Re: [gnso-rap-dt] Front-Running

[George Kirikos <icann+rap@xxxxxxxx>]

Hi James,

On Wed, Aug 5, 2009 at 11:15 AM, James M. Bladel wrote:
> But as to the larger question of registrar / ISP involvement in front
> running:  Isn't this idea predicated on registrars wanting to acquire
> domain names more than they want to acquire paying customers?  (Assuming that 
> those hypothetically harmed by front running take their business 
> elsewhere....)

Yep, we're on the same wavelength. These days, registrars are often
holding large portfolios of domain names for themselves. Even GoDaddy,
although apparently the "Standard Tactics" is being (or has been) shut
down:

http://domainnamewire.com/2008/12/03/standard-tactics-llc-how-godaddy-profits-from-expired-domains/

eNom, Dotster, Tucows, Fabulous and other registrars have significant
holdings of domain names for their own account, thus in some ways they
are "in competition" with their customers for "the good domains."
Often this conflict is seen in how expired domain names are handled.
However, it could certainly, in theory, take place for unregistered
domains. The registrars need to weigh the costs (loss of reputation,
loss of business) vs. the quality of the domain name that is at stake.

For example, suppose I read in the newspaper that a scientific
discovery has taken place, and "Example" is going to be THE hot new
thing for the next 50 years and will be a trillion dollar industry. I
go to my registrar to attempt to snag Example.com. The registrar does
a check, and sees that the name is available. In theory, they could
run their own analytics, e.g. do a query of Google News, Google
Trends, Twitter, etc. If they see 10,000 references to "Example", they
might determine "Hey, that's a $5 million domain name we're about to
let a customer have for $7. Better to grab it for ourselves!"

It comes down to expectations of privacy, and appropriate disclosures
(this is stuff I'm drafting right now and hope to post in the next few
days, but I appeciate the ongoing discussion on the list so I can
include anything I might have overlooked).

Just to go back to the financial world, Goldman Sachs makes disclosure
statements:

http://www.zerohedge.com/node/12083

"Monitoring by GS: Your use of the products and services on this Web
site may be monitored by GS, and that the resultant information may be
used by GS for its internal business purposes or in accordance with
the rules of any applicable regulatory or self-regulatory
organization."

Thus, because they gave that disclosure to their client, are they free
to do whatever they like, including trading against their customer?
This was discussed in Time Magazine/Rolling Stone too:

http://www.time.com/time/business/article/0,8599,1908562,00.html

"And get this: contained in Goldman's client form is this disclaimer,
"You acknowledge that we may monitor your use of the Services for our
own purposes (and not for your benefit)." The firm seems to be
announcing out loud that it plans to trade against its clients."

In the case of a POTENTIAL registrant (i.e. not logged in, never gave
a credit card to the registrar, etc.) what actual rights, what actual
contractual relationship exists between that person and the registrar?
Or the registry? Or anyone else who might be tipped off as to the
"intentions", "interest" or "information" coming from that registrant?
Probably none. The concept of "privity of contract" is probably
involved, too, if there are contracts between some parties (e.g.
registrar-registry) but none between others.

Other things I'm planning to write up which I'll just jot down here in
point form, that folks might want to think about:

- Chinese walls (taken from finance, e.g. between M&A and proprietary
trading parts of a firm)
- having registries provide lists of all domains and expirations dates
(and diffs) so that the "check" command does not need to be used at
all; folks can instead do queries locally, in order to have complete
privacy (and only do "adds" when they are fully committed to making
the purchase); the zone file is an imperfect proxy for these lists
(although might be adequate for most people)
- some registrars definitely store/log WHOIS lookups (which can be
used for datamining), e.g.

http://www.networksolutions.com/whois/index.jsp

right hand column displays the most popular AND the most recent WHOIS lookups.
- price discrimination/tiered pricing could be done by registries if
they have knowledge of lookups, or can set prices dynamically AFTER
the result of a "check" or if a query is required to ask for the price
of a domain name; e.g. .newTLD engages in tiered pricing, and I go to
a registrar to register Example.newTLD. That registry could say "we've
had 100 checks for that domain name in the past day, and 10,000 in the
past year; that domain is "interesting" so after running it through
our valuation models, we'll price it dynamically at $500,000."
- price discrimination/tiered pricing for related registries: if a
registry handles the backend for multiple TLDs, or shares lookup
information, they could adjust the price for a domain in a TLD based
on activity in a different TLD; e.g. they see Goldman Sachs register
Example.newTLD, and so they raise the price of the unregistered
Example.AnotherNewTLD to $1 million/yr. (refer back to Chinese walls
as possible solutions)
- when registrars (or others) do an availability check, or if ISPs
monetize unregistered domains via their own PPC pages, they might be
passing information to dozens of entities; e.g. API partners for
namespinning, API partners for domains for sale (e.g. AfternicDLS,
Sedo, Fabulous DDN, etc.); Analytics providers (Google Analytics,
Quantcast, Omniture), PPC providers (Google, Yahoo, etc.), multiple
unrelated TLDs (e.g. Centralnic domains, ccTLDs, e.g. if you want
"Example.com", you might also want Example.co.uk which is available or
Example.us.com")
- registrars in theory can compete as to the level of "trust" they
want to offer customers (e.g. they could offer 1-click registrations
for prepaid accounts that do a "direct add" without 5 pages of upsells
which delay an order's progress from "idea" to "checkout" to
"registration"); however, registries do have that monopoly (a reason
to perhaps offer the files mentioned above which can be checked
entirely locally, so that the opportunities for a registry to trade
against customers are diminished)
- possibly focusing on education, i.e. that ideas are valuable, and
folks should know that when they do research, they are potentially
revealing their ideas, and they should only do so to people they
trust; that "trust" is probably best when in binding contracts, not
some implicit "oh I went to their website and trusted they would not
take a domain name that I thought up first"
- discussion of client-side information leaks, e.g. spyware; although
ICANN can really only set policy for registrars and registries, so
this would only be "education" for prospective registrants
- first to register in the patent system, vs. first to invent (i.e.
"race to register first")

Now I can throw away some of the scraps of paper littering my desk, as
the above contains many of the the ideas that I'm hoping to put into
the document (and will add additional reference to some of the
examples of front-running and insider trading in the financial world).

I appreciate any other comments that folks have to add.

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/