[registrars] Not to sound like an attorney, but...

["Michael D. Palage" <michael@palage.com>]

Hello All:

I would like to offer some comments regarding the Dot Biz Domain Name
renewal business practice which has generated some traffic on the list
today.

I believe it is valuable for registrars to alert one another of potential
questionable marketing practice so that other registrars can notify their
customers to prevent any confusion in the market place. However, there is a
right way and a wrong way to go about communicating this information within
the industry on a publicly accessible list serv.

For the purposes of this discussion lets look at the facts in the Dot Biz
Domain Name scenario:
- A number of registrars and/or their customers received unsolicited email
directing registrants to renew their domain name with a company that does
not appears to be a .BIZ accredited registrar or have any registrant
contract as required by ICANN and NeuStar.
- This web site is rather suspicious in that they are primary concerned with
gathering credit card data via what appears to be an unsecured web page
rather than ascertaining the representative with apparent authority to act
on behalf of the domain.
- At least one registrar has claimed that the Whois data is inaccurate. I am
not from London so I can't offer an opinion based upon a cursory review as
to the veracity of the Whois data. However, there does not appear to be a
phone number or fax number for either the registrant or admin contact as
required which raises some additional suspicion.

What has not be established, is what happens when someone enters their
credit card information at this site. Although there is likely to be
consensus on what would likely happen, no one can state with certainty what
would happen. There seems to be a premise that any registrar that would
allow any third party to pay for a domain name is engaged in an illegal
activity. The problem is this premise is wrong. In fact, a little known
registrar called Network Solutions has in the past allowed third parties to
pay for a domain name registration in which they have no privity of
contract. I know this first hand as I have made use of this payment scheme
in connection with a law firm that I was working in connection with a high
profile bankruptcy. Because of the bankruptcy all of the mail servers were
inoperable. Nevertheless, I was able to provide payment for these domain
name by simply providing my credit card information. Another example of a
valid third party payment, involved a story a number of years ago in which
an Internet user paid for a Microsoft domain name that had expired during
the peak Christmas holiday season.

The point that I am trying to make is that merely accepting payment from a
third party for a domain name is not illegal. That being said, unlike where
I provided my credit card information to NSI, I would not likely provide
this information at the Dot Biz Domain renewal web site.

If you look at the advisory that was sent out by NeuStar you will see what I
deem a prudently worded advisory,i.e. " may involve questionable trade
practices."  This is in contrast to registrars that pre-judged the activity
as a scam or used profanity in describing the web site hosting company.
Again, I share the same concerns about this potential questionable trade
practice, but there is a right way and a wrong way about addressing the
problem. The reason that I stress this point is that I am aware of at least
one lawsuit in which a third party included claims of defamation based upon
the comments of a registrar employee to a public list.

The other point that I believe that a number of registrars may fail to
appreciate is that they may be potentially advocating a standard of care
which could come back to haunt them and their respective companies. In the
case of this potential fraud, some registrars have acted rather
expeditiously in investigating the veracity of the whois data, contacting
the hosting website, requesting that the web site be brought down, etc.

My question to these registrars is this the same standard of care that you
employ when an intellectual property owner contacts you regarding a domain
name used in the commission of a crime involving time sensitive material.
Specifically, if the Motion Picture Association was to contact you regarding
a movie that had not yet been released to the public (thus a rather clear
cut case of criminal and civil liability) would you immediately act to take
down the domain name.

The reason this standard of care is important is because under the US
Anti-Cybersquatting Protection Act (ACPA) registrars are NOT liable for
injunctive or monetary relief, except in the case of "bad faith or reckless
disregard". By having a double standard for how a registrar investigates
claims of inaccurate Whois data and potential illegal activity you start
down a potential very dangerous slippery slope in my opinion.

In summary I think the collective work by registrars to identify this
problem has been positive. But in the future I think registrars should
consider exercising more caution in the reporting and dissemination of
information.

In connection with my effort to investigate this potential questionable
marketing practice, I have contacted the US FTC which has provided me a
contact for their UK equivalent. I will be contacting these UK
representatives first thing tomorrow to report this activity.

Best regards,

Michael D. Palage