question Any update on Nissan.com theft?

[Gabriel360]

Does anyone know what's going with Nissan.com?

Last I read, it was stolen after the death of Uzi Nissan. The man who never gave in to the intimidation of Nissan Motors.

I truly hope the domain translates to meaningful wealth for his surviving family members.

Currently, Nissan.com redirects to a parking page at forexssignals.com. If anyone knows what's going on, please share.

 

[jberryhill]

You can always check the docket for the most recent filings.

https://www.courtlistener.com/docket/67529655/estate-of-uzi-nissan-v-nissancom/

 

[namegulf]

Bookmarked! Somebody needs to write a book about it.

and then a movie?

 

[Gabriel360]

I was not aware that individuals could request for a registry lock but I agree that some kind of system should have been put in place to safeguard the domain name.

I read Uzi spent about 5 to 8 million dollars fighting against Nissan. He also spoke on the personal toll it took on him and his family plus the legal battles nearly crippled his business.

The surviving family members probably have some traumas/PTSD associated with the domain name.

I just think it would be a real shame if It's stolen from the family now.

 

[Gabriel360]

That it was stolen so soon after the death of Uzi doesn't mean the family were careless. It just means some garbage person is trying to take advantage of a family in mourning.

 

[jberryhill]

I had to deal with another dead registrant a couple of months ago. Very sad situation. The registrant had died and left behind an extremely valuable domain name and his sole living relation was his sister. Someone wanted to buy the domain name from the sister, and had tracked down the lawyer who had dealt with other property matters. The sister had no way of accessing her dead brother's accounts. On top of that, the sister had some psychological issues which had made dealing with other aspects of probate challenging for the estate lawyer. Ultimately, we decided that it was going to be too difficult to deal with the situation, because while the sister was not incapacitated, it was hard for her to make decisions and stick with those decisions.

These things go on every single day during the course of conducting business as a registrar. While, yeah, sure, it's popular to sneer at "lawyers making everything complicated and requiring lawyers" the real world is a lot messier than a lot of folks assume it to be. While most registrars do make good faith efforts to bring clarity to situations where things are very, very clear, I can assure you that every registrar has found themselves in many situations where that clarity was just not there. Consequently, the default position is that they will comply with any ICANN requirement or relevant court order. How courts make those decisions is not something for which the registrars are responsible.

 

[MadAboutDomains]

I have no idea how the domain was stolen. Regardless, it is his families asset.

I assume they will win a default judgement. I don't really expect a criminal to show up in court to defend the lawsuit.


Maybe so, but that is kind of like saying someone should have locked their door.

That might be good practical advice, but it is still theft.

Brad

Luckily for them it's all electronic and recoverable.

Hopefully they will have registry lock and learn about securing a valuable domain name.

I'm not glad it's happened to them, but sans any other information I think they should have taken steps to protect it because it's valuable.

We can look at the domain's whois history to find out if it was registry locked or not at any point.

 

[MadAboutDomains]

The name is not stolen because even though they took control of it without permission, the WHOIS information says the other party is still the registrant.

lol I wasn't saying that. I was saying that if it's still in their name all the need to do (probably) is prove that they are the owner as is listed in the Registrant details.

 

[jberryhill]

Or in the case of a natural person, verifiable passport details.

A registrar has no way of verifying anyone's passport details.

Even if there were some way to verify someone's passport details, so what? The same hacker that took over their email address to get the domain name ALSO got things like their driver's license photo that some businesses request, along with their passport details, etc..

But, no, registrars can't verify passports, driver's licenses, or any other government ID. The only thing they can do is look at it and see if it is a bad photoshop. But with AI capabilities now, there is no way anyone can look at a picture of a driver's license and know if it is real or fake. And it's not like all the governments of the world who issue driver's licenses say, "Oh, yes, registrars, come verify them, passports, birth certificates, etc.."

Updating trademark registration ownership details is pretty easy to unwind, and there's not a whole lot anyone is going to do with a "stolen trademark". What are they going to do with it? File an infringement lawsuit against someone on the basis of having falsely changed the ownership information at the USPTO?

I used to deal with a lot of these sorts of issues at Uniregistry, and it's easy to think it's easy until you are confronted with crooks who are very good at this sort of thing.

But, please, stick with me through this, okay? Because, okay, lets say you run a registrar and that person showed you through the magic "generally accepted means of proving" who they are, and in fact, they are indeed the person who was the registrant two weeks ago before the account change. And, they are saying "the domain was stolen".

Do you then transfer the domain name back?

Are you going to check in with [email protected] to get their side of the story? Yes or no?

 

[jberryhill]

And it's unlikely Nissan will try to buy it so there's that too

I don't know why you say that. While I don't know about claims of having spent "millions" on defending the domain name, I do know that a lot of lawyers had worked on this matter for Mr. Nissan on an unpaid basis over the years. There may have been, at one point, a contingent fee arrangement, but the problem with those sorts of things is that the client has to have some fixed threshold at which they would proceed with settlement of the claim. I had been consulted on the case back in around 2004 or thereabouts, and was told by lawyers burning up their own time that Mr. Nissan had turned down considerable offers at that time.

There are, in the domain community, quite a few individuals who make elaborate boasts about turning down offers and holding out for "top dollar". To hear one popular story re-told occasionally by one such individual is entertaining, since the numbers get bigger every time he tells it. More often than not, the other side eventually decides they've had enough, walks away, and doesn't come back. That's fine if your idea of "winning" is simply irritating others until they want nothing to do with you.

 

[jberryhill]

Why? So they can spend millions on another Nissan lawsuit?

A lot of people don't know what the actual outcome of the litigation was. Uzi Nissan was enjoined against using the domain name for a variety of purposes.

A new registrant triggers Nissan's ability to fight again.

Actually, any new use of the domain name can trigger that as well. That's why nobody talks about what the domain name actually did for all of the years after the auto company walked away and didn't come back. It had a token page purporting to sell an outdated DOS computer system, and most of the rest of the content was about the legal fight itself. Certainly, the only thing the domain name ever did for Uzi Nissan was cost a lot of money. The auto company made 221.9 billion yen in 2022.

It turns out that a lot of folks don't buy cars from manufacturer websites. They buy them from local dealers. A website provides useful advertising and information, but it's not as if people buy BMWs at BMW.com. It's not an ecommerce business.

But, I get it. Domainers are forever going to be in awe of the fact that he (a) had a fortuitous surname and (b) held onto a domain name that cost him a pile of money to defend. Neither of those accomplishments are generally useful for domainers, but it's always refreshing to see someone willing to burn money.

 

[MadAboutDomains]

Yeah, I didn't figure you meant that.

If that was the case it would create a nice loophole where you could basically take control of anything, but not change the registration record....like a car for instance.

I was just kind of pointing out the absurdity of a thief actually showing up in court to defend this.

Brad

If I go to a registrar and prove that I am acting on behalf of the registrant as recorded against the domain, then surely they should be able to give it back to the rightful owner?

It seems a bit unreasonable for a registrar not to action a request to gain control of something if a registered entity or a person that can prove they are who they say they are by generally acceptable means...? No court required.

 

[bmugford]

If I go to a registrar and prove that I am acting on behalf of the registrant as recorded against the domain, then surely they should be able to give it back to the rightful owner?

It seems a bit unreasonable for a registrar not to action a request to gain control of something if a registered entity or a person that can prove they are who they say they are by generally acceptable means...? No court required.

I am aware of several stolen domain situations that were resolved without the need of court or court orders.

However, every registrar seems to have their own process to handle it.

Some stolen domain cases can be extremely complex.

There is also potential liability for the registrar if they make the "wrong" decision.

In a normal situation maybe the solution would be more straightforward.

This is not really your typical domain though. It has a lot of legal history attached to it.

Brad

 

[jberryhill]

Okay, well, in any event, it doesn't look like we're going to get to the next step - where [email protected] says he bought the domain name from the previous registrant, and he comes up with a signed contract and a bank statement showing payment of the money. NewGuy says that the previous registrant is just having seller's remorse and wants to unwind the sale.

The former registrant then says that NewGuy is lying and his documents are all fake.

So, all you've done is verified that the person talking to you is the former registrant of the domain name. You have not confirmed the name is stolen, since the parties have two different stories about that.

And, that is exactly the sort of situation that comes up repeatedly in these scenarios.

The point is that even if you can confirm that someone is the former registrant of a domain name, and that they are who they say they are, you cannot confirm that the domain name was stolen. You can look at a lot of circumstantial evidence, such as access logs, but we've seen on this forum how that can fall apart.

In this instance, someone is dead. Let's dig into that for a minute. Because now you have a much more complicated problem. There were multiple family members. Did he leave a will? Are you supposed to do what any family member tells you to do, or just pick one? If the domain name was registered to a company, then just because someone associated with that company is dead does not tell you who now speaks for the company. Was the company owned with someone outside of the family, for example? If you own run a business with a partner, and that partner dies, then it's not as if that partner's family now owns the entire company or speaks for that company.

How do you even know the relationship between the deceased registrant and the person claiming to be a member of the family entitled to speak on behalf of the estate?

So, now, on top of running an identity verification service, you are running an international probate court in every jurisdiction in the world, along with a corporate transaction court. It's just not workable. It's why - unless the registrar feels like taking chances on what "looks like" strong evidence - registrars will tell you to go to court, get an order, and come back. And, no, the registrar does not care how the courts verify who people are.

Bottom line - you can run a registrar or you can run a domain name court. Unlike a real court, nobody has the power to compel the production of documents or testimony from third parties or to lock people up for submitting false sworn testimony.

 

[jberryhill]

You were basically making out that nothing that the registrar could do would allow them to recover the name and verify the person - so are the current registrant details usable or not for recovery of the domain?

Many registrars do make good faith efforts to try to sort these things out. Yes, the details are important - as are things that are not so obvious like historical access logs and patterns, other activity in the registrant's account, other activity in the transferee's account, and so on. That's why a lot of stolen names get sorted out on an informal basis without legal action of any kind, as @bhartzer will attest.

So, sure, a lot of these do get sorted out through the application of common sense and existing data.

But here, you have a registrant that is a corporation. Corporations have lives which are separate from their owners. This can be helpful in some circumstances and not so helpful in other circumstances.

It's worth pointing out that, other than the specialty corporate registrars like Safenames, Markmonitor, CSC and so on, ordinary retail registrars do not do a good job of distinguishing between "a domain name registered by an individual" and "a domain name registered by a corporation".

In fact, in ICANN policy discussions, GoDaddy objected to a proposal that registrars expressly require registrants to state whether the domain name is owned by an individual human, or by a business entity of some kind.

That ambiguity causes huge issues, and was a major headache in running, for example, a domain marketplace. Somebody buys a domain name for their employer, and their employment ends prior to the domain transfer or payment plan being completed. Was the buyer that individual, or was the buyer the company?

The Nissan situation is the worst combination of facts. You have a domain name owned by a company. You don't know who might or might not be all of the shareholders of the company in relation to the person who was the authorized contact, but the authorized contact is now deceased. So, you have the estate saying the domain name belongs to them, but to whom does the company actually belong, since it may not have been 100% owned by the person who was the authorized contact.

The guys who run gkg.net - which is not the most sophisticated registrar on earth - have a lot of battle scars they've accumulated over the years, but they also have the good sense not to wade in as judge, jury, and executioner with a domain name that has been the subject of prolonged legal disputes over the years. They are unlikely to get involved in deciding who is the "rightful owner" of a domain name that has been fought over for ages.

Personally, there are some things that I've never quite understood about Uzi Nissan making that litigation the central focus of his life, never seeing a dime from it, and leaving it a mess for his estate to clean up. They now have the privilege of spending money to recover it, unless there is a contingent fee arrangement of some kind. But, if there IS a contingent fee arrangement of some kind, then the simplest route is to simply sell the car company the right to recover the domain name. Although, there may be an underlying arrangement of some kind through which this piece of litigation is being conducted. Whatever the actual underlying arrangement might be, it goes without saying that obtaining a court-ordered transfer of the domain name to its rightful owner provides an unassailable title to it.

 

[MadAboutDomains]

a) GKG.NET routinely does not respond to ICANN inquiries and notices, or if GKG.NET responds, its responses are often untimely and incomplete;

I contacted ICANN once. They didn't get back to me. I'm sure they're working on it...

 

[MadAboutDomains]

I don't know about trauma or PTSD, that's going a bit far (gen Z speak for 'they struggled'?), but yes they should have kept it protected and also should have known given how much he spent to defend it that it was worth lots of money and worth protecting. But then, it may just be that it was Uzi's battle and his alone and the family have so much money that they don't really have time to think about a few bytes existing on the Internet.

I know I have projects that my family probably couldn't give a monkeys about when I'm 6 ft under...

 

[bmugford]

Luckily for them it's all electronic and recoverable.

Yep. It is not like you can really go anywhere with it.

It exists on the internet. It is known as being stolen.

There is not much the thief can really do with it.

Brad

 

[bmugford]

lol I wasn't saying that. I was saying that if it's still in their name all the need to do (probably) is prove that they are the owner as is listed in the Registrant details.

Yeah, I didn't figure you meant that.

If that was the case it would create a nice loophole where you could basically take control of anything, but not change the registration record....like a car for instance.

I was just kind of pointing out the absurdity of a thief actually showing up in court to defend this.

Brad

 

[jberryhill]

If I go to a registrar and prove that I am acting on behalf of the registrant as recorded against the domain, then surely they should be able to give it back to the rightful owner?

It seems a bit unreasonable for a registrar not to action a request to gain control of something if a registered entity or a person that can prove they are who they say they are by generally acceptable means...? No court required.

Okay, I'll bite. Let's say you are the registrar.

Someone sends you an email and says their domain name was stolen. The email address in the From: line of the email is [email protected]. You look at your records (if you are keeping data longer than you need to, but we'll leave out that part) and see that the registrant email address was [email protected]. You notice that two weeks ago, the registrant changed to [email protected].

You transfer the name back, is that correct? You received an email from the former registrant address saying the name was stolen, so you transfer it back. Right?

 

[bmugford]

I just noticed that GKG.net (the registrar) has a recent ICANN breach notice.

It is possible that they could be de-accredited. I wonder how that might effect the ongoing court case.


22 September 2023: ICANN Sends Notice of Breach to Registrar (GKG․NET, INC․ (IANA #93))

Please be advised that as of 22 September 2023, GKG.NET, INC. (“GKG.NET” or “Registrar”) is in breach of its 2013 Registrar Accreditation Agreement with the Internet Corporation for Assigned Names and Numbers (“ICANN”) dated 28 July 2020 (“RAA”).

This breach results from:

1. GKG.NET’s failure to comply with the Uniform Domain-Name Dispute-Resolution Policy(“UDRP”) and the Rules for Uniform Domain-Name Dispute-Resolution Policy (the “Rules”), as required by Section 3.8 of the RAA;

2. GKG.NET’s failure to, upon reasonable notice, provide to ICANN records related to the receipt of and response to abuse reports, as required by Section 3.18.3 of the RAA; and

3. GKG.GET’s failure to pay past due accreditation fees, as required by Section 3.9 of the RAA. Please refer to the attachment for details regarding this Notice of Breach

Additional Concerns ICANN notes that during the complaint process:

a) GKG.NET routinely does not respond to ICANN inquiries and notices, or if GKG.NET responds, its responses are often untimely and incomplete;

b) ICANN Contractual Compliance is not able to contact GKG.NET via telephone during the Registrar’s business hours. Further, the telelephone number of the Primary Contact on file with ICANN appears to be inaccurate.

2GKG.NET has additionally failed to respond to ICANN’s multiple requests in the compliance case 01141415. Due to GKG.NET’s failure to provide the information, data and records ICANN requested under 3.4.3 of the RAA for these cases, ICANN has been able to assess GKG.NET’s compliance with the applicable requirements in the RAA and the Expired Domain Deletion Policy (“EDDP”).

 

[bmugford]

That domain should have been registry locked and a plan in place for it to be kept safe. Who would go to court to protect such an asset and then not have this in place???

I have no idea how the domain was stolen. Regardless, it doesn't really matter that much IMO.

If the family didn't understand the significance of keeping this asset safe then they probably don't deserve the wealth it could bring. Given the s*** that the original owner went through.

Maybe so, but that is kind of like saying someone should have locked their door.

That might be good practical advice, but it is still theft.

I assume they will win a default judgement. I don't really expect a criminal to show up in court to defend the lawsuit.

Brad

 

[bmugford]

According to the current whois history it's not looking very stolen, as the registrant looks correct. Control of the domain may be another matter. I don't think you'd even need a court for this one??

The family said the domain was transferred to another account without permission. That would be theft, regardless of what the WHOIS information shows.

Could the domain be returned without a court being involved? Possibly.

Some registrars are more cooperative than others when it comes to reported theft.

I hope the thief shows up in court and uses that defense.

The name is not stolen because even though they took control of it without permission, the WHOIS information says the other party is still the registrant.

I don't think that defense is going to take them too far.

Brad

 

[MadAboutDomains]

How do the UDRP lot verify the details of a trademark and the person bringing the claim are who they say they are and haven't just sent a letter for 30p ( cents if you prefer) to change the details some time ago. Unverified as I stated.

 

[jberryhill]

We're talking about a stolen domain that is still in the name of the original owner at the original registrar.

The problem is that the original owner is dead.

Nobody talking to the registrar is the original owner.

And, as often happens in these situations, nobody talking to the registrar can verify passwords, personal identification numbers, and so on. As also happens in these situations, nobody in the family had the passwords to dad's email accounts etc.. So there's no way you can send a verification email to the contact data on file if the family didn't have dad's passwords.

So none of the stuff you mentioned about data exchanged by the previous registrant with the registrar is relevant to the fact that none of the people who might be claiming to be the rightful owner of the domain name are the previous registrant.

For example, if I died, and you were my registrar, then if a woman contacted you, and showed you a marriage certificate proving that she had married me in the 1980's, would you believe that (a) she was my wife, and (b) she was entitled to my domain names?

Because if you did that, then you would have just given my domain names to someone to whom I haven't been married since 1999!

They have taken the matter to court, they have subpoenaed relevant information from various service providers, and there is no doubt they are going to get to the bottom of it.

And, stay tuned, because within the next two weeks, another dead person is going to be filing a suit over a stolen domain name.