News and Updates

GDPR - Territorial Scope and the Need to Avoid Absurd and Inconsistent Results

Domain industry news - Wed, 2018-02-14 17:54

It's not just establishment it's context!

There is an urgent need to clarify the GDPR's territorial scope. Of the many changes the GDPR will usher in this May, the expansion of EU privacy law's territorial scope is one of the most important. The GDPR provides for broad application of its provisions both within the EU and globally. But the fact that the GDPR has a broad territorial scope does not mean that every company, or all data processing activities, are subject to it. Rather, the GDPR puts important limitations on its territorial scope that must be acknowledged and correctly analyzed by those interpreting the regulation for the global business community. Otherwise, it could lead to absurd implementation and bad policy which no one wants.

EU Establishment

In essence:

  • Where registrars are established in the EU, the registrars' use and processing of personal data is subject to the GDPR. That is no surprise to anyone.
  • Where registrars have no establishment in the EU, but offer domain name registration services to data subjects in the EU, the processing of personal data in the context of such offer will also be subject to the GDPR. Again no surprise and logical.
  • However, where a registrar is based outside the EU, without an establishment in the EU, and uses a processor in the EU, such non-EU based registrar (as a controller) will not be subject to the GDPR due to the EU based processor's establishment in the EU. The GDPR only applies to the controller according to Article 3 (1) GDPR where the processor in the EU would be considered the controller's establishment. If the controller uses an external service provider (no group company), this processor will generally not be considered an establishment of the controller. It would only be caught by GDPR if the processing is done "in the context" of that establishment. That is the key, and I'll discuss an example of potentially absurd results if this is not interpreted correctly. NB All obligations directly applicable to the processor under the GDPR will, of course, apply to the EU based processor.


If we look at the example of WHOIS (searchable registries of domain name holders) where there is presently much debate amongst the many and varied actors in the domain name industry over whether public WHOIS databases can remain public under the GDPR. The second part of ICANN's independent assessment of this issue offered an analysis of the GDPR's territorial reach that deserves closer scrutiny. Addressing the territorial limits of the law, the authors state: "Therefore, all processing of personal data is, no matter where it is carried out, within the territorial scope of the GDPR as long as the controller or processor is considered established within the EU; the nationality, citizenship or location of the data subject is irrelevant." In other words, the authors conclude that as long as a controller or processor has an "establishment" in the EU, all processing of personal data it undertakes, regardless of the location or nationality of the data subject and regardless of whether the processing has any nexus to the EU, is subject to the GDPR.

This is wrong. The analysis overlooks key language of the GDPR. Under Article 3.1, the law applies not to any processing that is done by a company that happens to have an establishment in the EU, but to processing done "in the context of" that establishment.

This distinction makes a difference. Imagine, for example, a Canadian company that has an office in Paris. Under the authors' analysis, the GDPR would apply to all processing done by that company simply by virtue of it having a Paris office, whether the data subjects interacting with it were French, Canadian, or even American, whether they accessed the company's services from France, Canada, or the U.S., and even if all the processing occurred outside of the EU. This would be an absurd result inconsistent with the text of the GDPR and sound policy. In order to determine whether the GDPR applies, one must look not only at whether the company has an establishment in the EU but also at whether the processing occurred within the context of that establishment. If the processing occurs in the U.S. or Canada for a Canadian data subject without any link to the EU establishment, clearly the processing is not done in the context of the EU establishment. Thus, the GDPR does not apply.

Understanding the territorial reach — and the limitations of that reach — of the GDPR is critical. The GDPR has the potential to shift global data privacy law and policy. As such, stakeholders must be well-informed on both the substance as well as the reach of the law's protections.

Written by David Taylor, Lawyer, Partner at Hogan Lovells

Follow CircleID on Twitter

More under: Domain Names, ICANN, Law, Policy & Regulation, Privacy, Registry Services, Whois

Categories: News and Updates

WebMD can keep its domain, panel rules

Domain Name Wire - Wed, 2018-02-14 17:18

Infertility company fails in cybersquatting claim for

A World Intellectual Property Organization panel has ruled against Spanish infertility medical company Equipo IVI SL in a dispute over the domain name Equipo IVI argued that WebMD was cybersquatting by owning the domain name.

WebMD did not respond to the cybersquatting complaint. Despite this, the panelist determined that WebMD did not register the domain in bad faith. This was primarily because the complainant did not show that it had trademark rights in IVI at the time was registered in 1992.

It’s not clear when WebMD acquired the domain name. The company was not founded until 1996 and DomainTools’ oldest historical record for the domain is from 2001. This record shows WebMD as the owner.

Had WebMD bothered to respond, it could have poked a lot of holes in Equipo IVI SL’s case. Here is one of the more laughable arguments in Equipo IVI’s filing:

The Respondent, by rejecting the Complainant’s offers prior to the filing of the Complaint and by keeping the disputed domain name inactive since the date of registration, is engaging in passive retention, clearly jeopardising the Complainant and preventing it from providing the products or services corresponding to its business activity;

© 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

Donuts acquires .Travel domain name

Domain Name Wire - Wed, 2018-02-14 14:00

Donuts acquires a sponsored top level domain name for the travel industry.

Top level domain name company Donuts announced today that it has acquired the .travel top level domain name from Tralliance Registry Management Company.

It is the 239th top level domain name that Donuts will operate, but this one is very different from the others.

.Travel is a sponsored top level domain name that was authorized by ICANN in 2005, well before the recent domain expansion took place. As a sponsored domain, it has restrictions not found in new top level domain names. While these restrictions have been watered down over time, registering a .travel domain requires more work than the other domains Donuts sells.

Registrants must have an affiliation with travel. Before registering a domain name they need to obtain a member number from the .Travel registry. This number must be provided to the registrar when registering a domain name.

Perhaps because of this added friction, many large registrars such as GoDaddy do not offer .travel domain names.

As of the end of October, EnCirca and were the top two registrars for .travel with 3,397 and 2,770 names respectively. There were about 18,000 .travel domains registered at the time.

I suspect that Donuts will work to remove the member number requirement and move fully to a post-dispute model in which people can challenge registrants for not meeting eligibility.

The acquisition should end the saga that .travel and its ownership have gone through over the past decade. It puts it in the hands of a well-capitalized registry that has many travel-related domain names such as .flights, .holiday, .tours and .vacations.

© 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

Related posts:
  1. Donuts’ new TLD renewal rates range from 55% to 72%
  2. Inside new top level domain company Donuts
  3. Donuts (finally) wins .Charity dispute, clearing path to .charity domain names
Categories: News and Updates

Illinois Donut Shop Files Trademark Infringement Suit Against Chef Patrick's Mini Doughnut Factory

DN Journal - Wed, 2018-02-14 00:29
After several years in the domain industry Chef Patrick Ruddell & his wife Zezura have been killing it in the doughnut business but now have to poke holes in a lawsuit over their company name.
Categories: News and Updates

Cryptocurrency domains are no longer trending

Domain Name Wire - Tue, 2018-02-13 23:34

From total domination to “where did those go?”.

Verisign released its latest report of the top trending keywords in new .com domain name registrations, and something is noticeably absent for January: cryptocurrency terms.

