Terry and Jonathan: Domain Names [3:58 pm]
<<About ready to start round 4>>
Terry: The domain name system, starting with Jonathan
Jonathan: Internet governnance: domain name law and policy
The difficulty of discussing cyberlaw — not a real thing; “The Law of the Horse” (get ref later) - but a struggle to establish what it means.
Internet governance is a particularly complex thing. Domain names, we all know what they are, but we don’t all know why we should care
So, Internet Corporation for Assigned Names and Numbers — ICANN. What is it?
What does CDT have to say about “Domain Names?” (see cdt.org) Or, lets look at the ACM’s WWW site on its Internet Governance Project. It looks like a block whole of a topic. Also the world summit on the information society (WSIS). Read the plan of action — hmm what is there to do? Doesn’t really set you up to do much but form committees
So, is there a “there” there?
Well, one place where the architecture is expected to effect things is domain names. A mess: some instruments to repair the mess.
1) Legal interventions
2) Political interventions
Who runs the internet?
Origin of the mess: Jon Postel, Cerf, Croker — builders of the ArpaNet.
How to set up a network for each computer knows how to find the computer it wants to talk to? Dave Clark points out the power of the committee structure used to keep people on the outside of things - keep moving things around to keep people on the outside. This committee tried to work through this problem of finding and “naming” computers for communication.
So, these committees grew to become the Internet Engineering Task Force - IETF - the name of their activity. You can participate, but you can’t join. (ietf.org) - ” we reject kings, princes and voting — working code and rough consensus is the goal”
The hum as a voting mechanism; the norms of the organization as they work toward setting up the “rules of the road” - protocols and standards. Titled and numbered - the requests for comments — RFCs. Reworked interatively until it stabilizes - and a protocol/standard is set
“… the beginning of a dialog and not an assertion of control” — RFC 2555
So, this process is applied to finding computers on the net. The first approach was a unique number to each computer. (Side story on running out of numbers, IPV6, etc.)
Decided that the numbers should be roughly associated with locations; so names were added to the computer ID system; an indirection instrument as well.
So, we got The List; kept at MIT; got too popular and too hard to update. It would not scale easily.
So a change. In 1984, a heirarchical naming system was set up, with .root at the home list. From there you ask for .edu list holder, from there who has the harvard.edu list, etc…..
Who gets to run .root — Jon Postel; also some of the top level domains (TLD). Jon ran this until he got bored with it; it was too mechanical/administrative.
Went to the NSF — find someone else to run these lists. NSF found Network Solutions (.com, .net, .org).
Postel, when asked, started offering up more TLDs, starting with .uk, and then found an ISO list 3166-1 and he used that list to set the TLDs - Jon lets someone else handle the problem (had to grandfather uk, because their initial is GB on the ISO list)
Problems start to arise:
1) Network Solutions started making (*gasp*) money. NSI said, let’s just rent names and the NSF can stop paying contracts. And suddenly people have to start paying for their domain names.
2) Also, time to expand the namespace — who gets to do this, and how?
3) And finally corporations start to discover “cybersquatting”
Legal Intervention — Mop number one
How was NSI doing name allocation? First come, first serve.
Seems easy, but has some problems (why should you get “mobil.com”)
First kind of dispute: Josh Quittner registers “mcdonalds.com” — the origin of cybersuqatting
Other kinds of disputes here:
Typosquatting e.g., Misrocost.com
Competitors: Kaplan.com registered by Princeton Review
Noncompetitors: The guy, Howard Johnson, registers howardjohnson.com - the hotel chain complains
Retailers: webergrills.com registered by the BBQ Pit, a retailer of Weber Grills
Commonercial v. Non commercial user: reverse domain name hijacking — a child’s nickname, Pokey.org, is registered by his parents - the toy company goes after him
Fan sites: brucespringsteen.com, not owned by the Boss, who owns brucespringsteen.net - he wants the .com version
Gateway: southafrica.com, owned by a travel agency
Parody and commentary: verizonsux.com becomes verizoneatspoop.com, etc….;
People Eating Tasty Animals gets peta.com
The companies disadvantages by this sort of thins went for legal recourse
Identical marks on competitive products - non nabisco cookie labeled oreos
Similar mark on competitive product - “Boreos”
- - How close do they look (Squirt/Quirst)
- - How close to they sound (Huggies/Dougies)
- - How similar is their meaning (Apple/Pineapple)
Similar mark on noncompetitive product - Boreo Bottled Water - lots of factors to ascertain that there is a likelihood of consumer confusion (who’s making, who’s endorsing, Post-sale confusion making others think it’s a special product, initial interest - something to trick you into making the effort to go get something that isn’t there, but since you are there anyway, you go for the second best)
Dilution doctrine — no confusion, but erosion of the power of the plaintiff’s mark (Greatest Show on Earth/Greatest Snow on Earth — “Don’t leave home without it” on a condom wrapper)
Application to domain name dispute not so good — why? No use in commerce; No real consumer confusion; Dilution requires that the plaintiff’s mark is famous; Judicial proceedings are slow and expensive
Back to “Z”:
Formation of ICANN — the nerds give up and turn it all over to the lawyers
The Internet dog wags the Law tail — tough cookies; so how to reverse the order so the Internet has to follow the law instead
Postel’s problems, again — expand the namespace and resolve the disputes
1) Add some new names and let NSI solve it (rejected)
2) Do an RFC and let the IETF help solve it (rejected again)
3) Convened a committee - the International Ad Hoc Committee (IAHC) - tried this
The IAHC (iahc.org) see the member list
Wrote the gTLD_MOU -= generic top level domain memorandum of understanding - died, because the IP interests were not satisfied with the outcome
Led to a “constitutional crisis” — no authority, no organization. Moreover, Jon had turned over the primary .root to NSI
NSI started throwing their weight around, and Jon wasn’t allowed to add names. There were mirrored roots; and Jon organized a test of the network to use the non A .root - NSI called the FBI and said that the internet was being hacked. Meltdown
Commerce Department and Ira Magaziner got into the picture - issued a statement of policy - DNS Statement of Policy
The international forum on the white paper met to discuss, surprise, the white paper. A constitutional convention on the internet name space. Jon/IANA didn’t like this — saw this as a way for NSI to get cover for doing what they’re doing anyway.
