Perhaps what is really needed here is some good solid case law to remind vendors and service providers of their responsibilities. 

Since April, Go Daddy’s hosting servers have been hit with mass attacks on WordPress,  Joomla,  and plain vanilla HTML sites, infecting thousands of customers with dangerous malware that redirects users to fake AV pages, causing hours of downtime as customers trouble shoot and fix malware.

Go Daddy released this statement in April:

The compromise of your account is outside of the scope of security that we provide . . . Overall security of your password and the content within your account is your responsibility . . .

Wha??? Another wave of attacks was unleashed in May, and one again these past couple of days:

June 8th, 2010: Godaddy Sites Hacked with Cloudisthebestnow:

If you thought your problems at GoDaddy were over, well, not yet.

We’ve confirmed that today at around 3pm EST, GoDaddy servers were hacked again. Malware pointing to cloudisthebestnow.com/kp.php was inserted on thousands of sites hosted by the provider.

Enough!

Mr. Remillard reminds readers that Tylenol introduced sealed caps because of lawsuits, and McDonald’s reduced the temperature of its coffee because of lawsuits, so the same remedy should be posed here against Go Daddy: lawsuits.

Additional Links:

• This is dangerous malware!
• GoDaddy’s Mass WordPress Blogs Compromise Serving Scareware
• Network Solutions customers hit by mass hack attack
• GoDaddy Fails Crisis Communications Test
• Breaking News! Dangerous Malware Alert – Self-Hosted Sites On Major Hosting Service Hacked Again!
• GoDaddy Hosted Sites Top Targets in May, Firm Reports
• Breaking News: WordPress Hacked with cloudisthebestnow on Go Daddy

It may sound tempting, but having all the expiration dates synchronized to one will make it easier for Registrars to target your entire portfolio at once!

I’m keeping my domain names with all their year-round original expiration dates!

I respond to your October 31, 2009, letter to the President, with a copy to the Antitrust Division of the Department of Justice. You suggest that ICANN’s Bulk Transfer After Partial Portfolio Acquisition rule, which establishes procedures governing the transfer of a portion of domain names from one registrar to another through an acquisition, may violate the Federal antitrust laws.   ICANN’s bulk transfer rule does not appear to violate the antitrust laws. The purpose of the rule is to protect registrants. The rule grants registrants greater rights than are typically available to customers when their contracts are acquired in a merger or acquisition.   ICANN provides registrants an opt-out option and also provides procedures for registrants to transfer to a different registrar if they object to the gaining registrar. The antitrust laws provide ICANN wide latitude to establish specific rules governing the relationship between registrars and registrants, including the number of days notice for a registrant to object to a transfer and the process for transferring expiring domain names.

James Tierney
Chief
Networks and Technology Section of the Antitrust Division
U.S. Department of Justice

Thank you for your letter to Rod Beckstrom on 12 December 2009, and for your comment submitted on the Bulk Transfer After Partial Portfolio Acquisition (BTAPPA) amendment in dot-COM & dot-NET.

The BTAPPA service was first proposed by Neustar in 2006, and approved by the ICANN Board in November 2006 for introduction in dot-BIZ. To the best of our knowledge, no issues have been raised about the operation of the BTAPPA service, including any concerns related to acquisition-related transfers from losing registrars to gaining registrars as part of the service or on the 15-day notice period to registrants. Transfers of domain names from losing registrars to gaining registrars are covered by the Inter-Registrar Transfer Policy (see http://www.icann.org/en/transfers/). This service does not permit registrars to take names away from registrants.

VeriSign followed the same approach taken by Neustar in seeking to adopt the BTAPPA service in dot-COM and dot-NET, including the notice period to give users 15 days to voluntarily transfer any domain names to a third party registrar of their choice (prior to the bulk transfer) if they do not want to have their domain names transferred to the intended gaining registrar. The losing registrar must ensure that no obstacles are placed in the way of a registrant seeking such a transfer. BTAPPA also provides for an opt-out in the event that a registrant does not wish to have a domain name transferred from the losing registrar to the gaining registrar.

It appears that your concern might be based on a specific domain name issue that is unrelated to the BTAPPA request and amendment. In order for us to know more about your specific issue, please direct that information to David Giza, Senior Director of Contractual Compliance, at david.giza@icann.org.