For months, domain names including terms such as coin and crypto have been on the trending list. But this month none of the top ten spots include these terms.

There are a couple possible reasons for this.

First, the trending terms list looks at the percentage month-over-month increase in domains registered that contain the word. It’s harder to grow percentage-wise as the base gets bigger.

Second, crypto-related domain names have been largely picked over.

You might also argue that interest in cryptocurrencies is starting to wane with price drops, but I wouldn’t write that on a blog like this and have crypto bettors fill up the comments with hate comments.

So what took over for crypto? Take a look:

1. near
2. cell
3. dispensary
4. stem
5. claim
6. centers
7. hole
8. residential
9. nano
10. cane

© 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

Related posts:
  1. For VeriSign, it’s 2009 all over again
  2. Trump drops, Bots soar in latest .Com report
  3. The .Com Cliff is .Coming
Categories: News and Updates

Donuts is shutting down HotKeys next week

Domain Name Wire - Tue, 2018-02-13 18:02

Parking company gets the axe.

Donuts is shuttering domain parking company HotKeys next week, the company announced in an email to clients today.

The new top level domain company acquired HotKeys when it bought Rightside last year.

The service hadn’t been marketed to domainers in a long time and mostly monetized large portfolios from direct relationships as well as Rightside’s own domain portfolio.

After Donuts sold the domain portfolio to GoDaddy, it probably didn’t make sense to continue operating the parking company.

Michael Blend founded HotKeys in 2001 and sold it (along with a portfolio of great domain names) to DemandMedia, which later spun out Rightside.

HotKeys is the second business that Donuts acquired from Rightside that it has announced will close. Last month it announced it was closing RegistrarStats, which had been on life support for many years.

The company is referring clients to Sedo.

© 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

Related posts:
  1. HotKeys: The Domain Parking Service You Don’t Know Yet
Categories: News and Updates

The Future of .COM Pricing

Domain industry news - Tue, 2018-02-13 16:59

When you've been around the domain industry for as long as I have, you start to lose track of time. I was reminded late last year that the 6-year agreement Verisign struck with ICANN in 2012 to operate .com will be up for expiration in November of this year.

Now, I don't for a second believe that .com will be operated by any other party, as Verisign's contract does give them the presumptive right of renewal. But what will be interesting to watch is what happens to Verisign's ability to increase the wholesale cost of .com names.

The 2012 agreement actually afforded Verisign the ability to increase prices by 7%, up to four times over the 6-year course of the contract. However, when the US Commerce Department approved the agreement, it did so without the ability for Verisign to implement those price increases.

At that time, the wholesale price of a .com domain was $7.85, and that's where it stands today with the prices to registrars being frozen. Under the terms of the original 2012 agreement, .com prices could have been as high as $10.26 today had Verisign taken advantage of their price increases.

As an aside, I've long thought that the price of a single .com domain was incredibly inexpensive when you think about it in comparison to other costs of running a business.

While I don't have any concrete insight into whether the price freeze will continue, there is obviously a new administration in Washington DC. Their view on this agreement could be different than the previous administration. Since this administration has come into office, we have seen a number of pro-business initiatives undertaken, so perhaps that will carry over to the Verisign agreement as well.

Another big difference today is that the domain market, in general, is vastly different than it was in 2012 — with the introduction of hundreds of new gTLDs. There are exponentially more alternatives to .com today than there were 6 years ago, so it's possible that too will have an impact on the decision.

With over 131 million registered .com names, it will be interesting to see how a potential increase of a few dollars per name would play out in the market, and the impact that it would have on corporate domain portfolios which are still largely comprised of .com names.

Written by Matt Serlin, SVP, Client Services and Operations at Brandsight

Follow CircleID on Twitter

More under: Domain Names, ICANN

Categories: News and Updates

Why Is It So Hard to Run a Bitcoin Exchange?

Domain industry news - Tue, 2018-02-13 16:42

One of the chronic features of the Bitcoin landscape is that Bitcoin exchanges screw up and fail, starting with Mt. Gox. There's nothing conceptually very hard about running an exchange, so what's the problem?

The first problem is that Bitcoin and other blockchains are by design completely unforgiving. If there is a bug in your software which lets people steal coins, too bad, nothing to be done.

Some environments need software that has to be perfect, or as close as we can make it, such as space probes that have to run for years or decades, and implanted medical devices where a bug could kill the patient. Programmers have software design techniques for those environments, but they generally start with a clear model of what the environment is and what sort of threats the device will have to face. Then they write and test the code as completely as they can, and burn it into a read-only memory in the device, which prevents deliberate or accidental later changes to the code.

Running an online cryptocurrency exchange is about as far from that model as one can imagine. The exchange's web site faces the Internet where one can expect non-stop hostile attacks using rapidly evolving techniques. The software that runs the web site and the databases is ordinary server stuff, reasonably good quality, but way too big and way too dynamic to allow the sorts of techniques that space probes use. Nonetheless, there are plenty of ways to try and make an exchange secure.

A bitcoin exchange receives bitcoins and money from its customers, who then trade one for the other, and later ask for the results of the trade back. The bitcoins and money that the customers have sent stay in inventory until they're returned to the customers. If the exchange closes its books once a day, at that point the bitcoins in inventory (which are public since the bitcoin ledger is public) should match the amount the customers have sent minus the amount returned. Similarly, the amount in the exchange's bank account should match the net cash sent. The thing in the middle is a black hole since with most bitcoin exchanges you have no idea where your bitcoins or cash have gone until you get them back, or sometimes you don't.

To make it hard to steal the bitcoins, an exchange might keep the inventory in a cold wallet, one where the private key needed to sign transactions is not on any computer connected to the Internet. Once a day they might burn a list of bitcoin withdrawals onto a CD, take the CD into a vault where there's a computer with the private wallet key, create and sign the withdrawal transactions, and burn them onto another CD, leave the computer, the first CD, and a copy of the second CD in the vault, and take the second CD to an online computer that can send out the transactions. They could do something similar for cash withdrawals, with a bank that required a cryptographic signature with a key stored on an offline computer for withdrawal instructions.

None of this is exotic, and while it wouldn't make anything fraud-proof, it'd at least be possible to audit what's happening and have a daily check of whether the money and bitcoins are where they are supposed to be. But when I read about the endless stories of crooks breaking into exchanges and stealing cryptocurrencies from hot (online) wallets, it's painfully clear that the exchanges, at least the ones that got hacked, don't do even this sort of simple stuff.

Admittedly, this would slow things down. If there's one CD burned per day, you can only withdraw your money or bitcoins once per day. Personally, I think that's entirely reasonable — my stockbroker takes two days to transfer cash and longer than that to transfer securities, but we all seem to manage.

Written by John Levine, Author, Consultant & Speaker

Follow CircleID on Twitter

More under: Blockchain, Cyberattack, Cybercrime, Cybersecurity

Categories: News and Updates

Will 5G Trigger Smart City PPP Collaboration?

Domain industry news - Tue, 2018-02-13 16:18

As discussed in previous analyses, the arrival of 5G will trigger a totally new development in telecommunications. Not just in relation to better broadband services on mobile phones — it will also generate opportunities for a range of IoT (internet of things) developments that among other projects are grouped together under smart cities (feel free to read 'digital' or 'connected cities').

The problems related to the development 5G infrastructure as well as to smart cities offer a great opportunity to develop new business models for both telecommunications companies as well as for cities and communities, to create win-win situations.

5G will require a massive increase in the number of infrastructure access points in mobile networks; many more towers and antennas will need to be installed by the telecommunications companies to deliver the wide range of services that are becoming available through this new technology. Furthermore, all the access points need to be connected to a fibre optic network to manage the capacity and the quality needed for the many broadband services that will be carried over it.

This is ideal network structure for cities which require a very dense level of connectivity, but cities don't have the funds to make that happen. So telecommunications companies working together with cities could be a win-win situation.

Cities that do have a holistic and integrated smart city strategy in place can take a leadership role by developing the requirements needed for a city-wide digital infrastructure that can provide the social and economic benefits for its citizens. The critical element of an integrated strategy is that it must cut through the traditional bureaucratic silo structures.

5G is an ideal technology for a range of city-based IoT services in relation to energy, environment, sustainability, mobility, healthcare, etc. Mobile network infrastructure (incl 5G) will generally follow the main arteries and hotspots of the city, where there at the same time is usually a range of city- and utilities-based infrastructure that can be used for 5G co-location. IoT is also seen by the operators as a new way to move up the value chain.

But if we are looking at 5G as potential digital infrastructure for smart cities, the cities infrastructure requirements will need to be discussed upfront with the network operators who are interested in building 5G networks. By working with the cities, these operators instantly get so-called anchor tenants for their network, which will help them to develop the viable business and investments models needed for such a network. The wrong strategy would be put the requirements of the telecommunications before that of the cities.

The development of 5G will take a decade or so (2020-2030), and it is obvious that cities that already have their strategic (holistic) smart city plans ready are in a prime position to sit down with the operators; and they will be among the first who will be able to develop connected cities for their people. This will, of course, create enormous benefits and will attract new citizens and new businesses, especially those who understand the advantages of living or being situated in such a digital place.

MVNOs (mobile virtual network operators) are another potential winner in this development — they could specialise in what is needed to create a smart city, smart community, smart precinct, etc.

Telecommunication companies AT&T and Verizon in the USA clearly see the opportunities to work with cities, however, this is mainly based on getting easy access to valuable city real estate to install thousands of new antennas rather than looking at this infrastructure development from a city perspective. There is even some bullying involved by threatening that cities will be left behind if they don't jump onboard their 5G plans.

The city of Knoxville in Tennessee is another early starter here. In this case, the city has taken the initiative, but so far it has still been looked at as a technology project rather than that they are looking at this in a holistic strategic way; what 5G infrastructure can do in relation to broader social and economic benefits for the city.

My concerns are that these developments are driven by the technologists and operators, not by a holistic and strategic city approach and that in general these developments are limited to providing 5G mobile access in the traditional mobile phone scenario. Of course, this is also good for the city, but with strategic planning, there is so much more that can be achieved.

My argument is that cities need to take the leadership to turn this opportunity into much broader social and economic benefits within the context of developing smart cities.

A smaller but much smarter city-based development is taking place in the Botanical Gardens in Sydney, Australia. LED lighting poles will be installed to host the 4G mobile antennas that are upgradable to 5G once commercial use of this technology becomes more viable. The nodes will also provide free high‐speed Wi‐Fi through the space, as well as featuring general purpose power points, electric vehicle charge points, and Ranger Assist pushbuttons.

Such an approach also opens up opportunities for much broader collaboration projects (energy companies, transport organisations, businesses, community groups, e). This will increase the benefits and decrease the costs. Having said this, it is well-known that it is not easy to get companies to genuinely collaborate (especially with telecoms operators and large international technology firms). Nevertheless, with 5G around the corner, this could become an excellent vehicle for Private, Public, People, Partnerships.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Internet of Things, Mobile Internet, Telecom, Wireless

Categories: News and Updates

Much Ado about Carrillo sues bus company after bad UDRP decision

Domain Name Wire - Tue, 2018-02-13 16:06 owner sues to retain ownership of and asks for a finding of reverse domain name hijacking.

Francois Carrillo, the owner of domain blog aggregator, has sued (pdf) Mexican bus company Autobuses dr Oriente ADO, S.A. de C.V. after a UDRP panel ordered his domain transferred. He is seeking the UDRP to be overturned and is asking for a penalty for reverse domain name hijacking.

The World Intellectual Property Organization UDRP decision came as a shock as the panelists handed over a valuable three-letter domain name to a Mexican company that Carrillo, who lives in France, said he hadn’t heard of when he bought the domain name. The decision also had misstatements about pricing of domain names.

The suit questions claims made by the bus company in its UDRP complaint such as the existence of U.S. trademarks. It also points out that the bus company’s lawyer in the UDRP was also an accredited UDRP panelist, suggesting potential bias by the three peer panelists. The ability for lawyers to serve as counsel in UDRP cases while also being accredited panelists is a big issue for UDRP fairness.

David Weslow of Wiley Rein LLP is representing Carrillo. Weslow has handled several similar cases that resulted in the original UDRP complainant paying to settle the case.

The case was filed in Denver because the bus company agreed to submit itself to jurisdiction there when it filed the UDRP; it is the location of NameBright, which is the registrar of record for

© 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

Related posts:
  1. Wow: check out this panelist’s scathing finding of Reverse Domain Name Hijacking
  2. Brazilian company guilty of reverse domain name hijacking
  3. Weeds, Inc, which is suing to get, engaged in reverse domain name hijacking
Categories: News and Updates

Suggestions for the Cuba Internet Task Force

Domain industry news - Tue, 2018-02-13 15:18

The Cuba Internet Task Force (CITF) held their inaugural meeting last week.

Deputy Assistant Secretary for Western Hemisphere Affairs John S. Creamer will chair the CITF, and there are government representatives from the Department of State, Office of Cuba Broadcasting, Federal Communications Commission, National Telecommunications and Information Administration and Agency for International Development. Freedom House will represent NGOs and the Information Technology Industry Council will represent the IT industry.

They agreed to form two subcommittees — one to explore the role of media and freedom of information in Cuba and one to explore Internet access. The subcommittees are to provide preliminary reports of recommendations within six months, and the CITF will reconvene in October to review those preliminary reports and prepare a final report with recommendations for the Secretary of State and the President.

They are soliciting public comments, looking for volunteers for service on the subcommittees and have established a Web site.

I may be wrong, but it sounds like the subcommittees will be doing much of the actual work. The subcommittee on technological challenges to Internet access will include US technology firms and industry representatives and the subcommittee on media and freedom of information will include NGOs and program implementers with a focus on activities that encourage freedom of expression in Cuba through independent media and Internet freedom. They aim to maintain balance by including members from industry, academia and legal, labor, or other professionals.

I hope the subcommittee on media and Internet freedom resists proposals for clandestine programs. Those that have failed in the past have provided the Cuban government with an excuse for repression and cost the United States money and prestige. Both the Cuban and United States governments have overstated what their impact would have been had they succeeded.

