Home / Blogs

Addressing Infringement: Developments in Content Regulation in the US and the DNS

Annemarie Bridy

Over the course of the last decade, in response to significant pressure from the US government and other governments, service providers have assumed private obligations to regulate online content that have no basis in public law. For US tech companies, a robust regime of "voluntary agreements" to resolve content-related disputes has grown up on the margins of the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act (CDA). For the most part, this regime has been built for the benefit of intellectual property rightholders attempting to control online piracy and counterfeiting beyond the territorial limits of the United States and without recourse to judicial process.

The reach of privately ordered online content regulation is wide and deepening. It is wide in terms of the range of service providers that have already partnered with corporations and trade associations to block sites, terminate accounts, and remove content without court orders. That range now includes payment processors and digital advertising networks in addition to Internet access providers, search engines, and social media platforms. It is deepening with reference to the Internet's protocol stack, migrating downward from the application layer into the network's technical infrastructure, specifically, the Domain Name System (DNS). While enforcement of intellectual property rights is the purpose for which these agreements exist, the site-blocking procedures they institutionalize are readily adaptable for use in censoring all kinds of disfavored content.

Recent private agreements between DNS intermediaries and intellectual property rightholders cross the Rubicon. Such agreements, which are the subject of a draft book chapter I recently posted to SSRN, should be cause for special concern among open Internet advocates, because they transform technical network intermediaries into content regulators in an unprecedented way. They expand the remit of domain name registrars and registry operators beyond their raison d'être, which is the administration of the Internet's addressing system and the maintenance of its operational security and stability. As these private, under-the-radar agreements multiply, they are taking a tangible but hard-to-measure toll on the global environment for freedom of speech and access to information online.

By Annemarie Bridy, Allan G. Shepard Professor of Law
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Excellent paper! Charles Christopher  –  Oct 18, 2018 6:49 PM PST

Annemarie,

I just finished reading your paper. Excellent paper!

>>>“Trusted Notifier”
>>>"is likely attributable to a provision in the agreement banning the use of bots to identify putative infringements and generate notices"

The EU’s Article 13 also is “Trusted Notifier”, and intrinsically requires automation for its implementation. In effect a “Trusted Notifier” could pick Article 13, or the US contracts to argue their case in shutting down a website. Anybody can position themselves as a Priest in the Ministry of Vice and Virtue, and have a selection of countries from which to claim their dogma as well.

And that is another nefarious issue with where this is going. GDPR, Article 13, etc, give people the right to submit a complaint, and the complaint results in “guilty until proven innocent”. Its classic asymmetric warfare, which you pointed out and I just wanted to repeat.

>>>Germany [my note, not from your paper]

It is fascinating to watch GDPR cause every one to snap into harmony and recognize laws of other countries as having force in their own.

And yet if a UDRP says transfer a domain, German registrars use German law to tell the complainent to pound salt, the domain is not transferred. The hypocrisy is stunning, but it also points to a checkmate that is so often ignored (below).

>>>Page 8 "The registrant’s only contractual relationship is with the registrar.”

GDPR now makes it impossible for a registrant to prove control of their domain name. “Trusted Notifiers” leave open the possibility of creating a shell corp to gain that status, and then use it against ones competition to shut them down, or at least apply asymmetric warfare to drive up their legal cost to do significant damage. Or the “Trusted Notifiers”, for the right price, will push their “trusted” status to the edge for the right price and try to shut down your competition.

The case continues to build, at least for Brand holders, to obtain a registrar and place their domains into it.

In the case of a self registrar, when a “Trusted Notifier” has success, the Brand holder DOES have a contractual relationship with the Registry, and with ICANN, by being both the Registrant and Registrar. Cost of being a self registrar is under $10,000 a year. Its a very high cost for a small business, but not a large corporation which can spread the cost across all their domains. Setup that Registrar in Germany, or some other country which gives the Registrar added rights (dogma Judo to above), and Registries will be forced to think twice when handling complaints against names in that registrar. This then will bring out how hypocrisy has move up to the registries and “Trusted Notifiers”, however as you suggested most registrants will be powerless. There are some domain portfolio holders who do have the resources to move to such a position as well.

Note well, there are not many, but there are some, who are Registries, Registrars AND Registrants. That is control domains that are in Registrars they control, as well as owning the Registry’s that instantiate those domains. So there are some who could make formidably challenges to the “Trusted Notifiers” process if something happened to one of their domains. But controlling the Registry, they can just ignore the “Trusted Notifier”. Which is of course is also the case of nTLD brands, but being a self register is a lot cheaper and a lot less paperwork.

Charles

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias