|
The Intellectual Property Constituency, meeting at the ICANN conference in Vancouver, was interested in increasing ICANN’s budget not because they thought they deserved it, but because they wanted ICANN to actually enforce the rules on the books about fake registrations. Now there’s some evidence about how prevalent that is. If there’s any surprise here, it’s that the numbers are so low.
The General Accountability Office (GAO) supplied a report (abstract, full report [PDF]) to Congress, showing that 3.9 million domain names were registered. Said the GAO:
Based on test results, GAO estimates that 2.31 million domain names (5.14 percent) have been registered with patently false data–data that appeared obviously and intentionally false without verification against any reference data–in one or more of the required contact information fields. GAO also found that 1.64 million (3.65 percent) have been registered with incomplete data in one or more of the required fields. In total, GAO estimates that 3.89 million domain names (8.65 percent) had at least one instance of patently false or incomplete data in the required Whois contact information fields.
The GAO actually went through the ICANN process of reporting the “bad” registrations. They had as much luck as anyone else who has wasted their time with this. Of the 45 reported domain names, 11 were corrected within 30 days, 1 was deleted, and the remaining 33 paid as much attention to it as New Yorkers do to jaywalking tickets.
Meanwhile, sensing publicity, Lamar Smith, R-Tex., hurried out a stern letter just hours after the story broke. In a stirring example of American due process, Smith declared that “vendors unwilling to identify themselves publicly are more than likely fraudulent,” and accused ICANN of “failing to weed out fraudulent identifications.”
The IP constituency, and brand owners generally, are obviously unhappy about this situation, (as are groups concerned about phishing) because it makes it harder to recover domain names under the UDRP process, although it is possible using the (more expensive) “secret weapon” of suing the domain name itself, the so-called in rem proceeding. Just wait until they run into the conflict with European privacy laws...
Sponsored byVerisign
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byCSC
Antony:
Nice to see your name! Brian Krebs of WPost has a conversation on this going in his Security blog:
http://blogs.washingtonpost.com/securityfix/2005/12/govt_fake_web_s.html
I would think that the figures are significantly higher. The methodology employed in this “study” seems to be flawed in my opinion.
I posted on this at my blog
The phishers are the more visible infringers, but they are anything but alone in their abuse.
Any estimate as to what percentage of fake or missing domain name registration data would be filled in properly—at least on new registrations—if protection of that data from spammers, etc. was mandatory?
You might be left with only frauds.
I used to give the number of Gamblers Anonymous to anyone whose attentions at parties I deemed unwelcome ...
Didn’t realise there was such a big Registrant data problem; surely it’s the responsibility of the Reseller to ensure data integrity.