Cuba's current Wi-Fi hotspots, navigation rooms, home DSL and 3G mobile are stopgap efforts based on obsolete technology, and they provide inferior Internet access to a limited number of people. (El Paquete Semanal is the most important substitute for a modern Internet in Cuba today).

It would be difficult for the subcommittee on technological challenges to devise plans or offer support for activities the current Cuban government would allow and be able to afford. That being said, the situation may ease somewhat after Raúl Castro steps down in April. Are there short-run steps Cuba would be willing to take that we could assist them with?

For example, the next Cuban government might be willing to consider legitimizing and assisting some citizen-implemented stopgap measures like street nets, rural community networks, geostationary satellite service and LANs in schools and other organizations.

They might also be willing to accept educational material and services like access to online material from Coursera or LAN-based courseware from MIT or The Khan Academy. (At the time of President Obama's visit, Cisco and the Universidad de las Ciencias Informaticas promised to cooperate in bringing the Cisco Network Academy to Cuba, but, as far as I know, that has not happened).

The US requires Coursera and other companies to block Cuban access to their services. That is a policy we could reverse unilaterally, without the permission of the Cuban government.

Google is the only US Internet company that has established a relationship with and been allowed to install infrastructure in Cuba. The next Cuban administration might be willing to trust them as partners in infrastructure projects like, for example, providing wholesale fiber service or establishing a YouTube production space in Havana. Cuba could also serve as a test population for Google services optimized for low-bandwidth networks.

These are short-term, stopgap measures. In the long run, Cuba should investigate opportunities for leapfrogging — planning for technology like 5G wireless and low-Earth orbit satellites that will be available in, say, five years. Our mobile phone companies and nascent satellite ISPs SpaceX and OneWeb may have significant offerings in five years — might Cuba be willing to work with them?

Long-run steps like these would require Cuba's leapfrogging regulatory and infrastructure-ownership policy. The ITU defines four generations of regulation and Cuba is one of few first generation nations — might the Cuban government be willing to make policy changes in five years?

Written by Larry Press, Professor of Information Systems at California State University

Follow CircleID on Twitter

More under: Access Providers, Internet Governance, Policy & Regulation

Categories: News and Updates

Automation for Physical Devices: the Holy Grail of Service Provisioning

Domain industry news - Tue, 2018-02-13 14:19

Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) are finally starting to pick up momentum. In the process, it is becoming clear that they are not the silver bullet originally advertised to be.

While great for some use cases, emerging technologies like SDN and NFV have been primarily designed for virtual greenfield environments. Yet large service providers continue to run tons of physical network devices that are still managed manually.

Based on discussions with senior executives at various service providers, the industry is gearing towards service agility and minimizing Operating Expenses (OPEX) through automation. But as fully automated workflows typically involve also physical network devices at select phases of the process, most network infrastructure vendors have been unable to go the whole nine yards together with their clients.

One of the obvious reasons why carriers have been hesitant to embrace automation is that any automated process is only as strong as its weakest link. By having to resort to manual steps towards the end of the process, the service agility suffers.

But perhaps even more importantly, partial automation abilities will diminish OPEX savings and limit the number of possible business cases. This is why automation for physical network devices is becoming the holy grail of service provisioning.

Enter Ansible – the Network Robot

Traditional orchestrators such as Chef, Puppet and Jenkins require physical agents to be installed on the managed devices. For large service providers with tens of thousands of devices to manage, this model is simply not practical. But over the last six months, the traditional approach has started giving way to agentless orchestration based on standard protocols such as SSH and SCP.

Pioneered by Red Hat with its Ansible network module, service providers are now able to weave the management of physical devices into their lifecycle orchestration models. For practical purposes, this is almost like placing a robot onto a network technician's seat, ensuring that changes to physical network devices are carried out automatically.

Because Ansible is an open source solution backed up by nearly every major vendor in the industry, the breadth of the ecosystem also enables valuable multi-vendor scenarios. This is important because it allows automated processes to run all the way from cloud portals to the physical devices on the ground. Given some time, this will be nothing less than revolutionary in unleashing the digital transformation.

Spreadsheets that Choked the Robot

The curious thing about network management is that there are typically no sophisticated solutions in place for managing VLAN spaces, Virtual Routing Functions (VRFs) and their connections with logical networks. Instead, the most common tool used for this purpose is a humble spreadsheet.

Considering that automated management of physical network devices relies heavily on assigning suitable VLANs, networks, and device-specific configuration parameters, the last manual hurdle for automated network services is the spreadsheet used to manage them. Without a backend from which to query all these properties, initiatives aimed at end-to-end automation are likely to hit a wall.

To eliminate the spreadsheets that choke the network robots, orchestrators need a single backend they can use to obtain all network-related data needed to configure devices. Here is a simple three-step methodology for unleashing the network robot:

1) Merge the entire network structure including logical networks, VLAN spaces and VRFs into a unified management system. This backend should provide all orchestrators with a simple REST-based API from which they can query free network resources and device-specific configurations automatically.

2) To ensure smooth end-to-end automation across various operational silos, make sure that the unified management system has a flexible data structure that accommodates different automation use cases. In the future, service automation is likely to give birth to entirely new network services, so having a high level of adaptability will be the key in enabling entirely new use cases.

3) Whenever automated changes are effected in the network, the unified management system should provide a single source of truth for all network information ensuring visibility, audit trails and compliance. This is an important consideration because otherwise, the engineers will lose the visibility they have come to enjoy while tasks have been carried out manually.

Although it has taken more than half a decade to reach this point, it now appears that emerging technologies are becoming mature enough to take a leapfrog into digital transformation. Looking into the 2020s, this will not only change the dynamics of the service provisioning industry, but also power innovation among the companies that leverage the next generation of digital platforms implemented today.

Written by Juha Holkkola, Co-Founder and Chief Technologist at FusionLayer Inc.

Follow CircleID on Twitter

More under: Broadband, Cloud Computing, Data Center, Internet of Things, Networks, Telecom

Categories: News and Updates

Bank files lawsuit after domain owner forwards domain to UDRP decision

Domain Name Wire - Mon, 2018-02-12 21:55

Marathon Savings Bank lost a UDRP for, so it’s trying a federal lawsuit instead.

Marathon Savings Bank, located in Wisconsin, has sued (pdf) Affordable Webhosting, Inc. for cybersquatting after losing a UDRP to get the domain name The bank uses the domain name

It filed a UDRP against Affordable Webhosting on September 27. A single-member WIPO panel determined that the bank “has not proved by a preponderance of evidence” that the domain was registered in bad faith.

After the UDRP decision, Marathon says that the defendant forwarded the domain to a website that featured Donald Trump’s tweets.

Marathon sent a cease & desist letter to Affordable Webhosting on January 26, 2018. At that point, the company decided to forward the domain name to the WIPO UDRP decision in the case.

The bank says “Such actions were clearly intended to annoy and harass Marathon”.

That’s an interesting claim to make given the result of the UDRP.

It’s worth noting that federal lawsuits are different from UDRP and the bank will have the opportunity to depose the domain owner.

