Cops can’t block domain transfers without court order, NAF rules
Law enforcement and IP owners were dealt a setback last week when the National Arbitration Forum ruled that they cannot block domain transfers unless they have a court order.
The ruling could make it more difficult for registrars to acquiesce to requests from police trying to shut down piracy sites, as they might technically be in breach of their ICANN contracts.
NAF panelist Bruce Meyerson made the call in a Transfer Dispute Resolution Policy ruling after a complaint filed by EasyDNS against Directi (PublicDomainRegistry.com).
You’re probably asking right about now: “The what policy?”
I had to look it up, too.
TDRP, it turns out, has been part of the ICANN rulebook since the Inter-Registrar Transfer Policy was adopted in 2004.
It’s designed for disputes where one registrar refuses to transfer a domain to another. As part of the IRTP, it’s a binding part of the Registrar Accreditation Agreement.
It seems to have been rarely used in full over the last decade, possibly because the first point of complaint is the registry for the TLD in question, with only appeals going to a professional arbitrator.
Only NAF and the Asian Domain Name Dispute Resolution Centre are approved to handle such cases, and their respective records show that only one TDRP appeal has previously filed, and that was in 2013.
In the latest case, Directi had refused to allow the transfer of three domains to EasyDNS after receiving a suspension request from the Intellectual Property Crime Unit of the City of London Police.
The IPCU had sent suspension requests, targeting music download sites “suspected” of criminal activity, to several registrars.
The three sites — maxalbums.com, emp3world.com, and full-albums.net — are all primarily concerned with hosting links to pirated music while trying to install as much adware as possible on visitors’ PCs.
The registrants of the names had tried to move from India-based Directi to Canada-based EasyDNS, but found the transfers denied by Directi.
EasyDNS, which I think it’s fair to say is becoming something of an activist when it come to this kind of thing, filed the TDRP first with Verisign then appealed its “No Decision” ruling to NAF.
NAF’s Meyerson delivered a blunt, if reluctant-sounding, win to EasyDNS:
Although there are compelling reasons why the request from a recognized law enforcement agency such as the City of London Police should be honored, the Transfer Policy is unambiguous in requiring a court order before a Registrar of Record may deny a request to transfer a domain name… The term “court order” is unambiguous and cannot be interpreted to be the equivalent of suspicion of wrong doing by a policy agency.
To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police.
That’s a pretty unambiguous statement, as far as ICANN policy is concerned: no court order, no transfer block.
It’s probably not going to stop British cops trying to have domains suspended based on suspicion alone — the Metropolitan Police has a track record of getting Nominet to suspend thousands of .uk domains in this way — but it will give registrars an excuse to decline such requests when they receive them, if they want the hassle.
Good Guys EasyDNS!
I bet EasyDNS gets many new customers. Good job EasyDNS!! No court order, suck dirt!!!
One wonders what the registrants were hoping to achieve by switching registrars. Was it: hoping to avoid consequences, by moving to a Registrar that would (perhaps rightfully) take a tougher stance on (or worse, in some cases, turn a blind eye to) allegedly illegal conduct (prohibited by its own registration terms)?
This scenario poses some interesting and difficult questions for new gTLDs, including as to compliance and due process.
Specification 11 of the New gTLD Registry Agreement requires Registries to require Registrars to include a provision prohibiting inter alia “piracy, trademark or copyright infringement” in their Registration Agreements, and to provide consequences for such (registrant) activities including suspension of the domain name. By requiring Registrars to “provide consequences” for illegal activity, ICANN’s new gTLD Registry Agreement seems to presuppose some sort of Registrar investigation (beyond “go get a court order, in my home jurisdiction”) and follow-on action.
Similarly, the 2013 RAA requires that “Well-founded reports of Illegal Activity submitted to these [registrar] contacts must be reviewed within 24 hours by an individual who is empowered by Registrar to take necessary and appropriate actions in response to the report.”
Is there a tension between Specification 11/2013 RAA and the TDRP? On the one hand a Registrar would be required to act under Specification 11 and the 2013 RAA, without the need for a court order. But the same Registrar — assuming it would choose not to enforce its registration terms in the face of “well-founded reports of illegal activity” — cannot refuse a transfer-out request per the TDRP (and IRTP) absent a court order.
How would the same scenario play out in a new gTLD under Specification 11 and the 2013 RAA (which EasyDNS is not a signatory to)? Will Registrars follow EasyDNS’ lead — at the risk of breaching the RAA and their Registry-Registrar Agreement? Will they suspend (or cancel) domain name registrations under the new gTLD regime? Or will they refuse to do so absent a (local, not merely “competent” — as judged by the Registrar) court order? (And would this match the intent of Specification 11 and the 2013 RAA?) Will Registries be forced to look at ending certain Registry-Registrar Agreements?
On the one hand EasyDNS is to be applauded for standing up for due process. On the other hand, registrants should not be able to (implicitly) invoke the TDRP and IRTP to avoid being held to account for prohibited conduct.
TDRP and IRTP won’t absolve or shield registrants from liability, anyway. Besides, only a registrar can file a TDRP.
Brian, you have asked a series of “64,000 dollar questions” and you nail the singular issue coming down the pipe for all registrars which is how will sections 3.18.1 and 3.18.2 of of the 2013 RAA play out.
We have already seen an attempt by the pharmacy industry to interpret the 2013 RAA in a way that enables them to externalize a lot of investigative costs onto domain registrars while simultaneously bypassing all semblance of due process (see http://blog.easydns.org/2014/01/10/nabp-to-registrars-you-must-takedown-and-seize-any-domain-we-tell-you-to/ )
In the end, ICANN bent over backwards to the IP lobby to get their precious new TLD cash cow^w^w name expansion going, and IP interests are trying to interpret the 2013 RAA as widely and liberally in their favor as possible.
We have a long history of co-operation with law enforcement and have taken part in government task forces which have helped shape legislation in Canada. Anybody who has ever tried to spam/phish or hack from an easyDNS account knows how much tolerance we have for it (absolute zero tolerance) – so we are confident that after we execute the 2013 RAA we will still, dutifully investigate reports of illegal activity and pass on any findings to appropriate LEA when we find it.
In plain english: we run one of the cleanest, abuse-free registrar/DNS operations in the world. We are confident in that and challenge anybody to prove differently.
What we will not do is adjudicate law and pass summary sentence on domains (especially, as the NABP would have us do, literally in every jurisdiction on earth)
What we will do is comply with our contractual agreements and follow the law.
Why this strikes some as disruptive or nonconstructive is puzzling to us.
Best regards,
– mark