KATHLENE KARG

INTERACTIVE DIGITAL SOFTWARE ASSOCIATION

ON BEHALF OF

COPYRIGHT COALITION ON DOMAIN NAMES

BEFORE THE

SUBCOMMITTEE ON COURTS AND INTELLECTUAL PROPERTY

COMMITTEE ON THE JUDICIARY

U.S. HOUSE OF REPRESENTATIVES

AT THE

OVERSIGHT HEARING

ON

INTERNET DOMAIN NAMES AND INTELLECTUAL PROPERTY RIGHTS

JULY 28, 1999

Mr. Chairman, and members of the Subcommittee:

My name is Kathlene Karg, and I am the Director of Intellectual Property and Public Policy for the Interactive Digital Software Association (IDSA). The IDSA represents 90% of the U.S. publishers of interactive entertainment software for all platforms, including personal computers, the Internet, and video game consoles. The U.S. entertainment software industry had over $5.5 billion in U.S. sales in 1998, with billions more in export sales. In 1999, our industry will have a fourth straight year of double-digit growth, with current projections estimating $6.5 to $7 billion in U.S. sales. For comparison's sake, this is roughly equivalent to U.S. movie box office sales.

I am testifying this morning on behalf of the Copyright Coalition on Domain Names (CCDN), of which the IDSA is a founding member. The CCDN brings together the representatives of copyright owners in music, sound recordings, audio-visual materials, and text products, as well as business and entertainment software. A list of organizations participating in the CCDN is attached to my statement.

This Subcommittee is already very familiar with the economic impact of the copyright industries: that they represent one of the largest and fastest-growing segments of the U.S. economy, responsible for some 3.5 million U.S. jobs and nearly $280 billion in contributions to the Gross Domestic Product. You also well know how threatened these industries are by copyright piracy, and particularly by piracy carried out over the Internet. The main asset of every copyright industry is intellectual property, and if we cannot defend that property against misappropriation and theft, the underpinnings of this economic success story are directly threatened.

What is often overlooked or misunderstood is the essential role played by the Domain Name System (DNS) in helping to fight back against Internet copyright piracy. That is why we are particularly appreciative of the chance to explain this role this morning. CCDN urges the subcommittee to ensure that this role is preserved and strengthened, even as the DNS undergoes dramatic changes in competition and governance.

The Domain Name System: What's at Stake for Copyright Owners?

The copyright industries have a vital interest in the efficient functioning of the Domain Name System (DNS) in several ways. Copyright owners operate thousands of web sites that we use to promote, market, and - increasingly - to deliver and transmit to the public, and allow them to use, every kind of copyrighted material. The online delivery of copyrighted materials is becoming a crucial distribution mechanism throughout the copyright industries. In the interactive entertainment segment, for example, websites are increasingly integrated into copyrighted products themselves, as with sites for interactive play of computer games over the Internet. So copyright owners are heavy users of the DNS, and need to be able to register second level domains (SLD's) - the handle just to the left of ".com," for example -- quickly, reliably, and at a reasonable cost.

Copyright-based companies own a substantial number of trademarks, trade names, service marks, slogans, character names and titles throughout the world, and thus are vulnerable to cybersquatting, warehousing, and other types of trademark infringement, dilution or tarnishment if SLD's are registered without proper safeguards or if dispute prevention and settlement procedures are deficient. Thus, we share many of the concerns that you are hearing today from trademark-based groups about these issues

But more than any other economic sector, copyright owners are uniquely vulnerable to the potential of crippling economic harm, through cyberpiracy, if the DNS is not well administered. Of course, a domain name abuser can weaken, tarnish or dilute any company's marks; but when the target is a copyright owner, the domain name abuser can also usurp some or all of the market for the company's product. A brand name like Toyota, Fiat or Cadillac can be undermined through laxity in DNS administration; but realistically it is not yet possible to distribute automobiles over the Internet. By contrast, pirated copies of hit videogames, popular songs or recordings, current movies, and the best-selling computer programs or books can increasingly be found on, and downloaded from, the sites of domain name thieves, or even from sites whose names do not directly threaten trademark interests.

