Donuts caused 11 domain names in its new gTLD portfolio to be taken down in the first 12 months of its deal with the US movie industry.
The company disclosed yesterday that the Motion Picture Association of America requested the suspension of 12 domains under their bilateral “Trusted Notifier” agreement, which came into effect last February.
Of the 12 alleged piracy domains, seven were suspended by the sponsoring registrar, one was addressed by the hosting provider, and Donuts terminated three at the registry level.
For the remaining domain, “questions arose about the nexus between the site’s operators and the content that warranted further investigation”, Donuts said.
“In the end, after consultation with the registrar and the registrant, we elected against further action,” it said.
Trusted Notifier is supposed to address only clear-cut cases of copyright infringement, where domains are being using solely to commit mass piracy. Donuts said:
Of the eleven on which action was taken, each represented a clear violation of law—the key tenet of a referral. In some cases, sites simply were mirrors of other sites that were subject to US legal action. All were clearly and solely dedicated to pervasive illegal streaming of television and movie content. In a reflection of the further damage these types of sites can impart on Internet users, malware was detected on one of the sites.
Donuts also dismissed claims that Trusted Notifier mechanisms represent a slippery slope that will ultimately grant censorship powers to Big Content.
The company said “a mere handful of names have been impacted, and only those that clearly were devoted to illegal activity. And to Donuts’ knowledge, in no case did the registrant contest the suspension or seek reinstatement of the domain.”
It is of course impossible to verify these statements, because Donuts does not publish the names of the domains affected by the program.
Trusted Notifier, which is also in place at competing portfolio registry Radix, was this week criticized in an academic paper from professor Annemarie Bridy of the University of Idaho College of Law and Stanford University.
The paper, “Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation”, she argues that while Trusted Notifier may not by an ICANN policy, the organization has nevertheless “abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation”.
ICANN may be able to provide registrars, intellectual property interests and others with clarity about when domain names should be suspended as early as next month, according to compliance chief Allen Grogan.
With ICANN 53 kicking off in Buenos Aires this weekend, Grogan said he intends to meet with a diverse set of constituents in order to figure out what the Registrar Accreditation Agreement requires registrars to do when they receive abuse complaints.
“I’m hopeful we can publish something in the next few weeks,” he told DI. “It depends to some extent on what direction the discussions take.”
The discussions center on whether registrars are doing enough to take down domains that are being used, for example, to host pirated content or to sell medicines across borders.
Specifically at issue is section 3.18 of the 2013 RAA.
It requires registrars to take “reasonable and prompt steps to investigate and respond appropriately” when they receive abuse reports.
The people who are noisiest about filing such reports — IP owners and pharmacy watchdogs such as LegitScript — reckon “appropriate action” means the domain in question should be suspended.
The US Congress heard these arguments in hearings last month, but there were no witnesses from the ICANN or registrar side to respond.
Registrars don’t think they should be put in the position of having to turn off what may be a perfectly legitimate web site due to a unilateral complaint that may be flawed or frivolous.
ICANN seems to be erring strongly towards the registrars’ view.
“Whatever the terms of the 2013 RAA mean, it can’t really be interpreted as a broad global commitment for ICANN to enforce all illegal activity or all laws on the internet,” Grogan told DI.
“I don’t think ICANN is capable of that, I don’t think we have the expertise or resources to do that, and I don’t think the ICANN multistakeholder community has ever had that discussion and delegated that authority to ICANN,” he said.
Grogan notes that what kind of content violates the law varies wildly from country to country — some states will kill you for blasphemy, in some you can get jail time for denying the Holocaust, in others political dissent is a crime.
“Virtually everybody I’ve spoken with has said that is far outside the scope of ICANN’s remit,” he said.
However, he’s leaving some areas open for discussion,
“There are some constituents, including some participants in the [Congressional] hearing — from the intellectual property community and LegitScript — who think there’s a way to distinguish some kinds of illegal activities from others,” he said. “That’s a discussion I’m willing to have.”
The dividing line could be substantial risk to public health or activities that are broadly, globally deemed to be illegal. Child abuse material is the obvious one, but copyright infringement — where Grogan said treaties show “near unanimity” — could be too.
So is ICANN saying it’s not the content police except when it comes to pharmacies and intellectual property?