© 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

Related posts:
  1. WorldWide Media Sues to Retain
  2. Why BuyDomains’ lawsuit over makes sense
  3. Lawsuit filed after UDRP, and it’s an interesting case
Categories: News and Updates

UK's Government Websites Infected by Cryptocurrency Mining Malware

Domain industry news - Mon, 2018-02-12 20:57

Thousands of websites are reported to have been infected by malware over the weekend forcing visitors' computers to mine cryptocurrency while using the sites. The affected websites include UK's National Health Service (NHS), the Student Loans Company and several English councils. Patrick Greenfield reporting in the Guardian: "The cryptojacking script was inserted into website codes through BrowseAloud, a popular plugin that helps blind and partially-sighted people access the web. More than 5,000 websites have been flooded by the malware. Software known as Coinhive, which quietly uses the processing power of a user's device to mine open source cryptocurrency Monero, appears to have been injected into the compromised BrowseAloud plugin."

Follow CircleID on Twitter

More under: Blockchain, Cyberattack, Cybercrime, Malware

Categories: News and Updates

IDC Predicts Blockchain Spending in the Middle East and Africa to More than Double in 2018

Domain industry news - Mon, 2018-02-12 20:16

Spending on blockchain solutions in the Middle East and Africa (MEA) will more than double this year, according to the latest insights from International Data Corporation. Megha Kumar, IDC's research director for software in the Middle East, Africa, and Turkey: "There is clearly an immense amount of interest around distributed ledger technologies (DLT) in the region. This is being driven by the pressing need for organizations to improve their efficiency, agility, security, and integrity. In 2018, we expect more organizations across MEA to move beyond the evaluation and proof-of-concept phase to pilots and even deployments."

"IDC expects blockchain spending in MEA to reach $307 million in 2021, which represents a compound annual growth rate (CAGR) of 77.4% for the 2016-2021 period. While various industries are evaluating the use of blockchain, IDC research suggests the region's public sector (including government, education, and healthcare) will spend an estimated $120.8 million in this space in 2021, accounting for 39.2% share. It will be followed by the financial services sector at 35.5% and the distribution and services sector at 14.1%."

"From a technology perspective, IDC's forecast shows services (IT services and business services) accounting for 52.7% of MEA blockchain spending in 2021. Blockchain software platforms will be the biggest and fastest-growing category in the software space over the coming years, while cloud will be the fastest-growing component in terms of hardware."

Follow CircleID on Twitter

More under: Blockchain

Categories: News and Updates

Software-Defined Networking: What's New, and What's New for Tech Policy?

Domain industry news - Mon, 2018-02-12 17:40

The Silicon Flatirons Conference on Regulating Computing and Code is taking place in Boulder. The annual conference addresses a range of issues at the intersection of technology and policy and provides an excellent look ahead to the tech policy issues on the horizon, particularly in telecommunications.

I was looking forward to yesterday's panel on "The Triumph of Software and Software-Defined Networks", which had some good discussion on the ongoing problem surrounding security and privacy of the Internet of Things (IoT); some of the topics raised echoed points made on a Silicon Flatirons panel last year. My colleague and CITP director Ed Felten made some lucid, astute points about the implications of the "infiltration" of software into all of our devices.

Unfortunately, though (despite the moderator's best efforts!), the panel lacked any discussion of the forthcoming policy issues concerning Software-Defined Networking (SDN); I was concerned with some of the incorrect comments concerning SDN technology. Oddly, two panelists stated that Software Defined Networking has offered "nothing new". Here's one paper that explains some of the new concepts that came from SDN (including the origins of those ideas), and another that talks about what's to come as machine learning and automated decision-making begin to drive more aspects of network management. Vint Cerf corrected some of this discussion, pointing out one example of a fundamentally new capability: the rise of programmable hardware. One of same panelists also said that SDN hasn't seen any deployments in the wide-area Internet or at interconnection, a statement that has many counter-examples, including projects such as SDX (and the related multi-million dollar NSF program), Google's Espresso and B4, and Facebook's Edge Fabric to name just a few of the public examples.

Some attendees commented that the panel could have discussed how SDN, when coupled with automated decision-making ("AI" in the parlance du jour) presents both new opportunities and challenges for policy. This post attempts to bring some of the issues at the intersection of SDN and policy to light. I address two main questions:

  1. What are the new technologies around SDN that people working in tech policy might want to know about?;
  2. What are some interesting problems at the intersection of SDN and tech policy?

The first part of the post summarizes about 15 years of networking research in three paragraphs, in a form that policy and law scholars can hopefully digest; the second part of the post are some thoughts about new and interesting policy and legal questions — both opportunities and challenges — that these new technologies bring to bear.

SDN: What's New in Technology?

Software-defined networking (SDN) describes a type of network design where a software program runs separately from the underlying hardware routers and switches can control how traffic is forwarded through the network. While in some sense, one might think of this concept as "nothing new" (after all, network operators have been pushing configuration to routers with Perl scripts for decades), SDN brings several new twists to the table:

  1. The control of a collection of network devices from a single software program, written in a high-level programming language. The notion that many devices can be controlled from a single "controller" creates the ability for coordinated decisions across the network, as opposed to the configuration of each router and switch essentially being configured (and acting) independently. When we first presented this idea for Internet routing in the mid-2000s, this was highly controversial, with some even claiming that this was "failed phone company thinking" (after all, the Internet is "decentralized"; this centralized controller nonsense could only come from the idiots working for the phone company!). Needless to say, the idea is a bit less controversial now. These ideas have taken hold both within the data center, in the wide area, and at interconnection points; technology such as the Software Defined Internet Exchange Point (SDX) makes it possible for networks to exchange traffic only for specific applications (e.g., video streaming), for example, or to route traffic for different application along different paths.
  2. The emergence of programmable hardware in network devices. Whereas conventional network devices relied on forwarding performed by fixed-function ASICs, the rise of companies such as Barefoot Networks have made it possible for network architects to customize forwarding behavior in the network. This capability is already being used for designing network architectures with new measurement and forwarding capabilities, including the ability to get detailed timing information of individual packets as they traverse each network hop, as well as to scale native multicast to millions of hosts in a data center.
  3. The rise of automated decision making in network management ("AI Meets Networking"). For years, network operators have applied machine learning to conventional network security and provisioning problems, including the automated detection of spam, botnets, phishing attacks, bullet-proof web hosting, and so forth. Operators can also use machine learning to help answer complex "what if" performance analysis questions, such as what would happen to web page load or search response time if a server was moved from one region to another, or if new network capacity was deployed. Much of this work, however, has involved developing systems that perform detection in an offline fashion (i.e., based on collected traces). Increasingly, with projects like Google Espresso and Facebook Edge Fabric, we're starting to see systems that close the loop between measurement and control. It likely won't be long before networks begin making these kinds of decisions based on even more complex inputs and inferences.

SDN: What's New for Tech Policy?

The new capabilities that SDN offers present a range of potentially challenging questions at the intersection of technology, policy, and law. I've listed a few of these interesting possibilities below:

  • Service Level Agreements. A common contractual instrument for Internet Service Providers (ISPs) is the Service Level Agreement (SLA). SLAs typically involve guarantees about network performance: packet loss will never exceed a certain amount, latency will always be less than a certain amount, and so forth. SDN presents both new opportunities and challenges for Service Level Agreements. On the opportunity side, SDN creates the ability for operators to define much more complex traffic forwarding behavior — sending traffic along different paths according to destination, application, or even the conditions of individual links along and end-to-end path at a particular time.

