The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

Crime

Law enforcement on the Internet—the role of the domain name registrars

|

Some disturbing legal news out of Germany, courtesy of techdirt: A German appeals court has upheld a copyright infringement ruling against a German domain name registrar (Key Systems) which had issued a domain name to H33t, a "torrent-tracking" site.

This is a new wrinkle in the copyright infringement battles, and one that should have us concerned. The question of "secondary liability" in copyright law—the liability of intermediaries, persons or entities who are not primarily responsible for the infringement but may facilitate it or assist in it in various ways—has been a fierce legal battleground over the last 10 years or so. In the US (and elsewhere) the debate has focused on the liability of website owners/operators: when is, say, YouTube liable for the infringements of its users? And we have (as do the Germans, I believe) a fairly complex series of provisions in our Copyright Act that attempt to navigate this question—providing website operators with a "safe harbor" protecting them from infringement liability if they take certain steps to respond to claims of infringement from copyright holders. [This, as many of you are familiar with, is the "notice-and-takedown" regime in sec. 512 of the Copyright Act].

But to my knowledge, this German case is the first one where the intermediary being held liable is not the operator of the site, but the entity that issued the domain to the operator of the site. It's as though someone asserted that I was posting their copyrighted content at my personal website and a court issued a ruling holding GoDaddy.com, my domain name registrar, liable for the infringements. The registrar response, needless to say, is then to make the domain disappear—deleting its entry in the main name-server for the domain. {Equally predictable: the site immediately shows up under a new domain issued by a different registrar . . .]

Now, I always take the position that citizens of other countries can organize their own law however they see fit, and it's really none of my business; I don't feel as though I really have "standing" to complain about anything they do—at least, to the extent that they're abiding (as the Germans surely are) with basic rule of law and due process principles, and that they're not trying to impose their law on me or on others who had no say in its formulation. If a US court had issued this ruling, trust me—I'd be manning the barricades. But intermediary liability is a complicated subject on which reasonable people can disagree, and if the Germans want to extend it up the chain to include domain name registrars, then they can go ahead and do that, however misguided I believe that to be.

The reason, though, that this is of particular concern is that it might give us a small peek at a development that would be extremely troubling for all Internet users: the use of the basic tools underlying the Internet infrastructure for purposes of policing user content and enforcing the law n regard to that content. I do not want domain name registrars to be deputized as the agents of law enforcement, whether for copyright infringement or anything else. It's not a role they can play fairly or reasonably or justly.

As I said, if the Germans feel differently and want to impose obligations on German domain name registrars, there's not much I can or should do about that. But it's just this kind of thing that makes me nervous, not about Germany but about ICANN. [I know—I'm a bit of a broken record about ICANN. But it really matters, so I'm not going to stop . . .]. ICANN controls the majority of the world's registrars—not just those in Germany, or in the US, or in China, but every registrar that wants to give its customers access to the Top-Level Domains within ICANN's jurisdiction (.com, .org, .edu, .biz, .net, . . . and all the other "global" TLDs). ICANN is the one entity—not the German government, or the Chinese government, or the U.N.—that can say to them all, wherever they might be located: We will hold you responsible for your registrants' compliance with local copyright law, and while we can't fine you or put you in jail, we can put you out of business with the flick of a switch if you don't aggressively pursue and take action against wrongdoers of one kind or another—copyright infringers, or spammers, or hackers, or …

I'm probably being paranoid—ICANN hasn't done anything like this, and I do not want to be taken as suggesting otherwise. But several months ago ICANN amended the contract that it uses with registries and registrars, adding a provision requiring registries and registrars to include a "compliance with all applicable law" provision in all their contracts with domain name holders. Again, it probably doesn't mean too much—and anyway, what's wrong with simply requiring domain name holders to promise to comply with applicable law? But if it's the opening wedge in what becomes a movement to force registrars to police their registrants and take action against those they deem to be wrongdoers—or , more likely, against those who are identified as wrongdoers by by copyright holders, or by trademark holders, or by law enforcement agents—it's a very worrisome development indeed.