ICANN, New gTLDs, and the Protection of Intellectual Property
Prepared Testimony of
Steven J. Metalitz
Counsel, Copyright Coalition on Domain Names
President, Intellectual Property Constituency of the Domain Names Supporting Organization
Internet Corporation for Assigned Names and Numbers
Before the
Subcommittee on Courts, the Internet and Intellectual Property
Committee on the Judiciary
U.S. House of Representatives
Washington, DC
March 22, 2001
Steven J. Metalitz
Smith & Metalitz, LLP
1747 Pennsylvania Avenue, NW, Suite 825
Washington, DC 20006-4604 USA
Tel: (202) 833-4198; Fax: (202) 872-0546
Email: metalitz@iipa.com
Mr. Chairman, and members of the Subcommittee:
Thank you for this opportunity to present the perspectives of intellectual property owners on recent developments in the Domain Name System (DNS),
particularly the impending introduction of new Top Level Domains (TLDs).
I appear this morning in two capacities. First, I am here as counsel to the Copyright Coalition on Domain Names (CCDN). Since 1999, this coalition has brought together the leading organizations representing copyright owners, whose common goal is to preserve and enhance the critical role of the domain name registration system in combating the scourge of online copyright piracy and promoting legitimate electronic commerce in works of authorship. (1)
I also serve as president of the Intellectual Property Constituency (IPC), the international group organized under the auspices of the Internet Corporation for Assigned Names and Numbers (ICANN) and its Domain Names Supporting Organization, to advise ICANN on intellectual property issues generally, including trademark as well as copyright matters. While, due to time constraints, this testimony has not been formally approved by the IPC, it does reflect the public policy positions that group has taken. (2)
Members of this Subcommittee know very well how important the copyright industries are to the U.S. economy. The most recent study released by the
International Intellectual Property Alliance shows that in 1999, industries that depend on copyright protection - the so-called "core copyright industries" -
accounted for nearly 5% of the U.S. Gross Domestic Product. These industries provided jobs for some 4.3 million Americans, and generated nearly $80 billion
in foreign sales in 1999, far ahead of any other industrial sector. By every measure - exports, employment, and total value-added to the U.S. economy - the
copyright industries are growing two to three times faster than other segments of our economy. The world's seemingly insatiable appetite for American books,
music, recordings, films, videos, software and videogames shows no sign of abating.
This subcommittee is also acutely aware of the threat that copyright piracy poses to this remarkable U.S. success story. Increasingly, the venue for that piracy
is online. At literally hundreds of thousands of sites in cyberspace, technologically sophisticated pirates are stealing intellectual property created by Americans.
The damage inflicted by these cyberpirates, in the form of unauthorized performances, reproductions and distributions of copyrighted music, recordings,
audio-visual materials, software, videogames, and text products, threatens to dwarf the estimated $20-22 billion in piracy losses suffered by U.S. copyright
owners in the off-line world each year.
The online environment offers both extraordinary opportunities and serious problems for trademark owners as well. The chief problem, of course, is
cybersquatting: registration and trafficking in Internet domain names with the bad-faith intent to benefit from another's trademark. This threat could be
exacerbated by the introduction of new TLDs, if they become venues for cybersquatting. In that scenario, trademark owners would incur increased costs for
policing and litigation, costs which must be passed along to consumers. Our economy will not be able to reap the full benefits of electronic commerce without
eliminating cybersquatting where it now exists, and preventing it from gaining a foothold in other parts of the DNS.
We are grateful for the leadership of this subcommittee in providing copyright and trademark owners with improved legal tools to combat cyberpiracy and
cybersquatting and to promote legitimate e-commerce. These include, on the copyright side, the No Electronic Theft (NET) Act in 1997, the Digital
Millennium Copyright Act (DMCA) in 1998, and the Digital Theft Deterrence and Copyright Damages Improvement Act in 1999. Of course, for trademark
owners, the Anti-Cybersquatting Consumer Protection Act of 1999 has proven to be an invaluable tool. These new laws have been of immense practical value
in the effort to detect, prosecute, and deter online copyright piracy and cybersquatting. What is sometimes overlooked is the important role played by the
domain name registration system in achieving this progress.
As witnesses from CCDN, INTA and other organizations told this subcommittee in 1999, a key tool that intellectual property owners use to combat online
piracy and cybersquatting is called "Whois." This feature of the domain name system makes available the contact data on those who register domain names.
Every pirate site has an address on the Internet; and through Whois and similar databases, virtually every Internet address can be linked to contact information
about the party who registered the domain name corresponding to the site; about the party who hosts the site; or the party who provides connectivity to it.
Copyright owners use this critical information in a number of ways. Sometimes we approach the site operator directly, with a demand that piratical activity
cease. In the case of unauthorized public performances and other uses of musical compositions, the major organizations representing copyright owners
generally contact the site operator and offer him a license to cover those performances or uses, which provides a means for the operator to avoid further liability.
Sometimes Whois data is used primarily to correlate the activity at one pirate site with another that may be registered by the same or a related entity. This
information is compiled for later use in civil or criminal enforcement proceedings, including settlement discussions. But perhaps the most important use of
Whois data is to enable the operation of a key element of the DMCA, the "notice and takedown" procedure provided by 17 USC 512.
As you know, under notice and takedown, the copyright owner (or its representative) notifies an Internet Service Provider (ISP) of infringing activity taking place on a site which the ISP hosts or to which it provides connectivity. The DMCA gives the ISP a strong incentive, in the form of sharply reduced exposure to legal remedies, if it expeditiously "takes down" or cuts off access to the site in question. Over the past two years, notice and takedown, whether carried out strictly within the steps set out in the DMCA or through more informal channels, has worked. In the year 2000 alone, the recording, software and audiovisual industries successfully used notice and takedown against more than 11,000 pirate sites. Through this mechanism, copyright owners and responsible ISPs have cooperated to combat online piracy. This would not have been possible without Whois. Notice and take down cannot function unless copyright owners can quickly and reliably determine the identity of the ISP to which they should direct their notice. That's where Whois and related DNS directory services come in. For a particular second level domain or other site (3)
, Whois allows copyright owners quickly and reliably to identify the ISP to whom a DMCA notification should be directed in order to start the notice and
takedown procedure. Without Whois, it would be much more complicated, expensive and slow for copyright owners to find out who is the proper recipient of a
DMCA notification.
Whois data is also essential to trademark enforcement efforts. Not only does it enable trademark owners to determine the identity of cybersquatters; it also
helps to establish whether a particular cybersquatter is engaged in a pattern of behavior, such as the wholesale warehousing of domain names that are
confusingly similar to trademarks. Demonstrating such a pattern is a critical element in proving bad faith, both under the ACPA, and in the non-judicial
procedure established by ICANN for revoking bad-faith domain name registrations: the Uniform Dispute Resolution Policy (UDRP).
While the UDRP is not the focus of this hearing, I believe a short summary of its status is in order. When the subcommittee last convened to hear testimony
regarding the domain name system, the idea of instituting a global, non-judicial procedure to address the epidemic problem of cybersquatting was, quite frankly,
a proposal for an experiment. Since then, the experiment has been put into practice. The UDRP was developed in negotiations conducted by ICANN, in which
the IPC was an active participant, and was rolled out in December 1999. As of March 15, 2001 the procedure has been invoked more than 3200 times, with
regard to nearly 5800 domain names. In its first fifteen months, this experiment has been a remarkable success. It has provided a relatively fast and relatively
low-cost mechanism for ridding the existing global TLDs - .com, .net and .org - of the most flagrant cybersquatters. The UDRP certainly is not perfect, nor are
its decisionmakers infallible. It is definitely not a panacea for trademark owners: indeed, the burden of persuasion which the trademark owner must shoulder -
proving "bad faith" - is quite heavy. But within the limited sphere in which it was intended to operate - to handle clear-cut cases of cybersquatting without
burdening national court systems, including the U.S. courts - the UDRP has worked well. Certainly it has worked well enough to justify extending this model
for domain name dispute resolution into the other parts of the DNS. In the context of the new TLDs, the UDRP also provides the template for specialized
dispute resolution procedures that may apply during the start-up or "land rush" period, and for proposed non-judicial mechanisms to enforce the charter
restrictions on who may register in a given TLD and for what purpose.
The Importance of Unrestricted Public Access to Whois
Ever since the advent of the DNS, Whois data has been available in real time to any member of the public without fee and without substantial limitations on its
legal use. Among the chief goals of copyright and trademark owners are to preserve real-time, unrestricted public access to Whois data over the broad range of
the Internet where it now exists; to extend such access to other parts of the Internet where it is currently lacking; and to increase the reliability and usefulness of
Whois access, both by improving the quality and accessibility of Whois data and by enhancing its searchability. Let me emphasize three general points about
why unrestricted public access to Whois is so vital.
First, in stressing how much copyright and trademark owners need Whois data, I certainly don't want to give the impression that Whois is important only or
mainly for enforcement of intellectual property rights. Nothing could be further from the truth. The value of unrestricted public access to Whois extends far
beyond the intellectual property arena. For instance, network operations and security personnel need Whois, to identify systems problems and track down
hackers. Consumers need WHOIS to check out whom they are dealing with online and where to seek redress for problems. Parents need WHOIS to find out
who is responsible for sites their children are visiting, and to restrict children's access to inappropriate material. Law enforcement authorities need WHOIS, to
investigate illegal activities taking place online, from child pornography to consumer fraud to spreading viruses. In fact, it is no exaggeration to say that all
Internet users need WHOIS to provide essential transparency and accountability on the Internet. If the Internet is to thrive as a medium for legitimate commerce
and for ubiquitous communication, we all have a stake in preserving and enhancing unrestricted public access to Whois.
My second general point is that this goal does not require a radical restructuring of the Internet, but rather the continuation of policies that have been central to
the domain name system since its inception, and that have served the Internet well in the course of the spectacular growth of online activity over the past decade.
For the most part, with some significant exceptions, free, real-time unrestricted access to Whois data is the status quo. Those who call for degrading or
dismantling this capability are calling for a radical departure from well-established policies that have benefited all Internet users. We should think long and hard
before proceeding down that path.
Finally, I should comment briefly on the complex topic of privacy. While unrestricted public access to domain name registrant contact data delivers substantial
benefits to society, we recognize that this access can be abused. Copyright and trademark owners strongly oppose such abuses, and we support responsible
steps that can be taken to curb them, whether by technological, contractual, or legislative means. But such abuses must be viewed in a broader context. The
registry database for .com, .net and .org processes 30 million Whois queries each day - over one billion per year. The percentage of these that raise any privacy
concerns whatsoever is vanishingly small.
There are many ways for individuals to establish a robust presence on the Internet without even registering a domain name themselves. Those individuals who choose to do so by registering a domain name should not be exempt from the mechanisms (like Whois) that serve to bring a minimum level of accountability and transparency to online activities that may impinge on the rights of others. Few people, and virtually no laws, treat privacy as an absolute that trumps every other social value. Unrestricted public access to Whois data - the long-established status quo in the global TLDs - is fully consistent with a balanced approach to privacy, the approach that underpins privacy legislation both in the U.S. and abroad.
