Moniker has just released the following statement acknowledging an “unauthorized release of customer data” by a Moniker Employee:
“”Moniker has learned that one of its employees violated company policy by distributing customer data for a single domain name registration. The employee has been placed on administrative leave while the company further reviews the matter.
“”Only one employee and one customer registration were involved. However, unauthorized data access of any kind, no matter how large or small, is an issue taken very seriously by Moniker and by its parent company, Oversee.net, and is being addressed directly.””
This appears to be related to the story Rick Schwartz hinted about yesterday and wrote about today on his blog.
Based on the information contained in Ricks post and the above statement, I think the employee should have been named, fired and Moniker should have immediately implemented a policy that would prevent any future “unauthorized data release” by denying access to such information.
If people place their names under privacy, sometimes paying extra for the privilege, they should receive privacy.
Domains under Privacy should only be disclosure as and if required by law, such as under a UDRP or court order.
Wait until employees participate in domain thefts, as an insider job.
The entire Oversee operation appears to be a sinking ship. Their internal corporate culture is a catastrophe. When the subordinates are out of control and jeopardizing your customer goodwill for their own personal motives (Nelson Brady, now this), that hints that the people at the top are seriously lacking in management skills.
I’m not jeopardizing my names with clowns like this.
I’ll start scaling out of Moniker over fy11 and into Fabulous.
And lets not forget the ‘founder factor’, with Monte leaving.
The writing’s on the wall here.
Well,
Another human sacrifice to save Corporate face …
When they threw Halverez (Nelson Brady) under the bus …
to save the other guilty clowns, guess who is still running the show!
Sure this is misuse of the data and the person should be fired immediately. Employees need access to sensitive information a lot of times to do their jobs. I would take this for what it more than likely is, a one time incident. They should fire the person, apologize, and move on. I’m not sure what else should be expected of them.
Here is a good word for Moniker: none of my domains
disappeared in a black hole of Registrar greed, or was held hostage
for outrageous reinstatement fee, like certain registrars practice, Jeff
Kupietzky personally answered some of my emails, and many staff are
known by name, and they’re pretty nice! Should a company look at an
employee’s history when determining discipline? What if an employee
has an outstanding record, and shows bad judgement one time? It’s
pretty bad, what that employee did, but privacy is only protective
until a UDPR is filed. Then the privacy info must be made public.
Leave the decision up to Moniker.
If a different group of Domainers use Peer-to-Peer DNS and do not use Registrars or a Registry, then they only have themselves to blame for releasing their personal information ?
Yet, Domainers seem to LOVE the ICANN system of Registrars (that sort of own your domains) and Registries (that sort of own your domains) ?
Realistically, Domainers have very little choice or chance to shape the existing “system”. Domainers choose to play in the flawed system and people see the price they pay here.
Some Domainers are of course their own Registrar, removing one layer of middle men from the system. That is rare, yet more secure and trusted.
As Peer-to-Peer Domains are incorporated into “the biggest platform known to man” it will be interesting to see how Registrars prove they “own” domains.
Was this statement sent out to all customers?
I never got an email.
@ Jacob – “Sure this is misuse of the data and the person should be fired immediately. Employees need access to sensitive information a lot of times to do their jobs. I would take this for what it more than likely is, a one time incident. They should fire the person, apologize, and move on. I’m not sure what else should be expected of them.”
If those steps had been taken immediately, then this wouldn’t be such an issue. The fact is, no-one would know about it if RS hadn’t brought it into the open – forcing Monikers hand. Remember, we are talking about Privacy ‘PROTECTION’ here. What’s occured is tantamount to theft.
I worked at AOL many years ago and there was a similar situation. The employee was immediately fired.
“Administrative Leave”?
Does Oversee.net really want another black mark by not taking action? Why exactly has Halvarez not been arrested? Will anyone ever be held accountable for their actions?
Brad
Fire the schmuck, he is a total phoney, as well.
Gnames
I got the notice to thedomains.com
Not sure the notice went out to any to any customers
It is stealing. They stole someone’s private information probably to sell to someone. Information that someone paid to keep private. I think it is not just a civil matter but a criminal action. They should be arrested and charged (as Halvarez certainly should have been).
But I’m sure they were born with that “theft gene” …it’s really not their fault. Where’s our compassion? Give me a friggin’ break!
This has evolved in to quite a “Who Did It ?” story.
Who Dat ?
Hello Mike,
The implications of this whole isolated event at Moniker are an industry wide problem. Wherever there is lots of cheese stored there are lots of rats after it. I will say this, that as a client of Moniker almost from inception, I feel it is still the best choice of any of them. To his credit Monte always followed up with me almost immediately on any security breach I may have thought happened.
To tell you the truth I got a little paranoid about security after he left. Lets hope Moniker learns from this lesson, and I am confident they will.
Gratefully, Jeff Schneider
This isn’t right at all. Why do I have to find out about this through TheDomains or Rick Schwartz?
It’s just another black mark.
Every industry has it’s dark side to beware of. I was an ppc affiliate manager for a large corp and seen so many similar security/privacy breach issues.
Gnames
I think I can say with some confidence that if not for the blogs you mentioned you may have never heard about this issue and there would never have been the statement issued by Moniker/Oversee
Checked to see if “Monte Cahn Sucks” is registered: YES.
MonteCahnSucks.com – regged at 1&1.
So can’t be it related to this domain. Plus Monte just left Moniker.
Then checked to see if “Patrick Ruddell” is registered: NO.
PatrickRuddellSucks.com is available as of this moment.
So can’t be it related to this domain.
Then checked to see if “Chef Patrick Sucks” is registered: YES.
ChefPatrickSucks.com was registered at MONIKER.
Registered recently too: October 2010.
Plus under Whois Privacy.
So is it related to this domain?
I hope Patrick’s not involved cause I respect the guy for what’s he’s accomplished, but if so, at least he has his new site http://ScienceFiction.com to fall back on.
If you permit it you promote it. This is a close 2nd behind theft, I am sure staff have been fired for regularly being 5 minutes late, which is worse?
Another scandal for Oversee/Moniker, not exactly what they need. They already have a tarnished reputation over the Halvarez scandal and how they handled it.
SnapNames.com was given warnings for years about the bidder “Halvarez” and always vouched that it was in fact a real bidder.
In fact when that news broke many people guessed the bidder before it was released.
There are threads on NP and DNF from early 2006 talking about the bidder Halvarez on Snap.
He is finally outed after years of fraud and what happens? Pretty much nothing. It was treated as a civil case when it was clearly criminal fraud.
I have domains @ Moniker, but things like this really make me question anything under the Oversee umbrella.
Brad
No Spam
Since you bought up Sciencefiction.com again, its interesting to note that as I did when I wrote about it there are other Oversee employees involved in that site.
http://www.thedomains.com/2010/12/23/techcrunch-covers-chef-patrick-his-a-of-sciencefiction-com/comment-page-1/
Goes to show that Quality Control is important in every industry, including domainin’.
– TBC
I started transferring all my domains (several hundred) as they came up for renewal from my principal registrar to Moniker. While I realize it might amount to a small amount of revenue for Moniker yearly and may be of no consequence to them, I have just kind of gotten my feet wet in this industry and plan on expanding both my repertoire and inventory.
It’s not scandals like this that concern me, but things like the fact that they don’t communicate with their customers which equals shitty customer service or support.
Case in point why did Thedomains get an e-mail about this and not other customers!!!? no offense to you Mike or your blog (just illustrating my point), but are you a more valued customer or deserve better or preferential treatment or privy to information that other domainers with Moniker accounts are not? If something dire should come of this as a consequence of this leaked information should not the guy with a few domains at registered at Moniker not be informed or entitled to know something about it or is this just information for the big privileged domainer.
Another example… whenever they run their monthly themed auctions and I have submitted domains for consideration, my e-mail might as well have disappeared into cyberspace because I never have gotten so much as a “thank you, for your submission” or a Dear John “your domain sucks” better luck next time or a return e-mail from them. ABSOLUTELY NOTHING! zero, zip, nada. No form of recognition or even acknowledgement that someone on their end received or saw my submission. Just left hanging in limbo. My point is that even if the domain was double hyphen, three word .info, and it was my only domain registered in their account, They need to learn to acknowledge and keep their customers informed.
Godaddy as bad a rap that it get’s could teach them a hellava a lot about customer service, appreciation and communication.
In retrospect, I think companies like Moniker and Sedo suffer from “To Big To Fail” Syndrome.
After continuous drop in ppc, I have finally moved my entire portfolio (1000s and 1000s of domains and few million uniques) away from DomainSponsor. The customer service became extremely bad about 2 years ago and the revenue never improved. In fact revenue dropped suddenly another 50% in last couple of months from already bad levels and I just made the decision to move out to sedo.
So far so good but its a little early to tell how it will fare at sedo, but sedo’s customer service from dedicated account managers is very good. Sedo is treating us with respect and dignity instead of always being ignored by DS.
Btw, I had great times with DS from 2004 to early 2008 when I dealt with great account managers including Sam Aidun who I still respect a lot for the care he provided.
Finally I am out of DS but with very heavy heart as I was not looking forward to it but 80% drop in ppc and extremely bad customer service forced us to move out completely.
I kept thinking DS will improve but I was wrong and could not take it anymore so moved out after almost 6 – 7 years. I was a very loyal DS customer but they didn’t give a shit.
Thank you.
After the Nelson Brady incident and now this, Moniker need to ensure this staff member is fired and named publically if they’re going to protect their ailing reputation, or no-one will trust the “privacy” of their data with Moniker. After all, the Halvarez scandal was really about a breach of privacy – the privacy of their customer’s proxy bids. Knowledge is power and Moniker must act quickly, decisively and openly.
so lets take an analogy…
say an affluent Domainer invests hundreds of research hours, and capital acquiring and registering future domains with whois privacy.
Then lo and behold, you find out an employee from your Registrar has been casing your portfolio while you sleep.
In turn, that “Registrar Employee” intentionally registers and acquires names within your exact verticals. Then, that same “Registrar Employee” has the hutzpa to write an inflammatory, maniacal letter taunting and intimidating you about your domain assets.
This Moniker Employee should definitely be terminated ASAP.
Our community is small, thus, one fat, phoney, unethical apple will rot the bunch.
-Andrew
@ Brad
SnapNames.com was given warnings for years about the bidder “Halvarez” and always vouched that it was in fact a real bidder.
————-
This shall be Known henceforth as ….
” HALVEREZ ll ” the sequel 🙂
the future is now… i was gonna say something more meaningful but then i’da had to think. let’s dance.
Let’s pool our resources, buy an island fortify it with rum, guns and money and start our own ccTLD.
.Con
I thought this was going to be something serious.
Happy New Years!
My Brothers and Sisters… Partners in Crime and Fellow Dreamers and Schemers.
May the New Year bring You All the Peace and Prosperity You Deserve.
The Captain is now Abandoning Ship and Heading Out To Uncharted Territories.
Yours in COMplicity,
Dean
1/1/2011
The question that needs to be asked (and answered!) is whether Moniker keeps an audit trail of employees’ activity in their system and has this employee performed any other privacy breaches. If so, what was that information used for? If this employee was a broker, for example, has private contact information been used to solicit domain owners?
Well Jeff,
how about a statement from you on this important issue,
instead of this NEW Mason Jar Guy??
Really doesn’t seem like a big story to me. So this happened and they are dealing with it? Where’s the big deal? At least the process is open and honest rather than keeping it secret and hiding what happened. In my eyes it’s hardly a “scandal” or something that rocks the industry.
In my opinion, people act like they’re Saints. Is Moniker a church? Are thry a sports coach with bad players? No. Should the employee be fired? Probably not. The employee is being treated as if they killed a person. Companies have to take measures to prevent future problems.
The domain name and the breech in question are no different than owning other questionable domains. The goal is to do whatever it takes to make revenue.
I understand that domain privacy is a concern. Many customer files are displaced everyday. Moreover, there are many instigators out there that have a vendetta to expose companies for their lack of ethics.
Who is 100% honest in the world? Buyers rip off sellers and vice versa. Companies sell customer information for profit. A domain owner sells a $300 name for $10,000+. Do end-users receive credible information to make informal decisions? Not a chance.
There are a bunch of righteous people out there trying to play the progressive. If the employee has a history relating to breeches, then Moniker can discipline them.
It really depends on the terms and conditions of employment. What’s the big deal with having a a name of an elite domain investor following sucks.com?
The theme of this article is to demonstrate that privacy is supposed to protect a domain owner. Information shouldn’t be given out that may jeopardize the parties involved.
What I find inconsistent is how people are too quick to judge a situtation, buy then they adopt the same unethical behavior in taking advantage of others. That is being biased, or a hypocrite. Maybe the domain company wants to make sure the information is accurate before issuing a statement.
Writing about the breech is an attention getter. Maybe the employee wants attention, as well. Who really knows the backstory. It looks like many domain investors want domain companies to fail.
Reminds me of another blog that criticizes me for asking questions, saying that this isn’t kidergarten, and then they go out there and develop a question site. Same with setting a domain’s value based on performance , age, and keywords stats.
Almost every blog is the same. The blog that leeked the story should have waited because it is not their duty to interfere with the case. Controversy equals traffic.
Even though a good friend is involved, they may attract unwanted attention with releasing the story ahead of Moniker. Anyhow, nice informative article.
I have one thing to say….. CONIKER!!!
Ron Jackson at DNjournal.com has now reported on the story as well and he has some more information and insight on it:
http://www.dnjournal.com/archive/lowdown/2010/dailyposts/20101231.htm
@ David Williams
they have not done the right thing and were not open and honest
=========
Yes, correct if it was not for Blogging we would not know about
this latest industry scandal.
Was the Employee “Nelson Brady” (Halverez)
already working from HOME?
Statement said
“The employee has been placed on administrative leave while the company further reviews the matter.
Only one employee and one customer registration were involved”
???
Statement says the company is reviewing the matter but states that only one employee and one customer were involved?
So they completed their review?
Remember, no one gets caught the FIRST time.
Don’t forget Craig Snyder was CEO of iReit when they were buying domains from Halverez.
Not speculation, fact.
[quote]Domains under Privacy should only be disclosure as and if required by law, such as under a UDRP or court order.
[quote]
…except that’s not what RAA 3.7.7.3 says…
John
So is it your opinion is that employees of registrars can share registrant information of domains under privacy with third parties?
Should the employee be fired? Probably not. The employee is being treated as if they killed a person.
—
Did you even bother to read what happened here?
Someone breached privacy, then took that information to someones EMPLOYER in an attempt to (presumably) get them fired or otherwise slander their reputation with their employer.
This isn’t a simple case of someone looking at privacy. This is a case of someone being attacked.
Wake the hell up.
3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm
– http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm
The Registered Name Holder – that would be the privacy service, right? And the domain which raised the issue with the employee had the employee’s personal name, plus, “sucks,” or something negative in it, right? It’s a sticky situation, isn’t it? As a “third party,” the employee would have been within his rights to approach the Registered Name Holder, or privacy svc of the Registrar, in this case, Moniker – with evidence of the offending domain and request the “contact information provided by the licensee and the identity of the licensee,” or the Registrant. In effect the “3rd party,” or employee, gave himself the contact information entitled to him as a 3rd party.
So ICANN needs to add a provision that Registrar employees as 3rd parties have to handle their personal concerns through a different method, whereby they don’t access the information except through a non-involved office in the Registrar.
It’s sort of like contests: family and employees of the contest aren’t allowed to participate – maybe Registrar employees need to abide by a different set of rules. But up until now, maybe the employee didn’t commit a violation.
@ John Berryhill, did I summarize that right?
Louise
“”As a “third party,” the employee would have been within his rights to approach the Registered Name Holder, or privacy svc of the Registrar, in this case, Moniker – with evidence of the offending domain and request the “contact information provided by the licensee and the identity of the licensee,” or the Registrant. In effect the “3rd party,” or employee, gave himself the contact information entitled to him as a 3rd party””
Just to be clear the employee did not contacted the registrant but a third party and disclosed this information.
Anon,
Do you know the whole dam story? Do you work for Moniker? Or are you a domainer and blog reader that follows the mass? Slander is making false accusations to ruin a person’s credibility.
Is the affected party going to lose their job due to this employee tell their employed about some dumb domain that a teenager can register? The case is about privacy.
Everyone else will question their privacy over an isolated incident – playing the victim, which I think is pathetic. Sound like a bunch of people looking for attention. The case goes way above you.
Anon,
Do you know the whole dam story? Do you work for Moniker? Or are you a domainer and blog reader that follows the mass? Slander is making false accusations to ruin a person’s credibility. Do you know the details of the case?
Will the affected party lose their job due to this employee informing their employer about some dumb domain that a teenager can register? The case is about privacy. Everyone is making a big deal over the incident.
Like a credit card company hasn’t sold your information before. Maybe you get a hundred phone calls from solicitors.
Everyone else will question their privacy over an isolated incident – playing the victim, which I think is pathetic. Sound like a bunch of people looking for attention. The case goes way above you.
People crave conflict and attention. Domainers read blog posts, and then they think they know everything. And they probably fear their privacy is at risk.
Moniker customers are complaining they didn’t receive an email informing them about the breech. So these customers are feeling rejected. If people want your information, they will find it. The same goes with acquiring a domain.
Now the case is shifting from privacy to intent to harm another based on a domain name. People want these scandals to bring more attention to the domain industry
I would never write a blog about anything that I have no business discussing. You can be held liable if you get the facts wrong. Companies have to follow protocol. People are suggesting the company terminate employment without investigating the intent.
The blog article is working. Already the most visited on this blog, as well as the most commented.
J
Just to be clear, I personally have knowledge of the whole story.
The names of the employee, the domain holder and all other parties were left out to respect those involved as well as to give Oversee an opportunity to take action.
“So is it your opinion is that employees of registrars can share registrant information of domains under privacy with third parties?”
Oh certainly, Mike. Yes, that’s exactly what I said.
Not.
An employee at Moniker clearly did something they ought not to have done. Since it involved a breach of privacy affecting one person, then a public announcement seems like a compounding of the problem.
My comment was in response to your assertion about when privacy should be lifted in general. The reason I responded at all was that others might believe or rely on your statement, which is by no means true at any registrar. Because that provision of 3.7.7.3 is a Rorschach test, there is no uniform understanding of what it means.
But that sort of rhetorical corner-painting device is beneath you, and I’ll chalk it up to a post New Year’s haze.
In any organization, these kinds of things happen. If an employee of a fast food restaurant cribs someone’s credit card, I expect that employee to be appropriately disciplined. That can happen in any business.
Has the US Army issued some public mea culpa over Bradley Manning? No. He’s in the brig awaiting the completion of investigation and eventual arraignment.
Since you are privy to the details, perhaps you might post the relevant parts of the employee’s contract which spell out the steps Moniker should take here.
Mike,
The post was directed toward Anon. I know you know all the details of everything that takes place in the domain industry.
It appears that domain investors want Moniker and Oversee to fail. Essentially, they’re giving Moniker and Oversee an ultimatum to respond to the incident. Domain blogs think they have the upper hand.
This breech is not as serious as people are making it out to be. It’s actually embarassing for the domain industry to even consider the incident a major problem.
Anyone with a serious interest in the subject of Whois
privacy would do well to listen to the recent discussion of
disclosure policy at the recent ICANN meeting, the audio archive of
which is here: http://cartagena39.icann.org/node/15439 My comments
are at 1:10:38, Mike, since you seem not to have a very good
ability to figure out my opinions in this area. I don’t recall you
bothering to show up for the discussion.
Mike, after reading the DNJournal story you linked to, i got to wondering about the actual logistics at play here. When Ron said, “I would have thought that only a *very* limited number of *high level* personnel could get to this information “, it may not even be a real possibility.
this is a bit of a lengthy explanation, but bear with me: When one registers whois privacy, that keeps your info out of the public domain, but it doesn’t necessarily make the domain private in the actual administrative interface in use by the registrar. having worked at tech company, i can tell you that every member of the support department had access to client accounts, being able to login as a client with a single click. there would simply be no other way to provide support, without the ability to troubleshoot by replicating a problem from the client side. (i.e. login as the client). Generally anyone who is involved on the development team for the application, as well as systems admins, also will have this access.
so its not unreasonable to assume many (even most) employees could have this type of access. certain sensitive information is always encrypted, such as passwords and credit card #s, but you cant really encrypt the name of the domain inside your account, or you wouldn’t even know what it was.
not sure if i’m making it clear, but to elaborate, there are not going to be two separate interfaces to your account, (one for you and one for support), so for example, you’re not going to have a situation where you as the registrant are able to log in to your account and see:
domain1.com
domain2.com
domain3.com (whois on)
domain4.com
…
and have a member of the support (or any other employee) log in to an interface for the same account that shows, say,
domain1.com
domain2.com
********.com (whois on)
domain4.com
…
I hope you see my point. so like it or not, lower level employees such as any member of support are going to have access to your account and could in theory see every domain you own. (unless someone can jump in here and prove me wrong). the only real key here, imo, is to hire well.
that said, it would also seem that trying to connect any domain at random with any of thousands of registrants at a registrar would be like finding a needle in a haystack, unless the employee a) just happened to notice the particular domain while administering a client account, (pretty damn lucky) … or b) there is some sort of (searchable) database connecting every domain to its respective client account #.
just my 4 cents.
J
I don’t know everything going on in the domain industry, but I do know the set of circumstances which lead to the statement of Moniker.
I have no desire to see Moniker or Oversee fail.
I was actually the 1st and possibly the only blogger at the time of the bidding scandal to come out and applaud Oversee for disclosing the issue and also did a weeks worth of research to conclude that no other employee of Oversee was involved.
This story was driven by the registrant of the domain who was quite upset that a domain he had under privacy was divulged to a third party by an employee of the registrar.
If the registrant didn’t object to this, then it would have never gotten to the bloggers.
As far as being a Major story, I don’t know where in my story I said it was a major story. I reprinted Moniker statement and added in my opinion based on the facts as I know them.
Many of the commentators believe this is a major story and each person will have to decide that for themselves
John
I was not furnished nor did I request a copy of the employment agreement between Moniker and the employee and don’t even know if such an agreement exists.
@ J
It’s quite simple. There is an underlying principle here. The technical debate about the breadth of domain privacy is an aside to the larger question.
Lets say I own HotSluttyWhores.com in my personal domain account, registered at Godaddy… And lets say my day job is as a website designer, totally unrelated to this domain name. Today, I might design a site for Sues Retro Clothing, then tomorrow, I design a site for The Great Coffee Cafe… As a result of my daily duties as a website designer, perhaps I’ve made a website for the Church of Jesus and act as their webmaster.
Say someone at Godaddy has a grudge against my owning an adult domain. Lets say this person is their hot new tech support guy, fresh off the boat from Ireland, named Pádraig O’Dell. For whatever reason- perhaps, something contained in a whois in one of the other domains in my account- Pádraig O’Dell knows I’ve done work for Church of Jesus and being a good Irish Catholic boy, Pádraig O’Dell takes grave offense to my owning a domain name like HotSluttyWhores.com. He contacts my employer, the Church of Jesus, and notifies them that I own a domain name that might be incongruous with their beliefs, in an attempt to impugn my relationship with them, due to his own personal feelings.
The issue here is whatever compact of trust that might exist between registrant and registrar when domain privacy is employed. If internal employees are breaching this trust to satisfy personal vendettas, this is an enormously disturbing thing. It significantly undermines the credibility of that registrar, in terms of what sort of control they have over their employees and how secure our private information is, with that company. That someones employment can be jeopardized by a corporate employee using private information to satisfy a personal agenda is hugely offensive.
It’s not a ‘big deal’ to everyone, but you can bet it’s a ‘big deal’ to the person who saw their employment under attack. If we put ourselves in that persons shoes, it becomes a big deal to us, too.
Animal
I understand what you are saying.
And of course you are referring to a comment made by Ron Jackson not a statement made by myself, but since you raised the issue lets chat.
My thoughts are just because you have access to information that doesn’t mean you can access it whenever you would like or do anything you want with the information.For example an employee of the IRS might have access to view anyone’s tax return but it would be probably against the IRS rules for any employee to check out say Bill Gates tax return just because they were curious what it looked like.
Its also probably a big no-no for an IRS employee who might look at someone’s tax return to then discuss it with third parties.
Maybe Moniker doesn’t have such rules in place, in which case, maybe the employee didn’t violate any rules of Moniker, but the statement of Moniker would indicate that there are rules in place and the employee did violate the rules.
If the rules were violated then the issue becomes what punishment if any should the employee who violated the rules receive if any and what controls is the company going to put into place to make sure it doesn’t happen again.