Let me remind the subcommittee of the scope of the online problem that the copyright industries face. IDSA estimates that, at any given time, there are at least 50,000 active Internet sites where pirate copies of entertainment software products are accessible. It's no wonder that the economic losses due to online piracy threaten to dwarf the estimated $20-22 billion that the International Intellectual Property Alliance estimates the industry loses annually to off-line piracy worldwide. This trend is a major impediment to the development of electronic commerce, and if left unchecked will threaten the viability of the World Wide Web itself as a venue for global business.

Because of this unique vulnerability to online piracy, copyright owners are concerned not only about how the DNS can facilitate the promotion, marketing, transmission and distribution of legitimate product, but also how it can be used to fight the accelerating trend toward online digital piracy. In fact, the DNS can be so used, and it is being so used, every day. As currently configured, the DNS helps copyright owners and their representatives to rapidly and efficiently identify, pursue and shut down Internet sites involved in piratical distribution, public performance, and other infringing activities with respect to copyrighted works. Every pirate site has an address; and virtually every address can be linked to information about the party who registered the site, who hosts it, or who provides connectivity to it.

The key DNS tool that copyright owners use to obtain this information is called "Whois". The challenge we face today is to preserve and strengthen this tool. Let me explain to the subcommittee how copyright owners and their representatives use Whois to fight online piracy.

How Copyright Owners Use Whois

In the years since the Internet became a viable and widespread communications medium, Whois has been provided by the entity operating the registry for Top Level Domains (TLDs). (In the case of the leading generic TLD's - .com, .org, and .net - that entity is Network Solutions, Inc., or NSI.) Whois allows free, unfettered public access to essential information submitted by domain name registrants on their domain name registration form. Today, Whois is available 24 hours a day, 7 days a week, without charge, to anyone with access to the Internet. A Whois search is easy to undertake and usually requires just a few seconds. For every Second Level Domain (e.g., "xyz.com"), a Whois search provides individual contact data for technical and administrative contacts, and may identify the computers which host the Web Site or through which access to it must flow. All this information is contained in the registration form submitted (and later updated) by the domain name registrant. Sometimes copyright owners must also use directory services other than Whois. For example, when pirate sites are identified only by a numeric Internet Protocol address, rather than by the letters making up a domain name, a database called the zone files must be searched. But Whois is nearly always an essential element of the strategy used to identify the operator of a pirate site and the Internet service provider (ISP) that hosts it or provides connectivity to it.

Armed with this information, copyright owners or their representatives can use Whois data in a number of ways. Sometimes the site operator is approached directly, with a demand that piratical activity cease. In the case of unauthorized public performances and other uses of musical compositions, the major organizations representing copyright owners (ASCAP, BMI and the Harry Fox Agency) generally contact the site operator and offer him a license to cover those performances or uses, which provides a means for the operator to avoid further liability. Sometimes Whois data is used primarily to correlate the activity at one pirate site with another that may be registered by the same or a related entity. This information is compiled for later use in civil or criminal enforcement proceedings, including settlement discussions. But perhaps the most important use of Whois data is of particular interest to this subcommittee, because it enables the operation of a key element of the path-breaking copyright legislation which you originated in the 105^th Congress: "notice and take down" under the Digital Millennium Copyright Act (DMCA).

In the DMCA, Congress created a non-judicial procedure aimed at quickly cutting off Internet access to sites where piratical activity is taking place. This "notice and takedown" procedure, set forth at 17 U.S.C. 512, typically begins when a copyright owner (or its representative) notifies an Internet service provider of piratical activity taking place on a site which the ISP hosts or to which it provides connectivity. If the ISP responds expeditiously to this notice by cutting off access to the site in question (or to the portion of it containing the pirate material identified by the copyright owner), it can then take advantage of limitations on remedies to which it might otherwise be subject if it were found liable for infringement (notably, no monetary relief can be awarded, and injunctive relief is curtailed). The DMCA also immunizes the ISP from any liability that might derive from a good faith decision to "take down" material in response to a copyright owner's notice.

