SSAC Advisory on Domain Name Front Running has just been published. URL of complete report is below. Executive summary follows
regards Robert -- Executive Summary This Advisory considers the opportunity for a party with some form of insider information to track an Internet user’s preference for registering a domain name and preemptively register that name. SSAC likens this activity to front running in stock and commodities markets and calls this behavior domain name front running. In the domain name industry, insider information would be information gathered from the monitoring of one or more attempts by an Internet user to check the availability of a domain name. When the domain name of interest for which an availability check is made is registered shortly after such a check, the individuals making the availability check may reasonably assume that the organization operating the web site or service they used to determine the availability of the name preemptively registered the name. Registrants have filed complaints with ICANN, registrars, and with Intellectual Property attorneys that suggest domain name front running incidents may have occurred. SSAC does not yet have any hard data to draw conclusions regarding the frequency (if any) of the occurrence of domain name front running. SSAC acknowledges that a perception exists within the community that monitoring or spying is taking place when would-be registrants check the availability of a domain name. Much of the information presented before SSAC regarding domain name front running is anecdotal and incomplete. The information SSAC has reviewed allows us to observe that some part of the community believes monitoring practices that result in preemptive registration of domain names have occurred and that such practices are not acceptable. SSAC is concerned that, whether real or perceived, preemptive registration portrays an unfavorable image of the domain name industry. This Advisory is therefore a preliminary study and is intended to put the issue before the community for discussion and to solicit well-documented incidents, if any can be obtained. In this Advisory, SSAC begins with a premise that checking the availability of a domain name can be a sensitive act which may disclose an interest in or a value ascribed to a domain name. SSAC suggests that any such domain name availability lookups should be performed with care. Our premise is that a registrant may ascribe a value to a domain name; that unintended or unauthorized disclosure, or disclosure of an availability check by a third party without notice may pose a security risk to the would- be registrant; and that availability checks may create opportunities for a party with access to availability check data to acquire a domain name at the expense of the party that performed an availability check, or to the benefit of the party that monitored the check. We attempt to assess these risks and suggest ways that information could be collected and used to engage in domain name front running activities. SSAC observes that there does not appear to be a strong set of standards and practices to conclude whether monitoring availability checks is an acceptable or unacceptable practice. We conclude this Advisory with a call for public comment; specifically, we invite registrants, registrars and other parties who have information regarding possible domain name front running incident to report that incident to the committee with as much information as possible to assist SSAC in studying this matter further.