Patrick

–
Patrick L. Jones
Internet Corporation for Assigned Names & Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292
Tel: +1 310 823 9358
patrick.jones@icann.org

Admin Feedback

ICANN has credentials to understand the difference between DOT BIZ and DOT COM.  DOT BIZ represents 2 million domains, and DOT COM is 80 million domains. Are DOT COM and DOT BIZ the same?  No! Yet, ICANN justifies the approval of Verisign’s application for BTAPPA for DOT COM & DOT NET by saying, “To the best of our knowledge, no issues have been raised about the operation of the BTAPPA [for DOT BIZ] service,” in the response published above with permission. Thank you, ICANN, for the permission.

What is ICANN up to?

ICANN's Core Values (http://www.icann.org/en/general/bylaws.htm): include:

"6. Introducing and promoting competition in the registration of domain names where practicable and beneficial in the public interest."

Could ICANN be any more vague . . .. . . in using the term, "competition in the registration?" Mirriam Webster Com & Econ definition of competition is:

The effort of two or more parties, acting independently, to secure the custom of a third party by offering more favorable terms."

This is the competition Democracy and Capitalism was founded on! Registrars should be forced to compete for MY "custom!" Considerations in selecting a Registrar are:

1. Is the Registrar a major domain name server for Symantec's list of top 100 biggest malware contributors?

2. How about Symantec's list of top 5000?

3. Size: will I get the individual attention I need? Maybe I would register with a smaller Registrar.

4. Policy on selling shares or partial equity, or selling sponsorships of my domain - do I want to select a Registrar which will sell me out to a different Registrar which will offer it a profit to transfer my domain name away?

5. Customer satisfaction - check Better Business Bureau ratingl online feedback, etc.

All of the above are features which would weigh in my decision in Registrar selection. This is a competition I would expect ICANN to foster.

But if ICANN means competition AMONG Registrants for domains, such as for new domain extensions, this will benefit the Registrars, not Registrants [us], or end user. It would beg the questions: is ICANN's purpose to aid big business over the end user? How would that foster innovation? Where would the end user's protections come in?

ICANN approved Verisign's BTAPPA process for dot-COMs and dot-NETs (see http://www.icann.com/en/announcements/announcement-16oct09-en.htm ), which allows speculation of domains among Registrars - not related to de-accreditation or going out of business of Registrars = that is covered by bulk transfer under Part B of the Policy on Transfer of Registrations Between Registrars implemented by ICANN), so it seems obvious ICANN is interested in promoting competition among REGISTRANTS to the benefit of REGISTRARS, not the other way. With only a 15-day window to opt out of transfer - but if your domain is recently purchased, transferred, or set to expire within 30 days you are stuck! - how would it be otherwise?

ICANN is enabling exploitation of the little guy, the end user, the Registrant.

Considering the approval of Verisign's process, ICANN should immediately set caps on transferred domains, and spell out that protection in behalf of Registrants, for the trust, security, and progress of the internet.

Louise Timmons
RecoverDomainName.com

Here is the link to read the announcement and comment:
http://www.icann.org/en/public-comment/#strat-plan-2010

Summary & Analysis of BTAPPA Comments

It is unanimous that a 15-day notice of pending transfer is too short:

The timeline for registrants [us] to respond was too short . . . the timeline should at a minimum match with the grace period for a domain name renewal.

- George Smith

Patrick Jones equates dot com & dot net – COMBINED! – with dot biz!

The BTAPPA service was first proposed by Neustar in 2006 was designed to accommodate registrars while at the same time protecting registrants.  Neustar included a 15 day advance notice to registrants of a pending partial bulk transfer.

Who does ICANN think it’s fooling? There’s 2 million DOT BIZ, and 77 million DOT COM. DOT COM is #1; DOT NET is #4. DOT BIZ is only #8.  They’re not even apples to oranges. DOT COM and DOT BIZ are - maybe – caviar to hot dogs. It’s a stretch to assume a process that worked for the #8 extension will work for the #1 and #4 extensions combined!

Security issues which plague the Resistrars of dot com and dot net are not worked out – should ICANN give  more power to Registrars under the present circumstances?  ICANN has some explaining to do!

This is beyond terrible . . .  ICANN’s announcement is unreadable.

- response posted on NoDaddy.com

11-01-09 Time Magazine Cover

We’re fatigued of news from Bernie Madoff and Wall Street and other white collar criminals, but the rest of the world needs  to catch on!

So far, not many people are on board. Michael Froomkin of ICANNWatch.org is.  Micahel Froomkin is no slouch; he is Professor at the University of Miami School of Law in Coral Gables, Florida, specializing in Internet Law and Administrative Law.

If it looks like fraud, it tastes like fraud, it acts like fraud, it IS fraud!!!