“No,” said Grogan. “I’m saying I’m willing to engage in that dialogue and have that conversation with the community to see if there’s consensus that some activities are different to others.”
“In a multistakeholder model I don’t think any one constituency should control,” he said.
In practical terms, this all boils down to 3.18 of the RAA, and what steps registrars must take to comply with it.
It’s a surprisingly tricky one even if, like Grogan, you’re talking about “minimum criteria” for compliance.
Should registrars, for example, be required to always check out the content of domains that are the subject of abuse reports? It seems like a no-brainer.
But Grogan points out that even though there could be broad consensus that child abuse material should be taken down immediately upon discovery, in many places it could be illegal for a registrar employee to even check the reported URL, lest they download unwanted child porn.
Similarly, it might seem obvious that abuse reports should be referred to the domain’s registrant for a response. But what of registrars owned by domain investors, where registrar and registrant are one and the same?
These and other topics will come up for discussion in various sessions next week, and Grogan said he’s hopeful that decisions can be made that do not need to involve formal policy development processes or ICANN board action.
Reading through the policies of new gTLD registries has given me cause to double-take several times, but .voting has to be one of the oddest yet.
Ostensibly an English-language gTLD, managed by a registry based in Switzerland, .voting domains will be essentially restricted to residents of Germany, according to its policies.
[UPDATE: The policy was actually submitted by mistake. See this story for an update.]
The Domain Name Registration Policy (pdf) submitted to ICANN by the registry, Valuetainment, states:
Registrants are obliged to supply an individual resident in the Federal Republic of Germany as contact person for all registered domains. This contact is generally described as the administrative contact (Admin-C). The registrant ca name himself as Admin-C.
My German isn’t great, and I’m aware that German speakers are very relaxed about adopting English words into common usage, but I’m pretty sure the language has its own verb for voting.
What makes the Germans-only admin contact policy weirder is that Valuetainment is Swiss and its policies state that the registration agreement is subject to Swiss law.
The .voting policy only states that the Administrative contact in Whois has to be German, which means that the main Registrant contact could technically be based in any country.
But if that registrant can’t name a German as an Administrative contact, technically they’ll be in violation of the rules.
It’s possible that registrars will be able to supply a local proxy in Germany, if they have one or want to go to the expense of setting one up, but it seems like a hassle.
There are a few other oddities in .voting’s policies.
Notably, Valuetainment is not just selling you a domain name, it’s granting you a license to use its “.voting” European Community trademark. Its Eligibility Policy (pdf) states:
For the duration of the registration, the Registry grants the user of a . VOTING domain a right of use with regard to the European Community Trade Mark No. 1111568 (. VOTING]. The license fees are included in the registration fee.
Registrants will be banned from charging for their services — .voting web sites must all be provided free of charge unless they’re providing “statistical voting evaluations”.
They’ll also be banned from offering directories of .voting sites, because Valuetainment intends to offer such a service and doesn’t want any competition.
Also, presumably so the registry can comply with local laws, any attempt to deny the Holocaust will cause your domain to be yanked under the company’s Rapid Takedown Policy (pdf).
New gTLD registry Plan Bee expects to ban gripe sites in its forthcoming .build registry.
Its Acceptable Use and Takedown Policy (pdf), published this week, is among the strictest I’ve seen.
The gTLD was delegated last weekend. It’s going to be an open space targeted at the construction industry, but its AUP bans a lot of stuff.
As might be expected, any form of malicious hacking or spamming behavior is verboten, as is child abuse material.
Activities more often regulated today by registrar user agreements — such as piracy and counterfeiting — are also prohibited.
But the policy goes on to ban activities that are typically permitted in other TLDs, including “gripe sites” and “pay-per-click”. The AUP reads (I’ve emphasized some oddities):
Further abusive behaviors include, but are not limited to: cybersquatting, front-running, gripe sites, deceptive and⁄or offensive domain names, fake renewal notices, cross-gTLD registration scam, name spinning, pay-per-click, traffic diversion, false affiliation, domain kiting⁄tasting, fast-flux, 419 scams or if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the Registry, or any of its Registrar partners and ⁄or that may put the safety and security of any registrant or user at risk.
Domains deemed abusive can be suspended or deleted by Plan Bee, under the policy.
I can see why a niche gTLD might want to build up loyalty in its associated industry by suspending gripe sites targeting construction companies, but banning “pay-per-click” is a baffling decision.
Will .build registrants be prohibited from using Google Adsense to support their sites?
The .build launch dates have not yet been revealed but it’s likely to be a matter of weeks.
Luxury watchmaker Cartier has taken .uk registry Nominet to court, hoping to set a precedent that would enable big brands to have domain names taken down at a whim.
The company sued Nominet in a London court in October, seeking an injunction to force the registry to take down 12 domain names that at the time led to sites allegedly selling counterfeit watches.
We’ve only become aware of the case today after Nominet revealed it has filed its defense documents.
Judging by documents attached to Nominet’s court filings, Cartier sees the suit as a test case that could allow it to bring similar suits against other “less cooperative” registries elsewhere in the world.
In a letter submitted as evidence as part of Nominet’s defense, Richard Graham, head of digital IP at Cartier parent company Richemont International, said that he was:
seeking to develop a range of tools that can be deployed quickly and efficiently to prevent Internet users accessing websites that offer counterfeit goods… [and] looking to establish a precedent that can be used to persuade courts in other jurisdictions where the registries are less cooperative.
It’s worth noting that Richemont has applied for 13 dot-brands under ICANN’s new gTLD program and that Graham is often the face of the applications at conferences and such.
Pretty soon Richemont will also be a domain name registry. We seem to be looking at two prongs of its brand protection strategy here.
According to the company’s suit, the 12 domains in question all had bogus Whois information and were all being used to sell bogus Cartier goods.
None of them used a Cartier trademark in the domain — this is explicitly about the contents of web sites, not their domains names — and Cartier says most appeared to be registered to people in China.
Rather than submitting a Whois inaccuracy complaint with Nominet — which could have led to the domains being suspended for a breach of the terms of service — Cartier decided to sue instead.
Cartier seems to have grown frustrated playing whack-a-mole with bootleggers who cannot be traced and just pop up somewhere else whenever their latest web host is persuaded to cut them off.
Graham’s letter, which comes across almost apologetic in its cordiality when compared to the usual legal threat, reads:
Cartier therefore believes the most cost effective and efficient way to disrupt access to the Counterfeiting Websites operating in the UK is to seek relief from you, as the body operating the registry of .uk domain names.
Armed with the foreknowledge provided by the letter, Nominet reviewed the Whois records of the domains in question, found them lacking, and suspended the lot.
Ten were suspended before Cartier sued, according to Nominet. Another expired before the suit was filed and was re-registered by a third party. A fourth, allegedly registered to a German whose scanned identity card was submitted as evidence by Nominet, was suspended earlier this month.
As such, much of Nominet’s defense (pdf) relies upon what seems to be a new and obscure legal guideline, the “Practice Direction on Pre-Action Conduct”, that encourages people to settle their differences without resorting to the courts.
Nominet’s basically saying that there was no need for Cartier to sue, because it already has procedures in place to deal with counterfeiters using fake Whois data.
Also offered in the defense are the facts that suspending a domain does not remove a web site, that Nominet does not operate web sites, and the following:
Nominet is not at liberty under its Terms and Conditions of Domain Name Registration to suspend .uk domain names summarily upon mere receipt of a demand from someone unconnected with the domain name registrant.
That seems to me to be among the most important parts of the defense.
If Cartier were to win this case, it may well set a precedent giving registries (in the UK at least, at first) good reason to cower when they receive dodgy take-down orders from multibillion-dollar brands.
Indeed, that seems to be what Cartier is going for here.
Unfortunately, Nominet has a track record of at least accelerating the takedown of domains based on nothing more than third-party “suspicion”. Its defense actually admits this fact, stating:
Inaccurate identity and contact information generally leads to the suspension of a domain within three weeks. Where suspicions of criminality are formally confirmed by a recognised law enforcement agency, suspension may be very significantly expedited.
I wonder if this lawsuit would have happened had Nominet not been so accommodating to unilateral third-party take-down notices in the past.
In a statement to members today, a copy of which was sent to DI, Nominet encouraged internet users to report counterfeiting web sites to the police if and when they find them.