(DRAFT) Straw Man Proposal – UDRP Domain Name Lock Working Group

Draft Recommendation #1 : Modify [1] the provision from the UDRP rules that specifies that upon submission of the complaint to the UDRP provider the complainant should also ‘state that a copy of the complaint […] has been sent or transmitted to the respondent’ (section 3, b – xii) and recommend that, as a best practice, complainants need not inform respondents that a complaint has been filed to avoid cyberflight. The UDRP Provider will be responsible for informing the respondent once the proceedings have officially commenced. 

 

 

Draft recommendation #2 : Following receipt of the complaint, the UDRP Provider will, after performing a deficiency check, send a verification request to the Registrar, including the request to prevent any changes of registrar & registrant for the domain name registration. The registrar is not allowed to notify the registrant of the pending proceeding until such moment that any changes of registrar and registrant have been prevented (see draft recommendation #3).

Draft recommendation #3 : The Registrar will prevent any changes of registrar and registrant within 1 business day at the latest following receipt of the verification request from the UDRP Provider. These changes should be prevented for during the whole pendency [MK1] of the UDRP Proceeding, except in case of the suspension of a UDRP proceeding (see recommendation #10). Pendency is defined as from the moment a UDRP complaint, or relevant document initiating a court proceeding or arbitration, regarding your domain name, has been filed, as the case may be. The following changes should not be prevented: [ to be completed ]. A registrar may not permit transfer to another registrant or registrar after receipt of a request for verification is received by the Registrar from the UDRP Provider, except in limited situations involving an arbitration not conducted under the Policy or involving litigation as provided by the UDRP Policy Paragraphs 8(a) or 8(b). For the purposes of the UDRP, the Registrant listed in the Whois record at the time of the Lock will be recorded as the Respondent. Any changes to Whois information during the pendency of the administrative proceeding under the Policy may be permitted or prohibited based on the Registrar ’s applicable policies and contracts, however, it is the responsibility of the Registrant (UDRP Rule 2(e) and UDRP Rule 5(b)(ii) to inform the Provider of any relevant updates that may affect Provider notices and obligations to Respondent under the UDRP.   Any changes to the Whois information for the domain name registration as a result of lifting of privacy / proxy services, which will depend on the agreement in place between the proxy/privacy service and the registrant, would need to happen before the ‘lock’ is applied by the registrar. [MK2]

 

A registrar may opt to reveal underlying data [2] in a privacy/proxy relationship to the Provider or in W h ois, or both, if it is aware of such. This will not count as a “transfer” in violation of the above, if it occurs prior to the Lock (and the Registrar ’s reply to the Provider). If a privacy/proxy relationship is revealed or released after the Lock is applied and the Provider is notified, the Provider is under no obligation to require the Complainant to amend its complaint   accordingly, but may do so in its discretion. [MK3]   It is the responsibility of the Registrant (UDRP Rule 2(e) and UDRP Rule 5(b)(ii)) to inform the Provider of any relevant updates that may affect Provider notices and obligations to Respondent under the UDRP and the Provider shall, in accordance with the UDRP , provide Respondent with case information at the details it prefers once the Provider is aware of the update (UDRP 5(b)(iii) requires Provider to send communications to the preferred email address of Respondent, for instance). [MK4]

[LS5]

Draft recommendation #4: The registrar must confirm within 1 business day following receipt of the verification request from the UDRP Provider that any changes of registrar and registrant have been prevented and will be prevented during the pendency of the proceeding and verifies the information requested by the UDRP Provider.

 

 

 

As per the UDRP Rules .

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Draft Recommendation #5 : If deemed compliant, the UDRP Provider shall forward the complaint to the Registrar and Respondent and notify them of the commencement of the administrative proceeding within 3 calendar days following receipt of the fees paid by the complainant. [LS6]

 

Draft Recommendation #6: If the complaint should remain non-compliant, or fees unpaid, after the period for the administrative deficiency check per UDRP Para 4 has passed, or if the complaint should voluntarily withdraw during that period, the UDRP Provider informs the Registrar that the proceeding is withdrawn. The Registrar shall, within one business day of the transmission of the notice of withdrawal, release the “ lock [MK7] ”.