    Yet, the opportunity to create these types of complex SLAs also presents challenges.When all routing and forwarding decisions become automated, and all interconnects look like Google Espresso, where an algorithm is effectively making decisions about where to forward traffic (perhaps based on a huge list of features ranging from application QoE to estimates of user attention, and incorporated into an inscrutable "deep learning" model), how does one go about making sure the SLA continues to be enforced?What new challenges and opportunities do the new capabilities of programmable measurement bring for SLAs? Some aspects of SLAs are notoriously difficult to enforce today.

    Not only will complex SLAs become easier to define, the rise of programmable measurement and advancements in network telemetry will also make SLAs easier for customers to validate. There are huge opportunities in the validation of SLAs, and once these become easier to audit, a whole new set of legal and policy questions will arise.

  • Network Neutrality. Although the Federal Communication Commission (FCC)'s release of the Restoring Internet Freedom order earlier this year effectively rescinds many of the "bright line rules" that we have come to associate with net neutrality (i.e., no blocking, no throttling, no paid prioritization), the order actually leaves in place many transparency requirements for ISPs, requiring ISPs to disclose any practices relevant to blocking, throttling, prioritization, congestion management, application-specific behavior, and security. As with SLA definition and enforcement, network neutrality — and particularly the transparency rule — may become more interesting as SDN makes it possible for network operators to automate network decision-making, as well as for consumers to audit some of the disclosures (or lack thereof) from ISPs. SDX allows networks to make decisions about interconnection, routing, and prioritization based on specific applications, which creates new traffic management capabilities that raise interesting questions in the context of net neutrality; which of these new capabilities would constitute an exception for "reasonable network management practices", and which might be viewed as discriminatory?

    Additionally, the automation of network management may make it increasingly difficult for operators to figure out what is going on (or why?), and some forwarding decisions may be more difficult to understand or explain if they are driven by a complex feature set and fully automated. Figuring out what "transparency" even means in the context of a fully automated network is a rich area for exploration at the intersection of network technology and telecommunications policy. Even things seemingly as simple as "no blocking" get complicated when networks begin automating the mitigation of attack traffic, or when content platforms begin automating takedown requests. Does every single traffic flow that is blocked by a network intrusion detection system need to be disclosed? How can ISPs best disclose the decision-making process for each blocking decision, particularly when either (1) the algorithm or set of features may be difficult to explain or understand; (2) doing so might aid those who aim to circumvent these network defenses?

Virtualization: A Topic in Its Own Right. The panel moderator also asked a few times about policy and legal issues that arise as a result of virtualization. This is a fantastic question that deserves more attention. It's worth pointing out the distinction between SDN (which separates network "control plane" software from "data plane" routers and devices) from virtualization (which involves creating virtual server and network topologies on a shared underlying physical network). In short, SDN enables virtualization, but the two are distinct technologies. Nonetheless, virtualization presents many interesting issues at the intersection of technology and policy in its own right. For one, the rise of Infrastructure as a Service (IaaS) providers such as Amazon Web Services, as well as other multi-tenant data centers, introduce questions such as how to enforce SLAs when isolation is imperfect, as well as how IaaS providers can be stewards of potentially private data that may be subject to takedown requests, subpoenas, and other actions by law enforcement and other third parties. The forthcoming Supreme Court case, Microsoft vs. United States, concerning law enforcement access to data stored abroad. Does the data actually live overseas, or this merely a side effect of global, virtualized data centers? As virtualization is a distinct topic from SDN, the policy issues it presents warrant a separate (future) post.

In summary, SDN is far from old news, and the policy questions that these new technologies bring to bear are deeply complex and deserve a careful eye from experts at the intersection of policy, law, and technology. We should start these conversations now.

Written by Nick Feamster, Professor at Princeton University

Follow CircleID on Twitter

More under: Networks, Policy & Regulation

Categories: News and Updates

What's So Outrageous Asking High Prices for Domain Names?

Domain industry news - Mon, 2018-02-12 17:28

Panels appointed to hear and decide disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP) have long recognized that three letter domains are valuable assets. How investors value their domains depends in part on market conditions. Ordinarily (and for good reason) Panels do not wade into pricing because it is not a factor on its own in determining bad faith.

That is why a Panel of distinguished members' decision to transfer <> — Autobuses de Oriente ADO, S.A. de C.V. v. Private Registration / Francois Carrillo, D2017-1661 (WIPO February 1, 2018) — received what in polite society is known as a "Bronx Cheer." Morgan Linton headlined: " is lost in a UDRP due to its $500,000 price tag the same day sells for $500,000." Andrew Allemann's blunt comment in DomainNameWire was "WIPO panel screws owner Francois Carrillo out of" (explaining that the Panel gave improper weight to the price). And Raymond Hackney declares that "The decision brings up another potential problem" (referring to the logo analysis that the three-member Panel found persuasive in reaching its decision).

The single most prominent reason long-held domain names are lost is the failure to properly curate (by which I mean populating the website with bad faith content from which registration in bad faith can be inferred). Price is not a factor for bad faith without concrete proof of the 4(b)(i) elements, yet in Autobuses de Oriente price was elevated as a prominent factor. The Panel also condemned Respondent because it was passively holding <> and offering it for sale on a page that included other domain names each with a designed logo. Passive holding, too, a not a factor when considered alone; but when combined with other factors bad faith registration can be inferred.

Does the Autobuses de Oriente decision deserve the universal condemnation it has received? (The three industry bloggers noted above are of the view the Panel put their combined fingers on the scale, and I think that criticism is fair). What constitutes concrete and "fake" evidence is worth exploring because it makes investors (large and small) of random letter domain names vulnerable to Complainants who claim the letters are not random but infringing.

No doubt, this is a difficult area for Panels. 2017 saw some notable decisions on three-letter domain names, going both ways. <> was lost, but <dll> was not. What we know from the summary of the record in Autobuses de Oriente is that Respondent acquired <> in 2012 from an earlier holder whose website (allegedly) contained infringing links to transportation. Ordinarily, a successor is not held responsible for its predecessor's conduct, as long as it does not continue the bad faith after its acquisition (my emphasis). Here, the Panel conjectured that even if Respondent did not know of Complainant's (allegedly) "famous" mark, it was guilty of "willful blindness":

[It] does not excuse willful blindness in this case, as it seems apparent from the record that even a cursory investigation by Respondent would have disclosed Complainant's mark especially given the use made of the Domain Name of which Respondent was aware when negotiating for the Domain Name.

But, what would a "cursory investigation" have revealed? Well, it would have revealed that the website contained links to transportation, but up to that point in time there had been no UDRP claims from Autobuses de Oriente, so why would an investor (or any ordinary registrant for that matter) "know" that the links were infringing? To have determined that the domain name violated anyone's statutory rights would have required a deeply focused investigation. It is a fundamental principle of UDRP jurisprudence that registrants are not condemned for failing to research whether second-level domains violate third-party rights.

Regrettably, the distinguished Panel failed to examine the evidence carefully. Of course, Complainant would not admit 1) it was one of close to a hundred companies that use the ADO mark alone or combined with other words in various designs and logos; 2) it has no particular fame except in Mexico (notwithstanding the bogus reference to a country code decision); and 3) many other companies highlight their ADOs in red. The Panel bought the presentation (which I have to admit is very good) hook, line, sinker. As far as investors are concerned, ADO is an attractive three-letter string. There would have been no clues that five years after its acquisition a minor Mexican corporation in the transportation business would jump on it with a bogus claim of infringement. The decision (frankly) makes no sense! (This is one good reason for there to be an administrative appeal built into the UDRP process).

If the standard for judging bad faith were what a "cursory investigation" reveals, then no investor of short letter strings, dictionary words, common phrases, etc. would ever be safe. The Panel (1) did not know the Complainant lied that it had a U.S. trademark (its two trademarks have been dead since 2007); 2) it bought into the assertion that a single country code decision that Complainant's ADO mark was "famous" translated into International fame, and that fame is achieved by having a couple of EU trademarks and dead US marks; and 3) and paid no attention to the fact there are numerous ADO logos in all kinds of designs that are highlighted in red. The fact that Respondent designed a red logo as a selling tool that Complainant claims is so similar that it supports cybersquatting is laughable! But, the Panel bought it!

Assume for the moment Respondent knew (or suspected) there was a Mexican company with an ADO mark, but nevertheless (because he noticed it was popular in the marketplace) saw an opportunity to acquire a valuable three-letter domain name that was marketable to numerous business already operating or who would find it attractive in the future. We already know that almost a hundred companies have already found it attractive. Instead of assuming Respondent knew about Complainant, assume he knew there were numerous companies using that name and he thought to himself "Hmmm, if so many companies already use ADO maybe it would be a good bet that others will come along in the future."

The USPTO database reveals for ADO there are 7 live registrations (none by Claimant) and 2 dead (both by Claimant). In the EU database, there are 74 registrations for ADO, of which numerous are red colored logos comprising letter or acronym marks. I will return to this in a moment. First, about lying where the signatory certifies, it is telling the truth. Panels are at a disadvantage unless brought to their attention that a party is lying. Panels are at a disadvantage unless brought to their attention that a party is lying. (Rule 3(b)(xiv) for complainant and 5(b)(viii for respondent requires certification that the statements are truthful). When the certification is made by prominent and well-respected counsel, and lies have not been detected, Panels accept the allegations because of the source of the certification. (This should be a lesson the respondents to be careful when responding to complaints, namely "check the facts"). But, acceptance of a lie does not convert it into truth.

Unfortunately, the Panel in Autobuses de Oriente was also persuaded by false facts masquerading as elements (namely prices) and by dishonest reasoning of similarity of logos. Triers-of-fact have to be careful to avoid adopting subjective inferences. How does a trier-of-fact distinguish subjective (proposed inferences) from objective (measurable) facts?

Let me deal first with prices: (not surprisingly) trademark owners have for the twenty years of UDRP's existence formed a chorus condemning prices of domain names corresponding to their marks as being "unreasonable," "exorbitant," "outrageous," "disproportionate," "excessive," and "high." For Autobuses de Oriente $500,000 was "outrageous." But, as Mr. Linton noted, on the same day the Panel ruled for Autobuses de Oriente another 3-letter domain was sold for the same "outrageous" price. It should not be a Panel's role to determine that a price is too high or to accept a complainant's statement that it is disproportionate to other domain names held by an investor, but that is precisely what the Complainant argued, and the Panel accepted, as though true:

In view of this current use of the Domain Name, which it is offered for sale at a price of USD 500,000, far in excess of Respondent's purchase price and, moreover, as compared to other similar three or four letter domain names in Respondent's portfolio (which were listed at a vastly lower sum), the Panel determines that the Domain Name is being used in bad faith.

Significantly (although not mentioned by the Panel) was that at the time Respondent purchased <> there was no claim it was an infringing domain name. If there had been demands from Autobuses de Oriente and Respondent knew that a particular mark owner was complaining about the infringing PPCs or Complainant was the only business with the ADO mark it would be understanding that the domain name be forfeited. But that Complainant was one of a hundred; that's absurd! From this "fact" (that Respondent must have known the content was infringing), the Panel concluded Respondent was guilty of "willful blindness." (As an aside, it could be suggested that the epithet is more properly applied to the Panel!) And, from this finding, the Panel drew its extraordinary conclusion that Respondent registered and was using the domain name in bad faith and gave it to Complainant.

The decision in Autobuses de Oriente for all its seeming scholarship and lawyer-like analysis is badly reasoned, accepted Complainant's "facts" as true and produced a decision that is inconsistent with UDRP jurisprudence. For reasons I think I can understand, the Panel was mesmerized by Counsel's brilliant (illusionist) performance in hiding the duplicity of Complainant's argument on prices and its totally bogus analysis of icons.

Complainant alleges (as summarized by the Panel):

The website to which the Domain Name resolves features a logo that prominently displays Complainant's ADO trademark in red capital letters, similar to the distinctive and famous features of Complainant's mark, along with the phrase "Do you like this domain? Make an offer!'', thereby communicating that the Domain Name is being auctioned for sale or rent.

(As an aside, the allegation that Complainant's mark was "distinctive and famous" is itself bogus. It comes from a ruling in an .mx country code dispute, so its "fame" has never been recognized Internationally; and whatever "fame" it may have is merely territorial. It has no fame in the U.S. where it has no trademarks). In fact, Complainant had no trademarks in the EU that predated Respondent's registration of <> (private discussion with Zak Muscovitch, Respondent's counsel).

Turning to the logo analysis. Complainant argued and the Panel accepted without demur that Respondent's design was (allegedly, on its face no less!) "similar to the distinctive and famous features of Complainant's mark." Hogwash as I have heard is said in polite society! Are they really? This is what Complainant offered as proof:

By making the making the logos the same size Complainant creates the illusion they are more alike than they really are. The sizing is a litigator's artiface. Do these logos resemble each other because they are both colored red? Is it really an objective view to say that the designs are alike, when to me they are completely different in design! A review of EU trademarks shows 74 registrants of ADO, many of them with logos and many distinguished by being designed with red or mixed color highlighting. I have selected several of the red logos not owned by Complainant (the search was made in Europa Search Availability):

These various ADOs are registered by businesses other than Complainant's. In the U.S. there is:

Does complainant claim a monopoly on the red coloring as well as the three-letter string? Obviously not! However, the madness of the method is that Complainant has recently registered (May 7, 2017) a new trademark indicating an enlargement of its market:

What more perfect ploy than to allege that an earlier registered domain name corresponding to the mark that is now going "Global" is cybersquatting! What is apparent is that Respondent's design is simply a design among many possibilities. Complainant offered several more examples of designs (allegedly) "similar" to other marks for short string marks in Respondent's inventory. These other examples are similarly subjective assessment, but the Panel bought it with the result that it forfeited ADO to Complainant. (See my note on bias below).

