IT.COM

discuss What to do with a UDRP fixer-upper that is held via privacy proxy?

Spaceship Spaceship
Watch

Do privacy-protected registrants need a marketplace for liquidating UDRP-entangled domains?

  • This poll is still running and the standings may change.
  • No, the pillar of WHOIS privacy is going to fall anyway

    votes
    0.0%
  • This poll is still running and the standings may change.

Rob Monster

Founder of EpikTop Member
Epik Founder
Impact
18,389
As many of you know, and as discussed here, Epik provides a WHOS privacy service through an affiliated but separate legal entity. WHOIS privacy has been around for a long time, but the climate is changing rapidly in 2019, particularly in case of a dispute. For one thing, the trajectory that the industry is on is that if you intend to defend your domain in UDRP, you should be prepared to de-cloak.

Although I have no interest in protecting criminals, I am not really a fan of this change in policy. The writing was on the wall with the RDAP rollout. I thought it was going to be law enforcement with an eye towards chasing criminals by piercing the privacy veil. However, here we have an indication that the privacy veil should also be pierced in the case of mere presumption and in a civil case too!

Now, here is an actual case from this month:

A UDRP has been filed again IBM20.com. It is a LLLNN.com domain that someone picked up recently in a large (10,000+) bulk buy of available LLLNN.com. Now IBM wants it asap for whatever reason. WIPO is also determined that the end contact should be disclosed. As you can see below, our compliance team's previous response identifying the privacy proxy as the legal owner appears to be insufficient.

upload_2019-11-14_6-17-48.png


In other words, whether or not someone wants to defend, WIPO wants your digits.

As WIPO's tactics clearly appear to have changed, now requiring, the disclosure of the end-registrant already at the start of the process, I am wondering if we need a clearing house where UDRP-entangled domains can be either sold or contracted, in very short order (e.g. 48 hours), to an entity that does not object to having their identity disclosed as the respondent for a particular UDRP proceeding.

The reason this matters is that there have been many cases where a domain prevails in UDRP in favor of the registrant, likely because they had capable counsel and paid the additional cost of a 3-person panel. In some cases, the complainant absolutely needs that domain and UDRP was simply viewed as a way to force the registrant to the bargaining table on favorable terms. ICYMI, those can be high value sales.

In order for WHOIS privacy-protected domains to not be tagged as easy targets for UDRP, I am wondering if there needs to be some kind of private sector counter-measure to offset the perception that UDRP can be used to compel a default judgement in favor of complainants due to procedural shortfall, or due to no-contest response at the start of the UDRP procedure.

Input welcome on this apparent change in WHOIS policy, and what do about it.
 
7
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
I am wondering if we need a clearing house where UDRP-entangled domains can be either sold or contracted, in very short order (e.g. 48 hours), to an entity that does not object to having their identity disclosed as the respondent for a particular UDRP proceeding.

https://www.icann.org/resources/pages/udrp-rules-2015-03-11-en

4. Notification of Complaint

(a) The Provider shall submit a verification request to the Registrar. The verification request will include a request to Lock the domain name.

(b) Within two (2) business days of receiving the Provider's verification request, the Registrar shall provide the information requested in the verification request and confirm that a Lock of the domain name has been applied. The Registrar shall not notify the Respondent of the proceeding until the Lock status has been applied. The Lock shall remain in place through the remaining Pendency of the UDRP proceeding. Any updates to the Respondent's data, such as through the result of a request by a privacy or proxy provider to reveal the underlying customer data, must be made before the two (2) business day period concludes or before the Registrar verifies the information requested and confirms the Lock to the UDRP Provider, whichever occurs first. Any modification(s) of the Respondent's data following the two (2) business day period may be addressed by the Panel in its decision.

----------------

The UDRP Rules, incorporating the output of the Working Group on Locking of a Domain Name Subject to a UDRP (https://www.icann.org/resources/pages/udrp-locking-2012-07-25-en) have been that way for more than four years.
 
10
•••
https://www.icann.org/resources/pages/udrp-rules-2015-03-11-en

4. Notification of Complaint

(a) The Provider shall submit a verification request to the Registrar. The verification request will include a request to Lock the domain name.

(b) Within two (2) business days of receiving the Provider's verification request, the Registrar shall provide the information requested in the verification request and confirm that a Lock of the domain name has been applied. The Registrar shall not notify the Respondent of the proceeding until the Lock status has been applied. The Lock shall remain in place through the remaining Pendency of the UDRP proceeding. Any updates to the Respondent's data, such as through the result of a request by a privacy or proxy provider to reveal the underlying customer data, must be made before the two (2) business day period concludes or before the Registrar verifies the information requested and confirms the Lock to the UDRP Provider, whichever occurs first. Any modification(s) of the Respondent's data following the two (2) business day period may be addressed by the Panel in its decision.

----------------

The UDRP Rules, incorporating the output of the Working Group on Locking of a Domain Name Subject to a UDRP (https://www.icann.org/resources/pages/udrp-locking-2012-07-25-en) have been that way for more than four years.

Thanks John. I was hoping you would engage -- much appreciated.

We absolutely comply on the locking protocol. There is no issue there. We do also report a WHOIS contact, but that WHOIS contact is the privacy registration contact details.

The issue is the recent pattern of presumptive close in requiring the registrar to pierce the privacy veil of the privacy proxy, which in our case is a 3rd party legal entity, Anonymize, Inc.

ICANN previously ruled that Anonymize, Inc was operating as a valid registrant. The requirement of course being that the registrant be a natural personal or registered legal entity.

The question I am navigating is whether or not the agent being proxied has the ability to assign their rights to the domain to a party that could file a response in a complaint.

Happy to discuss offline if not clear, but I think this type of solution is good news for counsel since the direction I see this going otherwise is many privacy-protected UDRPs going uncontested.
 
4
•••
I'm not sure there'd really be enough volume to bother?

That being said .. as I said in another recent post, I really don't see any need for a domain owner to reveal their identity until the after the first stage of the UDRP.

Obviously the ability to challenge the first part of the UDRP while remaining unanimous is going to be a tricky issue to address, but if the complainant can't even pass the first UDRP requirement proving that they have the rights to the mark, then the domain owner's privacy would have been violated for no reason.

If there were further abilities for the accused to make their legal arguments while keeping their privacy throughout the following 2 stages, then I'd support that as well. However I just don't see how that's realistically possible in most cases.

That being said .. I think there should be severe consequences on a complainant who undertakes a UDRP process that removes someone's privacy if they lose the case. By severe I'm thinking as severe as being equal to breaking privacy rules in the EU.

That consequence should be in the form of a fine .. then beyond that, I think the domain owner should also be allowed to sue the complainant for effectively the same thing.


However .. if a domain owner is found to have been breaking trademark rules, then I definitely have no problem with them losing their right to privacy.


The real problem is in grey zone cases.


Another issue is whether or not the complainant has the right to unavailing the privacy of the domain owner's entire portfolio. Sometimes the portfolio can give strong clues to the panellist towards deciding whether a domain was acquired in bad faith or not.


The real problem is that there is abuse from both sides. There's no denying that there are domain owners who try to profit on legitimate trademarks. While at the same time there is no doubt that there are companies that try to obtain domains that are not breaking trademark rules .. and that .. even if the domain is an exact match to their business. This is particularly true when it comes to generic words or very short acronyms.


For example, it most certainly is not unreasonable for someone to register a domain that includes "IBM". IBM only has rights to "IBM" in the classes within it operates (whichever classes include hardware/software, etc). But there are plenty other TM classes where IBM has no business, nor right to claim TM exclusivity.

On the other hand .. a company with a significantly less generic or common name, such as Microsoft, would have a much stronger case that a domain like Microsoft20.com was registered in bad faith.

So unless IBM had a specific product that they actively marketed as the "IBM20", then they really have no right to the domain. (Unless of course the domain owner used the domain in a way that could cause confusion as being related to IBM, such as putting a parking page that focused on computers or software).
 
4
•••
Thanks John. I was hoping you would engage -- much appreciated.
@jberryhill kick's ass. He is far and away the most underappreciated asset on NamePros (followed closely by my daily lists .. lol).

Seriously John .. thank you to the moon and back for everything you do for the industry ... the only time I've ever been disappointed by you is when you didn't reply in this thread .. and that only because I know your reply would have been truly epic! :)
https://www.namepros.com/threads/virtual-punching-bag-let-it-out.1162234/

The question I am navigating is whether or not the agent being proxied has the ability to assign their rights to the domain to a party that could file a response in a complaint.

I think this is the issue we touched in the other thread. I think the real issue is that (let me know if I'm wrong) I think you are probably the only proxy service who would include legal defence as being part of the proxy. Which I'm thinking it should be. Meaning that someone under privacy could have a method of defending themselves while keeping their privacy, and only have it revealed after they lose the case.

The 3 main problems are:
1- The UDRP can be a lot more complicated than people think .. lots of grey zones in some cases that genuinely need to be analysed.
2- Privacy rules and rights are a lot more complicated than people think.
3- This situation is #1 multiplied by #2 .. effectively a very complex sticky mess.


But that's the real question .. who owns the domain when it's held by proxy? Because often in UDRP's it comes down to the 3rd criteria of whether a domain was acquired in bad faith or not .. and that criteria wouldn't be able to be judged based on the proxy, but by the registrant. So as much as I like the thought of the proxy being the legal owner of the domain .. it can't really be ignored that it is still a proxy.

It's a dilemma like "the words of the law" vs "the spirit of the law" ... judges will sometimes choose one over the other depending on the circumstances .. and even worse .. different judges might see things differently.


@Rob Monster .. I love that you want to shield your proxied clients' privacies .. but I just don't see how a pannel could ever make a fair and genuine decision on the 2nd and 3rd parts of the UDRP without knowing who the underlying registrant is.

Would be great to find a way to make that all work .. again though .. I just don't see how it could be done.

ADDED: It most certainly is something to be considered for at least up until AND INCLUDING the first part of the UDRP, which only focuses on the complainant's rights to the domain/mark.
 
Last edited:
5
•••
I'm not sure there'd really be enough volume to bother?

That being said .. as I said in another recent post, I really don't see any need for a domain owner to reveal their identity until the after the first stage of the UDRP.

Obviously the ability to challenge the first part of the UDRP while remaining unanimous is going to be a tricky issue to address, but if the complainant can't even pass the first UDRP requirement proving that they have the rights to the mark, then the domain owner's privacy would have been violated for no reason.

If there were further abilities for the accused to make their legal arguments while keeping their privacy throughout the following 2 stages, then I'd support that as well. However I just don't see how that's realistically possible in most cases.

That being said .. I think there should be severe consequences on a complainant who undertakes a UDRP process that removes someone's privacy if they lose the case. By severe I'm thinking as severe as being equal to breaking privacy rules in the EU.

That consequence should be in the form of a fine .. then beyond that, I think the domain owner should also be allowed to sue the complainant for effectively the same thing.


However .. if a domain owner is found to have been breaking trademark rules, then I definitely have no problem with them losing their right to privacy.


The real problem is in grey zone cases.


Another issue is whether or not the complainant has the right to unavailing the privacy of the domain owner's entire portfolio. Sometimes the portfolio can give strong clues to the panellist towards deciding whether a domain was acquired in bad faith or not.


The real problem is that there is abuse from both sides. There's no denying that there are domain owners who try to profit on legitimate trademarks. While at the same time there is no doubt that there are companies that try to obtain domains that are not breaking trademark rules .. and that .. even if the domain is an exact match to their business. This is particularly true when it comes to generic words or very short acronyms.


For example, it most certainly is not unreasonable for someone to register a domain that includes "IBM". IBM only has rights to "IBM" in the classes within it operates (whichever classes include hardware/software, etc). But there are plenty other TM classes where IBM has no business, nor right to claim TM exclusivity.

On the other hand .. a company with a significantly less generic or common name, such as Microsoft, would have a much stronger case that a domain like Microsoft20.com was registered in bad faith.

So unless IBM had a specific product that they actively marketed as the "IBM20", then they really have no right to the domain. (Unless of course the domain owner used the domain in a way that could cause confusion as being related to IBM, such as putting a parking page that focused on computers or software).

Great input @Ategy.com.

Two thoughts:

1. I know for this case that the domain was a bulk buy of LLLNN.com all bought in a short period without a squatting strategy. There was no way that they had a specific awareness of a specific acronym. It was simply an available LLLNN.com bought in bulk by a speculator.

2. The content that was there at the time of the complaint was not of a trespassing nature. I can say that much on anything related to a technology company called IBM.

Here is a situation though. Let's suppose the registrant is unreachable. There is no way a privacy proxy or registrar should be COMPELLED to disclose contact details. That would actually be a GDPR violation from my reading of that legislation. I am not sure how WIPO can compel it.

I can imagine that law enforcement pursuing a criminal case through INTERPOL could be in a special class but the idea of arbitrarily piercing the privacy veil for a civil case where there is no clear and present danger seems rather tyrannical. I find that troubling.

There has to be a way for someone, counsel or layman, to step in on contingency or other arrangement to manage a defense without mandating the disclosure of the registrant. This would be some type of counter-balance against WIPO panelist over-reach in the case of a private registration.
 
3
•••
sounds to me like,
the actual domain owner is under privacy and the privacy service is also a registrar.
if so, is the domain name registered at the same registrar, that is also the privacy company?

and if so, then the complaint should have went to that privacy company and they should comply with any rules set forth.

if the domain is at a different registrar, under privacy by same privacy service who is also a registrar, then the registrar holding the domain is obligated to comply with rules set forth.

whether A registrar can get B registrar to reveal domain owners info, would/may be a different matter.

so, does any above makes any sense, or am i clueless

-----

on the subject of a marketplace to sale such names in pending dispute,
doesn't seem wise for a buyer.
especially if/when they don't know the circumstances of complaint.


imo...
 
1
•••
@Rob Monster , if I understand this correctly you want to have a limo driver for domainers so that if they are pulled over for speeding it will be the driver who is going to interact with the law and not the person sitting in the back seat, but how do you address the part about "intent at the time of registration" which your driver might not know anything about.

IMO
 
3
•••
As many of you know, and as discussed here, Epik provides a WHOS privacy service through an affiliated but separate legal entity. WHOIS privacy has been around for a long time, but the climate is changing rapidly in 2019, particularly in case of a dispute. For one thing, the trajectory that the industry is on is that if you intend to defend your domain in UDRP, you should be prepared to de-cloak.

Although I have no interest in protecting criminals, I am not really a fan of this change in policy. The writing was on the wall with the RDAP rollout. I thought it was going to be law enforcement with an eye towards chasing criminals by piercing the privacy veil. However, here we have an indication that the privacy veil should also be pierced in the case of mere presumption and in a civil case too!

Now, here is an actual case from this month:

A UDRP has been filed again IBM20.com. It is a LLLNN.com domain that someone picked up recently in a large (10,000+) bulk buy of available LLLNN.com. Now IBM wants it asap for whatever reason. WIPO is also determined that the end contact should be disclosed. As you can see below, our compliance team's previous response identifying the privacy proxy as the legal owner appears to be insufficient.

Show attachment 135529

In other words, whether or not someone wants to defend, WIPO wants your digits.

As WIPO's tactics clearly appear to have changed, now requiring, the disclosure of the end-registrant already at the start of the process, I am wondering if we need a clearing house where UDRP-entangled domains can be either sold or contracted, in very short order (e.g. 48 hours), to an entity that does not object to having their identity disclosed as the respondent for a particular UDRP proceeding.

The reason this matters is that there have been many cases where a domain prevails in UDRP in favor of the registrant, likely because they had capable counsel and paid the additional cost of a 3-person panel. In some cases, the complainant absolutely needs that domain and UDRP was simply viewed as a way to force the registrant to the bargaining table on favorable terms. ICYMI, those can be high value sales.

In order for WHOIS privacy-protected domains to not be tagged as easy targets for UDRP, I am wondering if there needs to be some kind of private sector counter-measure to offset the perception that UDRP can be used to compel a default judgement in favor of complainants due to procedural shortfall, or due to no-contest response at the start of the UDRP procedure.

Input welcome on this apparent change in WHOIS policy, and what do about it.
I don't like the process at all. The burden of proof is on the complainant - the respondent legally owns the domain. Just crap - you too can unmask privacy for the small fee of $1500 - garbage.
 
3
•••
1. I know for this case that the domain was a bulk buy of LLLNN.com all bought in a short period without a squatting strategy. There was no way that they had a specific awareness of a specific acronym. It was simply an available LLLNN.com bought in bulk by a speculator.

For this I'm going on the "assumption" the domain in question is infringing on a trademark (which I actually don't think IBM20 is, but let's pretend for sake of argument).
I don't really think "I didn't see it because of my volume" is a viable defence. However .. I think this is one of the rare cases where a "renewal" could and should be used as the basis of "acquisition". Meaning that if someone acquires 20k domains, it's not inconceivable they missed one (even if in theory they are responsible). But more importantly, I don't think they should have been expected to not go through with the deal based on a single domain. However, if they make the effort of the renewal, then that would be a much clearer violation, because in that case, they are paying each domain separately. But backing up, I really don't think I got it in bulk is a viable defence as long as the complainant contacted them first before initiating a UDRP action.

But again .. that would be for a clear domain like microsoft.com .. I really don't think IBM20 is an automatic trademark violation unless it was actually used in a way to be confused with IBM.

Here is a situation though. Let's suppose the registrant is unreachable.

While I think the time limits involved with UDRPs are way too short, I do think that ultimately the owner of a domain should be reachable .. but even then .. I think there are a lot of cases where complainants could be seen as not having rights to the domain right from the first part of a UDRP .. and as such .. the domain owner would not necessarily even have to know about the process and have already won. No need to reveal privacy there.

There is no way a privacy proxy or registrar should be COMPELLED to disclose contact details. That would actually be a GDPR violation from my reading of that legislation. I am not sure how WIPO can compel it.
Didn't I already say that ??? lol ...
The 3 main problems are:
1- The UDRP can be a lot more complicated than people think .. lots of grey zones in some cases that genuinely need to be analysed.
2- Privacy rules and rights are a lot more complicated than people think.
3- This situation is #1 multiplied by #2 .. effectively a very complex sticky mess.

-----
There has to be a way for someone, counsel or layman, to step in on contingency or other arrangement to manage a defense without mandating the disclosure of the registrant. This would be some type of counter-balance against WIPO panelist over-reach in the case of a private registration.

In all honesty .. you've got the right direction but actually missing the bigger picture .. registrants should have the backing and help of a counter-WIPO organisation REGARDLESS as whether or not they have privacy or not. Why does only one side have so much power in all this ... ICANN should themselves have instituted a fairer system as they are the ones that are supposed to be defending the internet and it's users. If you ask me, ICANN with their countless millions should be funding an independent institution that counterbalances WIPO. I know there is the ICA, and as much as they try hard and do good work, they really are limited in the scope of what they can do given their very limited resources compared to what WIPO brings to the table.

@Rob Monster , if I understand this correctly you want to have a limo driver for domainers so that if they are pulled over for speeding it will be the driver who is going to interact with the law and not the person sitting in the back seat, but how do you address the part about "intent at the time of registration" which your driver might not know anything about.
Congratulation on the worst analogy of all time .. lol. But seriously .. if you want something similar .. the person sitting in the back seat has nothing to do with it. This is more about the cops pulling over the limo because they suspect it is stolen. In this case who's responsible? The driver of the limo, or the owner of the limo company? Still a horrible analogy .. but that's a bit closer .. lol.
 
1
•••
@Rob Monster , if I understand this correctly you want to have a limo driver for domainers so that if they are pulled over for speeding it will be the driver who is going to interact with the law and not the person sitting in the back seat, but how do you address the part about "intent at the time of registration" which your driver might not know anything about.

IMO

@oldtimer that is a funny but ridiculous analogy.

Here is a case in point:

https://domainnamewire.com/2019/11/...ins-visitqatar-com-in-cybersquatting-dispute/

The domain was owned not by a Qatari however the term itself is generic. Qatar is a growing tourist destination -- I have been to Doha personally and it is a worthwhile place to visit.

If the registrant, could have gotten a wealthy Qatari -- I happen to know a few -- to be the stand-in, the outcome might have been different.

Do you want to know what this is really about? One word: POWER.

That's my thesis on what is really going on here.

I could comment on your moving violation metaphor but it will take us on a (politically incorrect) tangent.
 
2
•••
Staying on topic, I really don't understand the "problem" you are trying to solve, Rob.

If a privacy service does not reveal the underlying registrant, it does not render the domain name incapable of being defended. It looks like you are trying to solve a problem that doesn't really exist.

For example:

https://www.adrforum.com/DomainDecisions/1370044.htm

PARTIES
Complainant is Christopher Marc Nemelka (“Complainant”), represented by Rodney J. Vessels, Minnesota, USA. Respondent is SecureWhois, Inc. As explained infra, the Response in this proceeding was filed by an unidentified entity represented by John Berryhill, Pennsylvania, USA.

https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2016-0872

1. The Parties
Complainant is Tip Vy Spots LLC Vy ("Complainant") of Wilmington, Delaware, United States of America, represented by Scherrer Patent & Trademark Law, P.C., United States of America.

Respondent is Super Privacy Service c/o Dynadot ("Respondent") of San Mateo, California, United States of America, represented by John Berryhill, Ph.D., Esq., United States of America.


-------------------


In that first proceeding, we expressly refused to identify the Respondent, because the domain name was being used for criticism of a religious cult leader with one felony conviction in one state and an outstanding arrest warrant in another state. The UDRP was filed by the complainant merely to determine the identity of the registrant.

In the second proceeding, we refused to identify the Respondent, because the Complainant, a claimed LLC in Delaware, didn't actually exist. There was no such registered LLC in Delaware.

If the registrant, could have gotten a wealthy Qatari -- I happen to know a few -- to be the stand-in, the outcome might have been different.

Well that would simply be IMHO fraudulent. A legitimately registered and used domain name can be defended, regardless of whether the privacy is removed, as demonstrated above. But playing some game of switcheroo and acting as if the new stand-in was the registrant all along is simply dishonest.

