.health backer has cop-like takedown powers for all gTLDs in Japan
LegitScript, a US company focused on eradicating illegal online pharmacies, which backs the .pharmacy and .health gTLDs, has been given police-like powers to have domain names taken down in Japan.
It has also emerged that when IP Mirror, a brand protection registrar, was hit with an embarrassing ICANN contract-breach notice in November, it was as a result of a LegitScript complaint.
Under section 3.18.2 of ICANN’s 2013 Registrar Accreditation Agreement, registrars must have a 24/7 abuse hotline that can be used by “law enforcement, consumer protection, quasi-governmental or other similar authorities” to report illegal activity.
Registrars must act on complaints made to the hotline within 24 hours, but only authorities designated by national governments get to use it.
Now, it transpires that LegitScript has been formally designated a 3.18.2 authority by the Japanese Ministry of Health, Labor and Welfare.
That means the US company’s complaints about domains hosting potentially illegal pharmacy sites have the same weight as complaints from the Japanese police, when made to registrars that have an office in Japan, even if they’re headquartered elsewhere.
IP Mirror, which was recently acquired by CSC Digital Brand Services, is based in Singapore but has an office in Tokyo.
As far as I can tell, most of the top 10 registrars do not have offices in Japan. KeyDrive (Moniker, Key-Systems etc) may be the exception. GMO is the largest registrar based in Japan.
LegitScript announced its relationship with the Japanese ministry in September (I missed it at the time) and company president John Horton provided some context to the IP Mirror breach notice on CircleID today.
I only report the deal today because it strikes me as noteworthy that a private enterprise has been given the same powers under the 2013 RAA as law enforcement and government consumer protection agencies — and it’s not even in its home territory.
Horton told DI today that while LegitScript is legally based in the US and has offices in the EU, only Japan has so far formally granted it 3.18.2 powers. He said in an email:
We only have formal Section 3.18.2 designation in Japan at present. We have some other endorsements or recommendations by or on behalf of government authorities, although they do not specifically reference Section 3.18.2. We work closely with the Italian Medicines Agency and the Irish Medicines Board, for example, and report rogue Internet pharmacies in consultation with them.
Horton pointed out that anybody is able to to file abuse complaints under the 2013 RAA — and registrars are obliged to “take reasonable and prompt steps to investigate and respond appropriately”.
His CircleID piece cites two instances in which such complaints from LegitScript resulted in ICANN breach notices.
The chief difference is that under 3.18.2 registrars do not have much flexibility in their response times. They have to “take necessary and appropriate actions” within a black-and-white 24-hour deadline.
IP Mirror rapped for failing to deal with abuse
Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.
Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.
Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.
According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.
Registrars have to respond to such complaints within 24 hours, the RAA says.
The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.
The company has been given until December 5 to come back into compliance or risk losing its accreditation.
IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.
But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.
Recent Comments