Brand protection company claims registrars aren’t cooperating, but there are two sides to the story.
Tucows CEO Elliot Noss has responded to claims made by brand protection company AppDetex over access to Whois data.
AppDetex has raised concerns that domain name registrars are not responding to or are denying requests for Whois data when it has a legitimate interest. It made its first claims just before the ICANN conference in Panama this summer and timed its second complaint for just prior to ICANN 63 in Barcelona this week.
In its most recent complaint to ICANN (pdf), AppDetex said that registrars were only “fully complaint” to 2.5% of its requests.
In response (pdf), Noss called AppDetex out for its own non-compliance.
AppDetex has submitted (as of this letter) 1273 requests for Registrant data to Tucows-family registrars. Up until October 9th, 2018, we responded with our requirements template to all of them and had not received a single reply. The claim in their letter of contracted party failures to respond in a reasonable time frame is outrageous as they have failed to further their own requests for months.
Additionally, it seems that Facebook and AppDetex have been submitting automated queries without sufficient human review. Noss points to requests for data on “lincolnstainedglass.com” and “grifflnstafford.com” as examples. These were likely included because they include something visually similar to “insta” in them. Facebook has trademarks for Instagram.
Noss wrote:
We are also concerned that, given the clear lack of human-review and due care presented by the requests we have received from AppDetex, they are simply creating algorithms to identify potential infringements and demanding personal Registrant data for these potentialities wholesale. The examples we have noted above—and many others—could have been easily identified by AppDetex prior to submitting to Tucows if they had included the reason that the domain was suspected to be infringing, rather than the mere assertion that it “misuses one or more of the following trademarks” and then listing seven trademarks. We require that requests for personal data include the reason for the valid request.
Tucows, the second largest domain name registrar, has been one of the registrars leading the discussion on the EU’s GDPR. Earlier this year it launched a site for parties to request access to masked Whois information.
This is a registrant request, not a third party who may be correct or incorrect, requesting the whois information to be public . I have registered 2300 domain names over the past 18 years, most of them prior to 2004. It has cost me hundreds of thousands of dollars to renew the domain names over the years. Eighty percent of those domain names were purchased for resale. Since the implementation of GDPR, my business has been on hold. No one knows how to contact us if they wish to purchase any of our domain names. Sedo refuses to accept any of our domain names to be included for sale, since they cannot authenticate our ownership of the domain names. Seventy percent of all domain names registered are not used for websites, but their registrants have registered them on the hopes of resale. Since our company is in the United States, we are not bound by any European court order. It is obvious that forcing the GDPR on us does not represent our best interest and there are no laws in the United States that compel us not to be able to opt in to the GDPR. If we wish to privatize our whois information, we can simply purchase privacy which is available to all registrants. I am hoping that the voice of the registrant will also be heard.
Hi Mansour,
Your registrar must allow registrants to “opt-in” to publicly disclosing their information on WHOIS. This is mandated by ICANN’s Temporary Specification from May 25 2018.
If your registrar does not allow this, please complain to them and to ICANN for not following contractual requirements.