Re: [ga] Stolen domains, transfers, WHOIS, audit trails, and system integrity

[George Kirikos <gkirikos@yahoo.com>]

Hi Allan,

--- Allan Liska <allan@allan.org> wrote:
> While I completely agree with your statement, wouldn't the losing
> registrar have a backup of their database?  This should be enough to
> show they had ownership of the domain?  Perhaps ICANN should include
> provisions in their registrar agreement for database backups?  There
> are standards of backup required for data to be admitted as evidence
> in court, ICANN can hold registrars to the same level?

That would be a good start, although ideally one would want to make it
transparent enough to not have to go to court -- i.e. how do we obviate
the need for court, and allow it to be transparent before doing
transactions?

Another way to accomplish this is to have a "WhoTransfers" database
(for lack of a better term), perhaps on a paid basis (a few dollars per
lookup), or free. When an ownership change takes place, the transaction
would be recorded, including things like who the original registrant
was, who the new registrant is, and how authentication of the transfer
took place. If ICANN (or even Verisign registry, who is hopefully
reading) made this available, *AND* made it authoritative and
irrevokable for transfers/ownership changes (e.g. escrow companies
could rely upon it, as could others who are engaging in domain
transactions), this would go a long way to reducing fraud, and
increasing "trust". There would be transparency to the system. A
complete audit trail would then be available, and folks would be able
to say definitively "Yes, I *am* the owner of XYZ.com" as of this date.
This database should also show whether a transfer/sale is *Pending*, to
not allow fraudsters to transact for domains that were already pending
to be transferred to someone else.

If you saw that a domain went from ownership by IBM, to a Malaysian
registrant, and then to an Indonesian registrant, and then back to a US
registrant, this would prevent the US registrant from claiming "Oh, I
acquired the domain from IBM!". In the case of that exw.com domain that
I had been involved with (and seems to have a questionable chain of
ownership, changing hands 3 or 4 times in the past week), the
marketplace would be suitably informed of the risks.

Such a database could (and probably should) also include deletions
information (e.g. domain XYZ.com deleted on September 5, 2002 for
reason ABC (e.g. non-payment, normal expiry, etc.), and then
re-registered on September 7th. Then, a complete ownership ownership
history could be created.

Sincerely,

George Kirikos
http://www.kirikos.com/
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html