Re: [gnso-igo-ingo] Thoughts on fact-based policy development

["Christopher Lamb" <christopher.lamb17@xxxxxxxxx>]

Dear Alan,

Thanks for this.  People now working in the RCRC Movement institutions can 
answer the questions better than I nowadays, but my observations drawn from 
my experience are, to your points:
-  agreed, for this doesn't prevent all sorts of other abuses.  It would 
however be a SIGNIFICANT (to use your caps) move in the right direction and 
prevent some of the more egregious abuses.  As importantly, it would carry 
the protection the redcross and redcrescent names now receive from 
international and national law into the Web, and serve to support the 
worldwide understanding that these words mean neutrality in its most 
important sense, on the battlefield.
-  yes.  That's exactly right.  I would say that very few of the honest ones 
are defensive registrations and those which are usually end up being 
registrations in other languages to cover their national diversity, or 
defensive in the sense that .net, .com, dot.info etc are all needed to 
provide good protection.
-  yes, they should be so prevented unless it is done with the approval of 
the Red Cross or Red Crescent Society, or the international institution as 
the case may be.  These names have too specific a meaning for wider use. 
There was a case rather like this during a recent disaster in Tasmania when 
a young man used "Red Cross" without realising that he was breaking 
Australian law.  His intentions were good, and once it was explained to him 
he understood perfectly well and adopted a different name.
-  I used to know more about redcross.us, and would have to find my old 
research if I were to provide an evidenced answer.  Debbie would know well, 
I'm sure - have you asked her?  She may also know what the American Red 
Cross has tried to do about it, but I have to confess that it's weird - a 
lighting company registered by a company in Lebanon and on a server in 
Scottsdale Arizona with GoDaddy as the sponsoring registrar.  According to 
the domain report the Lebanese registrant organisation is "Red Cross" of the 
city of Aley in Lebanon.
All the best

Chris

-----Original Message----- 
From: Alan Greenberg
Sent: Thursday, January 24, 2013 2:45 AM
To: Christopher Lamb ; GNSO IGO INGO
Subject: Re: [gnso-igo-ingo] Thoughts on fact-based policy development

Thanks Chris.

A couple of thoughts after reading your note.

- There are certainly many potential abuses to try to attract
disaster-related money that are completely beyond out control. Even
if we came up with a way to prevent Redcross-tsunami.tld, we
certainly cannot stop Haiti-earthquake.tld which might use you
symbols and name in e-mail and web sites. And that is part of what I
am trying to understand in my suggestion. To what extent is exact
match prevention likely to SIGNIFICANTLY help you.

- Regarding domains registered under ccTLDs, we need to recognize
that many of those are not defensive registrations but real working
domains for the country/regional organizations, as is the case with
the ca, eu and ch examples.

- Exceptions are going to be a challenge. If a .charity comies into
being with good controls over who can register, do you really want to
be prevented from registering redcross.charity?

Lastly, and not related to the work of this WG, if you know the story
behind redcross.us, I would really like to understand it (presuming
it is legitimate, which it seems to be). Is it just a cute play on
the English word US?