The DMCA's notice and take down procedures essentially codify informal arrangements under which, for years, copyright owners and service providers have cooperated to remove or restrict access to pirate material on the Internet. While not legally mandated for either party, notice and take down can be an effective, efficient means by which copyright owners and service providers cooperate to combat Internet-based piracy.

However, the DMCA's notice and take down procedure cannot work unless copyright owners can quickly and reliably determine the identity of the ISP to which they should direct their notice. That's where Whois and the other DNS directory services (like the zone files) come in. For a particular second level domain or other site, Whois quickly and reliably identifies the ISP to whom a DMCA notification should be directed in order to start the notice and takedown procedure. Without Whois, it would be much more complicated, expensive and slow for copyright owners to find out who is the proper recipient of a DMCA notification.

So long as copyright owners, like other Internet users, retain free, unfettered, real-time access to the full range of registrant data contained in Whois, they will be able to invoke the notice and take down procedure under the DMCA as soon as they locate a site where piratical activity is taking place. Under these circumstances, the non-judicial, cooperative method of fighting Internet piracy that Congress codified in the DMCA can be followed. However, if public access to Whois is restricted in any way, the viability of the DMCA notice and take down procedure could be seriously undermined, and Congress' intent in enacting the DMCA would be frustrated.

While the current system for identifying the operators of pirate sites and their associated ISP's, based on Whois, has some weaknesses and shortcomings, at least it provides an avenue that copyright owners and their representatives can and do use in their efforts to fight piracy on the Internet. Free and unfettered access to Whois also promotes other vital legal interests. For example, to combat fraudulent schemes online, consumers need ready access to Whois and similar databases so that they can establish the identity and bona fides of the operator of a site with which they are considering doing business, and so they can seek redress from unfair business practices if they do occur. Whois adds an essential ingredient - accountability - to the recipe for Internet-based electronic commerce. If access to Whois is restricted or cut off, copyright owners will not be the only parties whose vital interests are injured.

III. Threats to Whois

Copyright owners have identified two main categories of threats to the viability and usefulness of Whois: restrictions on data availability, and problems with data quality. Let me explain each of these briefly before discussing our recent experiences with NSI, ICANN and the new registrars.

Whois works for copyright owners because it provides unfettered access to a comprehensive database of registration information. If restrictive conditions are placed on our access to this data, or if some of this data is locked up and excluded from access, then the value of Whois is seriously eroded. Both of these negative changes have been proposed recently.

As discussed below, NSI has discussed making Whois access, even for individual queries, subject to a licensing system, and has attempted to impose unilateral restrictions on what members of the public can do with data that is returned in response to a Whois query. We see absolutely no justification for making such drastic changes to the way Whois has always operated. Fortunately, NSI appears to have retreated from these radical positions, but this issue certainly could arise again, either with NSI or with other domain name registries or registrars.

There have also been some proposals to allow domain name registrants to "opt out" of Whois access to the data they submit as part of the registration process, or even to allow "anonymous" registration schemes in which the actual SLD registrant would hide behind some surrogate. Such schemes threaten the integrity of Whois and would compromise its usefulness to all members of the public who can and do benefit from it. The asserted privacy concerns underpinning these proposals seem mostly speculative; Whois has operated for years without any noticeable adverse impact on privacy. The "opt-out" and "anonymous registration" proponents also overlook the other mechanisms, such as use of an SLD operated by a web-hosting service, that individuals can already use to protect their privacy without undermining the public accountability factor that Whois provides. While for the time being Whois data remains freely available, proposals to shut off access to Whois data on privacy grounds are sure to recur, and must be approached with great caution. We must recognize that such restrictions are sure to benefit pirates, cybersquatters, scam artists, and others who would be far freer to carry out illegal online activities under a cloak of anonymity.

The second main threat to Whois reflects a problem that copyright owners have experienced with the current Whois system: data quality. Often, the administrative and technical contacts that are listed on the domain name registration form - and that copyright owners can access through Whois - are inaccurate, outdated, or just plain bogus. Smart pirates have learned that their identities and locations can be discovered through Whois, so they supply false information to frustrate the operation of the system. There are a number of steps that can be taken to address this problem, including requiring pre-payment for registration of second level domains; instituting automated protocols to screen registration data for obviously false entries, and for confirming that contact data remains current; and establishing procedures for acting promptly upon third party notifications of inaccurate contact data. In contrast to the issue of Whois data availability, where the challenge is to maintain the current policy of unfettered access and use to a comprehensive database, here the goal must be to improve Whois data quality from current levels in order to maximize its usefulness to members of the public.