It is helpful to remember that the online universe, like Caesar's Gaul, is divided into three parts. (4)
The first part is the so-called global (or as they used to be called, generic) Top Level Domains, or gTLDs: primarily, .com, .net and .org. The second part is the
country code Top Level Domains, or ccTLDs: the 240 or so two-character domains that are associated in some way with a political jurisdiction, be it a big
country like China (.cn), France (.fr), or Germany (.de), or a tiny territory like Tuvalu (.tv), the Cocos Islands (.cc), or Niue (.nu). The third part is just coming
into existence: the seven new Top Level Domains which ICANN authorized last November, and as to which it is currently negotiating agreements with entities
who will operate them. Let me begin with the new TLDs, which are the focus of this hearing, before commenting on how intellectual property protection is
faring in the other two parts of the DNS.
ICANN is currently embroiled in the process of bringing to fruition the first significant expansion of the Domain Name System in many years: the introduction
of seven new Top Level Domains. ICANN views this as a "proof of concept" exercise. Once these seven new TLDs are operational, an evaluation period will
commence. Depending on the outcome of these evaluations, many more new TLDs could be rolled out in the near future.
Members of the IPC have been active participants throughout the course of ICANN consideration of the new TLD issue. There is no question that many in the
intellectual property community, and in the business community generally, were skeptical about the need for any new Top Level Domains, particularly of the
open, unrestricted variety as exemplified by the three main existing gTLDs (.com, .net and .org). There are also strong arguments for a deliberate and controlled
roll-out of any new TLDs, for technical reasons as well as in recognition of ICANN's limited resources for evaluation and oversight. But CCDN and most other
intellectual property owner groups came to the conclusion that the alleged need for new TLDs, as well as the precise number that should be rolled out, were
issues on which reasonable people might well differ. The most important questions, from our point of view, were the ground rules under which any new TLDs
would operate, and the ability of ICANN to monitor and enforce any obligations that the new registries took on. These ground rules were particularly
important for any new registries that were "restricted" or "chartered," meaning that, unlike in .com, registrations in them would be allowed only by certain
defined categories of entities, or only for certain specified purposes. And specific procedures needed to be adopted for the "land rush" period of initial
registration in the new TLDs; otherwise, the most attractive real estate in the new name space could be grabbed by cybersquatters who would hold it for
speculation or for ransom by legitimate trademark owners.
Over the course of several months, the IPC developed a short list of minimum safeguards for intellectual property protection that should be applied to all new
TLD applications. This document was publicly posted as early as August 2000, and was made available to all potential applicants for new TLD registries. We
were also able to garner endorsements for this list from two other official ICANN constituencies, representing business and commercial interests, and Internet
Service Providers. I attach the full safeguards document to this testimony, but set forth here a summary of its key points.
1. Registration Requirements and Procedures
All registrants in new TLDs should be required to:
Grounds for revocation should be:
Chartered TLDs need special rules to cover:
2. UDRP
The UDRP has shown its worth in the steady removal of bad faith domain registrations. It is essential that:
3. Whois
All applications for new TLDs should facilitate searchable public data on at least:
4. Start up phase
The intentional registration of trademarks by parties other than their owners leads to confusion at best and fraud at worst. In this regard, it is critical to have a procedure for:
There have been many criticisms of the process ICANN used to solicit and consider applications for new TLDs. Our verdict on this process so far is mixed. I emphasize "so far" because the new TLD process is ongoing. Negotiations between ICANN and four of the new TLD applicants - for .biz, .info, .pro, and .name - have not been concluded; negotiations with the other three applicants that received a "green light" last November - .coop, .museum, and .aero - have barely begun. As of today, a number of critical issues about the operation of the new TLDs remain unresolved. (5)
With these caveats, CCDN and IPC believe that some positive aspects of the new TLD approval process so far should be noted. First, ICANN did include
among the criteria that applicants were required to address the protection of intellectual property rights, including issues of Whois accessibility and data quality,
and mechanisms for dispute prevention and resolution. Second, ICANN ran a transparent process which accommodated broad public participation. Virtually all
application material, as well as the staff evaluations of the applications, were posted on the Internet, and numerous channels for public comment and
participation, both online and in person, were provided. Third, and perhaps most importantly, ICANN clearly communicated to applicants the presumption that
the existing obligations undertaken by the gTLD registries and registrars, including full public accessibility of Whois data and participation in the UDRP, would
carry forward into the new TLD environment. In other words, any application that sought to restrict the full public accessibility of Whois data, or to narrow the
applicability of the UDRP, would have to justify the departure from the gTLD status quo.
The short deadlines involved in the process of evaluating and deciding on the applications have provoked a great deal of criticism. There is certainly some merit to these complaints: the deadlines in many cases were extremely short. But ICANN was under considerable pressure from some quarters to roll out many more new TLDs even faster. CCDN's experience, and that of our colleagues in the IPC, was that it was possible to review and analyze the relevant materials, to engage the applicants and the ICANN staff, and to participate fully and actively in the evaluation process, in the time frames allotted. This required an enormous contribution of person power, most of it volunteer, and many hundreds of hours of research and negotiation. (For example, during the three days preceding the ICANN Board vote on new TLDs in Los Angeles last November, IPC teams held substantive meetings with the majority of the 44 active applicants, many of which resulted in significant changes to the applications themselves.) Indeed, this regimen has persisted in the current phase of negotiations between ICANN and the applicants; since the November vote by the ICANN Board, IPC representatives have devoted considerable time and resources to extensive contacts, including several face-to-face meetings, with all the successful applicants, and our job is not done. We anticipate a great deal more work in reviewing and commenting on the texts of the actual agreements between ICANN and the registries as they are made public.