 

 

 

 

 

Draft Recommendation #7 : As part of its notification to the Registrant, the UDRP Provider informs the Registrant that any corrections to contact information [MK8] are also required to be communicated to the UDRP Provider as per UDRP rule 5(ii) and (iii). [LS9]

 

Draft Recommendation #8 : This notification would also include information that any changes as a result of lifting of proxy / privacy services, following the ‘locking’, would need to be discussed / addressed by the UDRP Panel directly. The WG recommends that this issue is further reviewed as part of the privacy / proxy accreditation program.

 

 

 

 

 

 

 

 

 

Draft Recommendation #9 : Upon receipt of a decision from the Provider , the R egistrar must within 3 calendar days communicate to each Party, the Provider, and ICANN the date for the implementation of the decision in accordance with the Policy [LS10] ( UDRP Rule 16 and UDRP Paragraphs 4(k) and Paragraph 8(a). If the Complainant has prevailed, the Registrar shall implement the Panel order immediately after 10 business days have elapsed (UDRP Paragraph 4(k)).   [LS11] The Complainant is responsible for providing the Registrar with the required information regarding [LS12] implementation; this may include the information that should be in the Whois. If the Respondent has prevailed, the Registrar shall prohibit transfer of the domain name to another registrar or registrant for 15 business days from the date the decision is transmitted from the Provider (UDRP Paragraph 8).

 

ADDITIONAL REQUIREMENTS

Draft Recommendation #10: In the case of suspension of a proceeding (when the parties have agreed to a settlement), the UDRP Provider informs the Registrar of the Suspension. The Registrar is required to confirm with the Complainant as well as the Respondent the details of the settlement. Once confirmation has been received from both parties that a transfer to the Complainant has been agreed to or a cancellation of the domain name registration, the Registrar will unlock the domain name registration and transfer the domain name registration to the Complainant or cancel the domain name registration, depending on the settlement reached. [LS13]

 

Draft Recommendation #11 : ICANN, in collaboration with UDRP Providers, Registrars and other interested parties, will develop educational and informational materials that will assist in informing affected parties of these new requirements and recommended best practices following the adoption by the ICANN Board of these recommendations. [LS14]

 

 

 

 

 

 

 

 

 

 


[1]   Note: The WG will consider whether to add implementation options to its Initial Report in order to obtain public input on how to effect this proposed change.  

[2]   The revealed data may only include data held on record by the privacy / proxy provider.


[MK1] Feedback on definition of pendency provided by ICANN Compliance. Proposed definition circulated by David Roche-Turner. To be discussed by the WG at the next meeting.

[MK2] Question: would such lifting require communication with the registrant and/or privacy/proxy service or is this an automatic action the registrar would take? If the former, could it negate the proposed change in the notification of the respondent?

[MK3] From Volker: I have a problem with this being optional for the provider for the reason of the effects detailed above that a non-amendment may have. I would much rather see a two-day window after the domain was locked and the provider was notified but prior to commencement in which such a reveal and release can be performed with a binding effect. After commencement, the amendment would become optional.

[MK4] From Volker: I would suggest that after receiving the registrar notification and before the commencement/informing the registrant an amendment period should be inserted for accredited privacy service providers.

[LS5] As pointed out by Marika, if no one notify the registrant how can such lift happen?

[LS6] This chronology looks like a call for abuse of the UDRP system. The locking of the domain should be contingent upon settlement of the Provider Fee.

[MK7] Noting that we still need to define “lock”.

[MK8] Include in Initial Report part of the rationale for allowing Whois changes (corrections to contact information in Whois are allowed as it otherwise might contradict Whois accuracy policy).

[LS9] Whois modifications at this stage often lead the Complainant to leave the proxy/privacy services provider as a co-defendant of the registrant. We have seen several UDRP decisions rendered in this fashion.

[LS10] Why does that fall under the Registrar purview? Can’t the UDRP Provider do the math? ;-)

 

[LS11] Do we need to add here that this delay has been setup for the defendant to lodge an appeal before a competent Court of Law, or is that too obvious?

[LS12] We could add that obligation as best practice, if not a mandatory requirement for the unlocking of the domain name. 

[LS13] If both parties have entered into an agreement, is there really a need for the Registrar to be involved and to take responsibility for the execution of the agreement terms?

As a reminder, there is no mandatory procedure/standards for such settlement.

Registrars could easily render themselves liable by playing broker/escrow between one of their customers and a third party with whom they have no contractual relationship.

[LS14] Great idea!