Home / Blogs

Domain Name Theft Part II: Did ICANN Leave Foxes Guarding the Chicken COOP?

Rod Dixon

When it comes to stealing domain names, I suspect that there are two reasons why so many web bandits appear to be immune from ICANN (the Internet Corporation for Assigned Names and Numbers uses the acronym ICANN): the first reason I discussed in my last column on domain name theft (where I described a substantive void in domain name "regulation" as a primary factor for the increasing incidence of domain name theft), the second reason, which is the focus of this column, is the procedural anomaly that currently infuses ICANN's uniform dispute resolution process (UDRP) by providing no administrative forum for domain name registrants who become victims of domain name theft carried out by ICANN's registrars.

Although the UDRP is presumed to provide an inexpensive, narrowly focused, administrative, online arbitration forum for the benefit of trademark owners as well as domain name registrants, it is widely acknowledged that domain name registrants have not been able to leverage the same level of benefit from the existence of the UDRP as those who have used the forum to claim trademark interests in domain names. Some arbitrators, for instance, have been moved to grant relief to trademark holders, notwithstanding that the claim at issue did not remotely or mistakenly qualify as cybersquatting, but, for the most part, arbitrators have not shown similar zeal for domain name registrants seeking to stretch the UDRP's reach wide enough to grasp the claims of domain name registrants who have attempted to fight off egregious instances of reverse domain name hijacking (a ploy successfully used by trademark holders wherein a UDRP complaint is filed "in bad faith to attempt to deprive a registered domain-name holder of a domain name”). Even so, the fact that the UDRP often has been tilted in favor of trademark holders might not remove the usefulness of the UDRP entirely if the process were otherwise fair, and if domain name registrants could vindicate their own interests through a similar forum.

Domain names are acquired through an online registration process, which is a service offered by service providers generally called registrars. Registrars operate as gatekeepers to domain names, which has become one of the Internet's most valuable resources. In keeping with this responsibility, registrars also maintain control over how and when a domain name may be transferred from one registrant to another. Since improper transfers have become the means of domain name theft, registrars are uniquely situated as a type of Internet cop; but, some of these cops are bad cops.

Excited about the opportunities offered through ICANN's establishment of 7 new top-level domains (suffixes), Frederick Harris registered his domain name as soon as the top-level suffix called *.COOP was operational. Harris selected the generic word "email" for his domain name and registered: 'email.coop' for a two year period ending in February 2004. Harris registered his domain name as part of a business model, which provides email services for cooperatives desiring a presence in electronic commerce without carrying the burden of developing and managing a website. Shortly after successfully registering email.coop and spending a substantial sum of money to establish a business, Harris' domain name was stolen. In Harris' case, a savvy web bandit had not stolen the domain name, apparently, the registrar had. What is more, Harris' case is similar to a number of other recent claims.

Registrars as well as Registries are presumed to be service providers who go to extensive ends to ensure that domain names under their respective registrations are assigned to the legitimate domain name registrant. When courts order domain names "transferred" as a result of a finding of cybersquatting, courts usually depend upon Registries/Registrars to implement the order and, ultimately, to see to it that the nameserver database points to the right Internet Protocol numbers. Similarly, ICANN's UDRP assumes a neutral, if not fiduciary, role for the Registrar/Registry. Consequently, the likelihood that some of these guardians of Internet resources might be withdrawing the assets of their customers points out a concern serious enough to doubt whether ICANN's deeply entrenched stakeholder approach to Domain Name management is sufficiently balanced against its governance responsibilities.

In Harris' case, it is unclear whether the registry or the registrar may have stolen his domain name. ICANN authorized, an American company, the National Business Cooperative Association (NBCA) to sponsor the new suffix, *.COOP, and to operate as the new registry. NBCA has authorized one company to operate as its sole registrar, Poptel, a British company. Poptel registers domain names under .coop for those seeking a domain name under that top-level suffix. Harris says as soon as he discovered the theft, he contacted a Poptel manager who promptly told him to "get lost." To date, Poptel has provided no compensation for the domain name, according to Harris. A name query using .COOP's WHOIS database reveals that Harris' domain name is currently registered to the Registrar, Poptel: "domain:Registrant-Name:Lynn Davis; domain:Domain-Status:ACTIVE; domain:Registrant-Organization:Poptel."

The fact that a domain name is actively registered by the registrar may not always suggest deceptive behavior or a scam is a midst, but the practice of registrars "buying" the services they sell begs for the opportunistic consequences that quacks a lot like a duck. Harris believes his domain name is perceived by Poptel to be a valuable asset and that Poptel, likely, permitted him to register the name by mistake (Some Registries embargo or reserve a select few generic domains precluding any registrant from obtaining the name). Poptel might argue that either it or the Registry, NBCA, was not convinced that Harris' business qualified as a cooperative under the rules established by NBCA. Indeed, it does appear that there are at least a few potentially enforceable limitations to registration under the .COOP suffix, such as a restriction: "for use by only bona fide cooperatives and cooperative service organizations that ascribe to the Cooperative Principles of the ICA, such as member ownership and control." Even so, there are several troubling features regarding the manner of how the registrar has acted; namely, [1] it appears that the registrar took possession of a paid asset before informing the registrant why or providing a written determination concerning whether the registrant had a legitimate right to his registration, [2] after the registrant was stripped of his domain name, the registrar improperly registered the domain name for itself (rather than reserve the domain name), [3] the registrant was not immediately compensated for the domain name he paid for and, perhaps, most important, [4] since the conduct, here, directly involves a registrar, it is particularly troublesome that ICANN has no online forum comparable to the UDRP that a registrant may avail himself or herself of rather than take on the expense of real space litigation.

Regardless of the merits of Harris' particular case, under what circumstances should a registrar be able to take a domain name after it was permissibly registered unilaterally, without notice or compensation? Even if a registrar has mistakenly registered a domain name in a restricted registry, at what point should the legitimate interests of the domain name registrant require due compensation to "correct" the registrar's blunder? How do you distinguish mistakes from theft when the registrar's conduct is at issue? Unfortunately, it presently does not matter whether a registrar has stolen a domain name or simply "taken back" the name because it was mistaken registered; in either case, ICANN provides no online arbitration forum available to the registrant to redress a grievance. Instead, ICANN has left an over supply of foxes guarding the chicken COOP with no one in genuine control of the foxes.

How do you arbitrate a domain name dispute when the Registry (or Registrar) is the alleged thief or cybersquatter? ICANN may have to puzzle over that question. The real problem Harris faces is not that he has a poor choice, but that he has no choice offering the same online, inexpensive, and convenient forum that ICANN offers trademark holders. An allegation by a registrant of domain name theft is not new to ICANN, yet ICANN has never established any mechanism to handle these types of disputes or complaints. Surely, ICANN might desire to consider such matters in its decisions to accredit or withdraw accreditation from a registrar. Regardless of how narrow ICANN might view its mission, if domain name theft remains unabated, ICANN has a duty and obligation to provide some formal mechanism for registrants to petition for relief from domain name theft by ICANN's registrars.

By Rod Dixon, Attorney
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: Domain Name Theft Part II: Did ICANN Leave Foxes Guarding the Chicken COOP? verishafted  –  Aug 23, 2003 7:26 AM PDT

Help! Please. My registrar has violated several of icann's rules, a couple has cost me my domain name. The main one is that they failed to notify me that it needed renewed. Once in the extortion period… er excuse me the redemption period… they told me that they made a mistake and to submit a transfer request and they would approve it. (To move it out of the redemption account and back into mine). I did this, and once again, they denied the transfer!It was since aquired by a competitor! Does anyone have any advice for me? Btw.... my registrar is srsplus, owned by verisign, the company who would benifit from BOTH portions of the redemption fee. I can't find anything on google about recourses against a registrar not following icann rules or not honoring their word to their customers ( verbal contract, no?). Thanks in advance from all of the 2000 members of the website for any help out there!

The problem is apathy and lack of any recognition that this is a criminal offense Don C Burr  –  Jul 14, 2010 7:55 PM PDT

Someone (Scott Williams according to Network Solutions) just attempted to illegitimately transfer our domain to his account at Network Solutions.
When we notified Network Solutions about the attempt, incredibly they responded by telling us that it is no big deal people try to transfer domains all the time, but the process will stop them.
When I insisted that what happened is Attempted Grand Theft they brushed me off.
If there is no recognition that the attempted theft of a domain is an actual crime and handled accordingly then it is a foregone conclusion that domains will be stolen.
If however the attempt is treated as it is and should be, as a crime, and the individuals known to the registrars treated as they should be, as criminals, the attempts will most certainly decrease and therefore the corresponding theft rate will decrease.
More importantly if domain theft is headed off before it happens then the victims of the crimes will not have their business severely or irreparably damaged; and they will not have to spend time and money to get back what was rightfully theirs.

Additionally, I think that Domains should be treated like any other property.
They are purchased until sold and not "Rented" and then only if they are public facing and registered in DNS should registration charges be necessary. Registrars should handle them like a storage unit where if the storage fees are not paid the storage company must file a lien and go through a legal process before it can sell the goods stored in the storage facility.

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC