CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

ICANN needs to clamp down on domain name abuse

Attorney Doug Isenberg believes the current Whois system and domain name abuses are bad enough; ICANN shouldn't make them worse.

While Congress continues to consider the merits of so-called Net neutrality, an even more soporific but vital Internet legal issue looms, with ramifications for every business online and every user of the World Wide Web: What is the purpose of the database that contains information on every domain name registrant?

This question is being quietly debated by the Internet Corporation for Assigned Names and Numbers (ICANN)--the Net's keeper of the all-important addressing system--which is meeting June 26-30 in Marrakech, Morocco.

This database, known as "Whois," contains names, contact information and some technical data for every registrant of a domain name. Under ICANN's current structure, all accredited registrars--the companies approved to provide domain name registration services--are required to collect this data and make it publicly available through the Whois system.

Unrestricted access to Whois is essential for companies fighting to protect their brands--as well as their consumers--from cybersquatters, spammers, phishers and other bad actors on the Internet. Without the ability to identify who is responsible for these online frauds, businesses would be unable to assert their legal rights or, at least be unable to do so without expending an exponentially greater amount of time and money by resorting to expensive and slow investigations and legal processes.

But some believe that domain name registrants should be able to hide from the law, that they should not have to disclose themselves in the Whois database. They argue that the purpose of Whois should be limited to resolving technical, not legal, issues related to domain names and the Web sites associated with them. In response to an ICANN task force's request for comments earlier this year, some argued that the Whois database creates privacy risks by unnecessarily publicly publishing personal information. This despite the tradition of publishing this data for as long as there's been a World Wide Web; the analogies to and prevalence of similar databases such as those for trademarks and real estate; and the popularity of existing Whois privacy-protection services.

Today, cybersquatters have rebranded themselves as "domainers."

In any event, the current Whois system and domain name abuses are bad enough; ICANN surely should do nothing to make them worse. Already, it is common for domain name registrants to provide false contact information when registering domain names, and little is done to stop this fraudulent practice. The cybersquatter in one reported decision under ICANN's popular domain name dispute procedure was listed as, literally, "Sdf fdgg"--an obvious random typing of keys. Others often identify themselves only as "DOMAIN FOR SALE." And in one recent case that would be funny if it wasn't important to Morgan Stanley, the registrant of mymorganstanleyplatinum.com was listed as, simply, "Meow" and submitted a response that it was a cat--leading the arbitrator to write that the registrant "has undoubtedly attempted to mislead this panel and has provided incorrect Whois information. Such behavior is indicative of bad faith."

Domain name registrants who provide such false information clearly have an illegitimate reason to hide, not a legitimate concern for protecting their privacy. Their reasons are clearly understandable, as domain name speculation and cybersquatting have become one of the Web's most popular, and profitable, activities. The practice is no longer limited to finding a few good names. (Still, apparently there is good money to be made in such generically used domains as Diamond.com, which reportedly sold for $7.5 million last month, the same price as the legendary sale of Business.com in 1999 by a man who has since co-founded a company known as Internet REIT, which boasts a portfolio of more than 400,000 domain names.)

Today, cybersquatters have rebranded themselves as "domainers." Popular blogs and news sites track their activities. Industry conferences have sprouted to serve them. And "monetization" services--which quickly let domain name registrants turn otherwise unused, or parked, Web pages into money via affiliate links that often trade on the goodwill established by well-known brand owners--are finding a large and growing customer base of hungry and often shrewd domain name registrants.

All of these practices are costing honest businesses untold sums. The World Intellectual Property Organization reported earlier this year that the number of cybersquatting cases it handled rose 20 percent in 2005, and the disputes have involved most of the 100 largest international brands by value. Pharmaceutical, hospitality and telecommunications companies--all of which have a large number of customers who are harmed by online scams perpetrated by domain name registrants--are among the most aggressive enforcers of intellectual property online. Identifying, prioritizing and pursuing bad Web site owners already is a resource-consuming task for these companies; any new restrictions on the Whois system would only cost them and, therefore, their customers more.

The Whois problem is exacerbated by another flaw in the domain name system, a practice labeled "domain kiting" by Bob Parsons, the outspoken CEO and founder of GoDaddy.com, the largest ICANN-accredited domain name registrar. The practice (euphemistically referred to as "domain tasting" by those who engage in it) exploits an ICANN loophole by allowing sophisticated speculators to register a domain name without charge for five days. During this window, a registrant can post a monetized parking page and see whether any traffic results. If it does, the registrant may keep the domain name; if it doesn't, he'll let it go.

The problem is that these domain names, which typically contain variations of companies' well-known trademarks, are being registered in such great numbers for such short periods of time that they make it difficult for trademark owners to pursue them or to distinguish them from even more problematic Web sites. According to Parsons, more than 93 percent of the 35 million domain names registered in April were a part of this slick practice.

Who is going to stop these online shenanigans? Apparently not ICANN, which has never revoked the accreditation of a single registrar, even though some of them are among the most popular registrants of domain names. To its credit, ICANN has sought to hire a Compliance Program Specialist, recognizing that violations by registrars "can cause serious detriment to consumers and to the Internet community both directly, and indirectly, by damaging the competitive process that is crucial to a dynamic and healthy market." Yet the role has remained unfilled for more than a year.

Nothing less than the integrity of the Net is at stake here, and on these important domain name issues ICANN, innocent businesses and concerned Internet users alike should not remain neutral.