Tuesday, March 04, 2008

Domain Name Registrars - The New Points of Control?

Jonathan Zittrain has pointed out that regulation of the internet has tended to proceed - whether by way of litigation or legislation - by identifying particular intermediaries and compelling them to act as points of control over user behaviour. The intermediaries targeted have included hosts, ISPs, search engines, hyperlinkers and financial intermediaries (which have been compelled, for example, to stop credit card payments to gambling sites). Some relatively recent developments suggest that domain name registrars are joining them in the firing line - and that this may result in some interesting cross-border legal issues.

An early example took place in the Rate Your Solicitor saga, where the plaintiff in an Irish defamation action succeeded in 2006 in persuading US registrar Godaddy to disable the rateyoursolicitor.com domain (apparently for false WHOIS data) notwithstanding that Godaddy would appear to have enjoyed immunity under section 230 CDA. (Not that this deterred the critics of Irish lawyers, who promptly moved to rate-your-solicitor.com where they remain today.)

At around the same time, the plaintiffs in the Spamhaus litigation set out to persuade an Illinois court to order ICANN (rather than the Canadian registrar!) to suspend the Spamhaus domain name - on the basis that Spamhaus (located in the UK) could not otherwise be made to comply with that court's order. (Ultimately, however, the court accepted that ICANN and the registrar were not involved in the defendant's actions nor able to control them, and consequently an order should not be directed towards them.)

The Spamhaus case didn't, however, deter the lawyers acting for Bank Julius Baer in its attempt to silence Wikileaks.org, who succeeded (albeit temporarily) last month in persuading the Californian courts to issue an interim order requiring the registrar (Dynadot) to disable the Wikileaks.org domain name and remove all DNS hosting records. (This despite the lack of any obvious role for the Californian courts in adjudicating on a dispute between a Cayman Islands bank, its Swiss parent company, a Swiss former employee, and the various individuals around the world responsible for Wikileaks, and despite the lack of any full hearing.) Daithi has a particularly good post on why this amounted, in effect, to an internet death penalty and was a disproportionate prior restraint on speech.

Now the New York Times reports that the US government has ordered domain name registrars to disable domain names which it alleges breach its ban on trade with Cuba:
Steve Marshall is an English travel agent. He lives in Spain, and he sells trips to Europeans who want to go to sunny places, including Cuba. In October, about 80 of his Web sites stopped working, thanks to the United States government.

The sites, in English, French and Spanish, had been online since 1998. Some, like www.cuba-hemingway.com, were literary. Others, like www.cuba-havanacity.com, discussed Cuban history and culture. Still others — www.ciaocuba.com and www.bonjourcuba.com — were purely commercial sites aimed at Italian and French tourists.

“I came to work in the morning, and we had no reservations at all,” Mr. Marshall said on the phone from the Canary Islands. “We thought it was a technical problem.”

It turned out, though, that Mr. Marshall’s Web sites had been put on a Treasury Department blacklist and, as a consequence, his American domain name registrar, eNom Inc., had disabled them. Mr. Marshall said eNom told him it did so after a call from the Treasury Department; the company, based in Bellevue, Wash., says it learned that the sites were on the blacklist through a blog.

Either way, there is no dispute that eNom shut down Mr. Marshall’s sites without notifying him and has refused to release the domain names to him. In effect, Mr. Marshall said, eNom has taken his property and interfered with his business. He has slowly rebuilt his Web business over the last several months, and now many of the same sites operate with the suffix .net rather than .com, through a European registrar. His servers, he said, have been in the Bahamas all along.
What's the significance of this? As in some of the other cases, it means that internet speech may be shut down without any prior notice to a party, and without any hearing. It also means that disputes which have no underlying connection with a particular jurisdiction may end up subject to the law of that jurisdiction:
Susan Crawford, a visiting law professor at Yale and a leading authority on Internet law, said the fact that many large domain name registrars are based in the United States gives the Treasury’s Office of Foreign Assets Control, or OFAC, control "over a great deal of speech — none of which may be actually hosted in the U.S., about the U.S. or conflicting with any U.S. rights."

"OFAC apparently has the power to order that this speech disappear," Professor Crawford said.
There's also a very important practical point here. Website owners are already acutely aware that hosting liability varies from jurisdiction to jurisdiction - and for that reason many chose to host in the US where section 230 CDA makes it less likely that a host will take down a site based on vague and unjustified threats. These cases illustrate that domain owners should be equally cautious in deciding which registrar to use - pick a registrar located in the wrong jurisdiction, or one which (as Dynadot appeared to do in the Wikileaks case) caves in too easily and you may find your domain name vanishes.

4 comments:

  1. Interesting article. One thing I wanted to note was that GoDaddy.com also recently suspended the domain ratemycop.com, a Los Angeles based website where users can leave feedback on officers.

    The story can be found here:
    http://blog.wired.com/27bstroke6/2008/03/godaddy-silence.html

    It seems GoDaddy used the excuse of exceeding bandwidth as the reason behind taking the site offline, though personally I think that's bullocks. I think Godaddy responded to a popular news story in which police officers responded to ratemycop.com. That story can be found here:
    http://cbs13.com/local/rate.a.cop.2.673410.html

    Also, it seems that ratemycop.com is up and running, but I couldn't find any info as to who is now hosting the site or any further developments on that story.

    ReplyDelete
  2. "These cases illustrate that domain owners should be equally cautious in deciding which registrar to use"

    Which, unfortunately, won't be necessarily easy if they're not familiar with any applicable law in that registrar's jurisdiction.

    One could sign-up with either Tucows or Rebel in Canada. However, Canada's criminal code may prevent one from posting online information on a pending prosecution in their domain name's web site.

    Or, one could use either Gandi.net or Joker.com. But one can't put up a hate site in Europe.

    Then you've got PublicDomainRegistry/DirectI in India. IIRC, they have a law placing liability on service providers whose servers are used to send out spam.

    And of course, there is a registrar in China. Don't get started on that. :P

    Domain registrars, like any business, are obligated to obey any laws within their jurisdiction. Given the examples above, looking for a registrar in particular might be a tall order, sheesh...

    ReplyDelete
  3. Dave - that's a very good point. In practice it probably means that domain owners should generally use registrars in their home jurisdiction where they are more likely to be familiar with local law. This is also good advice if the domain name is likely to be contentious - by using a US registrar, you may end up with a situation where the US courts can acquire in rem jurisdiction under the dispute (under the Anticybersquatting Consumer Protection Act), even though they would not otherwise have in personam jurisdiction. In practice, this means that by using a US registrar, an Irish domain name owner may end up unable to fight an unmeritorious trademark claim due to the expense of defending an action in the US.

    ReplyDelete
  4. ICANN is basically US controlled. Whether that will continue to be the case or not remains to be seen.
    Maybe opting for a ccTLD might help avoid some of the issues, but the mountains of paper that solicitors love dumping on people's desks is scary.
    If someone were to offer an insurance policy to cover the legal costs faced by hosts and registrars dealing with a lot of the spurious claims I'd sign up in the morning!

    ReplyDelete