On the negative side, there is very little indication that intellectual property concerns played any role in any of the decisions made by the ICANN Board
regarding new TLDs. The issue went virtually unmentioned throughout the marathon public meeting of the Board at which the seven applicants received the
"green light" for further negotiations. Perhaps the best demonstration of how the ICANN Board approached this issue may be gleaned from the following fact:
of the five entities competing to run a ".biz" registry, the IPC ultimately concluded, after the negotiations in Los Angeles, that four applications were at least
minimally acceptable. We advised the Board of this fact. Without any public discussion of the IPC concerns, the Board chose the fifth application, the only one
that the IPC felt did not present a minimally acceptable plan for preventing intellectual property disputes through the use of a so-called "sunrise" registration
mechanism for trademark owners.
Turning from process to substance, what is the outlook for copyright and trademark owners in the new TLDs?
With regard to Whois, the prospects seem fairly good overall. In general, most of the new registries appear willing to conform to the minimum standards for unrestricted public access to Whois, and for measures to improve data quality, that apply now to the existing gTLDs. In addition, these new registries even offer the prospect of some practical improvement in Whois access. For instance, the .biz, .info and .pro applications all propose to depart from the "thin registry" Whois model now operating in /com/net/org, in favor of a so-called "fat" or "thick" registry, in which the contact data for all registrants (regardless of the registrar that took the registration) would be centralized in a single, registry-wide database. (6)
This will be a significant improvement over the situation now faced among the gTLDs. Just last week, we learned that the fourth new-TLD-to-be, .name, is
planning to switch its proposal from a "thin" to a "fat" registry model.
Some of the new TLD applicants, notably .pro and .info, also offered to provide greater searchability for Whois data (for instance, the ability to search by data
elements other than domain name). However, none of the applications specifies when this enhanced search capability will be made available, and the applicants
have rather assiduously avoided any firm commitment in this regard. As discussed in more detail below, we believe (with apparent agreement from the ICANN
staff) that robust searchability is already an obligation for all gTLD registries; accordingly, in our view, all new TLDs should provide this capability
immediately upon launch, not at some unspecified date in the future.
However, Whois is not the only issue with which trademark and copyright owners are concerned in the new TLD environment. Our most fundamental goal is to prevent, to the extent possible, any of the new TLDs from becoming havens for piracy and cybersquatting. Certainly the transparency and accountability provided by publicly accessible Whois is a critical tool for advancing that goal: it increases the chances that any pirate detected to be operating in the new TLD could be quickly identified and efficiently taken down or otherwise pursued. But on the theory that an ounce of deterrence is worth a pound of enforcement, intellectual property owners have focused much of their attention on what steps will be taken by the so-called "chartered" or "restricted" new TLDs to keep pirates from registering their domains there in the first place, and to quickly expel them if they do. Similarly, trademark owners are scrutinizing the start-up plans of all the new TLDs, to evaluate the safeguards which they propose to discourage cybersquatting, as well as the mechanisms available to deal with this problem if it does occur.
I turn briefly at this point to the four new TLDs that have made the most progress toward ICANN approval. (7)
There is not much that needs to be said about two of them.
Dot info, which will be run by a consortium of existing ICANN registrars, is essentially a clone of the existing .com: there is no attempt to impose any
restrictions on who may register there and for what purpose. While one might certainly question whether what the world needs is another .com, the .info
proposal incorporates, to at least an acceptable extent, the safeguards that the intellectual property community is looking for in all the new TLDs. Its Whois
service will be at least as useful as what is available today in .com. The .info plan includes a full-fledged "sunrise" mechanism under which the owners of all
trademarks registered prior to October 2, 2000 have the opportunity to pre-register the domain name corresponding exactly to the registered mark. All other
cases of cybersquatting (e.g., bad faith registration and use of a domain name that is not identical to a registered mark, but confusingly similar) will be fully
subject to the UDRP.
At the other end of the spectrum, the .pro proposal offers a model of how a true "chartered" or "restricted" Top Level Domain might be set up. Its operators
seem to have a well-prepared plan for restricting registration to accredited professionals, such as lawyers, doctors and accountants, and for policing that
restriction. The operators of the registry will screen all applications themselves, and have also provided a mechanism for third parties to challenge those who
may not be entitled to register. Vigorous implementation of these rules should help to minimize the risk of piracy and cybersquatting in sites registered under
.pro. A functional, centralized Whois service will be provided, with enhanced searchability at some point in the future. A "sunrise" mechanism is in place to
allow trademark owners to pre-empt cybersquatters, and the UDRP will be available for other cases of bad faith registration and use of a .pro registration.
The most problematic applications from the standpoint of intellectual property owners appear to be those for .biz and .name. In a sense, these two new TLDs
portray themselves as mirror images of each other: .biz is supposedly devoted to legitimate business activities, while .name is intended for use by individuals,
primarily for non-commercial purposes. Although they have not consistently done so, both now describe themselves as "chartered" Top Level Domains -
although it might be more accurate to modify that label by calling them "ostensibly chartered".
At the time that the ICANN Board approved their applications for further negotiation, and for months thereafter, neither .biz nor .name put forward any serious
proposal, either for charter definition - who may register in the new TLD, and for what purpose - or for charter enforcement - how to handle and act on evidence
that a registration is being used for purposes inconsistent with the charter. The .biz charter definition was first made public on March 6; as of March 19, no
specific enforcement proposal for it has been publicly posted. With regard to .name, IPC members were unable to obtain any written proposal regarding charter
definition and enforcement until March 11, and as of March 19 it still has not been posted for public review. Thus, as of this writing it is not possible to say
whether either of these proposals includes sufficient safeguards to reduce the likelihood that these new TLDs will become havens for cyberpiracy or venues for
widespread cybersquatting.
