The Volokh Conspiracy
Mostly law professors | Sometimes contrarian | Often libertarian | Always independent
Last month, the Motion Picture Association of America (MPAA) issued a carefully-worded statement urging ICANN – the overseer of much of the Internet's fundamental naming and numbering infrastructure – to take more vigorous action against the "use of domain names for illegal and abusive activities, including those related to IP infringement" (i.e., motion picture piracy). [See "MPAA Pushes for ICANN Policy Changes to Target 'Pirate' Domains"].
And just a few days ago, the recording industry joined in; a letter from the Recording Industry Association of America (RIAA) to ICANN, while expressing the industry's "disappointment with . . . ICANN's treatment of copyright abuse complaints filed to date," similarly urged ICANN to move more vigorously to ensure that domain name registries and registrars "investigate copyright abuse complaints and respond appropriately."
Could ICANN really be getting into the business of policing the world's domains for copyright infringement? Might it exercise its powers over those entities (the domain name registries and registrars) who maintain the critical databases that determine who is on, and who is off, the Internet in order to enforce some kind of global copyright law against infringers? Who authorized them to do that? What does that have to do with ICANN's fundamental mission (as stated in its own Charter): to "coordinate . . . the global Internet's system of unique identifiers . . . to ensure the stable and secure operation" of that system?
Here's what's going on. In 2013, as part of its program of opening up the top-level domain space to hundreds of new top-level domains (TLDs – like .app, .blog, .pharmacy, .attorney, .brussels, and many more joining the more familiar .com, .edu, .org, and the rest – see the complete list here), ICANN put a new provision in its contract with the operators of these new top-level domains (the "registries") containing various "Public Interest Commitents" (PICs) the registries had to undertake: in particular, registries had to promise that they would only deal with domain name "registrars" (who are the entities that sell domain names to the public) who had included, in their contracts with end-users like you and me, a provision prohibiting those end-users
". . . from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name."
And the registries had to promise to "implement and adhere to any remedies ICANN imposes" should they not live up to these Public Interest Commitents, including termination of their ICANN "accreditation" as a registry (and a sudden end to their business operations).
In a sense, it looks harmless enough; if you want to register frabulous.app, or washingtonpost.blog, or dewey-cheatem-and-howe.attorney, or any other 2d-level domain in these TLDs, what's wrong with making you promise not to engage in "piracy" or "fraud," or any activity "contrary to applicable law"? Who wouldn't promise such a thing?
It is, however, anything but harmless – and the RIAA/MPAA letters show why. Registries and registrars will henceforth have to satisfy ICANN that they are taking appropriate steps to suspend end-users who engage in "piracy" or any activity "contrary to applicable law"; if they do not, they risk losing their place in the DNS. Is it "appropriate" – in ICANN's view – to revoke domain names if, for instance, they receive a letter from the London Police Department, containing a list of websites the LPD thinks (based on information provided by copyright owners) are infringing? Or a letter from the RIAA? Is it "appropriate" to take down all of those sites? Does the operator of the domain name get an opportunity to defend itself? Does the registrar have to examine those sites to see if they are indeed infringing copyright? Consult its lawyers about fair use or other possible defenses? Hold a hearing?
And most importantly of all: why should ICANN, which is constituted for the purpose of assuring uniformity and stability of the DNS – ie., making sure that the Internet's system for resolving names into IP Adresses continues to function smoothly – be making these determinations?
Letting ICANN (or anyone else, for that matter) leverage its control over fundamental Internet technical infrastructure so as to regulate the content of Internet communications – and please notice, it's not just infringement of copyright on that list, it's fraud, and deceptive practices, and any activity contrary to applicable law (child pornography? hate speech? defamation?) – is a dreadful idea, for any number of reasons. We fought (and won) this battle once before – when the US Congress' SOPA and PIPA legislation in 2011 sought to enforce US copyright law through the manipulation of the global DNS; the wider Internet community rose up to fight it off then, and it needs to do so again. Registries and registrars, in order to preserve their business operations, will over-deter, given that the risk that ICANN finds them not to be acting with sufficient vigor is much greater (because it involves their disappearance from the entire DNS ecosystem) than the risk of acting too vigorously; for end-users, this will look a lot more like a "complaint & annihilation" scheme than "notice and takedown." Due process for alleged infringers will undoubtedly be short-circuited, because due process costs time and money and domain name registrars are not in a position to provide it. Mistaken identification, as we have seen time and time again, will be made, and the hierarchical nature of the DNS means that an action to revoke one domain name – example.blog – affects all of that domains subdomains (first.example.blog, second.example.blog), even though those domains may be used for perfectly lawful purposes.
Simply stated, ICANN has not been set up, and is not the appropriate vehicle, to make global copyright (or consumer protection, or fraud, or pornography, or defamation) law – and yet that is precisely the position they will be taking on in the name of "contractual compliance."
Lest you think that all of this is a figment of my overheated imagination, I would note that ICANN has already set up a a complex dispute resolution apparatus – the "Public Interest Commitment Dispute Resolution Procedure" or "PICDRP" – whose job it is to hear claims (if ICANN, in its sole discretion, thinks that it "requires input from the Standing panel" to make its decision) by "any person harmed" by a Registry's failure to comply with its Public Interest Commitments; ICANN retains "sole discretion" to decide whether the Operator is or is not compliant, and to decide on the appropriate remedy, "(which may include any reasonable remedy, including for the avoidance of doubt, the termination of the Registry Agreement pursuant to Section 4.3(e) of the Agreement.").
It's pretty chilling; just knowing that ICANN has asserted this power, and is gearing up to exercise it, is surely going to make Registries take these PICs seriously, to avoid the risk that their business could be closed down because ICANN doesn't think they're doing enough for "the public interest."
And to further complicate matters, this is all taking place against the background of the so-called "IANA Transition" – the US government's stated intention to terminate its remaining oversight and control over ICANN's activities. The Transition has been much in the news of late, and a great deal of the public discussion about it – most of the recent Senate hearings on the matter, for instance – have focused on a single question: once US government oversight is removed, how can we be certain that foreign governments, and in particular the various authoritarian regimes who would like nothing better than to shut down, or at least clamp down on, the Internet's global free expression machine, don't get control over the Internet infrastructure?
It's a really important question, to be sure, and it certainly needs to be addressed as part of any Transition plan. But I fear that this subtler, and more insidious, threat to free expression on the Internet is not getting the attention it deserves. It's not just the Russians and the Chinese we need to keep out of the global content regulation business, but also RIAA, MPAA, and any other private stakeholders or governments that want to leverage ICANN for their own purposes.