Alan

At 23/01/2013 06:52 AM, Christopher Lamb wrote:
> Dear Alan,
>
> Thanks for this.  I'd just add that there are a very large number of 
> domains which use redcross or redcrescent in association with a country 
> code.  You mention redcross.ca and I won't list all the others of which I'm 
> aware unless you wish me to do so, but Switzerland is an example worth 
> noting - the main website is redcross.ch but croixrouge.ch, crocerossa.ch 
> and roteskreuz.ch all lead to it.  The website redcrescent.org was owned by 
> someone in the US a couple of years ago and dormant, but now appears to 
> hold a lot of information related to disasters - but it doesn't appear to 
> be owned by any organisation in the Red Cross Red Crescent Movement. 
> Another which worries me is http://www.croix-rougecamerounaise.org/, an 
> example of what should not be possible and which is probably entirely 
> beyond the control resources of the Cameroon Red Cross Society.
> There are many examples of people trying to make money out of the redcross 
> brand in domain sales.  Have a look at laoredcross.org, which has nothing 
> to do with the Red Cross Society of Laos.  Redcross.me is for sale.  Quite 
> a lot of country code domains are a source of concern, and although they're 
> not part of the current study they offer examples of the way fraudsters and 
> money-makers work.  The RCRC Movement spends a lot of time and resources 
> getting the relevant authorities to remove these sites, usually 
> successfully, but it is very resource-intensive and a special problem when 
> domains appear from nowhere after virtually every newsworthy disaster with 
> worldwide coverage.  As you would expect, these people expect to make all 
> their money in the first 48 hours while media coverage of the suffering is 
> at its most intense, and lengthy procedures are completely ineffective - in 
> all cases which I've tracked the looters disappear with their money long 
> before any procedure could get started.
> There are also cases of abuse with the intention of denigrating the 
> National Society concerned.  One, a few years ago, concerned the abuse of 
> the name of the Hungarian Red Cross in the US.  There have been others 
> aimed at National Societies which chose to use acronyms or initials for 
> their domain name and exposed themselves to danger - one was the Palestine 
> Red Crescent Society whose domain palestinercs.org was mirrored and then 
> abused in palestinercs.net.  This isn't a subject covered by our current 
> work, and it's my hope that when we resolve the future TLD system the RCRC 
> Movement should ask National Societies to regularise their naming protocols 
> in accordance with that system.
> I did a survey of the misuse or abuse of the names of National RCRC 
> Societies in February 2011 and without difficulty found and reported 19 
> egregious cases.  Following that most were able to be removed, but some, 
> like the Lao and Cameroon cases, are still there.  Time permitting, I would 
> look into this again if it were necessary, but the hard fact is that the 
> redcross and redcrescent names are abused as a matter of course after 
> significant newsworthy natural disasters or conflicts.  A spectacular one 
> in 2005 enticed the unsuspecting public to donate to a bogus thing called 
> the Santa Maria Red Cross Tsunami Survivors Fund.  You won't find it any 
> more, but what we did to put it down is a great story worthy of a movie 
> script. Not what we should be aiming for through this process, of course.
> I recognise that this will look like an anecdotal commentary, but it's also 
> reality.
> Best wishes
>
> Chris
>
>
>
> -----Original Message----- From: Alan Greenberg
> Sent: Wednesday, January 23, 2013 4:44 PM
> To: GNSO IGO INGO
> Subject: [gnso-igo-ingo] Thoughts on fact-based policy development
>
> Both I and the ALAC in its recent statement have stated that if we
> are going to take the large and unusual step and provide special
> protection to IGO/INGO names, we should do so understanding what
> problem(s) we are trying to solve and have a high level of comfort
> that the proposed solution actually will address these problems.
>
> To take a large number of character strings out of circulation, or at
> least put in place significant (no doubt both costly and
> time-consuming) hurdles to using these strings without a substantive
> benefit is counter to the culture that has allowed the Internet to
> thrive. Moreover, it sets the stage for even more similar requests in
> the future, both on the basis of TMs and "public money".
>
> To date, we have seen virtually no data related to IGOs and little
> related to INGOs on the problems they currently suffer that would be
> relieved with the reservation or blocking of their requested
> exact-match names and acronyms.
>
> To try to get a feel for whether this is just an obstreperous
> objection or really has merit, I undertook a small and not
> necessarily representative study of the names of a number of
> organizations. Specifically NATO, ITU, UPU, CERN, WHO, ILO, UNICEF
> and RedCross. All except the last two were signatories of the letter
> requesting protection for IGO names (recently resent to this group
> along with the UPU statement appended to the RySG input, but which
> also can be found at
> http://www.icann.org/en/news/correspondence/igo-counsels-to-beckstrom-et-al-13dec11-en.pdf).
>
> I checked to see whether their names were registered in a number of
> TLDs, specifically int, com, net, org, info, biz, us, ca and eu, who
> they were registered to, and what use was being made of the domain
> name (from a web point of view). The results are attached.
>
> - Lines highlighted in Dark blue are used by the organization in
> question (or an affiliate). Light blue are sort of used by them, but
> is not actually an active web site, or is used in a rather curious
> way, or is seemingly owned by a private individual who redirects the
> site as a matter of courtesy.
>
> - Lines highlighted in dark green seem to be legitimate uses of the
> name but not by the organization in question. There is a pale green
> entry that would be reasonable except it is largely a monetization site.
>
> There are large number of monetized pages, and a fair number of uses
> of names for which I can see no rationale at all. In no cases has any
> of the organizations in question taken control of all of the names.
>
> For the first few, I also did a reviews search on the e-mail admin
> contact address listed in the Whois, as some measure of how many
> other domain names are managed by that organization. The short answer
> is "not many" for those that I looked at. I stopped when my free
> access to the reviews whois engine was cut off.
>
> This was an interesting exercise, but as stated earlier, there is no
> pretense of this being a definitive analysis. But it does bring into
> question just how important the requested reservations are, what uses
> would such reservations rule out if implemented as complete blocking,
> and what harms will be prevented by their implementation.
>
> I strongly suggest that at the least, we request specific information
> from the organizations that have explicitly requested protection (at
> the very least RCRC, IOC, and the organizations identified in the
> 13Dec11 letter). This should include:
>
> - A list of TLDs in which they have registered their requested names,
> or otherwise taken action to prevent them being registered by others.
> - Identification of any disputes over identical names, names that
> would have been disallowed if the requested policy had been in place
> for all gTLDs, and the outcomes of these disputes.
> - Identification/elaboration of the harms caused by the above cases.
> - An estimate of the magnitude of these cases compared to other
> domain name conflicts which will not be prevented by the requested
> gTLD protections.
>
> Lastly, I would suggest that we ask whether they would:
> - Expect exceptions to the reservation of their names to allow their
> own registration of the names
> - How they contemplate allowing exceptions for the legitimate use by
> others of the names.
>
> Alan