Court Rules That Using Domain Registration Privacy Services Represents 'Material Falsification'

from the that-doesn't-seem-right dept

Lots of people use private registration services for domain names, that lets them register a domain name while keeping their own identities private. There are plenty of legitimate reasons to do so: they don’t want spam or they want to keep the identity of the site owners anonymous. However, in a recent spam lawsuit, the Ninth Circuit court of appeals has said that using such a service is “material falsification” of information:

[P]rivate registration is a service that allows registration of a domain name in a manner that conceals the actual registrant’s identity from the public absent a subpoena. We fail to perceive any vagueness on this point. Based on the plain meaning of the relevant terms discussed above, private registration for the purpose of concealing the actual registrant’s identity would constitute “material falsification.” Defendants assert that many innocent people who privately register without the requisite intent may be subject to investigation for violation of § 1037 until their intent can be determined, allowing for abuse by enforcement authorities. This may be so, but it does not make the statute unconstitutionally vague.

While CAN SPAM requires a combination of both material falsification and intent to send spam, it does open up some questions about potential legal problems for anyone who uses such a private registration service in a variety of lawsuits (if those lawsuits are in the Ninth Circuit, of course). The court does seem to admit that this could cause problems, but the job of the court isn’t to stop those problems, just to interpret the law.

Separately, in the same lawsuit, the court ruled that the appropriate “community” for judging obscenity standards in email is the “national community” rather than the local community. I have enough problems with the whole “community standards” method of judging “obscenity” in the first place (well, I have trouble with “obscenity” laws entirely), but if you have to have them, it does seem that a national standard makes more sense than a local standard when it comes to email that could go to anyone in any community. As Thomas O’Toole notes in his writeup, the ruling is a bit of a mess, and should keep First Amendment lawyers busy (though, the same is true of any obscenity laws…).

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Court Rules That Using Domain Registration Privacy Services Represents 'Material Falsification'”

Subscribe: RSS Leave a comment
Willton says:

It's a two prong test for a reason

The fact that the CAN SPAM law’s test is a two-prong test would appear to account for private registration. Yes, common sense tells us that private registration, as you have defined it, is a material falsification of one’s identity. But meeting one prong of the test does not trigger liability. If a private registrant has no intention of issuing spam, what’s the problem?

Anonymous Coward says:

Re: It's a two prong test for a reason

This ruling frankly scares me… because determining intent to spam simply by the fact that nothing was done to prevent or stop it after a server is compromised (i.e. you did not even know it was happening yet) seems plausible. If you’ve got a compromised server you did not fix yet (afterall doing nothing to prevent inaccuracies in your taxes when you know they exist is definitely going to be considered intent when you get audited), and you also used private registration that puts you in a very bad place.

Willton says:

Re: Re: It's a two prong test for a reason

This ruling frankly scares me… because determining intent to spam simply by the fact that nothing was done to prevent or stop it after a server is compromised (i.e. you did not even know it was happening yet) seems plausible.

Then you clearly do not know what the word “intent” means. Intent requires purpose, not recklessness. If someone does not know something is happening, then there’s no way he can intend on said something happening.

Paul Keating (profile) says:



The problem with the article is that it fails to clarify that the court was considering a constitutional challenge to the statute. The statute prohibits “material falsity” in headers, etc. Material falsity is defined in the statute as follows:

“header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation. “

The court properly found that AS DEFINED, the use of privacy in WHOIS met the definition that was stated in THIS statute. I know of no other statute that defines material falsity in such a broad context and in fact cases dealing with the ACPA have clearly stated that there is no material falsity in WHOIS if the WHOIS actually provides an effective means of contact. The ACPA does not use “impair”.

Rich Kulawiec says:

Beyond the legal ramifications...

1. It’s been a best practice in anti-spam engineering for quite some time to refuse all mail from domains so registered, and multiple blacklists exist to facilitate that. Yes, this is arguably bad for people holding such domains who aren’t spammers, but unfortunately, “privately-registered domain” is just about synonymous with “spammer/phisher/abuser domain”. This is, of course, completely the fault of the registrars who are eager to profit by offering such services but completely unwilling to do anything meaningful (and therefore expensive) about controlling the resulting abuse.

2. I’ve long held to the principle that while anonymous use of the Internet is valuable and should be protected, anonymous operation of the Internet is intolerable and should be rejected outright. And certainly, domain ownership — which implies control of the relevant DNS zone — is operation, as much as control of (let’s say) a router or a mail server or a network.

Note as well that there is absolutely no need of any kind for someone to take an operational role in order to merely use the Internet. It’s a choice, and frankly, for people who actually want to remain anonymous, they’re better off staying the heck away from operational roles, because those of course leave a trail that leads right back to them.

(In case that’s not clear: some of these registrars are selling supposedly-private registration data, because it’s quite profitable and nobody is likely to notice or complain. Some are leaking it due to poor security. Some — probably more than we know — are rolling over without a fight when the data’s requested by a government entity. So anyone incredibly stupid enough to think that this private registration is actually private is well, incredibly stupid.)

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...