Home / Blogs

Privacy Alert: Watch Out For FOISA

Susan Crawford

This morning, at 10 am in 2141 Rayburn, the Subcommittee on Courts, the Internet, and Intellectual Property is holding a hearing on "Internet Domain Name Fraud — New Criminal and Civil Enforcement Tools." At that hearing, the Subcommittee will be considering a new Whois bill [PDF] creating new penalties for people who provide false data when registering a domain name.

We need to raise our collective eyebrows at this bill (which was suddenly dropped the evening before this hearing). The title of the bill is the "Fraudulent Online Identity Sanctions Act." (FOISA)

First of all, it includes in the category of "willful" trademark infringements those of a "violator. . [who] knowingly provided material and misleading false contact information to a domain name registrar. . ." This is significant, because monetary damages for trademark infringement can be increased up to three times if the infringement is willful — and usually "willful" is a question left up to a judge. It's also significant that there doesn't appear to be a necessary connection between what the violator has done and the whois data issue.

Secondly, the bill amends the Copyright Act by adding to the "willful" language for damages in that Act the idea that an infringement shall be considered to be willful where "the court finds that the infringer. . . knowingly provided material and misleading false contact information to a domain name registrar." Again, this is significant because willful copyright infringement can mean increased statutory damages awards of as much as $150,000. And the bill ties this amendment to cases of "infringement occuring at or in connection with an online location" — clearly broad language intended to get at P2P file trading. Again, usually courts decide "willfulness" on a case-by-case basis.

This is like sentencing guidelines for intellectual property law.

And, in fact, it is.

The final section of the bill adds a sentencing mandate for "falsification relating to domain names in connection with offenses." Maximum penalty: increased by 7 years if, "in furtherance of that offense," the defendant provided material and misleading false contact information to a registrar.

This is outrageous, and here's why. As a matter of ICANN policy, domain name registrants in gTLDs under contract with ICANN (with certain limited exceptions) are required to provide, and registrars are required to publish online, data about themselves — including phone numbers and email addresses for technical contacts. The vast majority of registrants in gTLDs are small businesses and individuals. Small businesses and individuals worry about privacy and spam, and it is well-known that WHOIS information is regularly mined by spammers.

It is already unfair to force registrants to provide all this data, and as a result many registrants do lie. IP interests view the WHOIS database (an artifact of a gentler, academic age, and not mandated by any law) as their special red telephone information mother lode. So they want to ensure its accuracy by mandating hugely enhanced damages if someone fails to tell the truth. Law enforcement also has this interest.

There are ways to help both IP interests and law enforcement to data by providing special access to approved entities. But it won't be accurate. It costs far too much money for registrars to verify this data, and individuals will, predictably, continue to lie.

As Officer Short Shrift says in the Phantom Tollbooth, we're all guilty, guilty, guilty, and should be sent away for six million years.

By Susan Crawford, Professor, Cardozo Law School in New York City. More blog posts from Susan Crawford can also be read here.

Related topics: DNS, Domain Names, ICANN, P2P, Privacy, Spam, Telecom, Top-Level Domains, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: Privacy Alert: Watch Out For FOISA dnslife  –  Feb 05, 2004 8:27 AM PST

I'd like to see a battery of attorneys split hairs on the difference between false information and anonymous information regarding whois info.

www.heeger.us

Re: Privacy Alert: Watch Out For FOISA trashbug  –  Mar 24, 2005 3:23 PM PST

99% (an unscientific but probably pretty accurate estimate) of all sites using Spam for advertising also use false information for their web site registration.

Small business owners can always use an email address that is unique to their registration form.  We already have laws in place to protect against telephone Spam.

Seven years isn't enough!

To post comments, please login or create an account.

Related Blogs

Thirty-Three Million and Counting

NETmundial Initiative Lacks Backing, and ICANN Should Not Lead

The Real Facts About New gTLDs

Wait and See Approach on Abuse

Privacy, Risk and Revenue

Related News

Topics

Industry Updates – Sponsored Posts

Minds + Machines in 2014 and 2015

New .VOTE and .VOTO Domains Launched

Consumers Prefer the .ORGANIC Domain for True-Organic Goods

DNN Podcast Interview with Antony Van Couvering

TLD Registry and Right of the Dot Establish a Domain Name Industry "Dream Team"

TLD Registry Ltd Welcomes New Board Members

New .LGBT Top-Level Domain Launched

.sydney Domain Names Now Available in Pre-Release

"Chinese Domaining Masterclass" to be Presented at NamesCon Las Vegas in January 2015

Auction and Sales Channel Update

Radix Set to Launch .SITE TLD in 2015

Annual Manthan Award Event This Week

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

LogicBoxes Announces Automation Solutions for ccTLD

List of New gTLD Availability & Key Information Provided for Download

Radix Launches .Space for Individuals, Freelancers and Professionals

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Public Interest Registry Introduces 'OnGood' - New Brand Identity for .ngo & .ong

Victorian Government and City of Melbourne Launch .melbourne Web Addresses

Sponsored Topics

Afilias

DNSSEC

Sponsored by
Afilias
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi