26 Mar Cleuless
Originally from 30th April 2006:
Serious problems in the .eu registration process result in 25% fraud
25% of the first million .eu applications were fraudulent – minimum. Fundamental design flaws in the registration process, together with numerous practical errors of implementation, leave the EU with an allocation of its flagship .eu domain address of which it can be truly embarrassed. More than 20 identifiable problems, including loop holes that have been exploited and left unchecked, riddled the process. Not only were these predictable and solvable but will even create in the future issues of disputed ownership. The key failings are highlighted by shocking examples.
Proposed in 1999 and approved by ICANN as the new Internet address for the European Union (EU), the .eu top level domain has taken 6 years to become a reality. A population of 500 million plus Internet-hungry EU residents awaits; as the EU grows the .eu name will be an expanding piece of virtual real estate.
The .eu is a top level domain (TLD), and one of currently only three regional level domains (the others being .asia, and .cat for Catalonia). Time will reveal its importance relative to ‘the master’ (.com), though its position hierarchically superior to country level domains (.co.uk, etc) provides it with huge potential. The value of domain names has increased with the value of Internet commerce, and high expected values have driven the incentive to seek advantage in securing domains.
The European Commission set clear goals to firstly promote commerce in the EU with the introduction of a new TLD, and secondly allocate names fairly by rewarding existing entitlement with preference, i.e. stop cybersquatting.
The design to achieve these goals allowed one central registry (EURid) to coordinate the release and supply domain names to accredited registrars for marketing and retailing. Initially a number of names were reserved before the public phases commenced, being deemed worthy of outright protection, for instance all ISO country codes (e.g. uk.eu). Then in phases registrars would send in applications on behalf of applicants (you and me) to the central authority for evaluation by PWC.
First ‘Sunrise 1’ allowed those with prior rights based on trademark or geography to apply, followed by ‘Sunrise 2’ for ‘lesser’ prior rights of unregistered trademarks or of company name, family name, or titles of art. Prior rights defined as EU national or EU international legal rights.
These staggered phases were only open to EU residents and applications were considered on a ‘first-come first-served’ basis and, according to validation guidelines, the first application meeting requirements accepted. Any dispute over acceptance or rejection possible in an alternative dispute resolution (ADR) process. 19 million EU businesses were able, in theory exclusively, to apply according to pre-entitlement before a ‘landrush’ at which point any EU resident could apply.
EURid provides visibility to a list of blocked/reserved names, but these were inconsistently applied. For instance Portugal reserved algarve.eu while monaco.eu was available. The .eu is inherently more restricted than .com – meaning P&G with pg.com had no possibility of obtaining the blocked pg.eu, for example.
More importantly prior rights differ fundamentally by country in the EU and this undermines the entire prior rights method: the disparity illustrated by ‘carrentals’ which is not possible to be trademarked in the UK due to its lack of distinctiveness, but however can be in more lenient EU patent offices – and this is exactly what happened, with a trademark from Malta, dated just before the .eu application, used to apply for carrentals.eu.
Such was the ease of this activity, a massive number of trademarks were ‘bought’ just before Sunrise I began with the express purpose of attaining prior rights. 23% of the 350,000 Sunrise applications were bought – allowable in the design of the registration process but by any reasonable definition unethical. A trademark dated 8 days before Sunrise 1 was lodged with the Netherlands patent office for “mon & aco”, which for the cost of €150 secured the fate of monaco.eu.
Lack of registrar integrity leads on to the next major problems: starting with registrars making their own applications for names, clearly a conflict of interest when they should be acting only on behalf of third party applicants.
Even more worrying was the absence of checks in registrar accreditation – in the last few weeks of Sunrise the number of registrars ballooned – with over 400 last minute ‘phantom registrars’ signing up (the main criteria was a €10,000 fee), taking the number up to 1500. Dishonest registrars created aliases to improve their chances of successful applications (highlighted by one honest registrar), making 27% of the 700,000 first-day landrush applications a cheat and a sham.
The bogus registrars sought to exploit the failure of the ‘first-come first-served’ principle for applications: these were queued up by registrars for system communication at a pre-set time when EURid ‘opened the doors’ on the first day of each phase. As first-come first-served really meant ‘fastest machine won’, it was tilted in favour of those making disproportionately high numbers of applications.
The natural consequence to real applicants of this was to make multiple applications, at multiple cost, to reduce the risk of being beaten – amazon made 22 separate applications in their ultimately successful bid to secure amazon.eu .
Practical errors litter the remainder of the process, including unclear decisions of acceptance, abuse of other validation criteria, and whois.eu system crashes, etc.
Some examples of who got their names, who didn’t, and what’s been going on:
- Brands successful: amazon, google, ebay, yahoo, internetexplorer, hp*
- Brands unsuccessful: partypoker, pokerstars, avis, hertz, rowntrees, delta, norton, clio*, firefox*
- Geography unsuccessful: Chamonix, Monaco*, Tenerife*
- Most applications: 281 for sex.eu (even before landrush) of which 32 separate applications claimed a trademark on the word from 11 different countries
- Real organisation buying a trademark as didn’t have real one: HP (for hp.eu)
(*not yet confirmed at time of writing but highly probable)
Virtually all unreserved two letter names (e.g. zi.eu) were applied for using bought trademarks. All 10 subheadings of this article were snapped up using purpose-bought trademarks (fraud.eu being a particularly nice touch) by two players, who together bought 1150 trademarks from the Benelux patent office just for .eu applications.
At the Benelux patent office alone we identified 50 organisations as trademark buyers of over 4000 (average of 80 each) in the last 2 months of 2005, days before Sunrise I: in doing so they spent €2 million on trademarks and applications.
Prior rights were intended to protect brands, owners relying on existing trademarks. Where a bought trademark secured a branded term and beat (first-come first-served remember) a real trademark, this defeats one of the original goals. But the .eu process allowed this to happen, and any subsequent ADR (at a minimum cost of €2000) will unlikely overrule the main process, assuming it was valid according to the initial criteria. And although the .eu process legitimises this activity there could be legal challenges post-release – it is not clear at this time how WIPO will rule over PWC, but precedent will likely rule in favour of the original trademark holder. If so this will confirm the failings of the .eu design.
Perhaps Rowntrees (rowntrees.eu was caught by a profiteer and now for sale on eBay for €7,500) didn’t bother with Sunrise on the understanding they can gain ownership of the domain later due to duality of trademark and domain. This would make a mockery of the .eu process. Now is a good time to be in the legal services business (contact cressive for our recommended legal partner).
A bought trademark on a generic keyword is more contentious as whom does it hurt if no one else had prior rights anyway? Well it does stop the landrush for anyone else, means pre-release spend is inefficient (on trademarks and applications rather than business investment), and due to its organised nature puts names into the hands of a small number of players giving them oligopoly power over resale values.
Take ‘maps’ for example, one of the most commonly used words in search engines. The importance of generic keywords used in search engines means holders of those domains gain significant access over Internet traffic, and inflate prices in the secondary market for domain name reselling: maps.eu will be worth a lot of money.
Sedo.com predicts that fifty percent of the .eu domains registered during the landrush will be made available for resale: within a week there were 90,000 .eu names already available for resale on its domain auction site.
So: you’ve bought a trademark and secured your .eu name with high resale value, but why place it on an auction site and wait when you could contact directly others who also applied for the same name? – the EURid interface provides details for all those who made Sunrise applications, facilitating the resale of .eu names! The legal notice there prohibiting this re-engineering will no doubt put off those who have successfully exploited every other failing of the registration process.
There are practical solutions to these key problems. A trademark should be a necessary but not a sufficient condition of prior right. Requiring that a trademark be older than the age of announcement would stop purpose-buying (declined in the .eu process, adopted in the .mobi process). Using other TLDs would be reasonable proof of existing web operations under a name (e.g. .co.uk , .de, .fr, etc).
Rather than constructing a first-past-the-post situation out of the control of applicants, groups of applications could be considered comparatively, perhaps those applying on the first day. (Using the date an application was received by a registrar wouldn’t work if they can’t be trusted.) And the method of accreditation should be extended with higher standards, with checks of authenticity beyond ability to pay.
ICANN has proposed an online auction for the intended release of single letter .com domains (e.g. a.com). This is a financially efficient method of valuing names, with a more developed primary market, making the secondary market less important. (Some registrars in the .eu process ran their own auctions to allocate names in the secondary market.)
A consortium of experts should be employed to collectively improve the design and implementation of releases: representatives from a leading domain company like Sedo, domain experts like cressive, registrars more involved, and a major search engine like Google for their keyword and Internet knowledge.
The release of the new domain name will ultimately boost EU commerce but failings have made the process inequitable and inefficient. Whilst entrepreneurial spirit and opportunism should be applauded, those in charge of domain name release should act and look as though they really are. A eulogy this is not. The EU failed the .eu .
All of us, anyone and everyone who uses the Internet should care about this. ICANN and those involved in the administration of the Internet will care. You’ll care if you applied for your .eu name and missed out.
Maybe you got your name and now need to know what to do with it to maximise its value, monetise your new traffic effectively, and manage it? You should incorporate it into your overall domain strategy and online marketing strategy.
And if you want to plan how to best take advantage of future domain name releases and prepare to exploit the process as much as it allows, then use our expertise to approach it, talk to cressive and we can help.
For more examples of .eu registration victims, and to report your own .eu scandal, visit www.cressive.com . © 2006 cressive ltd