When it comes to stealing domain names, I suspect that there are two reasons why so many web bandits appear to be immune from ICANN (the Internet Corporation for Assigned Names and Numbers uses the acronym ICANN): the first reason I discussed in my last column on domain name theft (where I described a substantive void in domain name “regulation” as a primary factor for the increasing incidence of domain name theft), the second reason, which is the focus of this column, is the procedural anomaly that currently infuses ICANN’s uniform dispute resolution process (UDRP) by providing no administrative forum for domain name registrants who become victims of domain name theft carried out by ICANN’s registrars.

Although the UDRP is presumed to provide an inexpensive, narrowly focused, administrative, online arbitration forum for the benefit of trademark owners as well as domain name registrants, it is widely acknowledged that domain name registrants have not been able to leverage the same level of benefit from the existence of the UDRP as those who have used the forum to claim trademark interests in domain names. Some arbitrators, for instance, have been moved to grant relief to trademark holders, notwithstanding that the claim at issue did not remotely or mistakenly qualify as cybersquatting, but, for the most part, arbitrators have not shown similar zeal for domain name registrants seeking to stretch the UDRP’s reach wide enough to grasp the claims of domain name registrants who have attempted to fight off egregious instances of reverse domain name hijacking (a ploy successfully used by trademark holders wherein a UDRP complaint is filed “in bad faith to attempt to deprive a registered domain-name holder of a domain name”). Even so, the fact that the UDRP often has been tilted in favor of trademark holders might not remove the usefulness of the UDRP entirely if the process were otherwise fair, and if domain name registrants could vindicate their own interests through a similar forum.

Domain names are acquired through an online registration process, which is a service offered by service providers generally called registrars. Registrars operate as gatekeepers to domain names, which has become one of the Internet’s most valuable resources. In keeping with this responsibility, registrars also maintain control over how and when a domain name may be transferred from one registrant to another. Since improper transfers have become the means of domain name theft, registrars are uniquely situated as a type of Internet cop; but, some of these cops are bad cops.

Excited about the opportunities offered through ICANN’s establishment of 7 new top-level domains (suffixes), Frederick Harris registered his domain name as soon as the top-level suffix called *.COOP was operational. Harris selected the generic word “email” for his domain name and registered: ‘email.coop’ for a two year period ending in February 2004. Harris registered his domain name as part of a business model, which provides email services for cooperatives desiring a presence in electronic commerce without carrying the burden of developing and managing a website. Shortly after successfully registering email.coop and spending a substantial sum of money to establish a business, Harris’ domain name was stolen. In Harris’ case, a savvy web bandit had not stolen the domain name, apparently, the registrar had. What is more, Harris’ case is similar to a number of other recent claims.

Registrars as well as Registries are presumed to be service providers who go to extensive ends to ensure that domain names under their respective registrations are assigned to the legitimate domain name registrant. When courts order domain names “transferred” as a result of a finding of cybersquatting, courts usually depend upon Registries/Registrars to implement the order and, ultimately, to see to it that the nameserver database points to the right Internet Protocol numbers. Similarly, ICANN’s UDRP assumes a neutral, if not fiduciary, role for the Registrar/Registry. Consequently, the likelihood that some of these guardians of Internet resources might be withdrawing the assets of their customers points out a concern serious enough to doubt whether ICANN’s deeply entrenched stakeholder approach to Domain Name management is sufficiently balanced against its governance responsibilities.

In Harris’ case, it is unclear whether the registry or the registrar may have stolen his domain name. ICANN authorized, an American company, the National Business Cooperative Association (NBCA) to sponsor the new suffix, *.COOP, and to operate as the new registry. NBCA has authorized one company to operate as its sole registrar, Poptel, a British company. Poptel registers domain names under .coop for those seeking a domain name under that top-level suffix. Harris says as soon as he discovered the theft, he contacted a Poptel manager who promptly told him to “get lost.” To date, Poptel has provided no compensation for the domain name, according to Harris. A name query using .COOP’s WHOIS database reveals that Harris’ domain name is currently registered to the Registrar, Poptel: “domain:Registrant-Name:Lynn Davis; domain:Domain-Status:ACTIVE; domain:Registrant-Organization:Poptel.”

The fact that a domain name is actively registered by the registrar may not always suggest deceptive behavior or a scam is a midst, but the practice of registrars “buying” the services they sell begs for the opportunistic consequences that quacks a lot like a duck. Harris believes his domain name is perceived by Poptel to be a valuable asset and that Poptel, likely, permitted him to register the name by mistake (Some Registries embargo or reserve a select few generic domains precluding any registrant from obtaining the name). Poptel might argue that either it or the Registry, NBCA, was not convinced that Harris’ business qualified as a cooperative under the rules established by NBCA. Indeed, it does appear that there are at least a few potentially enforceable limitations to registration under the .COOP suffix, such as a restriction: “for use by only bona fide cooperatives and cooperative service organizations that ascribe to the Cooperative Principles of the ICA, such as member ownership and control.” Even so, there are several troubling features regarding the manner of how the registrar has acted; namely, [1] it appears that the registrar took possession of a paid asset before informing the registrant why or providing a written determination concerning whether the registrant had a legitimate right to his registration, [2] after the registrant was stripped of his domain name, the registrar improperly registered the domain name for itself (rather than reserve the domain name), [3] the registrant was not immediately compensated for the domain name he paid for and, perhaps, most important, [4] since the conduct, here, directly involves a registrar, it is particularly troublesome that ICANN has no online forum comparable to the UDRP that a registrant may avail himself or herself of rather than take on the expense of real space litigation.

Regardless of the merits of Harris’ particular case, under what circumstances should a registrar be able to take a domain name after it was permissibly registered unilaterally, without notice or compensation? Even if a registrar has mistakenly registered a domain name in a restricted registry, at what point should the legitimate interests of the domain name registrant require due compensation to “correct” the registrar’s blunder? How do you distinguish mistakes from theft when the registrar’s conduct is at issue? Unfortunately, it presently does not matter whether a registrar has stolen a domain name or simply “taken back” the name because it was mistaken registered; in either case, ICANN provides no online arbitration forum available to the registrant to redress a grievance. Instead, ICANN has left an over supply of foxes guarding the chicken COOP with no one in genuine control of the foxes.

How do you arbitrate a domain name dispute when the Registry (or Registrar) is the alleged thief or cybersquatter? ICANN may have to puzzle over that question. The real problem Harris faces is not that he has a poor choice, but that he has no choice offering the same online, inexpensive, and convenient forum that ICANN offers trademark holders. An allegation by a registrant of domain name theft is not new to ICANN, yet ICANN has never established any mechanism to handle these types of disputes or complaints. Surely, ICANN might desire to consider such matters in its decisions to accredit or withdraw accreditation from a registrar. Regardless of how narrow ICANN might view its mission, if domain name theft remains unabated, ICANN has a duty and obligation to provide some formal mechanism for registrants to petition for relief from domain name theft by ICANN’s registrars.