The proposed .biz charter definition contains a definition of "bona fide business or commercial use," and requires that registrations in .biz "be used or intended
to be used primarily" for such purposes. The proposal also spells out that registration "solely for the purposes of selling, trading or leasing the domain name" is
not allowed. However, the .biz operators - the joint venture Neulevel - rejected a detailed proposal from the IPC to forbid registration predominantly for the
purpose of carrying out cyberpiracy through use of the domain name or a site corresponding to it. It is difficult to understand why Neulevel insists upon treating
blatant copyright piracy or trademark counterfeiting - as well as other forms of consumer fraud - as "bona fide business or commercial use," even to the extent
of refusing to provide any mechanism to revoke the registration of someone who uses the .biz imprimatur for such an illegal purpose.
Although, as noted above, the specific enforcement mechanism for enforcement of the charter "restrictions" in .biz has not yet been unveiled, we understand that
it will involve an administrative proceeding in which a third party - not .biz - will determine whether a restriction has been violated. Neulevel appears ready to
let an adjudicator determine whether or not a site is being "used primarily for bona fide business or commercial purposes," and whether or not the registration
was made "solely for the purposes of" speculation in the domain name. We know no reason why the same mechanism could not be used to determine whether
the registration is being used predominantly for purposes of copyright piracy or trademark counterfeiting, and, if so, to revoke the registration.
Neulevel also refused to incorporate in its start-up plans a "sunrise" mechanism under which trademark owners could prevent cybersquatters from registering
.biz names identical to their marks. Instead, after extensive negotiation, Neulevel agreed to an alternative mechanism, in which trademark owners could,
through a pre-registration procedure, prevent an unauthorized registration of a domain name identical to their mark from "going live" for a 30-day period.
While this may have some value in deterring cybersquatters, it is not likely to be as effective or efficient a means of prevention as a true "sunrise" procedure.
Indeed, Neulevel's procedure is really not a preventive measure at all, but simply a means of facilitating use of an alternative dispute resolution procedure to
remedy an act of cybersquatting after it has occurred. While intellectual property owners may be prepared to live with this for one TLD, we believe that it must
not be viewed as a precedent that trademark owners must shoulder the full expense and effort of curbing cybersquatting in new TLDs.
If anything, our concerns are even more pervasive with respect to .name. The IPC strongly recommended to the ICANN Board that the application for .name
tendered by Global Name Resources (GNR) not be approved for further negotiation, and even a brief review of the application shows why. Three examples
may suffice to illustrate the basis for our concerns.
First, contrary to the impression some may have gained of the registration criteria for .name, the GNR application made it quite clear that anyone could register
virtually any domain name for any purpose in .name. An applicant need not register his or her own name; he or she could register any name (or unlimited
number of names) desired, or even any set of letters not constituting a name, so long as the registration met a certain xxx.yyy.name format. Thus,
chairman.coble.name, judiciary.committee.name, general.motors.name, adobe.photoshop.name, or columbia.pictures.name, would all be equally available to
any registrant, no matter whether he or she had any connection to the person, institution, or product named.
Second, while the application purported to limit .name registrations to "non-commercial" uses, that term was essentially undefined. In any event, it is certainly plausible that a use that GNR would consider "non-commercial" would also be a piratical use that inflicts severe damage on copyright or trademark owners. Thus, the registrant at columbia.pictures.name could use a site to which that name resolves to distribute unauthorized copies (via download or streaming) of Columbia's movies, so long as no money changed hands. Of course, Congress, led by this subcommittee, recognized several years ago that purportedly non-commercial piracy sites could inflict serious commercial harm on copyright owners. It passed the NET Act in 1997 to plug a loophole in our criminal infringement laws that suggested otherwise. (8)
Finally, the GNR application was profoundly unclear - indeed, self-contradictory -- about what Whois information would be made available. Some people have
argued that the Whois data public accessibility obligations regarding Top Level Domains intended for personal use should be relaxed on privacy grounds. This
treatment would have been wholly unjustified for a .name registry as described in the GNR application, since the registry would be open to virtually anyone to
register for virtually any "non-commercial" purpose. The need for accountability and transparency would be heightened, not diminished, in such an
environment.
Sometime over the past six weeks or so, the .name proposal has apparently been transformed dramatically in a number of ways. Although very little
information about these changes has yet been posted on the ICANN web site, it appears that registrations in .name will now be allowed only for the registrant's
actual name, or for the name of a fictional character in which the registrant holds a trademark or service mark. A dispute resolution procedure will be provided
to challenge .name registrations which a third party believes do not meet these criteria. There will also be a mechanism for defensive registration of trademarks
(or other words) that are not believed to constitute anyone's personal name, although such registrations will be extremely expensive.
Finally, GNR has apparently revamped the entire structure of the proposed .name registry. Its application proposed a "thin registry" structure, in which most
Whois data would have been obtainable only from the registrar who actually made the registration. Now, GNR says that .name would be operated as a "fat
registry," with a single source of Whois data for registrations throughout the .name registry. The implications of this change for public access to Whois data are
completely unclear. GNR, which is based in the United Kingdom, apparently has been proceeding under the assumption that the U.K. privacy laws would
prevent it, as a registry, from providing the full range of Whois data that are currently available from registrars in the .com/net/org environment. While the
basis for this assumption is unknown - after all, gTLD registrars based in the U.K. have been providing public access to full Whois data for some time without
apparent difficulties - so is its impact on the revamped, "fat registry" Whois service to be offered by .name.
In short, at this moment it is virtually impossible to evaluate the extent to which the new .name registry will incorporate the safeguards required to protect intellectual property owners in the roll-out of this new Top Level Domain. In this regard, we are somewhat concerned by last week's action of the ICANN Board of Directors that puts conclusion of the negotiations with all four of these new TLD operators on an extremely fast track. (9)
While we are continuing our discussions with GNR, we urge ICANN to make public as soon as possible all the provisions of all the proposed registry
agreements, and to provide adequate opportunity for these to be analyzed and evaluated, before finalizing the agreements. This is not a plea for delay:
throughout the new TLD approval process, we in the IPC have amply demonstrated our readiness, our willingness, and our ability to undertake these reviews
quickly and thoroughly. It is, rather, a recognition that it would be folly to forge ahead until we have clear, definite answers to these critical questions of charter
definition, charter enforcement, dispute prevention, and accountability and transparency through unrestricted public access to Whois.
Until a practical and specific proposal for charter definition and charter enforcement is put forward by the sponsors of .name, it cannot realistically be viewed as
any different than .com. If anyone may register in this new domain for any purpose, including to establish sites devoted to copyright piracy, child pornography,
consumer fraud, or any of the other illegal activities that currently infest the existing gTLDs, this outcome would be extremely disappointing, to say the least,
and would seem to add little to the overall experience of the Internet other than more of the same. The most charitable way to describe it would be as a missed
opportunity to bring more accountability and integrity to the online environment. Congress and the U.S. government should make it clear to ICANN that this
opportunity must not be squandered, and that the failure to seize it would not bode well for the approval of these or future proposed new TLDs. Meaningful
charter restrictions, and practical means of charter enforcement, should be the hallmark of any new TLD that purports to offer a "proof of concept" of any
approach to domain name management other than the wide-open, anything-goes approach of .com. And the well-established role of publicly accessible Whois
data in enhancing the accountability and transparency of online activities should be preserved and strengthened, not undermined, in the new TLD environment.
At least with respect to .biz and .name, we cannot yet say whether these bedrock principles will be respected.
In closing, let me emphasize that the rollout of new TLDs is still a work in progress. No final decisions have been made by ICANN, and any final decision it
makes is subject to the approval of the U.S. Department of Commerce, which retains control over the authoritative root server and thus over the introduction of
any new TLDs. We urge the subcommittee to monitor closely the developments in this sphere over the next few months, as the new TLDs are rolled out, to
ensure that the protection of intellectual property rights is adequately provided for in the launch of new TLDs, and to stress the importance of careful evaluation
of the impact of the new TLDs on intellectual property interests, before any further expansion of the domain name space is undertaken.
The existing gTLDs, particularly .com, remain the most heavily populated and widely used domains, both for legitimate e-commerce and communication, and
for pirate activity. Real-time unrestricted free public access to Whois data is of particular importance in this realm.
Over the past two years, the means of providing Whois data in the gTLD environment has been transformed. In 1999, there was a single place where a Whois
query from a member of the public - i.e., who is the registrant of xyz.com? - would be answered after searching the full range of registrations in the relevant
TLD - in this example, .com. This reliable "one-stop shopping" no longer exists. This change is a by-product of the advent of competition in registration
services in the gTLD environment.
Today, instead of a single registrar - Network Solutions Inc., or NSI - there are over 160 accredited registrars, each of which maintains Whois data on the registrations it is responsible for. (10)
The role of Verisign (which acquired NSI) as a registry in responding to Whois is limited to identifying the registrar holding the full set of Whois contact data. (11)
With this so-called "thin registry" Whois model, there is no longer an authoritative source for current Whois data across the entire gTLD. (12)
In this sense, over the past two years the unrestricted public availability of Whois in the gTLD environment has not been maintained; it has been weakened.
The obligation of an ICANN-accredited registrar to provide free, unrestricted public access to real-time Whois data is part of the Registrar Accreditation
Agreement (RAA) that each registrar signs with ICANN. Making Whois accessibility an explicit contractual obligation of registrars was a positive step for
ICANN, but its value has been compromised by three factors.
First, the scope of the obligation is not clear. ICANN staff has publicly interpreted the RAA provision to require registrars, not only to allow the public to
identify who is the registrant for a particular domain name, but also to offer the ability to search based on other data elements: for example, to find out all the
domain names in a gTLD that have been registered by a particular named registrant, or by any registrant who states a given mailing address. These features,
which were provided to at least some extent by the unified NSI Whois service that existed prior to the introduction of registrar competition, are particularly
important for trademark owners, since these more robust search capabilities can help provide evidence of a pattern of cybersquatting, a key criterion for
obtaining relief both under ICANN's Uniform Dispute Resolution Procedure (UDRP) and under the Anti-Cybersquatting Consumer Protection Act. They
would also be quite valuable to copyright owners as an investigative tool. But most registrars are not currently providing this service, and some of them contest
whether they are contractually obligated to do so.
Second, the RAA clearly contemplates the development of a registry-wide Whois service, to restore the authoritative "one stop shopping" for Whois data.
Indeed, in the RAA, ICANN reserved the right to require the registrars to contribute their data to a centralized Whois database if that were needed in order to
bring the comprehensiveness of Whois searching back to the level that existed before the introduction of competition in the registration business. But to date,
there has been no discernible movement toward registry-wide Whois, and ICANN has failed to push the registrars to provide it.
