ICANN Is Moving Toward Copyright Enforcement, Academic Says

The Internet Corporation for Assigned Names and Numbers (ICANN) is on an “ambivalent drift” into online content regulation through its contractual facilitation of a “trusted notifier” copyright enforcement program between the Motion Picture Association of America (MPAA) and the registry operators for two new generic top-level domains, University of Idaho College of Law Professor Annemarie Bridy says in a draft article for the Washington & Lee Law Review.

The issue of whether ICANN, whose mission is the technical coordination of the internet domain name system (DNS), is over-reaching its mandate by stepping into copyright infringement disputes, is controversial, with .org registry Public Interest Registry delaying plans for a copyright infringement alternative dispute resolution (ADR) policy and the Domain Name Association (DNA) stepping back from a proposed ADR mechanism akin to ICANN’s uniform dispute resolution policy (UDRP) for trademark violations.

Bridy’s article, “Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation,” is available here.

“Pandora’s Box”

“ICANN was not created or intended to be an intellectual property enforcer, but it was drawn from its inception into disputes over trademark rights in domain names,” Bridy said in the article. It established the UDRP to handle claims of cybersquatting – registering domain names containing famous trademarks and then offering to sell them to the trademark owners, she said.

Since ICANN approved the launch of over 1,000 new generic top-level domains (gTLDs), copyright holders “appear to be laying the groundwork for a broad program of DNS-based enforcement, with the long-term goal of implementing a UDRP-like procedure for claims of piracy and counterfeiting that are wholly unrelated to any bad-faith or confusing use of domain names,” Bridy wrote. That idea has been around for years but didn’t gain traction until new gTLD registries Donuts and Radix bought into it, she said.

ICANN “is walking the finest of lines” with regard to becoming involved in copyright policing, the paper said. Its 2013 ICANN-Registry Agreement contains mandatory provisions requiring registry operators to agree to standard terms known as public interest commitments, one of which requires registries to require domain name registrars to include in contracts with their customers (registrants) a provision barring registrants from piracy, trademark or copyright violations. The contract also must provide, “consistent with applicable law and any related procedures,” consequences for such activities, including the suspension of a domain name.

The result is that registrants can be suspended if found to have engaged in piracy or copyright infringement, Bridy wrote. But the contract fails, among other things, to define who has the authority to determine if a registrant has engaged in infringement, or whether the registrar is required to impose penalties, she said.

Rights holders have taken the position with ICANN that registrars have a contractual duty not only to include the anti-infringement clause in their registration agreements but also to enforce it by suspending domain names when rights owners report “abuse,” the paper said. ICANN’s 2013 registrar accreditation agreement (RAA) requires registrars to maintain an “abuse contact” to receive “reports of Illegal Activity” involving domains for which they provide services. The RAA also requires registrars to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”

Based on these provisions, copyright owners have argued to ICANN that registrars breach their obligations if they fail to implement notice and takedown for domain names associated with alleged pirate sites, Bridy said. Some registrars, however, say an appropriate response to an abuse complaint from a rights owner is to inform the complainant that the registrar is not in a position to judge the legality of the activity, and that the complainant should seek redress from competent legal authorities, she said.

That leaves ICANN’s staff in the “uncomfortable position” of mediating the ongoing controversy over the legal effect of the public interest commitments clause and its interaction with the RAA anti-abuse provisions, Bridy wrote. ICANN so far has backed registrars who choose not to treat rights holder complaints of infringement as actionable proof of abuse or illegal content, she said. But by including the public interest commitment provision in registry agreements, and the anti-abuse clause in the RAA, “ICANN has opened a Pandora’s box with respect to content regulation that it may ultimately be unable to close….”

“Trusted Notifier” Program

Donuts, the registry for .movie, and Radix, which has applied for .music, last year agreed to partner with the MPAA to put in place a trusted notifier system covering all domain names in new gTLDs they control. Their summary of the characteristics of the program is here [pdf].

The program defines trusted notifier as “an industry representative trade association that represents no single company, a recognized no[t]-for-profit public interest group dedicated to examining illegal behavior, or a similarly situated entity with demonstrated extensive expertise in the area in which it operates and ability to identify and determine the relevant category of illegal activity.” Registries would agree to treat trusted notifiers’ complaints “expeditiously and with a presumption of credibility,” but would have no obligation to independently probe the complaint before imposing a sanction. Domain name registrants wouldn’t necessarily be notified of a complaint or allowed to respond, Bridy wrote.