IV. NSI and Whois

As I have mentioned, until recently the only source of Whois data for the .com, .net and .org domains was NSI, which operates the registry for those domains. Copyright owners, and Internet users in general, have benefited greatly from the free, unfettered access to Whois and other directory data that NSI has provided. With the advent of competition in the domain name registration business and privatization of the whole domain name system, NSI has been faced with the prospect of sweeping changes, and from the viewpoint of the copyright industries, NSI's reaction to change has not always been positive.

Since late last year, there have been several unannounced and somewhat disruptive changes in the NSI-provided interfaces for conducting Whois searches. Even more troubling, NSI indicated on a number of occasions that it might abandon its long-standing policies and begin to restrict either access to Whois (and other directory databases) and/or use of the results of searches of these databases. Indeed, last spring, language suddenly appeared on the search and results screens for NSI's Whois service, prohibiting Whois searchers from copying their search results, transferring them, or making any use of them "for any commercial purpose," without obtaining prior express written permission from NSI. Obviously, such a restriction, if enforced, would have crippled copyright owners' ability to use Whois to protect their copyrights. This unilateral assertion of control over Whois search results was completely unacceptable to the copyright industries, and we told NSI so.

To NSI's credit, I believe that they heard our message on this point. The offending language was removed from the Whois screens, and replaced by language that we believe recognizes that any member of the public is free to query the Whois database, and to use the results of the query, for any lawful purpose, other than for compilation, repackaging or dissemination of the entire database, or of a substantial part of it. This means that queries - by copyright owners and others -- to determine who is responsible for activities on specific World Wide Web sites may proceed freely. We have encouraged some of the new registrars for .com, .net and .org to adopt a similar policy.

Our experience with NSI has been less rewarding with regard to improving Whois data quality. We are quite concerned about how slow NSI has been to implement a requirement that registrants pay their registration fees at the time of registration. Virtually everyone who has studied the DNS has concluded that a pre-payment requirement will reduce the incidence of bogus contact data submissions by registrants, as well as cybersquatting. NSI has told us repeatedly for several months that they will require registrants to pre-pay for their domain names, but they did not publicly announce such a policy until last week, and we are still waiting to see how it will be implemented in September. NSI has also dragged its feet on our request that they undertake other steps to screen out phony registrant contact data.

The Copyright Coalition on Domain Names is continuing its dialogue with NSI, with two goals: to assure that Whois and other directory data remains freely and readily available without restriction, and to encourage NSI to make needed improvements in the quality of registration data, which is reflected in the Whois database.

V. ICANN and the new registrars

The copyright industries have also been deeply involved with the efforts in recent months by the Internet Corporation for Assigned Names and Numbers (ICANN) to initiate competition in the registration of domain names. ICANN sets the ground rules for the operation of these new registrars through Registrar Accreditation Agreements which each new registrar must sign. These agreements require each registrar to "provide public access on a real-time basis (such as through a Whois service)" to specified contact data submitted by registrants.

CCDN made a number of suggestions for changes to the Accreditation Agreements that would have strengthened this obligation to make Whois data freely available, and that would have imposed minimal standards on registrars regarding the quality of Whois data. While some of these suggestions were accepted, others were not. Now that some of the testbed registrars have begun operation and are registering domains in .com, .net and .org, the shortcomings of the Registrar Accreditation Agreement have become even more evident. We also must confront the issue of whether and how ICANN will compel the new registrars to live up to even the minimal data availability and data quality obligations that are contained in these agreements. Let me give just a few examples:

The Whois service operated by CORE, one of the testbed registrars, is not accessible to World Wide Web users employing the most widely available browsers. Only users of the Unix operating system or those employing a "whois client tool" can gain access to data on registrations processed by CORE. The CORE Whois page, www.corenic.net/whois.htm, states that "CORE will start offering a web-based Whois service in the near future." This is a flagrant violation of CORE's obligations under the Accreditation Agreement it has signed with ICANN.

It does not appear that any of the testbed registrars has a procedure in place for receiving and acting promptly upon complaints from third parties that registrants cannot be contacted using the contact data they submitted at the time of registration. When copyright owners discover bogus contact data associated with a pirate site, we promptly bring that to the attention of the registrar and ask that the registration be cancelled and the site removed from the DNS directory. The Registrar Accreditation Agreement provides for this procedure, but the new registrars do not seem to have implemented it.

Perhaps the most disturbing aspect of ICANN's administration of the competitive registration testbed is that the five new registrars have been allowed to "go live" without having any dispute resolution policies in place, much less a policy that is uniform across registrars. When copyright owners have tried to get one of the new registrars to place on "hold" a registration of a second level domain that was identical to a famous mark, the response was confusion, misinformation, and ultimately inaction. This is a virtual invitation to cybersquatters and pirates to flock to the new registrars in order to escape any accountability. A related unresolved issue involves the scenario in which a registrant seeks to register a domain name with one registrar as soon as the registration of the same name is challenged under the dispute resolution policy of another registrar. The Provisional Names Council of the DNSO has been asked to adopt safeguards against such "forum shopping" by registrants, but so far none are in place.

We recognize that some of the problems that have been encountered with the testbed registrars can be chalked up to "growing pains." ICANN and the new registrars are both charting new trails, under rather adverse and contentious circumstances, and so it is not surprising that it may take a little while to work out the glitches in the availability and the quality of Whois and other directory data. However, we think these issues must be taken seriously for two reasons.

First, the online environment is not forgiving of even short delays in "getting it right." Copyright owners, in particular, are vulnerable if a pirate site can operate freely for even a few days; in that time, countless perfect pirate copies of works in digital formats can be disseminated and can populate other sites all around the globe. If we cannot locate the operators of that site, or the ISP providing connectivity for it, because the site is registered with a registrar who doesn't provide a Whois service, the damage in just a few days can be enormous.

The second factor that demands that ICANN and its accredited registrars "get it right" immediately with regard to Whois is the impending expansion of competition in the registrar business. When five new registrars in three countries have stumbled so badly out of the starting gate, the prospect of more than 50 additional registrars, based in half a dozen additional countries, is alarming to copyright owners. With regard to competition, ICANN seems to be under pressure to "get it done." Instead, its goal should be to "get it right," even if that means that pre-conceived deadlines for rolling out competition must be relaxed.

Conclusion - Next Steps

Whois and associated directory services are vital tools for copyright owners seeking to combat the growing plague of online piracy. We urge the subcommittee to exercise vigorous oversight to make sure that these tools remain strong and indeed are improved. The U.S. government, acting through the Department of Commerce, is in a position to make this happen. In the gradual disengagement of the U.S. government from management of the DNS, preserving and enhancing free, unfettered access to the full range of Whois and directory data, and improving Whois data quality, should be cardinal principles, and that disengagement should proceed no more rapidly than is prudent to ensure that these principles are fulfilled. The immediate challenges ahead include the following:

Ensuring that contact data for all generic TLD registrants remains fully available to all members of the public, online, in real time, and without restrictions on use. Whether Whois is centralized at the registry level, or operated by each individual registrar with an efficient system for routing queries through a single contact point, both NSI and their new competitors must maintain open availability of this crucial data.

Ensuring that all gTLD registrars (incumbent and new entrants) take reasonable steps to improve Whois data quality, including implementing registration pre-payment requirements, automated contact data screening and checking protocols, and efficient procedures for acting promptly upon third-party notifications of inaccurate registrant contact data.

Encouraging country code TLD administrators to adopt Whois policies similar to those applicable to the gTLD's, lest the ccTLD's become a haven for piracy.

Condition the adoption of new gTLD's on full implementation of the preceding three points throughout the gTLD's and ccTLD's, including an adequate period for evaluating and fine-tuning Whois data availability and data quality policies.

Mr. Chairman, thank you for this opportunity to present the views of copyright owners and their representatives on these important topics.