By Larry Seltzer  |  Posted 2006-07-13 Print this article Print

Opinion: The domain registry system is stacked against victims of domain theft and in favor of the thieves. An opportunity to fix it may be coming up.

I get e-mail every now and then from victims of domain theft. Ive written on the topic, and I suppose that when people find their domains gone they go Googling on the subject and find my articles. Unfortunately, theres no real good advice I can provide. Even when domain owners are relatively careful, they can often be taken. Take the example of the person who contacted me recently after her registrar refused to acknowledge several attempts to renew the domain. After it expired, it was quickly swallowed up on eNom, one of the domain auction sites. Ive heard several such stories.

I doubt the reader who contacted me has any recourse at all, but shell need a lawyer to get it. Would you be willing to pay a lawyer an unknowable amount of money just to find out if you can recover your domain? Were not talking "" here.

People are often inclined to blame VeriSign, which operates the .com registry. VeriSign is not a registrar of domain names; it operates the central database of .com domain names through which all .com registrars must operate (and the company is very well-paid for this service). But this problem is not at all unique to .com names. Its just more pronounced there because .com names are still the most prized.

Where does the problem lie? The fish rots from the head, as they say, and the head of the domain name system is ICANN, the Internet Corporation for Assigned Names and Numbers. Its ICANN that sets policy for the domain name markets, contracts with operators of the various TLD (top-level domain) registries, such as VeriSign for .com and the General Services Administration for .gov. It also sets rules for registrars to follow, and here is where it has dropped the ball.

Click here to read about the controversy over the .xxx domain.

There is little, arguably nothing, in ICANN agreements to protect registrants from abuse by registrars. (Click here for the ICANN Registrar Accreditation Agreement.) Nothing in the agreement requires them to act fairly with their customers, with some pretty flimsy exceptions ("3.7.3 Registrar shall not represent to any actual or potential Registered Name Holder that Registrar enjoys access to a registry for which Registrar is Accredited that is superior to that of any other registrar Accredited for that registry."—probably meant as a slap at Network Solutions). The only dispute resolution policy is meant for trademark holders and expedites the process down to as few as several months.

Unless you have the legal resources to pursue the matter and a domain valuable enough to protect, its easier and cheaper to let the thief get away with it. And while ICANN dismisses the idea of rogue registrars who act in concert with domain thieves, weve certainly seen examples of registrar negligence that victimized domain owners. The net result is that ICANN policies act to protect domain thieves.

But now the National Telecommunications and Information Administration of the Department of Commerce is holding a public meeting "... on the continuation of the transition of the technical coordination and management of the Internet domain name and addressing system (Internet DNS) to the private sector." If I read things correctly, ICANNs authority over the IANA (Internet Assigned Numbers Authority) is at issue as well as some other matters relevant to the U.S. governments remaining authority over the Internet.

Theyre done taking comment in advance of the meeting, but I got my own comments in. Most of the noise surrounding the meeting will have to do with the silly perception that by controlling the operation of the "root" DNS servers, the U.S. government somehow controls the Internet.

Dont look for the DOC to surrender control of the root to the UN or other such radical news, but perhaps it can take the opportunity to make ICANN more responsive to its many detractors and address the holes in its policies.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog. More from Larry Seltzer
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel