After receiving several questions from the Ethereum community regarding this topic, Bern Weiss LLP spent the last week producing an in-depth analysis of ENS-name cybersquatting and the legal and pragmatic considerations surrounding the practice. This three-part series contemplates this scenario. Part One is an introduction for newcomers to the nature of cyber-squatting and why the ENS system presents new challenges in curbing the phenomenon. Part Two explains how laws developed for the legacy DNS system will likely to apply to squatters in the decentralized web. And Part Three considers the difficulties in enforcing courts’ decisions over these matters given the decentralized nature of Ethereum, and elaborates on different perspectives and solutions offered by key players in the ENS community on how the situation may unfold over the next few years.
On May 25, 2017, the “reveal bid” stage for the auction for ownership of “Samsung.eth” concluded on the ENS registrar contract. The highest bid for this name was 1,300 Ether, with a second highest bid of 277 Ether, which means (according to the ENS bidding rules) that the name was locked in for around $72,000 at Ether’s current price ($260 ETH/USD). 83 unique wallet addresses bid for this name, likely indicating there were at least 82 attempts to “cyber-squat” – registering famous or trademarked domain names by individuals not legally entitled to such use of the name. Given the number of high-value bids the winning wallet placed on other famous ENS contracts, it is likely that a cyber-squatter (“ENS-squatter” or “squatter”), not Samsung, was the successful bidder.
There are nearly 2,500 reported instances per year of domain name squatting on the internet, a long-standing problem affecting companies and entities of all sizes and prestige. The victims of traditional cyber-squatting are generally compelled to engage in costly litigation to protect their brands. Foreseeing this issue on the new decentralized web, ENS developers have maneuvered to disincentivize squatting by making the practice as uneconomical as possible. Nonetheless, there is still a strong likelihood that the practice is already, and will continue to be, widespread in the ENS system.
Some have wondered if more should be done to better combat ENS-squatting. While courts would likely look unfavorably upon this practice, many in the blockchain ecosystem question whether and how courts will be able to enforce their decisions in decentralized networks given the lack of a central authority to implement a court order. This piece summarizes the forces that may cause ENS-squatting, how courts will likely address the practice, and some ideas for discouraging this activity on the decentralized web.
1. What Are ENS Names and Why Would Someone “Squat” on One?
The Ethereum Name Service (“ENS”) system is a novel attempt to assign human-readable web addresses to help regular web-users easily access websites built on decentralized infrastructure (the “decentralized web”) the same way that Domain Name Service (“DNS”) organizations did so for the legacy internet system. Early internet developers created the DNS to assign human readable “domain names” – the plain-text identifier that ends with “.com,” “.net,” or another similar suffix used to navigate to a website (e.g., “www.samsung.com”) – so that users could access websites by entering domain names, rather than more complicated (and generally forgettable) numerical IP addresses. DNS names are assigned by the Internet Corporation of Assigned Names and Numbers (“ICANN”), which has quasi-legal authority over how domain names are distributed and which maintains exclusive control over all domain names so that each name will only redirect to a single website.
The decentralized web is an attempt to move away from the IP address-based web, instead allowing web-hosting across many machines in a way that is redundant, secure, and free from location-based identifiers. Decentralized web advocates believe that its ability to obfuscate online activity’s physical location and return control of users’ information back to the users themselves solves several fundamental problems caused by the manner in which the legacy centralized internet has developed, including how (a) certain parties (like governmental or corporate entities) can block or censor websites or specific content, (b) entities can accumulate and sell massive amounts of individuals’ internet activity and other information, and (c) attackers can exploit security vulnerabilities based on a website’s centralized nature (such as so-called DDoS attacks).
ENS is a system that assigns human-readable addresses to the more complicated (and forgettable) hexadecimal Ethereum wallet addresses that are stored on the blockchain. ENS addresses can be used to redirect browsers to web content hosted through decentralized protocols such as the InterPlanetary File System (IPFS) and Swarm in the same way the DNS system does so for the legacy internet. However, ENS’s central registration authority is an executable distributed code contract (“EDCC”), which is immutable (the underlying code cannot generally be altered by any human authority) – in other words, the ICANN/DNS system is replaced by a completely automated system that assigns domain names in the decentralized web. Once an individual obtains an ENS name, the name cannot be transferred to another user without that individual’s consent.
Some ENS-squatters who believe that the decentralized web will disrupt the global economy in the same way the internet did in the 1990s are purchasing ENS names containing famous protected marks now while they are still relatively inexpensive. Other ENS-squatters might look to profit by utilizing the fame or brand identity of a famous protected mark to siphon traffic to their own products and services, or might even be competitors of the protected mark’s holder looking to unfairly tarnish the brand of their competition. In any of these circumstances – and unlike in the legacy DNS system where ICANN can remove a squatter’s rights to a specific domain name if it determines that the squatter is unfairly trying to exploit its ownership of the name – there is no central authority that can override a squatter’s efforts in ENS. If the decentralized web ultimately overtakes the legacy internet, as many believe it will, this immutable feature may potentially make ENS-squatting a more lucrative practice than squatting on DNS-registered names because there is no risk of a central authority forcibly transferring control of an ENS address.
 The mechanism for ENS name auctions is complicated, but can be summarized as follows: first, a specific ENS name (such as Samsung.eth) is released for bidding by the automated ENS Register executable distributed code contract (“EDCC”); next, a user can access that EDCC using an Ethereum wallet address to initiate the auction’s bidding period, which lasts three days; other users may bid during the period, but most (if not all) bids are kept secret until the bidding period concludes; the auction then enters the “reveal period,” a two day period during which users who bid on the name use their Ethereum wallet to again interact with the ENS Register EDCC to display their bids; if a user who reveals their bid is not the currently revealed highest bidder, then their Ether is returned to them less 0.5% of their bid, which is “burned” forever; if they are the highest bidder, their bid remains locked in the transaction until and unless another user reveals a higher bid; at the conclusion of the reveal period, the highest bidder is returned the amount of their bid that is in excess of the second highest bid’s value, and they are awarded ownership of that ENS name; the remainder of the new owner’s bid is then “locked” for at least one year, after which they will have the option to maintain their ownership of that address or release the locked funds back to their account. The entire process is automated, and there is no opportunity for human intervention in the process other than that outlined here.