Legal proceedings are brought and defended all of the time by "Doe" and "Roe" parties whose identities, for a variety of reasons, are not disclosed.

But in that dispute in particular, the domain registrant is the owner of a corresponding US trademark registration, and had engaged in email correspondence with a party related to the Complainant. Passing the domain name around like some hot potato would have obviously given more ammunition to the other side.

Do you want to know what this is really about? One word: POWER.

Oh good grief. Look, obviously I disagree with the decision in visitqatar.com, and the respondent in that case is weighing their further options to proceed in the mutual jurisdiction (Colorado). But, no, disagreements a/k/a "failure to agree with me" is not my measure of whether there is some corrupt conspiracy going on. People get things wrong sometimes. It is not an earth shattering sign of corruption.
 
Last edited:
5
•••
Legal proceedings are brought and defended all of the time by "Doe" and "Roe" parties whose identities, for a variety of reasons, are not disclosed.

I understand this is what is proposed. Not sure where the disagreement is.
 
0
•••
In that first proceeding, we expressly refused to identify the Respondent, because the domain name was being used for criticism of a religious cult leader with one felony conviction in one state and an outstanding arrest warrant in another state. The UDRP was filed by the complainant merely to determine the identity of the registrant.

In the second proceeding, we refused to identify the Respondent, because the Complainant, a claimed LLC in Delaware, didn't actually exist. There was no such registered LLC in Delaware.

@jberryhill .. was the only reason the domain owner in both cases were allowed to remain anonymous only specifically because of those particularly extraordinary circumstances you mentioned? Or can anyone always choose to remain anonymous (keeping in mind that the fact there's missing information could be used against you as a defendant)?


--------
A bit off topic, so feel free just to reply yes or no .. in those two cases, were there ruling of reverse domain name hijacking? And if so, did the fact the original complainant was private change anything?

I guess what I'm asking, is if someone can get reverse domain hijack compensation even if they remain private?
 
1
•••
Congratulation on the worst analogy of all time ...

@oldtimer that is a funny but ridiculous analogy.

Remind me not to make any more analogies. :)

Legal proceedings are brought and defended all of the time by "Doe" and "Roe" parties whose identities, for a variety of reasons, are not disclosed.

@Rob Monster , So if people can keep their privacy, then what is the problem that you are trying to solve here.

It seems to me that all our efforts should be concentrated on preventing the UDRP from being abused or gamed by the complainants.

IMO
 
Last edited:
1
•••
Remind me not to make any more analogies. :)
lol .. In all fairness .. TMs/UDRPs and Digital Privacy Rights are both very complex and nuanced things .. combine them and there are very few analogies that can do justice to illustrating the realities of the situation in play.

I think the problem is that the panel was still demanding the underlying registrants information. I don't think it was necessarily obvious that that demand can deliberately be ignored/refused without consequences.

Maybe the only problem here is that Rob actually should have simply replied "no". But again .. given the settings and circumstances, and specifically the way the demand for information was done, you'd think that a simple "no" was not a possibility, even if it sounds super simple.
 
2
•••
I don't think it was necessarily obvious that that demand can deliberately be ignored/refused without consequences.

That's why it pays for domainers to consult with a domain attorney to make sure that they are aware of all their rights.

But overall I hope that @Rob Monster with the help from @jberryhill and others can come up with a way to limit the Complainants overreach that we see happening in so many cases.

Having some kind of a free or sponsored legal protection and advice program would be nice for domainers who can't afford to fight Obvious Complainant Overreach.

IMO
 
Last edited:
4
•••
I see what you're getting at, Rob. Instead of implementing this at hindsight, why not shift focus to foresight? (or implement the following post-dispute)

Could this be a "Comprehensive" package for your new insurance offering? Dispute Insurance?

At enrollment, the owner would give your company Power of Attorney to handle all proceedings against their domains. Charge $X per month with/or a sliding scale premium upon dispute.

Would this work? Would a dispute be satisfied with the attorney-in-fact's contact info?
 
Last edited:
1
•••
I see what you're getting at, Rob. Instead of implementing this at hindsight, why not shift focus to foresight? (or implement the following post-dispute)

Could this be a "Comprehensive" package for your new insurance offering? Dispute Insurance?

At enrollment, the owner would give your company Power of Attorney to handle all proceedings against their domains. Charge $X per month with/or a sliding scale premium upon dispute.

Would this work? Would a dispute be satisfied with the attorney-in-fact's contact info?

DNProtect.com is of course anticipating exactly this issue -- insurance against, among other things, a loss in UDRP. So, you are indeed connecting some important dots there.

DNProtect can also be a legal privacy proxy, just as Anonymize is today. I had not fully considered that scenario but for risk mitigation for an insured domain, it would be logical.

So instead of [email protected], the insured domain is [email protected]. That signals to would be complainants that there is a checkbook behind that WHOIS.

Thanks for the idea!

@bhartzer take note.
 
4
•••
Staying on topic, I really don't understand the "problem" you are trying to solve, Rob.

If a privacy service does not reveal the underlying registrant, it does not render the domain name incapable of being defended. It looks like you are trying to solve a problem that doesn't really exist.

For example:

https://www.adrforum.com/DomainDecisions/1370044.htm

PARTIES
Complainant is Christopher Marc Nemelka (“Complainant”), represented by Rodney J. Vessels, Minnesota, USA. Respondent is SecureWhois, Inc. As explained infra, the Response in this proceeding was filed by an unidentified entity represented by John Berryhill, Pennsylvania, USA.

https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2016-0872

1. The Parties
Complainant is Tip Vy Spots LLC Vy ("Complainant") of Wilmington, Delaware, United States of America, represented by Scherrer Patent & Trademark Law, P.C., United States of America.

Respondent is Super Privacy Service c/o Dynadot ("Respondent") of San Mateo, California, United States of America, represented by John Berryhill, Ph.D., Esq., United States of America.


-------------------


In that first proceeding, we expressly refused to identify the Respondent, because the domain name was being used for criticism of a religious cult leader with one felony conviction in one state and an outstanding arrest warrant in another state. The UDRP was filed by the complainant merely to determine the identity of the registrant.

In the second proceeding, we refused to identify the Respondent, because the Complainant, a claimed LLC in Delaware, didn't actually exist. There was no such registered LLC in Delaware.



Well that would simply be IMHO fraudulent. A legitimately registered and used domain name can be defended, regardless of whether the privacy is removed, as demonstrated above. But playing some game of switcheroo and acting as if the new stand-in was the registrant all along is simply dishonest.

Legal proceedings are brought and defended all of the time by "Doe" and "Roe" parties whose identities, for a variety of reasons, are not disclosed.

But in that dispute in particular, the domain registrant is the owner of a corresponding US trademark registration, and had engaged in email correspondence with a party related to the Complainant. Passing the domain name around like some hot potato would have obviously given more ammunition to the other side.



Oh good grief. Look, obviously I disagree with the decision in visitqatar.com, and the respondent in that case is weighing their further options to proceed in the mutual jurisdiction (Colorado). But, no, disagreements a/k/a "failure to agree with me" is not my measure of whether there is some corrupt conspiracy going on. People get things wrong sometimes. It is not an earth shattering sign of corruption.

Thanks John.

Brief comments here:

- I strongly suspect that there has been a shift to seek to compel disclosure of the WHOIS registrant. I am going to go with your analysis of precedent and see how far we get with our compliance activities in preserving anonymity of registrants while maintaining compliance with the overall process. My personal assessment is that in the transition to RDAP there is actually a very concerted effort by multiple groups to be allowed to pierce the privacy at will. You are free to think otherwise, and we can both hope you are right.

- As for the UDRP loss, let's be honest, you are one of the best at what you do. If you can't prevail in a case like this one, it should raise a question about the possibility of realpolitik. I am reasonably studied on how the world actually works in relation to how it purports to work, so you will excuse me for considering the possibility that the upside of finding in favor of the complainant was greater than the upside of finding in favor of the registrant. Sure, call me crazy.

- As for the notion of allowing a registrant to unload a domain during the response drafting period, I am not sure I follow how anyone could characterize that as being some kind of breach of moral code. There are people in this world whose monthly income is measured in the low 3-digits USD. They are not hiring John Berryhill, unless John Berryhill takes contingency cases and charity cases on the regular. The system is regressive. My proposed solutions levels the playing fields against power-plays.
 
4
•••
I see what you're getting at, Rob. Instead of implementing this at hindsight, why not shift focus to foresight? (or implement the following post-dispute)

Could this be a "Comprehensive" package for your new insurance offering? Dispute Insurance?

At enrollment, the owner would give your company Power of Attorney to handle all proceedings against their domains. Charge $X per month with/or a sliding scale premium upon dispute.

Would this work? Would a dispute be satisfied with the attorney-in-fact's contact info?

This is inline with what I suggested couple of post earlier, but I meant a program to be implemented at a bigger level that everyone in the Domain Industry can participate in and support. If some kind of assistance is provided to those who are victims of obvious complainant overreach that might discourage some of the companies that want to unfairly use the UDRP in their own advantage.

IMO
 
3
•••
lol .. In all fairness .. TMs/UDRPs and Digital Privacy Rights are both very complex and nuanced things .. combine them and there are very few analogies that can do justice to illustrating the realities of the situation in play.

I think the problem is that the panel was still demanding the underlying registrants information. I don't think it was necessarily obvious that that demand can deliberately be ignored/refused without consequences.

Maybe the only problem here is that Rob actually should have simply replied "no". But again .. given the settings and circumstances, and specifically the way the demand for information was done, you'd think that a simple "no" was not a possibility, even if it sounds super simple.

In this case:

- They asked and we responded.

- They asked again.

- They know we are registrant-friendly on WHOIS privacy.

It might not be an inquisition but the pattern of this case, and another case is just a tad alarming.

As a guy who is pushing hard to bring emerging market domain investors online with capital efficient portfolios, I am being extra vigilant to this use-case.

Others can focus on renewal fees but I am looking at case of IBM20.com where someone bought a .COM at Epik for $5.99 a month ago as a hand-reg and does not want to pay $X,XXX in UDRP defense.
 
2
•••
This is inline with what I suggested couple of post earlier, but I meant a program to be implemented at a bigger level that everyone in the Domain Industry can participate in and support. If some kind of assistance is provided to those who are victims of obvious complainant overreach that might discourage some of the companies that want to unfairly use the UDRP in their own advantage.

IMO

I meant to suggest that education in this matter should be at the forefront, which aligns with the advice program you were getting at.

At registrar level, Epik could push DNP during registration flow with a scan of domains against a TM/business API to look for risky names — up-selling the insurance program on the fly. While also teaching best practices, avoidance, preparation, etc with a free mini master class of some sort to help prevent and prepare domainers.

To offer this protection/service to the industry, the DNP scan could be turned into an API for other registrars to implement, up-sell, and earn a commission. One of the benefits of separating the service from the registrar (Epik).

For those that get tangled in UDRPs and the like, it's a "48 hours" scenario. Create a deep dive masterclass and offer consults to up-sell the proxy service. Assess the domain(s), if a worthy case, transfer power and fight for the client.
 
3
•••
I meant to suggest that education in this matter should be at the forefront, which aligns with the advice program you were getting at.

At registrar level, Epik could push DNP during registration flow with a scan of domains against a TM/business API to look for risky names — up-selling the insurance program on the fly. While also teaching best practices, avoidance, preparation, etc with a free mini master class of some sort to help prevent and prepare domainers.

To offer this protection/service to the industry, the DNP scan could be turned into an API for other registrars to implement, up-sell, and earn a commission. One of the benefits of separating the service from the registrar (Epik).

For those that get tangled in UDRPs and the like, it's a "48 hours" scenario. Create a deep dive masterclass and offer consults to up-sell the proxy service. Assess the domain(s), if a worthy case, transfer power and fight for the client.

That sounds good, but you have to make sure that everyone in the domain Industry is onboard with such a program so that it can be implemented across the board (kind of like the MLS program).

In my opinion first it has to be determined whom you want to provide help to, perhaps there has to be two different programs, one for cases that the complainant might be in the right which the domainer has to pay for defending the domain or buy some kind of insurance and then there are the cases in which the complainant is clearly over reaching which will be in the interest of the domain Industry at large to provide free legal defence to the domainer who is being victimized.

IMO
 
Last edited:
2
•••
That sounds good, but you have to make sure that everyone in the domain Industry is onboard with such a program so that it can be implemented across the board (kind of like the MLS program).

In my opinion first it has to be determined whom you want to provide help to, perhaps there has to be two different programs, one for cases that the complainant might be in the right which the domainer has to pay for defending the domain or buy some kind of insurance and then there are the cases in which the complainant is clearly over reaching which will be in the interest of the domain Industry at large to provide free legal defence to the domainer who is being victimized.

IMO

Agree with all of this.

As far as onboarding, open sourcing certain aspects goes a long way with adoption, transparency, and trust.

Combating victimization was what Rob was getting at with the following quote. Hopefully knowing someone is represented/insured by DNP/other will prevent a large percentage of strong arm tactics.

So instead of [email protected], the insured domain is [email protected]. That signals to would be complainants that there is a checkbook behind that WHOIS.
 
3
•••
Back