Third, and most important, ICANN's capacity to enforce the Whois obligations contained in the RAA needs improvement. For instance, despite the public statement by the General Counsel of ICANN that "most registrars appear not to be in compliance" with their RAA obligation to provide a fully searchable Whois, (13)
CCDN is unaware of any enforcement action, formal or informal, that ICANN has ever taken to enforce this obligation. This is particularly disappointing in light of ICANN's strongly expressed view that only it, and not any third party, can enforce the Whois-related obligations of an accredited registrar under the RAA. (14)
Accredited registrars also have some obligations under the RAA concerning Whois data quality. The prevalence of inaccurate or outdated contact information
in the Whois database limits its usefulness as an anti-piracy tool. The RAA gives ICANN the authority to develop data quality or verification standards that
registrars would be obligated to fulfill. ICANN has not done so, even though steps could easily be taken to eliminate obviously false contact data at little or no
cost to registrars. The RAA also requires registrars to accept reports from third parties (such as copyright owners) of false contact data, and to cancel
registrations when contact data cannot be verified. Compliance with these obligations is extremely sparse.
In short, Whois data remains generally available in the gTLD environment, but its comprehensiveness and searchability have declined over the past two years,
and the serious problem of data quality has never been addressed. The U.S. government should urge ICANN to pay more attention to the implementation and
enforcement of the registrars' RAA obligations and to increase its efforts to restore Whois at least to the level of usability that the public enjoyed up until the
advent of registrar competition in 1999. Since the gTLD Whois environment provides a template for these services in other parts of the DNS, increased
attention here could improve accountability and transparency throughout the Internet.
In a surprise announcement three weeks ago, ICANN and Verisign proposed a substantial revision of the 1999 agreement under which NSI (Verisign's
predecessor) was allowed to continue to operate the .com,. net and .org registries. These proposed revisions are complex and far-reaching, and the time frame
for bringing them into effect is quite short. The IPC has been studying these proposals, and we believe that for the most part they will not have much impact on
the protection of intellectual property in the gTLD environment. We are concerned about the proposal to excise from the current registry agreement a provision
specifically addressed to establishment of a registry-wide Whois, although we recognize that more general provisions of the revised agreement would cover this
topic. We have also urged Verisign, which has pledged to invest $200 million in R&D and operational improvements to .com if the contract revisions are
accepted, to specifically earmark some of this funding to accelerating steps toward re-establishing registry-wide Whois, enhancing the available search
functions, and linking this database to the Whois data from other registries throughout the DNS. We hope that such a commitment is forthcoming before the
Department of Commerce gives final approval to these proposed revisions.
The Whois situation in the ccTLD world is much more varied than in the gTLDs. The roughly 240 country code domains, which on the whole are growing
faster than the gTLDs, vary dramatically in size, and their operators also form a wide-ranging spectrum with regard to technological sophistication. Although
traditionally many ccTLDs have been relatively closed environments, in which it was difficult to register a domain name, a growing number of ccTLDs operate
on a much more open basis, in which nearly anyone can register nearly any domain name for nearly any purpose. In short, more and more ccTLDs are being
run like gTLDs, but without any standard framework or legal obligation with regard to Whois (or with regard to resolution of intellectual property disputes, for
that matter). In these circumstances, the threat that some ccTLDs will become attractive venues for piracy is real and immediate. In some ccTLDs, pirates can
enjoy the ease of registration and the accessibility to the public they would find in a gTLD, but without the transparency and accountability provided by the
presence of a publicly accessible Whois database.
Today, some ccTLDs do provide free, publicly accessible Whois data on a basis comparable or even superior to that offered in the gTLD environment. Most, however, do not. Some charge a fee for this basic registrant contact data; some require Whois requesters to meet some sort of special qualifications in order to obtain access; some send Whois data by surface mail rather than making it available online; some drastically restrict the data elements made available via Whois (for example, providing only the name of the registrant without any other contact data); some simply do not provide Whois access at all. It is especially distressing that many of these shortcomings can be observed, not just among small or isolated ccTLDs that may lack the technological know-how or resources to provide state-of-the-art Whois services, but among some of the big commercial operations, based in the U.S., who have secured the ccTLD franchise from tiny territories and are aggressively capitalizing on it to run what are gTLDs in everything but name. (15)
The clear solution to this problem would be for ccTLDs to take on the same obligations with regard to Whois that now apply in the gTLD world. However,
progress toward this solution would also require resolution of a number of unrelated but complex issues regarding the financial, political and legal relationships
among ICANN, the ccTLD operators, and the governments of the territories to which the ccTLD designations relate. It is not surprising that progress has been
slow. However, there have been a few positive signs recently.
For example, at the request of the U.S. and a number of other governments, the World Intellectual Property Organization (WIPO) has undertaken an important initiative to assist ccTLDs in developing and implementing sound policies to prevent intellectual property disputes from arising in the operation of ccTLD registries, and to resolve those disputes which do occur. WIPO recently released a draft "best practices" document that strongly encourages ccTLDs to make the full range of Whois data publicly accessible in real time without significant restrictions. We applaud WIPO for its initiative in this regard, and hopes that the recommendations of this authoritative and experienced UN agency will be persuasive to many ccTLDs whose Whois policies desperately need improvement. (16)
We are concerned, however, about reports that the ccTLD constituency within the ICANN Domain Name Supporting Organization has adopted its own "best
practices" statement that does not address the registrant contact data issue. Such a proposal would be seriously deficient and could not provide an acceptable
standard for determining a given ccTLD's role within the ICANN system. We look forward to working with the ccTLD constituency to promote a better
statement of the minimum standards that these important registries should strive for in this regard.