In response to the NoDaddy comment above, let me repeat what I wrote to  to Obama, concerning ICANN and the Registrars  (eNom, Go Daddy, Network Solutions, etc):

take advantage of the public’s lack of legal expertise in legal agreements, which is hugely disadvantageous to the public, causing it to forfeit its rights, and obligating it to unreasonable terms in favor of big business.

Copies were sent to the Department of Justice Anti-Trust Division, the SEC, the National Telecommunications and Information Administration (Commerce Department branch that handled the internet, before it went private this past September), Vint Cerf, Honorable Al Gore, and the California Franchise Tax Board.

The internet business sets itself apart from traditional businesses in this regard: Government has not the efficacy to regulate technology!  The fraudsters count on that to pass these ridiculous regulations!  It behooves you, dear reader, to take matters into your hands by writing the powers that be to look into this.  The government counts on the technology sector to regulate itself.  The technology sector is not doing a great job . . . what do you think?  Comment below.

October 31st, 2009

The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500

Dear Mr. President,

There is a category of opportunist who seeks to capitalize on innovation without crediting the inventor, who views unsuspecting and trusting Americans as a limitless supply of chumps, who take advantage of the public’s lack of legal expertise in legal agreements, which is hugely disadvantageous to the public, causing it to forfeit its rights and obligating it to unreasonable terms in favor of big business. Current events prove those determined to make a quick buck by any means a threat to the economy.

Verisign submit an application to ICANN for approval a process of bulk transfers of partial portfolios of DOT NET’s and DOT COM’s. The process was approved in August, only the amendment remains.  The process requires agreement between only the Winning and the Losing Registrars, with no notification or ability to opt out or consent required of the Registrant.  This process could affect large corporations with well-know domain names. Small users are the ones who depend on their domain names the most in this economy. Small users are least able financially to mount a resistance.

15 days’ notice violates ICANN’s mission to ensure competition.  The Registrant has no choice where his domain winds up, only within the parameter of a 15 day notice from the Losing Registrar, once the transaction is complete! The Registrant may stay with the Losing Registrar if the Losing Registrar grants permission to the Registrant.  If the Losing Registrar realizes a profit from selling sponsorship of the domain, why would he grant permission?  ICANN says the Registrant may transfer from the Winning Registrar after the transfer is complete, but the fact is: valuable names wind up in the black hole of greedy Registrars’ list of disputed domains, which names are generally are lost forever to their original owners. Expirations falling within 30-60 days of a sale would also be prohibited from transferring prior.

ICANN hasn’t mentioned setting up a department for complaints of illegal transfers.  Illegal transfers WILL be an issue.

15 days notice limits freedom of choice.  When I first registered domains, I selected a Registrar based on research. Years ago, Go Daddy had a reputation of being the Registrar of choice to spammers, pornographers, and illegal gambling sites, so that Go Daddy sites were blocked by respectable entities.  Today, Go Daddy has a reputation for passive security, many lost and stolen domains and burnt, disappointed customers.  Go Daddy is a major contributor to Symantec’s list of top 100 malware sites.  Go Daddy infringed on my website, No-Salt-Added.  I sued. If I were transferred to Go Daddy, I wouldn’t be allowed to sue, since I would be subject to Go Daddy’s agreement.

This process is going to backfire.  People will both lose enthusiasm for dot coms, and for “hanging a shingle” on the web.  ICANN’s gTLD guidebook is vague about price increases of dot coms, so that transferred domain names are liable for price increase! Registrars have access to insider information about traffic and expiration dates – flagrantly offered for sale on Verisign’s website! – to target the most valuable domains. Predatory takeovers will be the norm. Many Registrants will lose their livelihood.  There is no protection for Registrants. Transparency of ICANN is minimal on this amendment. ICANN didn’t include this topic for discussion in Seoul. ICANN quietly posted the announcement in hopes of sliding this huge policy change on an unsuspecting public.

Innovation will be stifled.  The opportunity of improving the lives of struggling individuals will vanish.  The internet was funded with taxpayer $$, but the taxpaying public are exploited instead of protected.

Please view the attached for proof.
Sincerely,
Louise Timmons

Cc Vint Cerf, Honorable Al Gore, NTIA, USDOJ Anti Trust Division, US SEC, CA FTB

On the outside of the envelope, I wrote, “Alert: blemish to the Presidency”

Attachments

• my questions to ICANN
• New gTLD Guidebook snippet
• Verisign Amendment, pdf file
• Underwriting the Sale of Shares of Equity in a Domain Name- Go Daddy Patent Application
• Protecting Domain Names from Undesired Transfer – Go Daddy Patent Application
• Inernet Profile Service for Registrars – stats on the profitability of YOUR domain!