6 years ago to the day, Phil Corwin published a piece on the ICA website about domain theft. The domain theft project. To be fair Corwin laid out that it was considering initiation.
There has been a lot of domain industry press attention lately to domain thefts. We don’t know for sure if this problem is becoming more acute or is just being reported on more often. But, regardless of the level of activity, we know that there are inadequate recovery and punitive remedies available at present for domain owners who experience theft of their valuable domain assets. Something is very wrong when a hacker can surreptitiously transfer a valuable domain and there is no reliable or cost-efficient means for recovering it.
ICA’s Board is therefore considering initiation of a Domain Theft Project (DTP) to address this issue, in the belief this is exactly the type of issue that ICA was established to address.
One component of the DTP would be to discuss the situation with leading registrars as well as ICANN’s Registrar Stakeholders Group to gather more information on the severity of the problem, as well as to better determine how these thefts are accomplished and what best practices on the part of both registrants and registrars might prevent them.
In addition, assuming that there will still be thefts occurring even if stronger preventative measures are adopted by registrars and registrants, the DTP will carefully explore at least three potential avenues of better redress for registrant victims of domain thieves:
1. Amending the UDRP to allow it to be used for the recovery of stolen domains. The exploration of this potential avenue will be very carefully conducted to assure that any potential UDRP revisions do not create new opportunities for scam artists to abuse the UDRP for domain hijacking. But UDRP reform will be on the table and under discussion within ICANN as of April 2015 as part of the review of new gTLD Rights Protection Measures (RPMs), so if an acceptable proposal can be developed it can be advocated for adoption within that review and reform context.
2. Amending Federal law to establish clear civil liability for illicit access to the computers of a registrar, and to also clarify that available equitable relief includes restoration of the domain to its original owner. This would likely involve the House and Senate Judiciary Committees. The biggest challenge here will probably not be getting the concept looked upon favorably but the larger context of amending the underlying statute, which inevitably brings in other players and complex issues. There’s also the reality that getting anything through Congress these days, no matter how worthy, is a big challenge. But the DTP’s initial focus would be on drafting a bill and seeking its introduction to focus attention and foster discussion.
3. Amending the Registrar Accreditation Agreement (RAA) to require registrars to preserve and publish title history. This may be somewhat difficult because the registrars are understandably inclined to push back against anything that involves more work or that may increase their liability. The RAA was also just amended in 2013 and that process involved one-on-one negotiations between the registrars and ICANN, with limited access and information provided to third parties. Nonetheless ICA has good contacts with the registrar community and can start discussions to explore their receptiveness, as well as whether they have ideas about other approaches. Perhaps one result will be to encourage registrars to compete in the marketplace on the basis of which provides the best anti-theft security.
In addition to the above initiatives, changes in Federal criminal law may also be worth exploring. ICA member and domain attorney Stevan Lieberman has recently dealt with the FBI and Department of Justice on this and is willing to contribute his experience and legal expertise and take the initiative on this potential aspect of the DTP. Steve’s experience in assisting the victim of the MLA.com domain theft, as well as other incidents, are detailed in this recent Huffington Post article — http://www.huffingtonpost.com/2014/09/29/domain-theft_n_5877510.html. Other ICA members have also volunteered to serve on the DTP, and we welcome further interest and participation.
This is an ambitious project and its goals will proceed on different timetables and take considerable effort to achieve. But we know that the current situation is not tolerable – and if domain investors don’t take the lead for change then who will?
Considering the recent action with these Go related domains and other thefts like CQD.com perhaps it would be nice to see this project get some legs.
Thanks to John Berryhill for refreshing the topic on Namepros.
Returning stolen domains to rightful owner takes president over domainers convoluted idea that their monetary exchange markets need protections.
Registrars are turning into domainers themselves. We see godaddy selling dozen stolen ‘go’ names and making no attempt to rectify.
0 accountably because they lost touch of who they are. Their aftermarket domain money making machine is more important to protect than individual registrants.
The problem is up and down. Even registries are domainers too. Take uniregiatrar for example. Frank decided that while making 100s of millions in domains, he needed to squeeze every dime out if registrants by increasing prices. This is despite his explicit obligations with icann not to do so.
So he lied and broke contract. Also an ica member. So wait. What is the ica doing? I find their members are MOST prone to cheat and lie.
Then they run cover for each other. A cartel.
I find that ICA members act with integrity and set a good standard for the industry. There are always exceptions, but there are many good, decent people among its ranks. Could it be better? Sure. Could it do more? Sure. But domain investors are better off for having it around. The inability or unwillingness of domain investors to unite and act together more on issues that impact their financial interests – either through the ICA or otherwise – is a true headscratcher.
Not really a headscratcher from my point of view. There are a lot of domain investors who hate one another. I despise several ICA members so I would never join the ICA. Nothing against them but I am not throwing in with some of their members.
One of the proposals – to amend the UDRP to address domain theft – is an idea that could be implemented as a standalone dispute resolution system entirely outside of the ICANNosphere.
The existence of something like the UDRP does NOT prevent registrars from signing on to other dispute resolution policies and incorporating them into their terms.
So, for example, if the ICA were to come up with a model domain theft policy, then that is something to which registrar-operated marketplaces could agree to subscribe – thus making those marketplaces more trustworthy in the process.
Also, ponies. Everyone gets a pony.
Interestingly things have gotten worse with GDPR, previously so many whois snapshots indexed even in Google were very useful.
For many reasons I don’t see how this could ever be done at the registrar level. Given how everyone caved to GDPR I can’t help but feel the entire possibility of a domain version of property ownership records is dead forever. For the entire world to genuflect to the administrative law of unelected EU officials was sickening to witness.
Verisign has been moving to to a thick registry model and has had a “whowas” service for some time now. Adding the additional contact record fields is not that big of a deal. So the pieces are there. Without GDPR the registries could have turned a whowas function into a paid service, thus lots of incentive to implement and deploy.
I have come to the conclusion that denying a domain name ownership audit trail IS the goal of many, giving desired cover to chaos in many forms. Chaos is the goal. Without a 3rd party “trust anchor”, proving theft becomes more and more difficult.
Then we have registrars getting registrants to agree to potential sale of their domains, in some cases not realizing what they have done. So who owns the domain at that point, when the registrar’s TOS most key statement is “we reserve the right to change these terms at any time without notice to you”?
At the high end of the market perhaps fear will play a great role and registrars will likely get in line and try to help. But when such assistance is not equally available to all victims then what do we actually have? Everytime I hear or read another story about SEX.COM, “ownership” seems clear as mud, and financial incentive was not the barrier to clearing that theft up.
Then if someone steals a domain to a German registrar how does the previous owner get it back?
Seems like name and shame worked well 20 years ago. We had no proxy whois and whois was required to be accurate. Domainers loved disecting whois history and revealing an unauthorized transfer, which in effect “poison pilled” the domain regarding further sales. Just google search the domain and you’d find the posts. Ok, it did not get your domain back, but it sure sucked the market value out of a domain and put a big target on the thieves.