Can self-regulation do the job?

As long as the domain name system allows for the accreditation of rogue registrars, self-regulation alone will not be sufficient to fight abuse, say Flip Petillion and Jan Janssen of law firm Crowell & Moring.

ICANN, the overlord of the internet’s naming and numbering system, does not see itself as the internet content police. According to ICANN’s chief contract compliance officer, Allen Grogan, the organisation should not take any responsibility for policing illegal activity on the World Wide Web.

ICANN passes on this responsibility in its contracts with registries and registrars. The contracts contain provisions to mitigate and respond to abuses, but ICANN does not enforce these contracts when registrars fail to comply with the arrangements.

Recent registry agreements contain so-called public interest commitments, and ICANN created a new dispute resolution mechanism to enforce compliance with commitments made by a registry operator in the public interest.

In 2013, ICANN also tightened the rules for registrars in the 2013 Registrar Accreditation Agreement (RAA). By virtue of clause 3.18.1 of the RAA, registrars are required to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse”.

But what constitutes an appropriate response, and what makes a domain name registration abusive?

If a domain name is used to support the blatant infringement of a well-known trademark, one might expect a registrar to comply with its obligation to respond appropriately to the report of abuse by suspending the domain name.

In practice, however, only few registrars will do so. As ICANN is unwilling to act as the internet content police, registrars know that ICANN will not investigate whether their response was appropriate. As long as registrars can show that they have a process in place to respond to reports of abuse they will not be at risk of losing their ICANN accreditation for failure to give an appropriate response. 

“These initiatives, however well intended, are bound to fall short as long as there is no comprehensive mechanism that monitors compliance with the registrar’s obligation to respond appropriately to abuses.”

ICANN justifies its view by stating that other institutions exist around the world vested with the powers to interpret and enforce relevant laws and regulations.

In a June 2015 ICANN blog post Grogan stated: “A blanket rule requiring suspension of any domain name alleged to be involved in illegal activity goes beyond ICANN’s remit and would inevitably put ICANN in the position of interpreting and enforcing laws regulating website content.

“It would put ICANN squarely in the position of censoring, or requiring others to censor, Internet content,” he said.

According to ICANN, it is up to local law enforcement, regulators, prosecutors and courts to impose appropriate remedies.

One can understand that ICANN does not wish to transform itself into the internet’s intellectual property organisation and that its primary concern remains the stability and security of the internet’s unique identifier systems. But if ICANN is not willing to enforce the obligations it has imposed on registrars through the RAA, then who will? Without a streamlined compliance programme with clear definitions of what constitutes abuse and what responses are appropriate, it will be virtually impossible to monitor a registrar’s compliance with respect to the RAA.

Why is there no broad consensus within the online community for taking concerted action?

 Consensus

In ICANN’s early days, the community was able to agree on the Uniform Domain-Name Dispute-Resolution Policy (UDRP), a consensus policy which has become an important tool in combating abusive domain registrations.

The new generic top-level-domain (gTLD) programme has led to new rights protection mechanisms (RPMs) such as the Uniform Rapid Suspension System and the Trademark Post-Delegation Dispute Resolution Procedure. These mechanisms have all been created within ICANN, and without exception, they deal with content.

The UDRP and the other RPMs did not call for ICANN to become the internet police or judge; they asked that ICANN appoint institutions that can take this role to address well-defined abuses according to criteria which were defined by ICANN’s community.

However, these RPMs deal with only a fraction of the illegal activity for which domain names are used. Why is there no such mechanism for registrar compliance?

The tide may be turning. The call for voluntary practices in combating abuses becomes louder and louder. Major internet players are partnering today with numerous registrars and relevant industry players in the fight against illegal drugs trafficking online and other abuses.

These initiatives, however well intended, are bound to fall short as long as there is no comprehensive mechanism that monitors compliance with the registrar’s obligation to respond appropriately to abuses. If compliance is left to self-regulation, only a limited number of market players will be reached, and there will always be room for new entrants on the market, who have no interest in self-regulation.

As long as the Domain Name System allows for the accreditation of rogue registrars, self-regulators will merely be scratching the surface. But when many start scratching the surface, the ones leading by example may eventually have prepared the surface for more comprehensive compliance mechanisms.

Flip Petillion is a partner at Crowell & Moring. He can be contacted at fpetillion@crowell.com

Jan Janssen is an associate at Crowell & Moring. He can be contacted at jjanssen@crowell.com