ICA Exploring Domain Theft Project to Counter a Growing Abuse

Philip CorwinCongress, ICANN, Law & Policy, UDRP

There has been a lot of domain industry press attention lately to domain thefts. We don’t know for sure if this problem is becoming more acute or is just being reported on more often. But, regardless of the level of activity, we know that there are inadequate recovery and punitive remedies available at present for domain owners who experience theft of their valuable domain assets. Something is very wrong when a hacker can surreptitiously transfer a valuable domain and there is no reliable or cost-efficient means for recovering it.

ICA’s Board is therefore considering initiation of a Domain Theft Project (DTP) to address this issue, in the belief this is exactly the type of issue that ICA was established to address.

One component of the DTP would be to discuss the situation with leading registrars as well as ICANN’s Registrar Stakeholders Group to gather more information on the severity of the problem, as well as to better determine how these thefts are accomplished and what best practices on the part of both registrants and registrars might prevent them.

In addition, assuming that there will still be thefts occurring even if stronger preventative measures are adopted by registrars and registrants, the DTP will carefully explore at least three potential avenues of better redress for registrant victims of domain thieves:

1. Amending the UDRP to allow it to be used for the recovery of stolen domains. The exploration of this potential avenue will be very carefully conducted to assure that any potential UDRP revisions do not create new opportunities for scam artists to abuse the UDRP for domain hijacking. But UDRP reform will be on the table and under discussion within ICANN as of April 2015 as part of the review of new gTLD Rights Protection Measures (RPMs), so if an acceptable proposal can be developed it can be advocated for adoption within that review and reform context.

2. Amending Federal law to establish clear civil liability for illicit access to the computers of a registrar, and to also clarify that available equitable relief includes restoration of the domain to its original owner. This would likely involve the House and Senate Judiciary Committees. The biggest challenge here will probably not be getting the concept looked upon favorably but the larger context of amending the underlying statute, which inevitably brings in other players and complex issues. There’s also the reality that getting anything through Congress these days, no matter how worthy, is a big challenge. But the DTP’s initial focus would be on drafting a bill and seeking its introduction to focus attention and foster discussion.

3. Amending the Registrar Accreditation Agreement (RAA) to require registrars to preserve and publish title history. This may be somewhat difficult because the registrars are understandably inclined to push back against anything that involves more work or that may increase their liability. The RAA was also just amended in 2013 and that process involved one-on-one negotiations between the registrars and ICANN, with limited access and information provided to third parties. Nonetheless ICA has good contacts with the registrar community and can start discussions to explore their receptiveness, as well as whether they have ideas about other approaches. Perhaps one result will be to encourage registrars to compete in the marketplace on the basis of which provides the best anti-theft security.

In addition to the above initiatives, changes in Federal criminal law may also be worth exploring. ICA member and domain attorney Stevan Lieberman has recently  dealt with the FBI and Department of Justice on this and is willing to contribute his experience and legal expertise and take the initiative on this potential aspect of the DTP. Steve’s experience in assisting the victim of the MLA.com domain theft, as well as other incidents, are detailed in this recent Huffington Post article — http://www.huffingtonpost.com/2014/09/29/domain-theft_n_5877510.html. Other ICA members have also volunteered to serve on the DTP, and we welcome further interest and participation.

Meanwhile, another recent article provides details regarding growing domain theft activity based in China —http://domaingang.com/domain-news/rise-dragon-domain-theft-china-gaining-momentum/. That suggests another avenue of possible effort – given the US Trade Representative’s efforts to curb IP piracy based in China and other nations, we could explore encouraging similar efforts against domain theft activities.

The DTP can also encourage greater attention to this problem by both domain industry and general media outlets. Public attention and information will be a key component of preventative best practices as well as making the case for needed reforms. This is a problem that affects more than just the domain investment industry; small businesses are particularly vulnerable and can suffer devastating losses when their customers can no longer reach them at a website they have used for years.

The DTP will also collect anecdotal information about individual domain thefts, including details of how the theft occurred, how long the time period was between the theft and its discovery by the registrant, and whether the domain(s) was recovered. We will need to build a database of actual domain theft incidents to make a case for changes in Federal law and ICANN policies, as well as to help determine whether the measures we are contemplating will be effective and comprehensive.

This is an ambitious project and its goals will proceed on different timetables and take considerable effort to achieve. But we know that the current situation is not tolerable – and if domain investors don’t take the lead for change then who will?