Bringing greater transparency and accountability to the ccTLD world through improved public accessibility of registrant contact data must be a high priority
both for ICANN and for the U.S. government. In its participation in ICANN's Governmental Advisory Committee (GAC), the U.S. should continue to urge its
foreign counterparts to insist that the operators of ccTLDs provide free, real-time, unrestricted public access to the full range of Whois data elements. Such a
step would be in the best interests of consumers, creators, and Internet users in each of these countries, and would facilitate the full integration of these ccTLDs
into the mainstream of global electronic commerce. The U.S. government should also ensure that the ccTLD which it controls, .us, provides a model in this
regard. Finally, we need to consider what steps should be taken to ensure that U.S.-based "virtual gTLDs" that operate two-character domains that have been
delegated to them by foreign territories adhere to the best possible practices with regard to transparency and accountability, lest they become havens for online
piracy and an embarrassment to the United States.
On behalf of both CCDN and IPC, I commend the subcommittee for holding this hearing and for its continued commitment to safeguarding intellectual property rights in the DNS. The inauguration of new TLDs marks a critical point in ICANN's development. The subcommittee's active oversight of the activities of ICANN and of the Department of Commerce team that interfaces with it is especially vital in the weeks and months ahead. Thank you for this opportunity to present the perspectives of copyright and trademark owners this morning.
The following ten organizations participate in CCDN: American Film Marketing Association (AFMA); American Society of Composers, Authors and
Publishers (ASCAP); Association of American Publishers (AAP); Broadcast Music, Inc. (BMI); Business Software Alliance (BSA); Interactive Digital
Software Association (IDSA); Motion Picture Association of America (MPAA); National Music Publishers' Association (NMPA); Recording Industry
Association of America (RIAA); and Software and Information Industry Association (SIIA).
Among the IPC's more than 40 institutional and business members are the International Trademark Association (INTA); the American Intellectual Property Law Association (AIPLA); and the International Intellectual Property Alliance (IIPA), as well as a host of international legal and business organizations based outside the United States.
In generic Top Level Domains like .com, Whois operates at the second level, i.e., it provides contact information for the registrant of a Second Level Domain such as iipa.com. In some other TLDs, in which registrations take place at the third level, Whois data identifies the registrant of the third level domain, e.g., sony.com.au.
Also like Roman Gaul, there are barbarians on the other side of the frontier. These are the so-called "alternative roots," servers that route Internet traffic to
other top-level domains besides those contained in the "authoritative root servers" operated under ICANN supervision on behalf of the U.S. Department of
Commerce. At present, only a tiny minority of networked computers use browsers that point to the alternative roots, so this parallel universe of other TLDs is
currently accessible to only a relative handful of Internet users. Accordingly, while undoubtedly some sites on the alternative roots are used for purposes of
piracy, and others employ domain names that are confusingly similar to established trademarks, the problem is confined to a small coterie of enthusiasts and is
not viewed as a major threat by most intellectual property owners. Of course, this situation could change, and if it does, the need for unrestricted public access
to Whois data on registrations in these alternative roots, and for steps to prevent and resolve domain name disputes in these spaces, will become more pressing.
In this regard, CCDN and IPC members are following with great interest - and some concern -- the recent efforts of New.Net to establish and promote what is,
in effect, an alternative root system. This development raises a number of questions about stability of the DNS and the likelihood of consumer confusion.
Provisions of the proposed agreements between ICANN and the operators of the new TLD registries are being posted piecemeal on the ICANN web site. Until this posting is complete, it is impossible fully to evaluate the ground rules under which a given new TLD will operate.
By contrast, in the "thin registry" model, the Whois data available from the registry serves only to identify the registrar that sponsored the registration in
question. A request must then be made to that registrar for the full set of registrant contact data.
As noted above, negotiations have barely begun with the other three applicants. Since all three propose highly restricted domains, the intellectual property
concerns may be less serious than those encountered with some of the first four applications.
The subcommittee should bring this experience to bear in evaluating any assertion that .name should be exempt from the requirement for a meaningful and enforceable charter, or that the accountability and transparency standards provided by publicly accessible Whois should somehow be relaxed, because of its self-articulated character as a "personal" or "noncommercial" space on the Internet.
Under the resolution adopted by the ICANN Board, a contract with a new TLD registry could be signed, without further Board action, within seven days after the posting of all contract terms and appendices for that TLD registry is completed.
Not all these accredited registrars are actively taking registrations.
Verisign is also a registrar. The agreements accompanying the introduction of competition gave NSI strong incentives to spin off either the registry or registrar business by this year. On March 1, Verisign and ICANN announced proposed contractual changes that would, among other things, eliminate the divestiture incentives. As discussed below, CCDN and IPC members are currently analyzing the proposed changes for their impact on the interests of intellectual property owners.
A number of services purport to conduct Whois searches across all gTLD registrars and to provide the results free and online, but there is no guarantee that these services are comprehensive or that the data they provide is fully up to date.
See http://www.icann.org/committees/whois/touton-letter-01dec00.htm, question 7.
See to ICANN's amicus filing in Register.com v. Verio, posted athttp://www.icann.org/registrars/register.com-verio/amicus-22sep00.htm.
One such operation, .tv, testified to another House subcommittee that it provided a full, publicly accessible Whois. This is not the case, at least if the gTLD Whois service defined in the RAA is the measure. To give just one example, anyone seeking Whois information from .tv must first identify himself and register with the registry operator. This is a far cry from the unrestricted public access provided in .com.
We also encourage ccTLDs either to adopt the UDRP as a non-judicial means for resolving domain name disputes within their registries, as some have already done, or else to adopt similar dispute resolution systems based on the UDRP but tailored to the needs of particular ccTLD registries. Such moves would also be consistent with the WIPO best practices document.