Domain name registrars can be liable when their customers break the law, if those customers use a privacy service, according to new ICANN guidance.
The ICANN advisory clarifies the most recent Registrar Accreditation Agreement, and seems primarily pertinent to UDRP cases where the registrar refuses to cooperate with the arbitrator’s request for proper Whois records.
The advisory says:
a Registered Name Holder licensing the use of a domain is liable for harm caused by the wrongful use of the domain unless the Registered Name Holder promptly identifies the licensee to a party providing the Registered Name Holder with reasonable evidence of actionable harm
In other words, if a domain gets hit with a UDRP claim or trademark infringement lawsuit, as far as the RAA is concerned the proxy service is the legal registrant unless the registrar quickly hands over its customer’s details.
Law enforcement and intellectual property interests have been complaining about registrars refusing to do so for years, most recently in comments on ICANN’s Whois accuracy study.
ICANN offers a definition of the word “promptly” as “within five business days” and “reasonable evidence” as trademark ownership and evidence of infringement.
I don’t think this ICANN guidance will have much of an impact on privacy services offered by the big registrars, which generally seem quite happy to hand over customer identities on demand.
Instead, this looks like it could be the start of a broader ICANN crackdown on certain non-US registrars offering “bulletproof” registrations to cybersquatters and other ne’er-do-wells.
I wouldn’t be surprised to find the number of ICANN de-accreditations citing refusal to cooperate with UDRP claims increasing in future.
The new ICANN document is a draft, and you can comment on it here.