Mike, I agree 100% with what you just said. i was just pointing out, for the sake of argument, since others seemed to have voiced concerns about the whois privacy not being private to employees of the registrar, that it most likely isn’t going to be technically feasible on the administrative end. its an issue of checks and balances, or rules and punishment as you stated.
Its also probably a big no-no for an IRS employee who might look at someone’s tax return to then discuss it with third parties.
—-
I can’t recall the exact cases, but I’m certain there have been terminations (and possibly, prosecutions) of employees and/or law enforcement officials at the Federal Level who’ve gotten into a heap of trouble by using their access to non-public records for whatever reason, including ‘curiosity’.
Mike,
Your article is tame compared to the leak. I’m sure you have worked with the companies in question.
Giving them an ultimatum to respond or leak the breech is harming the companies. Why not keep the case in-house? Should every act of wrong be put our in the public eye?
The main leak is one that seems to target the reputation of the companies who have been good to their customers. Should we throw them in the same pot as other unethical companies? No. One incident. Take care of in-house. The domain name in question is childish.
Anon,
Your scenario is on the same wavelength, but also different too. We’re talking a name and sucks.com.
The church and sex site example are different. Many times privacy is used to prevent spam. Maybe the employee was jealous of the domain owner and their job or collection. Who really knows?
I agree with the church and sex comparison. However, i disagree with that your example is equal to the incident. Sex site and a sucks website.
Both instances can get an employee terminated. Though, the sucks domain seems to be a joke. As previously mentioned, the employee may be jealous or an instigator. Domain blogs operate on the same format, as well.
J
I’m only going to say this one more time.
To the person that was effected, that is the domain holder is was a BIG DEAL.
The Domain holder was not satisfied with Moniker’s response and did not want to keep it in house.
I’m not putting Oversee in a pot of “bad companies” as you suggest.
I like and respect Jeff, Craig and many of the employees of Moniker and Oversee.
I do think their response to this incident should have come from them and quick and decisive action should have been taken.
Having said that, the situation is now known, and everyone can draw their own conclusions. Whether its a Big deal, no big deal is a decision everyone can make.
All I’ve said is its a big deal to the effected party.
Personally, I’m done with this issue and if not for responding to commentators like yourself I wouldn’t even be discussing this any more.
Personally I have a few posts already written that will be published in the next few days having nothing to do with this topic.
However if people want to continue to discuss this then we will continue to do so
Privacy is not a mandated law in every state. There are different policies. Internet privacy is still in its infancy stage in terms ofbreeches.
Medical workers have access to confidential medical records. There are many different laws. Privacy is protected under other policies, but only to an extent. Privacy is not a federal law. There is a privacy act, but states can mandate their own version of the act.
The tax comparison is different. People tend to look at files, and discuss them. The privacy issue in question is that one employee tried to take the initiative to inform another about a domain name. If the domain owner is terminated due to owning such a name, or loses a deal, then he can file a suit.
In regards to the incident, people seem to want the companies to fail. It doesn’t make sense to move assets based on one breech. If a computer company made a mistake, am I supposed to stop buying their products? No. It’s a silly incident that people are using to hold a good company hostage.
I don’t use Moniker, but I know they’re a good company. Oversee.net is a good Internet brand. This is one isolated event. Why ruin their image? Another blog gave them an ultimatum to go public or he would. It wasn’t up to him to push a company off a ledge.
Mike,
I appreciate the friendly discussion. Obviously, we are going to agree to disagree. I’ll see in you Berlin. Happy New Year!
J
Happy New Year
Overseeleaks
mmm..
I wonder if they will refund the “almost-private whois” fees for “services not rendered”
We might get another bone.
@ Domo Sapiens
Overseeleaks
mmm..
I wonder if they will refund the “almost-private whois” fees for “services not rendered”
===========
First you will have go to there special ONLINE WEBSITE and fill in the
WEB-FORM with your Full Name, Address, Telephone and Email and the
Domain Name (example: filthyrottenpervertsbendover4you.cum)
Then if accepted your refund will be posted along with the above information on
the Internet Website in Bold letters before it is Snail Mailed to your wife if
co-listed at the address listed on your almost-private whois.
Are we still allowed to talk about the fact that Moniker …
still has not made a Statement of Facts to its customers
or will this self appointed industry hack called J
get MAD again and try a shut us up with his cut N paste rants ??
“I was not furnished nor did I request a copy of the employment agreement between Moniker and the employee and don’t even know if such an agreement exists.”
Oh, okay. Then your suggestion that the emoloyee be fired was made in total ignorance of what the termination conditions might be.
John
You don’t have to see a employment contract (if one exists) to know what ethical and unethical behavior is and what grounds people could be fired on.
I have no doubt a employer can fire an employee for releasing information which is not suppose to be disclosed to third parties for releasing such information.
I’m sure that employee of Apple who left his sample of the new iphone in bar didn’t have a clause in his contract like”
Grounds for termination:
“Leaving your test iPhone in a bar where it is found by a third party and sold to a blog for dissection.”
Regarding not attending the whois privacy session at ICANN, I ddin’t attend it because I didn’t need to .
None of my 75,000 are under privacy.
So whois privacy is not my issue, I don’t use privacy and have never used privacy.
I do however respect people’s right who have chosen to do so and paid for the privilege.
Is that the real John Berryhill, or did someone replace him with a slightly retarded version with no morals?
@Bob
Does one person’s comment/s essentially or factually conclude one has no morals on his/her overall person? It’s fine to disagree with someone, and issues can be discussed without necessarily putting someone in an arguably negative light without even knowing them personally.
Of course, it’s arguably easy to say the employee should be fired, Moniker should make a public statement about this, etc. coming from the side of third parties not “intimately” involved with what happened there. If, say, one’s on the side of offering this kind of service and this kind of incident happened, how would any of you handle it despite others telling you what to do?
It’s fine we all live in times calling for transparency and accountability and even more. How many of us are just as prepared to do something similar or the same and be ready to deal with its real-world results and, especially, its unintended consequences?
And forgive my ignorance but…I thought Monte only left Oversee but not actually Moniker?
Whoops, Bobo actually. Not Bob.
Dave,
Let’s call that a Bobo type Booboo — no worries -LOL
Monte parted ways with the “Whole Enchilada” ( entire organization) when his 3 year contract was up after “The Moniker Acquisition”…. it’s sure gonna seem awkward or at least different for a while without the pioneer & king & maestro of live domain auctions not doing his thing at big domain shows/conferences….. Unless ?????????? – !!!!!!!!!!
When one makes high profile sales, they have to worry about incurring average daily fees. A handful of 6 figure sales will cover all fees.
The batch of 1491 domains are super elite, with some domains worth in the 7 figure range. Whereas, the recent 7% fee increased the amount to $55k in additional fees. The remaining 74,000+ can generate a good amount with little maintanence.
A few $60k sales will cover reg for 2 months. Parking revenue is more than enough to cover fees because there are many high revenue sites in the bunch.
There is a lot profit to be made in acquiring sites at a bargain, and then reselling them to end-users for massive gains. It would be fun to be in such a successful position – rejecting offers and to making big sales.
Ahhh…thanks, NetJohn. I guess Monte left at the right time, heh.
The last post was meant for another article.
“You don’t have to see a employment contract (if one exists) to know what ethical and unethical behavior is and what grounds people could be fired on.”
You do if you want to avoid liability for a defamation suit and/or unlawful termination suit.
Maybe you haven’t run a business in a while, but you don’t generally publicly announce that an employee has been disciplined or fired. And if you are called by a prospective new employer, you verify that the person worked there during the time stated, and that’s all you do.
The way these things shake out in the real world is that if you fire a high compensated contracted employee for something that you can’t document in black and white violated an express written policy, then you have a problem on your hands that is not going to be solved at the whim or demand of a bunch of overheated self-important blogviators.
“Is that the real John Berryhill, or did someone replace him with a slightly retarded version with no morals?”
No, its the one who owns his own statements and doesn’t hide behind a fake name on a blog.
“I do however respect people’s right who have chosen to do so and paid for the privilege.”
No, you see the remedy for a privacy violation to be another privacy violation.
If the aggrieved party wants to pursue a legal claim, that’s his right. That’s what grownups do.
Have you moved all your domains out of Moniker? Or are you continuing to fund their obvious corporate policy of personally screwing each and every privacy registrant?
“Regarding not attending the whois privacy session at ICANN, I ddin’t attend it because I didn’t need to .
None of my 75,000 are under privacy.
So whois privacy is not my issue”
Well knock me over with a feather. But if a nitwit at Moniker does a stupid thing that doesn’t involve any more than three people then, by golly, it’s suddenly everyone’s issue.
Well knock me over with a feather. But if a nitwit at Moniker does a stupid thing that doesn’t involve any more than three people then, by golly, it’s suddenly everyone’s issue.
———————
It’s everyone’s issue who has names at Moniker, yes.
If you don’t instantly understand why these sorts of goings-on harm consumer goodwill beyond the parties involved, and that these sorts of things raise concern amongst people who have names with that company, then no explanation will suffice.
@Dave Zan “If, say, one’s on the side of offering this kind of service and this kind of incident happened, how would any of you handle it despite others telling you what to do?”
Problem: Employee breaks customer privacy, undermining the entire service that his employer offers, then uses the private information to email the client’s employer in an attempt to make him look bad.
Solution: Fire the little, conniving fuck.
So, where’s the part that needs this mind-bendingly complex analysis that you’re talking about?
@John Berryhill “Well knock me over with a feather. But if a nitwit at Moniker does a stupid thing that doesn’t involve any more than three people then, by golly, it’s suddenly everyone’s issue.”
If we’re paying cold, hard cash for a privacy service that is being circumvented then it’s everyone’s issue. If someone who is an “industry leader” used that private information to stick the knife in another domainer’s back, then it’s everyone’s issue.
“used that private information to stick the knife in another domainer’s back”
Could you remind me of what it was that the victim suffered, because I’m really unclear on that.
If I received some letter from someone not in my organization, attacking the character of one of my employees, then it would tell me a whole lot more about the sender of that letter than the subject of that letter.
As many of you know, Cristin answers most calls to my office among the zillion other things she does to keep things on the rails. I count on her to screen out BS telephone calls, and she is very effective at doing that.
One day, a telephone call came in which, to Cristin, sounded like a commercial solicitation. Cristin said, “I’m sorry, we’re not interested” and ended the call.
A few minutes later, the same caller was demanding to speak with me, and identifying herself as an attorney from Beverly Hills.
Cristin put the call over to me and I answered. This lawyer then proceeded to go on a rant about how unprofessional my valued assistant is, and how insulting she was, and so on and so on, for about 45 seconds or so until I interrupted her and asked what it was she was calling about.
She said she was calling to find out if I was interested in engaging on a matter that would have probably generated substantial fees for me.
I made it very clear to her:
“Cristin has worked with me for over ten years and has earned my absolute trust. You, I’ve known for under two minutes, but I have already decided that you are not the sort of person with whom I want to work.”
So, let me see if I understand this. Some nitwit at Moniker was personally offended at a domain name that registrant X had registered, so he wrote some sort of screed to the employer of registrant X.
Here’s what’s missing from the story, IMHO. What is it that registrant X’s employer do, other than to dismiss the Moniker nitwit as a nitwit?
It’s fine if you’ll fire your employee for this exact sort of thing. No ifs, ands or buts.
For other folks like myself, especially if that employee has long established him/herself as outstandingly competent who unintentionally and unfortunately screwed up, firing him/her on the spot is not necessarily an easy decision to make. I’d factor in his/her contributions to the company, that of the client who got affected, how soon I can replace that employee, and a zillion others or even other options like Moniker subsequently did.
Of course, that’s just me and whoever feels similarly. YMMV.
I asked that question because some folks here seem pretty outraged at Moniker having seemingly retained that employee, not publicly announcing this, and not doing them soon enough. No one’s saying such outrage is unwarranted, though it usually helps to pause and ponder before doing something that might, say, create unintended consequences.
At any rate, we’ll all make choices and deal with their results. Who ultimately decides what to do despite others telling them anyway?
What is it that registrant X’s employer do, other than to dismiss the Moniker nitwit as a nitwit?
——————–
You’re probably a great guy to work for. I’m a great guy to work for.
I’d bet most folks in our social circles would be great people to work for, too.
As someone who’s spent many unfortunate days investing hard, honest work on the behalf of employers who were NOT great people to work for, I don’t think we can rely on employer benevolence as some sort of default position. You know as well as I do that plenty of employers are naturally suspicious, distrustful and even resentful towards their employees.
You’re banking on a rational, level-headed response from the employer to mitigate this situation. I think that’s a terrible assumption to make. Not all employers respond rationally to freak situations that fall from the sky and land on their lap. What this Oversee employee did to the offended party, by way of employing confidential, internal corporate documents to further a personal grudge, may have jeopardized that persons employment, period.
I don’t think the position you’re advancing- that this is a closed matter, outside the interest of Oversee customers- is reasonable. Given the recent track record of ‘scuminess’ originating from Oversee companies, first with Halvarez and now this, their customers have reasonable cause for concern as far as the corporate culture that exists behind closed doors, how Oversee is apt to handle things like this and how it all impacts our own interests with them.
Just to clarify positions, it should be noted that John Berryhill, for whom I have the utmost respect as a fellow attorney and effective litigator, has represented Oversee in legal matters for many years.
@Dave Zan “For other folks like myself, especially if that employee has long established him/herself as outstandingly competent who unintentionally and unfortunately screwed up, firing him/her on the spot is not necessarily an easy decision to make. I’d factor in his/her contributions to the company, that of the client who got affected, how soon I can replace that employee, and a zillion others or even other options like Moniker subsequently did.”
Firstly, it was not “unintentional”. It was done with the intent to inflict damage.
You’re saying you’d keep any employee who deliberately attacked a client on a personal grudge, just because he makes you money.
I didn’t say that. You did.
I likely won’t keep an employee who indeed deliberately caused a client a demonstrable form of harm, though. I might…might reconsider if the employee sincerely understood the gravity of his/her error, apologized to me and the client, and so on.
From what I read in Rick’s blog about it, though, I don’t necessarily see the employee having a personal grudge against the registrant. Maybe telling the registrant’s employer a piece of his mind without realizing the act’s implications, though none of us know for sure except the actual parties involved.
Anyway, I also get that some folks aren’t exactly keen on Moniker (and especially Oversee, I guess?) in light of their past actions. I don’t know what else can Moniker et al do other than do what they stated or maybe give a rebate or so, but that’s, again, ultimately their call.
As also mentioned before, it can happen, and it can happen with any provider. A question, then, is what to do after.
Hey Gang,
I just read over at Ricks Schwartz Blog that the person who Breached the Moniker
(who is,big secret couple months back) private security IS this Chef Patrick.
)
://www.ricksblog.com/my_weblog/2011/03/it-is-far-from-over.html#comments
Dam, i knew it was him all along,
he had just started working for moniker around the same time,
they should have fired chef patrick along time ago, i never felt
my names were safe at Moniker after that.