Does Nominet keep a history of domain ownership

aqls · Jul 19, 2006

Does Nominet keep a historical record of domain ownership?

If so, is it publicly available?

-aqls-

paul · Jul 19, 2006

They have given me a domain's history over the phone so I guess the answer is yes

aqls · Jul 19, 2006

thanks.

I guess there are a few implications with regard to that issue:

e.g. if domain was fraudulently transferred away from you (e.g. using forged signature) and you find out several years later, then do Nominet have a duty to return that domain to you and pay all the costs and damages (to return the domain to you) of all the legitimate owners after that which was the thief.

Could they retrospectively prosecute the thief several years later.

If a domain is classed as "property" then I guess that a stolen domain whether you know it or not can be confiscated without refund.

From a data protection point of view, I guess you can ask for your details to be removed from their database after sale of a domain.

From a DRS point of view, past registrations could be taken into account that have since been deleted. (i.e. perhaps showing that the defendants were in the process of cleaning out their account).

Experts (and complainants) historical domain purchases could be brought into question.

Hey I think we could have quite alot of fun here!

-aqls-

Michael Penman · Jul 19, 2006

>e.g. if domain was fraudulently transferred away from you (e.g. using forged >signature) and you find out several years later, then do Nominet have a duty >to return that domain to you and pay all the costs and damages (to return >the domain to you) of all the legitimate owners after that which was the >thief.

If we find out a transfer is fraudulent, we can reverse it.

>Could they retrospectively prosecute the thief several years later.

Like any private company, Nominet can't prosecute anyone. In the UK only certain prosecuting authorities like the CPS, HM Customs & Excise and the Health and Safety Executive can prosecute.

>If a domain is classed as "property" then I guess that a stolen domain >whether you know it or not can be confiscated without refund.

Not sure what you mean. I'm sure others will answer.

>From a data protection point of view, I guess you can ask for your details to >be removed from their database after sale of a domain.

An interesting idea - though it may well be the case that for some of Nominet's purposes the legacy data is still 'relevant' as defined in the DPA, and inded that Nominet must keep it as legal documentation about old contracts. (This is NOT an answer - I just don't know the answer, merely a guess/observation.)

>From a DRS point of view, past registrations could be taken into account >that have since been deleted. (i.e. perhaps showing that the defendants >were in the process of cleaning out their account).

Only if the expert became aware of it in some other way. We do not provide the experts with information about registrants with whom we no longer have a contract, nor about a registrant's other domain names beside those in the DRS case. (Though the experts will often have PRSS or might be representing the registrant, of course.)

>Experts (and complainants) historical domain purchases could be brought >into question.

They would be fair game if you could get the data, but we wouldn't give out that sort of information (unless it was to you, about your own old registrations - we'd normally want the domain name from you, first).

>Hey I think we could have quite alot of fun here!

Mmm. "Nominet keeps some data while it's relevant, keeps it safely, and may get rid of it at some point, too." Shocking. :0)

U: I reserve the right to tidy this later! I couldn't be bothered to do the quotey thing as I was running out of lunch hour.

aqls · Jul 19, 2006

Michael Penman said:
>e.g. if domain was fraudulently transferred away from you (e.g. using forged >signature) and you find out several years later, then do Nominet have a duty >to return that domain to you and pay all the costs and damages (to return >the domain to you) of all the legitimate owners after that which was the >thief.

If we find out a transfer is fraudulent, we can reverse it.

And annoy the potentially big company and seven or eight previous owners too that own/ed it?

Michael Penman said:
Mmm. "Nominet keeps some data while it's relevant, keeps it safely, and may get rid of it at some point, too." Shocking. :0)

While it's relevant?
Seeing as currently, we have no means of knowing whether someone has nicked one of our domains using a forged signature, (apart from a regular checking of the whois for each domain) we may not find out it's been nicked for many years. It puts the onus on Nominet to keep the data?

Domains IMO should be a SAFE investment, and CHEAP to renew.

-aqls-

tmsdomreg · Jul 19, 2006

aqls said:
...Seeing as currently, we have no means of knowing whether someone has nicked one of our domains using a forged signature (apart from a regular checking of the whois for each domain) we may not find out it's been nicked for many years. It puts the onus on Nominet to keep the data?