Instead, Jon Postel and NSI worked out their differences and ICANN was formed; voting, participation, consensus; and a method for resolving domain name disputes
Terry: Lets then look at the mechanism for domain name dispute resolution
2 components, designed to respond to the problems of the earlier situation (1) UDRP and (2) Anticybersquatting consumer protection act.
So UDRP: forbids abusive registrations and use of domain names
1) identical or misleadingly similar to a trademark owned by some else
2) No legitimate interest
3) Used in bad faith
Grabbed it to sell to the natural owner
Grabbed it to keep others out
To dirupt the competitors business
Divert traffic to grab business
Used (or prepared to use it) to offer real goods and services
Defendant commonly known by the name
Defendent used for a noncommercial or fair use with intent to misleadingly divert or tarnish
What does this cover? Any name issued by ICANN - about 30 million domain names. Note, since ICANN is not a sovereign, what is the source of its power?
In practice: the complainant picks a forum (WIPO these days, the most plaintiff-friendly) - 20 days to respond; no additional submissions; arbitrators must issue a decision in 14 more day. Mostly, respondents default
Remedies limited: Cancellation of registration or transfer of registration
As of this month: 9377 proceedings; more than under trademake, but a small fraction of total. Rate of filings declining, mostly because there was a boom in 2000 in registrations.
WIPO gets about 70% of the cases; and they tend to favor plaintiffs.
Anticybersquatting Consumer Protection Act — In the US
Resembles the UDRP; civil action for trademark holders — bad faith and
Several factors to work through
Remedies are more elaborate — injunctive relief; damages; statutory ramages; in rem jurisdiction (can bring suit against the domain name itself)
Examples of ACPA actions:
PETA sued people eating tasty animals; court compelled parodist to turn name over to peta
barbiesplaypen.com went from a porn site to Mattel
Emerging doctrine — some straightforward cases go through ICANN mechanisms; the complex ones through trademark mechanisms instead. Sadly, what actually happens is that the complex issues are also brought before the ICANN UDRP process — plaintiffs get to pick forum; no appeal; no review
Complex, unpredictable; TM power; impediments to free speech
Z: Why do we care/should we care/does this really matter?
Increasingly, this looks just archaic and beyond the point.
1) Well, without a domain name, you can’t be heard on the Internet
2) It matters who is the other person in the contract
3) Historical accident - the internet boom made us care a lot about this; who gets to run it; etc.
Maybe Google is the answer to the problem; and no one is saying that Google should be “run in the public interest”
How upset would you be if Google de-lists you?
What if Microsoft is going to add functions that gut your firm’s business?
What if all documents will now have your name permanently attached to your documents,
What if your ISP won’t let you server pages?
What if ICANN takes away your domain name?
At what point do you feel that there should be an agency who acts to resolve conflicts and acts to arbitrate displutes?
Q: I worked for TuCows on ICANN-related issues. I agree that ICANN/WSIS is something that people are latching onto, but they’re still not quite sure what it’s supposed to be doing. Once people see that this is just a fad, then they’ll move on to other things.
Q: DWiner - Does Google repond to DMCA requests?
A: See ChillingEffects.org - search on Google - see that they get them all the time
Note that Google indicates that entries in a search were subject to DMCA removal, and then Google points you to the complaint so you can see what the complainant didn’t want you to see
Q: Seems unfair to tie WSIS to the ICANN mess. WSIS did some good things, and the process was important
A: Z: As a way to improve awareness and to articulate needs, WSIS is probably just fine. A place for airing the problems, but it’s still not a great place to set up internet governance.
Terry: I have a reaction to your last slide - let’s survey a variety of things and which one might be troubling. Compared to many of these is that the loss of a domain name is not so terrible.
In the 19th century, there was a set of legal thoughts called the crystallization of the public-party (something). A demarkation of what was the private domain, and what was the domain of governments. Then the constitution got applied to the things that were the public things, and not to the private things. This division has held over a century, with small examples (a company builds a town, for example)
But, this story points to an idea that, perhaps, the things that we assert that the constitutional freedoms that we apply to public agencies, are now something that private agencies like ICANN have to hew to as well.
Z: I like this — it frames things that I’ve been trying to explain about why internet governance is something that does matter — and in a way that perhaps suggests that there’s a need to reframe our assumptions about the role of certain private agencies to work to defend those things that we currently only require governments to maintain.
A great summation