If a registry agrees with the notifier that the domain is clearly devoted to abusive behaviour, the registry may suspend, terminate or place the domain on lock or hold, the summary said. Because the system doesn’t require a registry to actually investigate the complaint or seek a response from the registrant, “there is a high risk that participating registries will default to a rubber stamp approach,” said Bridy.

Unlike the UDRP for trademark claims, the trusted notified program is ICANN-enabled but not ICANN-developed or -sponsored, meaning registries and rights holders are free to negotiate a deal that works for them without going through ICANN’s multistakeholder policy development process, she said.

By creating the contractual architecture that enables the trusted notifier program, ICANN “has facilitated a program of private, DNS-based content regulation for which it now disclaims responsibility and oversight,” Bridy said. “It is easy to imagine programs like the MPAA’s expanding in the near future to serve a much wider universe of notifiers – including private and governmental actors targeting what they will identify as fake news, hate speech, and terrorist propaganda.”

“Copyright issues have long been a staple of community discussion within ICANN,” a spokesman told us. “We expect that the subject of voluntary agreements among private parties will continue to garner attention,” including at next month’s ICANN meeting in Copenhagen, he said. “This is an ongoing community discussion that we are monitoring closely.”

Donuts Reacts

Donuts agrees with many of the paper’s conclusions but found some “factual inaccuracies” it brought to Bridy’s attention, said co-founder and Executive Vice President Jon Nevett.

The registry’s partnership with the MPAA “has been helpful in combating online crime in the form of pervasive theft of copyrighted materials,” Nevett told Intellectual Property Watch. It is not interested in content regulation, but in regulation of crime in its domain extensions, whether that is child imagery abuse or theft, he said.

Nevett said Donuts received only 12 trusted notifier referrals in the past year, and went through a lengthy evaluation process for each one that included giving the domain name owner an opportunity to respond. Donuts took action on three of the referrals, “which were slam dunk cases of infringement,” and rejected one. Other parties acted in the remaining cases, he said.

Bridy disputed Nevett’s claim that her paper contained several factual inaccuracies, saying she made only one correction. Some of the claimed inaccuracies were not inaccuracies, but had to do with “Donuts’ insistence that it is doing more than the agreement with MPAA requires,” she said. But the article’s description of the trusted notifier agreement is focused on what the contract itself says, not on how Donuts chooses to implement it, she added.

What Donuts is doing is “content regulation – full stop,” said Bridy. “When you pass judgment on the legality of online content, and you intervene technically [to] prevent the public from accessing that content, you are * per se* regulating content,” she emailed.

DNA, PIR Pull Back Plans

In a 8 February blog posting, the DNA announced recommendations for an ADR program for copyright infringement as part of its “Healthy Domain Initiative.” However, on 24 February, the organisation acknowledged the “great deal of attention” focused on the proposal by some who fear it’s a concession to “ill-intentioned corporate interests,” or that it represents a “shadow regulator” or a “slippery slope toward greater third party control of content on the Internet.”

While the “ADR is of course none of these, the DNA’s concern is that worries over these seven recommendations have overshadowed the value of the remaining 30,” it wrote. The DNA will, therefore, “take keen interest in any registrar’s or registry’s design and implementation of a copyright ADR, and will monitor its implementation and efficacy before refining its recommendations further.”

The Public Interest Registry, meanwhile, has been developing a “Systemic Copyright Infringement Alternative Dispute Resolution Policy” to deal with systemic, large-scale copyright violations. On 23 February, however, it said that given the concerns raised about the issue, it’s “pausing” its development process “to reflect on those concerns and consider forward steps.”

Asked whether the DNA and PIR decisions affect her findings, Bridy said they instead suggest that her conclusions “are sufficiently worth worrying about that more time and care are needed to figure out whether and how to address these issues through the DNS.” The discussion, and any enforcement measures that grow out of it, should be public and transparent, and not just limited to the “insular world of ICANN,” she said.

 

Image Credits: ICANN