This case is a perfect candidate for an action under the Anticybersquatting Consumer Protection Act. (NOTE: A UDRP award is not an "arbitration" as envisioned by the Federal Arbitration Act Parisi v. Netlearning, Inc. 139 F. Supp. 2d 745 (E.D.Va. 2001), but if it were the issue of bias would be a reason for vacating the award. Although UDRP panelists certify they have no conflict of interest (which they may not with regard to the particular matter for which they are being appointed), however, bias is nevertheless present where panelists are active in representing clients who would benefit from a decision in favor of trademark owners).

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

Follow CircleID on Twitter

More under: Domain Management, Domain Names, UDRP

Categories: News and Updates

Tips to avoid getting scammed

Domain Name Wire - Mon, 2018-02-12 16:00

Here are some tips to limit the chances you fall for a scam.

Domain investor Richard Dynas posted a story on NamePros yesterday about getting scammed in a domain name transaction. He paid for a domain name that a scammer didn’t own.

Dynas is embarrassed, and when you read his story you will understand why. There was not just a single red flag in this transaction; there was a sea of red flags. Burning hot red flags.

But we’ve all been scammed, suckered, or made a bad deal in life.

One story I tell is being duped out of twenty bucks in San Francisco. I was in line to enter a parking lot and the lot attendant was collecting the $20 entrance fee. The three cars in front of me paid, then it was my turn. I pulled up, he handed me a yellow dashboard ticket and asked for $20, and I handed it over.

As I was parking I saw the official parking lot company van pull in and the “attendant” ran off.

What just happened? That guy was the attendant. He had an official-looking windbreaker on. He had the yellow tickets. Everyone else paid him.

But we’d all been duped by some random guy who made $80 in about five minutes.

It was only $20 bucks, but you get that nasty feeling in the pit of your stomach when you get duped. And you learn lessons from it to make sure it doesn’t happen again.

So kudos to Dynas for posting his story. And here are some of my tips to reduce the chances that you get scammed in a domain name transaction:

1. Look at historical Whois. This is a must, especially when the domain has Whois privacy as in this case. Had Dynas looked at the historical records he would have seen a mismatch with the person he was dealing with. Perhaps the person would have explained away the difference…which is why, if the dollar amount is more than a threshold you’re comfortable with losing, I strongly recommend contacting the prior owner of the domain.

Many years ago I almost bought a stolen domain. Before I completed the transaction I viewed the historical Whois and contacted the prior owner. He told me that the domain was stolen.

I realize that DomainTools is expensive. But you can also get historical Whois records from DomainIQ for much less money. The money is worth it.

2. Understand that email addresses can be faked. Anyone can send email from many unprotected domains. The scammer in this case was clever; they sent “proof” from an email address at the domain that started with noreply@, so sending a message to it would likely bounce. Make sure you can send an email to the person’s email address hosted on the domain.

3. Talk on the phone. Talking to someone on the phone doesn’t prove that the person isn’t lying, but it can often tell you that the person is!

Perhaps the person you’re dealing with claims to be a woman who lives in Florida. They are a really a man who lives in Asia. When you ask to talk to them on the phone, they will decline because they know it will give it away.

I have a friend who owns vacation rental properties in Austin. His #1 tip to avoid getting scammed when renting a home on AirBnB or HomeAway is to talk to the person on the phone.

He told the story of someone who thought they had rented one of his houses for SXSW through Craigslist. The person had been duped, and he explained that if they insisted on talking to the scammer on the phone before “booking” the house, they likely would have avoided the scam.

4. Use Escrow, unless… Everyone has their own threshold on when to insist on using an escrow service. I disagree with the claim that you always need to use an escrow service. But 99% of the time it makes sense.

The exception is if you’re dealing with a large company and have a signed contract. You still might want to use an escrow service. After all, it’s very cheap. But large companies might have legal reasons for not using domain escrow services.

This brings up another point. I know one person who insists on signing a contract whenever he buys a domain, even when using escrow. It can add other protections. It’s a good idea…again, it’s a question of your threshold. If someone asks me to sign a contract when I sell her an inexpensive domain, I’ll weigh if it’s worth my time. But when the dollar amount is high, it’s a completely reasonable ask.

© 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

Related posts:
  1. Top Domain Name News Stories – March 2008
  2. #5 in 2017: The Chinese trademark scam
Categories: News and Updates

Newtek domain theft has major impact on customers

Domain Name Wire - Mon, 2018-02-12 15:07

Customers have to make quick switch to avoid security risk and potential outages.

I frequently write about domain name theft. Usually, the only loss in the theft is the domain name. But it can be much worse.

Three domain names belonging to Newtek Business Services Corp. (NASDAQ:NEWT) were recently stolen, as Brian Krebs explains in a post today. Unfortunately, customers used these domain names to access and point to their web services, potentially leading to outages and leaked information.

Krebs details Newtek’s bungled response in his post, but let’s dig a bit deeper into the domain theft.

The three stolen domains were webcontrolcenter[dot]com, thesba[dot]com, and crystaltech[dot]com.

Looking at historical Whois records at DomainTools brings up many interesting points.

First, Newtek is a Tucows reseller and managed all of these domains through its reseller account. I wonder if it also helped customers register domains through its reseller account and if any customer domains were also susceptible to the hack.

Second, the thief or thieves moved the domain names to three different registrars: P.A. Viet Nam Company Limited, INET Corporation and GMO Internet, respectively. There are a few possible reasons for this:

  • There were multiple thieves
  • The domains were moved to multiple registrars to make it more difficult to recover them quickly
  • Three different registrars were used to reduce the chances of detection during the theft

Third, the theft of at least one domain occured a couple weeks ago and went undetected. DomainTools has a historical record for CrystalTech[dot]com dated January 31, 2018 that shows the domain had already been transferred to GMO.

Companies (especially web service providers) should always track their registrations through a service such as DomainTools or DomainIQ to be alerted if their domains change.

Fourth, all three domains had the same registrant contact email. This could have been a source of the hack, although, the company’s main domain name, was not stolen and used the same address.

Amazingly, Newtek’s stock opened up to begin the day. It has been relatively quiet about the domain theft, but it’s something investors should dig into to understand its impact.

© 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at)

Latest domain news at Domain Name Wire.

Related posts:
  1. Case Discusses Lawsuit Over Domain Theft
  2. 8 Clues a Domain Name is Stolen
  3. Mrs Jello sues over stolen domain names
Categories: News and Updates

Pyeongchang Olympics Organizers Investigating Possible Cyberattack on Opening Day

Domain industry news - Sat, 2018-02-10 17:45

Reports from various sources indicate Pyeongchang Olympics organizers were looking into a disruption of non-critical systems on the day of the opening ceremony but could not yet confirm if it was a cyberattack. Karolos Grohmann reporting in Reuters: "Some local media reported system problems, including the Games website and some television sets, were due to a cyberattack but [Games spokesman] Sung said it was still too early to determine whether hackers had attempted to damage them. ... There were some issues that affected some of our non-critical systems last night for a few hours ... Experts are watching to ensure and maintain any systems at expected service levels. We are currently investigating the cause of the issue. At this time we cannot confirm [a cyberattack]."

Follow CircleID on Twitter

More under: Cyberattack

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer