"Is it illegal to register a domain just because it's an admin contact and then transfer the "stolen" domain to yourself in an other account?"
I would answer that question as a YES. Although it is technically possible to transfer a domain name this way, the person using the admin contact email address to request and confirm the transfer is making a representation that they are authorized by the registrant. That is fraud. Having the ability, via the domain name, is not the same as having the actual authorization which you are representing to have when you make the transfer.
Register.com may be an exception to this rule, since they have some really oddball understandings of who is the "registrant" for a domain name in their registration agreement and in the way they approach various transfer and ownership issues. Most of the registrars have a "presumptive authorization of the admin contact" approach, but Register.com seems to have a "the admin contact is the registrant" approach.
"People who are willing to transfer ownership over that easily strike me as the type who know the ownership won't last long enough to do business in a normal manner."
That is also a relevant point. By now, most experienced domainers know that it is easier for a transferee to stop paying than it is to get a domain name back if it hasn't been paid for. By the same token, you would think this would raise a red flag in the mind of the transferee, particularly in a mediated transaction where he does not know with whom he is dealing.
"This domain name never dropped --- don't folks know how to use WHOIS anymore? The Creation Date for secretary.com is September 9, 1995."
That is a relevant data point. Creation dates are not always reliable, but at least this is some kind of objective fact. Did NSI re-set the creation date when they took the name back? Another thing that date indicates is, if the domain name were renewed in two year intervals since that date, then it would have been ripe to drop in... early October of 2003.
The reason I ask is that I have seen situations where the registry will delete an NSI name, the name will be registered elsewhere, but NSI will maintain the old whois data for the name in the registrar database. While it doesn't reflect well on NSI registrar's data hygiene, it doesn't do any functional harm as long as the registry data for the authoritative registrar is correct. It is sort of the way your computer "deletes" files by removing entries from a pointer table, rather than erasing data on the disk.
So, it is possible for a deleted domain name to "regain" an earlier creation date if an NSI name is deleted by registry, registered somewhere else, and then moved back to NSI. In fact, this makes it very easy for NSI registrar to recover a mistakenly deleted or stolen name, since the only record change that needs to be made is the registrar indication in the registry data.
"If it was not and it was a case of the Registrar arbitrarily returning the name to a previous owner, after the sale, then I do not see how anyone other than the Registrar can be legally held responsible."
I wish I had the talent to economize on words, but that is exactly the point. Registrars can pretty much do whatever they darn well please with domain name registrations, which causes a certain amount of insecurity, and a known risk, in any sale transaction.
And again, before the Cowboy points his six shooter at me - I don't know whether or not this domain was stolen. Maybe it was, maybe it wasn't. My point is that transactions can be structured in a way to prevent having to engage in these sorts of forensics when a registrar exercises its power to be capricious.
If the domain name was not stolen, and this was just another instance of a registrar caving under pressure and insufficient proof, then one could argue that Cowboy is still on the hook for the remaining installment payments. And this points to an inconsistency in the position of Chris and his friend. If the seller believes the registration was legitimate, then one would expect him to (a) suspect that Cowboy really sold the name and is making this all up, and (b) demand the continued installment payments. If the seller is waiving receipt of the balance of payments as a courtesy, that is one thing. But if the question never came up, then it does not reflect well on what we can infer about the seller's knowledge.
Cowboy is certainly correct that involving law enforcement authorities should be unobjectionable to the seller, and I would encourage him to do so. Of course, that can be done without making public proclamations on less than certain facts.
