Re: [ga] Proposed ICANN "Expedited Transfer Reversal Policy" could disrupt secondary market for domain names

[George Kirikos <gkirikos@xxxxxxxxx>]

The ITRP just had a conference call, and I was basically ganged up on for 
pointing out all the flaws in the proposed ETRP (Expedited Transfer Reverse 
Policy).

How will businesses and consumers be affected when folks can simply undo a 
legitimate transfer "at will", without due process, within 6 months? How will 
an escrow work if the prior owner can simply claim "hijacking" and undo a 
transfer, when it's simply a case of seller's remorse? We see irrevocable 
transfers in the real estate industry, and that market works fine, because 
people are *proactive* about security. Here, the folks pushing for this flawed 
proposal seek to implement a *reactive* policy that *will* be misused.

I'm totally appalled at how they want to create a huge loophole in policy, that 
will have collateral damage which is much bigger than the "problem" they're 
trying to solve.

A transcript of what went down should be available later at:

http://brussels38.icann.org/node/12502

To see why this policy is flawed, consider the following scenario:

1. Example.com is registered at GoDaddy, to Party A.
2. Party B agrees to buy the domain name for $1,000, and transfers it to Tucows 
legitimately.
3. Party B builds up a large website, investing millions of dollars (perhaps it 
was Microsoft, who has bought domain names like kin.com and docs.com in the 
aftermarket, or B&N, who bought nook.com in the secondary market).
4. 6 months later, Party A gets seller's remorse, and decided to invoke the 
policy, claiming the domain name was hijacked, and the domain name is returned 
immediately to GoDaddy (the original registrar), under the full control of 
Party A again.
5. Tucows (the new registrar) and Party B can't do anything about it, to 
dispute the use of this policy, as its currently proposed!

(there exists a "TDRP" Transfer Dispute Resolution Procedure in place now that 
*does* have due process, but some folks seem to think it's not good enough)

Fact: If there's a real dispute, one side is lying! It should be up to a court 
to decide, not simply getting involved and undoing a legitimate transfer! 
Remember, the original registrar (GoDaddy in the example above) had every 
opportunity to authenticate Party A's desire to transfer the domain name to 
Tucows (where Party B wants it to be) BEFORE the domain name took place! The 
domain could be unlocked only after talking to Party A by phone first, for 
example. Or some other "executive lock" procedure (VeriSign lock is just one 
example of many). The EPP code could be sent by SMS, for example. There are 
myriad ways to be proactive about security, and I'm 100% in favour of those.

The workgroup pretends fraud exists only by "domain hijackers", and seems 
incapable of seeing fraud within the community of domain sellers. One need only 
look at the case of Nelson Brady and SnapNames, to see what kinds of frauds are 
possible. It's bad enough when you have to deal with that kind of fraud, but 
then to add a brand new risk, of legitimate transfers being undone simply upon 
a *claim* of hijacking??!!? (not *proof* or a court order or some other due 
process)

I find it simply unreal that these serious concerns are not being taken 
seriously, and are being brushed aside by this workgroup.

Sincerely,

George Kirikos
http://www.leap.com/