The term "jurisdiction" has various definitions in law, but for our purposes here we can say it is the power of some legal body to exercise its authority over a person or subject matter or territory. In the Internet today, it is territory that gives rise to many major issues. As in real estate, what matters in jurisdiction is "location, location, location".
When the Internet and trademark rights began to intersect, it quickly became apparent that traditional concepts of the jurisdiction of courts and legislatures would be seriously strained by situations where a registrant in one country could use a registrar in a second country to register a domain name in yet a third country. In some ways, the historical development of the Internet masked some of the more theoretical problems. The United States was the center of these early developments. In the 1990's, the National Science Foundation contracted with Network Solutions in the state of Virginia; as the Internet developed 11 of the original 13 root servers were in the U.S., and they still are. The root zone file was coordinated by IANA, and in those simpler days "God on the Internet", in the person of Jon Postel, ran IANA from his office in Marina del Rey in the state of California.
Going back further in history, the United States has a history of expansive jurisdictional claims. Over two hundred years ago, in 1789, the U.S. Congress passed the Alien Tort Claims Act that gives U.S. federal courts civil jurisdiction over violations of "the law of nations". Historians tell us that the statute was primarily intended to protect non-citizen residents of the U.S. However, in recent years, U.S. courts have used the statute to give citizens of other countries access to U.S. courts to seek redress for human rights violations that occurred outside the U.S. against defendants located in the U.S. Other precedents in U.S. law are found in the enforcement of its antitrust laws based on activities outside the borders of the U.S.
Given this history, it is not surprising that the U.S. government has found no difficulty in establishing its oversight over the technical administration of the domain name system. When the U.S. Department of Commerce issued the White Paper in June, 1998, the stage was set for the creation of ICANN as a California non-profit public benefit corporation. ICANN has gone to considerable lengths to establish its international character. Its Affirmation of Commitments (an agreement with the U.S. Department of Commerce) provides a basis for global accountability, but IANA still operates under an agreement with the same Department.
Many, if not most, of the early legal problems of the Internet involved trademark disputes. American courts rendered judgments in cases where one or more parties were located in the U.S.A. Meanwhile, the UDRP was established by ICANN as the means for deciding trademark-domain name disputes without reference to national boundaries. The UDRP has a specific provision that its judgments do not supersede those of any national courts. Many courts throughout the world have made it clear that a UDRP decision is not final if a court takes a different view of a particular dispute. In most cases, however, UDRP decisions are the final judgment because neither the complainant nor the respondent takes their case to a court. The UDRP has become the de facto global jurisdiction for trademark-domain name controversies.
The more serious jurisdictional problems are now beginning to appear in cases that are more complex than trademark-domain name disputes. The European Union is beginning to enforce its data protection requirements outside the borders of the E.U. In the United States, law enforcement authorities have taken action against alleged criminal activity by operators of web sites. The four most prominent cases involve three seizures of web sites that were operated outside the borders of the U.S. and one attempt to prosecute a U.K. resident. The seizure cases are: Rojadirecta.com, a Spanish web site that provided links to sporting events; Megaupload.com, a Hong Kong based file-hosting web site and Bodog.com, a Canadian web site devoted to gambling. The URLs of these web sites now resolve to sites operated by the U.S. government; they refer to the seizures and cite the U.S. laws allegedly violated.
The fourth case is the extradition proceeding in the United Kingdom in which the U.S. government is seeking to take a U.K. university student to the U.S. If the U.S. succeeds, the student, Richard O'Dwyer, will go on trial to face charges that he violated U.S. copyright law by posting links on his web site to pirated material, even though his activities were legal in the U.K.
The web site of Rojadirecta.com was taken down, based on a warrant served by the U.S. Department of Homeland Security in February, 2011. The basis for the seizure was alleged violation of the criminal provisions of U.S. copyright and trademark statutes. Rojadirecta immediately pointed out to the U.S. authorities that its activities were perfectly legal under Spanish law. It was not offering copyrighted material on its web site but rather was pointing to sporting event sites that might, or might not, themselves be protected by national laws where the events were taking place. Rojadirecta's plea was unsuccessful, and Rojadirecta then filed an action in a U.S. federal court to get its web site back. The case is dragging its way through the U.S. court system, but in the interim, Rojadirecta.com is held by the U.S. government.
Megaupload.com and related web sites were seized by the U.S. Federal Bureau of Investigation (the "FBI") in January, 2012; at the same time, its founder, a New Zealand resident was arrested, and several million dollars worth of property unrelated to the web site was seized. The founder, Kim Dotcom, as he is now known, is a dual citizen of Finland and Germany. The U.S. case is based at least partly on allegations that some material in the Megaupload files is stored on servers in the state of Virginia. There are ongoing U.S. court proceedings attacking the legality of the arrests and seizures. A number of Megaupload users claim that their files are non-infringing. As innocent victims, they demand that the U.S. government allow them to reclaim their files that are currently blocked from access. In addition, a New Zealand court has ruled the New Zealand warrants illegal, and Kim Dotcom's extradition hearing has been delayed until March of 2013.
In February, 2012, the Bodog.com web site was seized by the United States Department of Homeland Security, in cooperation with officials of the state of Maryland, on charges of illegal gambling and money laundering, in violation of U.S. and state of Maryland criminal laws. A successor company has continued operating in countries outside the U.S. , and there is a Bodog registration in .EU. The seizure was made despite the fact that Bodog had withdrawn from the U.S market following passage of U.S. legislation barring Internet gambling. Bodog used a Canadian registrar, but, of course, its .COM registration provided U.S. authorities the link they needed to assert jurisdiction. In addition to the seizure of the registration, the founder of Bodog, a resident of Canada, and several others were indicted for alleged violations of U.S. and state laws.
It is important to note that all three of these seizure cases are proceeding, albeit slowly, through the legal mills of the U.S. court system. It is not clear at this time that U.S federal or state courts will fully support the actions of the U.S federal agencies that are trying to extend their jurisdiction outside the borders of the United States.
An ironic aspect of these recent seizures is that they were nearly simultaneous with the demise of the proposed legislation in the U.S. known as SOPA and PIPA. Those bills, intended to protect intellectual property rights, would provide a legislative basis for the U.S. position that web sites using domain names registered in U.S. based registries are subject to U.S. law. The international outcry over the bills has not diminished the zeal of U.S. law enforcement agencies to extend U.S. jurisdiction over activities on the Internet.
In the U.S., the law enforcement agencies are not the only parties taking advantage of their location. Lawyers for brand owners (mostly well-known consumer brands) have succeeded in taking down hundreds if not thousands of web sites. These cases may involve infringing domain names but the real area of concern is the sale of counterfeit goods bearing a famous brand name. The defendants are generally outside the U.S., often in China, and never answer legal complaints. The U.S. federal courts then enter orders directing the U.S. based registries and registrars to transfer the domains to a registrar acting for the brand owner. The result is the effective blocking of the offending web site.
Aside from the E.U. data protection issues, European court cases involving web sites have often involved interpretations of national law as applied to service providers within the respective courts' jurisdictions. In other cases, web site operators in these cases are those that conduct global operations that subject them to local jurisdiction under conventional legal standards. The outcomes of these cases depend on local law, and are not necessarily consistent. At least they do not raise serious questions of extending one country's laws to activities in other countries.
ICANN now finds itself in the midst of the development, or lack thereof, of new concepts of jurisdiction over global activities. There is a distinct possibility that there will be one thousand or so registries located outside the U.S. This should be the wakeup call for all the stakeholders of ICANN and make them aware of the seriousness of this issue. Brand owners and copyright interests have had enormous success in persuading U.S law enforcement authorities to become a global police force for enforcing intellectual property laws. Even if the U.S. courts support these efforts, the powers of these authorities may not be sufficient to deal with cases where the registrant, registrar and registry are all located outside the U.S.
There are various scenarios for dealing with these issues. Clearly, the worst scenario is interference with the Internet at the technical level. Forcing service providers to filter web sites alleged to violate national laws will result in serious harm to global interoperability and to security protocols as well. Other scenarios include new treaties among nations, a process that would take decades at best. More likely might be an expansion of contract-based jurisdiction, as exemplified by the UDRP. For copyright infringement cases, could ICANN establish a Uniform Copyright Dispute Resolution Procedure? This new UCDRP might follow the model of the UDRP by requiring compliance by all ICANN accredited registrars. It could also be modeled, in part, on the United States statute known as the DMCA. The DMCA, or Digital Millennium Copyright Act, enables copyright owners to demand the removal of allegedly infringing material from web sites. Under the DMCA, U.S. service providers who receive notices of infringement have a safe harbor from liability for infringement provided that the material in question is blocked or promptly removed. (There is also a procedure to contest allegations that are unfounded.) It may be possible to make this combined burden and shield applicable to registrars as part of their accreditation agreements. Under the UDRP, registrars are compelled to transfer or delete registrations in compliance with UDRP decisions. Under a UCDRP, a registrar would be compelled to require its registrants to comply with takedown orders or face the loss of the registration.
There is no assurance of a comprehensive answer to the questions raised here. The courts, especially those in the United States, are wrestling with different answers. The only certainty is that uncertainty over jurisdictions will persist as the domain name system changes.
By David Maher, Senior VP, .ORG, The Public Interest Registry
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DDoS Protection
Neustar DNS Services
Minds + Machines