The ICANN Implementation Recommendation Team (IRT) working group has published its final report, which I decided to analyze a bit further. I already made a few comments last month, both in the At-Large Advisory Council framework and on my own. There are several issues raised by the recommendations of this report. The Uniform Rapid Suspension system (URS) is one.

Reliance on e-mail

Among the issues is the fact that most of the URS process relies on e-mail for notifications to the domain name registrant, to the domain name registry operator, etc. Let’s face it: e-mail has become unreliable for critical applications. With more than 90% of e-mail being catalogued as spam, identifying the one important e-mail that you are not expecting is like searching a needle in a haystack. Some techniques like DKIM, S/MIME signing, etc. might help getting through the spam filters, if only the latter are well-configured. Most users do not have fine-grained control on the configuration of their spam filter, and none at all on the one used by their ISP.

Where this matters is that “A Registrant has fourteen (14) calendar days from the date of the initial email notification to submit an Answer”. If the e-mail was caught by your spam filter, or if you are on vacation, traveling or more simply not reading your e-mail on a regular basis, you are out of luck. You might lose your domain name without you even noticing it before it is too late.

The language issue is also an important one. It may be that English is the lingua franca of the business community. However, it may not be a language understood by the domain name registrant and he may, in good faith, discard the notification message.

Collateral damage

The IRT working group is focusing on the web. To provide evidence, the complainant “must include PDF copies of [...] the website showing the alleged violation(s)”. If the domain name is indeed found to infringe on someone else’s IP rights by the third-party complaints examiner, “The third-party provider will post a standard page on the domain name”. No mention is made of other services, although, as one of my friends says “there are 65534 other ports”.

The URS proposal does not explain how other services, like e-mail, DNS, etc. would be treated. E-mail is problematic in this context. There could be a privacy issue with the third party provider intercepting correspondence originally addressed to the domain name registrant. Or, if the registrant had indicated a contact e-mail address under the domain name being suspended, he might not receive any notifications on his case any more.

DNS is another issue. If the suspended domain name was running a DNS server for other, unchallenged domain names, those other domain names may not be accessible anymore.

What the IRT group is proposing is technically close to the controversial Sitefinder “service”, and this proves again that the IRT group would have benefitted to have a broader base of participants, especially from the technical community, in this case.

Legal uncertainty

The fact a registrant has successfully passed a URS examination does not mean he is certain to keep his domain name. He could still face a UDRP complaint and a legal action. There is not much that can be done to prevent a legal action. However, one could expect the complainant to have to choose between a URS complaint or a UDRP complaint, but not both.

On other factor is that the registrant should be guaranteed some peace of mind regarding the use of his domain name. A URS complaint can be filed at any time. If the registrant has been using a domain name for several months or years, he could still face a URS complaint. This creates a high level of uncertainty. Would you dare to launch an Internet-based business if your domain name can be taken down at any time?

The extensive use of e-mail in the URS process creates a real issue regarding the production of legal evidence in law suits following URS cases. Like it or not, most judicial system use written evidence to examine civil cases, and do not consider e-mails or faxes as legal evidence.

Individual domain name registrants

The IRT proposal does not make any difference between domain names registrants which are either businesses or individuals. Unlike businesses which are “open all day”, individuals cannot be expected to be glued to their computer screen waiting for an e-mail regarding a potential issue with a domain name they have registered. As mentioned above, the 14 day period for answering after the notification may be impossible to keep for an individual, especially if he is not well-versed into the intricacies of the IP framework regarding domain names.

The language issue mentioned above is even more problematic for individuals.

Potential suggestions for improvement

I am told I should suggest possible improvements rather than just whining. So:

• Use certified/registered paper mail for notification. This is expensive, yes, but will provide indisputable evidence to both parties. Further, because of the cost involved, it will help eliminate frivolous complaints only designed to hurt competitors.

• Draft notifications in the registrant’s native language. This is expensive, again, but will make sure that the registrant actually understands what is going on. And again, it will greatly help in possible later law suits.

• Differentiate between individual private persons and legal entities. The process applying to the former would be more relaxed in terms of time schedules.

• Make the suspended domain names unresolvable by the DNS. Web users, will get a 404 error. E-mail users will get a non-delivery receipt. This would be RFC-compliant and solve the privacy issues.

• Put a time limit on the introduction of a URS complaint, for example 3 months. After that time, the domain name owner should be guaranteed he will not face a URS complaint anymore.

• In line with the above, a complainant should be requested to elect for a URS or a UDRP but not both. This will guarantee that the domain name registrant will not be harassed.