take down any and all sites that violated the policy, regardless of the sales impact. This approach reinforces .INFOs strong foundation of great sites and enhances the reputation of .INFO as the ‘home of information on the Web’.
Historically, .info was favored by bad actors due to the low cost of registrations. At some points over the last ten years, it’s even been possible to register a .info domain for free.
Afilias’ crackdown affected .pro too, as then-president Karim Jiwani told us in January, but .pro managed to double in size anyway, due to new registrar partners and lower prices.
Of the 18 gTLDs tracked by TLD Health Check, only .name, .tel and .travel also suffered significant declines in domains under management in 2012.
Donuts signs up to Architelos anti-abuse service
Architelos has a secured its first major customer win for the NameSentry anti-abuse service that it launched back in August.
Donuts, the highest-volume portfolio gTLD applicant, has signed up for the service, according to the companies.
For Donuts, which is probably the applicant that makes opponents of new gTLDs the most nervous, it’s another chance to show that it’s serious about operating clean zones.
For Architelos, it’s a pretty significant endorsement of its new technology.
The NameSentry service aggregates abuse data from multiple third-party malware, spam and phising lists and presents it in a way that makes it easier for registries shut down bad behavior.
Recent Comments