Domains IMO should be a SAFE investment, and CHEAP to renew.
-aqls-

Forged Signature: If the Registrant postal address (and email address) is up to date, surely Nominets response agreeing to the transfer would alert you to something fishy going on - or am I missing something obvious in how they go about this?

Checking WhoIs: This is where the Registrants Online system is good, because every two years you're encouraged to check the Registrant details haven't been altered fraudulently, and are up to date (something that's being discussed in another thread here)

Safe Investment: .UK (IMO) is *much* safer than (for example) .com where Registrant Name can be changed at will by anyone (such as the ISP) who has access to the Domain's management.

People sometimes perceive Nominet as being too strict - and sometimes it *is* a pain (and £30) to get a transfer done - but as a Registrant I wouldn't have it any other way from a security point of view.

Peter

olebean · Jul 19, 2006

aqls said:
And annoy the potentially big company and seven or eight previous owners too that own/ed it?

While it's relevant?
Seeing as currently, we have no means of knowing whether someone has nicked one of our domains using a forged signature, (apart from a regular checking of the whois for each domain) we may not find out it's been nicked for many years. It puts the onus on Nominet to keep the data?

Domains IMO should be a SAFE investment, and CHEAP to renew.

-aqls-

aqls

keep in mind for tax etc purposes they need to keep data for maybe 7 years at least

aqls · Jul 19, 2006

tmsdomreg said:
Forged Signature: If the Registrant postal address (and email address) is up to date, surely Nominets response agreeing to the transfer would alert you to something fishy going on - or am I missing something obvious in how they go about this?

Checking WhoIs: This is where the Registrants Online system is good, because every two years you're encouraged to check the Registrant details haven't been altered fraudulently, and are up to date (something that's being discussed in another thread here)

Safe Investment: .UK (IMO) is *much* safer than (for example) .com where Registrant Name can be changed at will by anyone (such as the ISP) who has access to the Domain's management.

People sometimes perceive Nominet as being too strict - and sometimes it *is* a pain (and £30) to get a transfer done - but as a Registrant I wouldn't have it any other way from a security point of view.

Peter

Well, I can't say I bother to open all the Nominet mail spam I get now, and I'm not sure from memory that I get *any* mail confirmation that someone has nicked/transferred my domain away - I may be wrong. Sorry, and I'm sure it will all be my fault if it happens.

As for email confirmation, out of many domain transfers I get about 5% confirmation emails of transfer and they are usually for the transfers inward and not outward, so that is effectively useless too. (again I may be wrong)

And if the domain is transferred illegally you won't get the 2 year reminder.

The system as it is in my opinion is not a safe one from a domain investors point of view.

-aqls-

aqls · Jul 19, 2006

olebean said:
aqls

keep in mind for tax etc purposes they need to keep data for maybe 7 years at least

It would be nice if they could confirm that they do that not just for the tax related stuff but also the e.g. domain transfer histories.

-aqls-

texidriver · Jul 19, 2006

Michael Penman said:
....(Though the experts will often have PRSS or might be representing the registrant, of course.)...

When does the "expert" ever represent the registrant?

Jac · Jul 19, 2006

texidriver said:
When does the "expert" ever represent the registrant?

It was suggested by Beasty (at the Nominet meeting on 22nd June) that some experts are putting themselves about as having legal knowledge of the DRS and charging registrants/respondents huge fees for representing them in DRS cases. If I remember correctly, Beasty suggested this was a conflict of interests and Nominet should consider the implications of allowing experts who have previously made DRS decisions to remain on the Panel of Experts if they are now representing respondents and earning legal fees for doing it.

Regards
James Conaghan

sneezycheese · Jul 19, 2006

Michael Penman said:
....(Though the experts will often have PRSS or might be representing the registrant, of course.)...

... :shock: An open admission from the bowels of Nominet.

Jac said:
It was suggested by Beasty (at the Nominet meeting on 22nd June) that some experts are putting themselves about as having legal knowledge of the DRS and charging registrants/respondents huge fees for representing them in DRS cases. If I remember correctly, Beasty suggested this was a conflict of interests and Nominet should consider the implications of allowing experts who have previously made DRS decisions to remain on the Panel of Experts if they are now representing respondents and earning legal fees for doing it.

...If I remember correctly Beasty actually refered to 'experts' having represented Complainants rather than Registrants/Respondents, but either way I guess I'm not the only one who would quite reasonably see that as a conflict of interest!

...How about you, do you think this is OK?

If this practice is happening, what would you like to see done about it?

rob · Jul 19, 2006

Michael Penman said:
Only if the expert became aware of it in some other way. We do not provide the experts with information about registrants with whom we no longer have a contract, nor about a registrant's other domain names beside those in the DRS case. (Though the experts will often have PRSS or might be representing the registrant, of course.)

Fair enough if:

The Complainant can demonstrate that the Respondent is engaged in a pattern of registrations where the Respondent is the registrant of domain names (under .uk or otherwise) which correspond to well known names or trade marks in which the Respondent has no apparent rights, and the Domain Name is part of that pattern

and

There shall be a presumption of Abusive Registration if the Complainant proves that Respondent has been found to have made an Abusive Registration in three (3) or more Dispute Resolution Service cases in the two (2) years before the Complaint was filed.

However I call bollocks on the 'expert' using the PRSS themselves to dig out other registrations. Do the experts also get access to the DRS records to see if the complainant has tried it on before on other names?

Incidently do the 'experts' fork out for the PRSS or is it provided as a perk?

Likewise do Nominet give them any special access as it must be a pain to search for 'Jones' and wait several weeks for their quotas to top back up as a search for "Mr D Jones" would fail due to under 3 letters.

Jay Daley · Jul 19, 2006

aqls said:
Does Nominet keep a historical record of domain ownership?

Yes.

aqls said:
If so, is it publicly available?

No.

Jay Daley · Jul 19, 2006

aqls said:
From a data protection point of view, I guess you can ask for your details to be removed from their database after sale of a domain.

Why do you think that?

aqls · Jul 19, 2006

Data Protection Act said:
Organisations must keep the information accurate and up to date, they must
only keep it for as long as they need it for a specified purpose and they must
keep it secure.

I don't know what "specified" purposes justify Nominet holding onto data, but I doubt my "signature fraud" reason was one of them.

-aqls-

sneezycheese · Jul 20, 2006

rob said:
However I call bollocks on the 'expert' using the PRSS themselves to dig out other registrations.

...Nominet DRS Quotes (from their website):

1. "Decisions are made solely on the information that has been submitted to us."

2. "The Expert who decides the case is not required to undertake any further investigation"

...Any comments? (in particular regarding quote 1).

rob · Jul 20, 2006

As I said , that has to be bollocks. They are DRS 'experts' not columbo

Jac · Jul 20, 2006

sneezycheese said:
...If I remember correctly Beasty actually refered to 'experts' having represented Complainants rather than Registrants/Respondents, but either way I guess I'm not the only one who would quite reasonably see that as a conflict of interest!

Why would it matter whether there are representing complainants or respondents? As far as I recall (and I'm sure he'll clarify this if he wishes) Beasty was suggesting that the principle of allowing them to do so, whilst acting as DRS Experts, was flawed.

sneezycheese said:
...How about you, do you think this is OK?

The quick answer is I don't know. Solicitors in particular do this kind of stuff all the time. They get experience in one particular area of law and then promote themselves in that arena.

sneezycheese said:
If this practice is happening, what would you like to see done about it?

Apparently it is happening (if Beasty has his facts right) and it does seem reasonable to say there is a conflict of interests if one can be deciding a DRS case one week and representing a complainant or respondent the next. Then again, it is incumbent on all legal experts to be impartial in their findings and make decisions based on the policy or legislation in place at a specific time.

As far as I'm aware Nominet is looking at the issue Beasty raised.

Regards
James Conaghan

grantw · Jul 20, 2006

sneezycheese said:
...Nominet DRS Quotes (from their website):

1. "Decisions are made solely on the information that has been submitted to us."

2. "The Expert who decides the case is not required to undertake any further investigation"

...Any comments? (in particular regarding quote 1).

Bumping this as I would like to see a response from Nominet on the above? Does the expert in a DRS sometimes consult the PRSS off their own backs to check the respondants portfolio for 'dodgy' domains? If so then it would seem that they are not following the procedure correctly (at a possible disadvantage to the respondant)???

Grant