DomainTools Blog

The new Senator Snowe Bill titled, “Anti-Phishing Consumer Protection Act” is loved by a few companies that have famous brands however it is being protested loudly by some domain name investors and privacy groups. If I had to judge the bill just by the name I would be all for it. Who doesn’t want to take out a phisher trying to steal bank account information! However there is more to the bill then just the name.

The legislation is very effective at allowing government agencies to act quickly. The ability to act quickly is the most important feature to take down a phishing group. A government agency can quickly find out who the owner of a domain name is even if it is behind a proxy service. However when talking with a lot of domain owners they feel the bill may be over reaching and impact them adversely. Not only that, they say the bill is redundant because criminal activity like phishing are already illegal. But in an interview with Computer World an aide for the Senator had this to say, “This is not a regulatory bill but an enforcement bill,” the aide said. “It clearly defines phishing and domain abuses as deceptive practices.” As a result, he added, the FTC wouldn’t “have to waste time in court” proving that phishing qualifies as a deceptive practice from a legal standpoint. So the bill is not completely redundant. The bill could have a lot more features and provisions that would make it more fair. In the DMCA for example it requires a sworn statement made “under penalty of perjury” before a hosting service needs to do anything about a copyright complaint. There is nothing to this effect in this bill. Which means that anyone that files a federal case could get a private whois record. However once again anyone that files a federal case already gets the private whois record because registrars that don’t turn it over are held liable instead.

Those domain investors value their privacy and think one of the key features of the bill is unbalanced, they feel that the speed which a government agency can act to remove whois privacy on a domain is undue process. Some domain investors feel the Consumer Protection bill may be an over aggressive Trademark bill in disguise. ISPs and Businesses can also file Federal cases using the legislation if they feel their trademark or business name is being used in a phishing attack. If they are phishing sure, I am all for it, but if they are doing normal business with a generic domain then I would be against it. Generic phrases and words should never qualify as phishing. I am not sure this bill allows Generic dictionary words and GEO-Domains to be subject this anti-phishing legislation…. well unless they are pretending to be some other company and phishing their customers. I am trying to figure out why so many domain investors fear this bill. I think the best thing to do would be setup a debate between Phil Corwin (ICA) and Paul Martino (CADNA). It would be interesting and informational to hear from both sides at the same time. If you guys are listening, let’s setup the debate. Setting the facts straight will allow us all to focus on what needs to be fixed in this legislation.

The honest domainers feel like they are getting caught in the fishing net like dolphins on a bad tuna hunt. I looked around for people that wrote blog posts about the bill and here are a few that I found; Jaikumar Vijayan of Computer World, John Levine, Michael Berkens, Andrew Allemann, Declan McCullagh of CNET, Elliot Silver, Sahar Sarid, Jothan Frakes, Internet Commerce Association, Amy Graham of CADNA, and Mark Fulton

There are a few misconceptions on both sides of the bill. Some of the people that opposed to the bill are not reading all the details sometimes, I found one domain investor saying, “no more parking, no more revenue, it’s all going to end if this thing goes through”. Which indicates there seems to be a bit of an over reactions by a few people. All the more reason for a debate with rational arguments on both sides. As far as I read the bill there is no way to seize a domain name using this legislation, it only allows for fines of $250 per incident during a violation if someone is found guilty of violating the act.

As the bill currently stands I think there are a number of things that could be introduced to improve it. I don’t think the House has a counter-part bill yet, so if a bill was introduced over there that had those new provisions the bills would need to be merged before going to the president for a vote. I suggest those people that oppose the bill support a new version of the bill in the House. I would definitely add sworn statement made “under penalty of perjury” to the bill.

I will post a transcript of the debate as soon as I arrange it.

Microsoft, Google and Yahoo have agreed to pay a combined fine of $31.5 million for accepting ads for online gambling. They have all stopped accepting this type of advertising a few years ago but the fines are finally getting settled. It is a crime in the United States to allow gambling online or to enable gambling ads on US websites. This reminds me or prohibition from the 1920s when alcohol was made illegal for 13 years. The 18th amendment made it illegal and the 21st amendment repealed it. During those years “drinking has generally increased; the speakeasy has replaced the saloon; a vast army of lawbreakers has appeared; many of our best citizens have openly ignored Prohibition; respect for the law has been greatly lessened; and crime has increased to a level never seen before.” The only way to control something is to make it legal so that there are structured laws around it. Blanketly making something illegal means that there are no laws around the edges to keep people safe that engage in the activity. It is far better to make laws and govern something then to ignore that it exists.

Anyone can gamble in Las Vegas, Atlantic City, and on Indian Reservations. So clearly the difference between offline and online is not what makes something illegal, so then why is our country being hypocritical about gambling not being allowed online?

As a poker player, I personally think this prohibtion is wrong. From my domainer perspective, I also think this is wrong. I hope these 13 years of prohibition pass fast. I know they will pass eventually and when they do the gambling domains will be worth a lot more!!!! We all trade these domains from a lot less because revenue is hard to come by on them. Those domainers that control these forbidden domains will be worth considerably more when they come back in favor.

ICANN has a stupid policy that allows gTLD registries to opt-out of showing thick whois information. DotTel tried to use this policy because UK privacy law doesn’t allow whois. Or that is at least what DotTel is telling us. The US Government denied the proposal and I have to say I agree with them. I love the US Veto power in this case! I think whois should be open and transparent.  Call me biased, but I have seen more good things come out of the open whois than bad things.  By turning off whois, it would allow criminals to operate more freely in the dark. My mother is in property management and it is scientifically proven that if you keep lights on all night long in a dark parking lot it wards off crime. If whois records and domain ownership goes into the dark, more bad will happen than we are already seeing. While I generally don’t like the US Government using the Veto power, I think it was a good call in this case.

My view is actually counter to my strongest belief, I would prefer that registries don’t publish thick whois records at all. I want Registries to publish thin whois like Verisign does. Then let the registrars control the whois of who owns a domain. The registrars are the official source according to ICANN so registries should get out of the business of publishing thick whois.

ICANN also needs to enforce the rules against registrars that don’t publish whois records for DotOrg and other thick registries. Registrars are required to publish records even if the Registry is doing it as well. When DotName stopped publishing whois records we figured out the registrar for the domain and then queried them directly to get the record.  Some Registrars publish records, but some do not. We have the only whois service that allows people to get easy access to whois records in DotName (at least for registrars that follow the rules).

I am glad the US Government stepped in but let’s get the thick whois out of the registries and into the registrars. I would also require registries to publish the IANA id of the registrar along with the URL of the Registrar’s whois server.

The United States Department of the Treasury, Office of Foreign Asset Control (OFAC) made an update to their list of Specially Designated Nationals (SDN’s) with whom engaging in trade or provisions of services is a federal felony. The SDN list is separate from the country sanction programs also administered by OFAC. The organizations that own these domains names are not allowed to do business with the US companies. Because the registries of these domains (Verisign and PIR) along with the ICANN registrars both have names on this list they will be forced to take some action against the domain owners that have been listed.

Now on to bigger things, how about IP addresses? If these companies use IP addresses, can those allocations be taken from them?

The full list of SDN’s is located here:

http://www.treas.gov/offices/enforcement/ofac/sdn/sdnlist.txt

Thanks to John Berryhill a Domain Industry Lawyer for pointing this out.