Hi James and all I wish to differ for the most of what you said and I will explain why. My reply is based on the "criminally" nefarious class of domains and experience. The procedures you propose is exactly the type of things internet criminals depend on and which makes criminal enterprise a success. James Seng wrote:
Whats our standing position with Clearinghouse for that matter?
While I find it "harmless", I do not as a matter of principle, support the IP Clearinghouse as I see trademark owners overarching beyond what their rights. Trademarks are classified by per country, per classification for a reason.
What the criminal will do is register a name similar to another real company name, copy the website, then change the address to another country. Example; stealing a company website complete with name and logo, changing the address to another country and using this domain name and website for money laundering etc. So a such we may have company X based in countries B and C, suddenly have a "branch" in country D not really belonging to X in the first place. Example, but by no means isolated: http://www.bobbear.co.uk/draperinvest.html
Dear Derek,
Thank you for your consumer response against these criminals. We are working the issue as well, but, unfortunately, for every one that goes down, another pops up and we need active consumers like you to help with the onslaught.
We are working the legal/prosecution angles, including the hosting companies in the US that are providing services. But, in the meantime, we need to hit these websites as they come up.
Thank you again for your very detailed and active responses to these fraudulent websites and please, please keep up the good work.
Next time in San Francisco, we will buy you a meal.
Warm regards,
These criminals still roam the net abusing domains more than two years later, also using botnets. Currently this happens daily to smaller businesses. The intended anti-brand dilution and consumer protection is now moot.
So I hesitate to even give an answer to the questions, that (weakly) imply that I support IP Clearinghouse, looking for ways to make it work, and I am not interested to make it "work".
I do support URS on a very restrict case, e.g. obvious criminal activities such as phishing.
This is the worst possible example of using this type of procedure! In the time that it takes for URS to be successful, a week to "N" weeks, the phishing site can be up and doing what is was designed to do, deceive the internet user. Typically such a site has outlived it's usefulness in under a week. After this period, the the domain may be removed. A total success for "process", but a total disaster for the spoofed company and average user this process was also supposed to protect.
I am not so sure about the broader definition of "malicious activities", if it includes free/protected speech. If someone wants to make an ICANNsux.com website to make a critical remarks of ICANN activities, they might be malicious but I do not think we should allow URS to apply to it.
I support URS as a best practice but not mandatory. I also think that the takedown should only happen *after* the notice is legally served, and the one requesting suspension should bear the burden to serve the notice in writing to the owner. (Exception, whois record is not accurate or incomplete). The burden should not be on the registrars or the registries or ICANN.
The URS should be best practice where both parties are real people. But to explain why this is not practical and a worst outcome scenario: Small businesses are also maliciously spoofed by criminal parties. These criminal parties will use stolen credit cards details and financial instruments to purchase domains and net related services. In a short time they distribute the risk of their criminal activities to different registrars, abusing privacy mechanisms etc as layered protection. We find extremely creative domain privacy protection mechanisms designed to frustrate DNS abuse from these same criminals that they in turn now use to protect themselves. They have turned their frustration into an advantage. Now the small business owner suddenly has to protect himself from a swarm of abusive registrations? He will need to hire an international lawyer full time to deal with ignorant registrars etc, all at extreme costs. The end result is he could easily bankrupt himself defending himself. The real name owner would be be better advised to simply walk away. Yet with each abusive registration the the registrar and registry etc received money, the legitimate owner of the mark by whichever definition has additional cost etc. This will in fact foster (to borrow a phrase bantered about) an "ICANN for the rich" internet. Once again the normal internet user is left confused in a sea of similar looking and sounding domain names leading to mark confusion, where all but or two, is targeting that same user. As food for thought, look at this: http://www.mediaon.com/Real-Whois-Protection http://www.mediaon.com/Allowed-or-Forbidden (Can i host fraudulent sites ?) Who is their "ICANN registrar in the family"? What will happen in the future?
Once proof that the notice is properly served to the owner of the domain name, I think the suspension can kick in 7 days or 14 days as IRT recommended (or immediately, which is also fine with me). The subsequent process can then follow on as per norm.
-James Seng
In general, one aspect I do not see is real end user protection. I am sure that Bob of Bobbear would not mind me referencing his excellent website. His website shows everyday usage of domains for criminal intent. The domain names abused are pretty much international and abuses all TLDs etc. if history is to tech us something. Bear in mind that fake documents and other devious methods used, makes a domain registration mechanism no barrier to obtaining such domains. As such we are dealing with events after the registration. The domain name may or may not be imposing on the rights of a real party. http://www.bobbear.co.uk/#2 http://www.bobbear.co.uk/#3 Something to think about also, is fictitious companies. The website may or may not be a spoof, but under a different name. I accept this is going off the topic, but will be a real issue later. We may argue that criminal issues belongs in the hands of law enforcement. However law enforcement invariably works on numbers, either a large loss in a single incident, or many smaller losses provably linked to one party. The the international nature of cyber crime also linked to domain name usage, the number of available law enforcement officers qualified to deal with internet issue etc makes this a last stop and also after the fact. However for the individual internet or smaller internet user we find that each one's small loss may be devastating. At $300 per URS, which may be a petty amount in he USA, the amount may be hefty in other countries. Added to that the repeated nature of the above category of abuse, there is a problem just as we have seen with the UDRP. In effect this usage can be likened to arms dealers selling arms to criminals, then charging money complainants to remedy the situation on a per incident basis. Also if history is to teach us something, with criminal domain abuse, the victims are primarily the real brand owner and the intended victims. Registrars, resellers etc losses are limited to incidents where the loss may be a charge back and a few minutes looking at violation of policies reports regarding such domains. Typical costs per incident far under $50. Cost to the public can easily run into thousands of dollars. The real brand owners cannot fight each violation of their mark but focus on those targeting their own customers. Unfortunately that is not the only reason brands are "stolen". As we have seen above, these known brands may be used to scam net users into believing the are working for a company (money mule scams), or in 419 scams (advance fee fraud), shipping/escrow scams etc. This criminal usage grows and changes daily, likewise the number of incidents of such. Sadly I do not see the way the individual internet user is really being protected nor the smaller business deliberately spoofed. Also see http://www.bobbear.co.uk/buyer-guardian.html As one company, BuyerGuardian, said upon closing it's doors on the net:
Important Notice
August 18, 2008
To Our Faithful Customers:
We are sad to report that after careful and lengthy consideration we have made the decision to cease operations at BuyerGuardian.com. This is a very difficult decision and one that is made primarily due to the rapid growth of online escrow fraud.
Unfortunately, individuals have at times used altered copies of our web site content to defraud auto buyers. We do not want to enable these fraudulent transactions in any manner whatsoever. Any website using the BuyerGuardian.com logo, our site layout or our color scheme is doing so without our permission and is a fraudulent website.
Please check with www.escrow-fraud.com or your local Better Business Bureau before using an escrow company. The only other national vehicle escrow service of which we are aware of at this time is Escrow.com (www.escrow.com).
We want to thank all of the people whom we were able to help experience a seamless and successful interstate or international automobile transaction. We appreciate the kind words and support from our customers and hope to serve the automotive industry again in the future.
Sincerely,
The BuyerGuardian.com Team
Makes you think! So much for trust on the net currently. Do not overlook the small guy and general internet user. That is my 5c worth. Derek