Court Rules That Using Domain Registration Privacy Services Represents 'Material Falsification'
from the that-doesn't-seem-right dept
Lots of people use private registration services for domain names, that lets them register a domain name while keeping their own identities private. There are plenty of legitimate reasons to do so: they don’t want spam or they want to keep the identity of the site owners anonymous. However, in a recent spam lawsuit, the Ninth Circuit court of appeals has said that using such a service is “material falsification” of information:
[P]rivate registration is a service that allows registration of a domain name in a manner that conceals the actual registrant’s identity from the public absent a subpoena. We fail to perceive any vagueness on this point. Based on the plain meaning of the relevant terms discussed above, private registration for the purpose of concealing the actual registrant’s identity would constitute “material falsification.” Defendants assert that many innocent people who privately register without the requisite intent may be subject to investigation for violation of § 1037 until their intent can be determined, allowing for abuse by enforcement authorities. This may be so, but it does not make the statute unconstitutionally vague.
While CAN SPAM requires a combination of both material falsification and intent to send spam, it does open up some questions about potential legal problems for anyone who uses such a private registration service in a variety of lawsuits (if those lawsuits are in the Ninth Circuit, of course). The court does seem to admit that this could cause problems, but the job of the court isn’t to stop those problems, just to interpret the law.
Separately, in the same lawsuit, the court ruled that the appropriate “community” for judging obscenity standards in email is the “national community” rather than the local community. I have enough problems with the whole “community standards” method of judging “obscenity” in the first place (well, I have trouble with “obscenity” laws entirely), but if you have to have them, it does seem that a national standard makes more sense than a local standard when it comes to email that could go to anyone in any community. As Thomas O’Toole notes in his writeup, the ruling is a bit of a mess, and should keep First Amendment lawyers busy (though, the same is true of any obscenity laws…).
Filed Under: domain names, email, material falsification, private registration
Comments on “Court Rules That Using Domain Registration Privacy Services Represents 'Material Falsification'”
Night is day.
“Based on the plain meaning of the relevant terms discussed above, [privacy] would constitute “material falsification.”
I… hate… lawyers.
Re: Night is day.
lawyers, lobbyists, and politicians. also industry shills. And those in charge of them all, C_O’s?
It's the 9th Circuit, not the 9th District
It's a two prong test for a reason
The fact that the CAN SPAM law’s test is a two-prong test would appear to account for private registration. Yes, common sense tells us that private registration, as you have defined it, is a material falsification of one’s identity. But meeting one prong of the test does not trigger liability. If a private registrant has no intention of issuing spam, what’s the problem?
Re: It's a two prong test for a reason
This ruling frankly scares me… because determining intent to spam simply by the fact that nothing was done to prevent or stop it after a server is compromised (i.e. you did not even know it was happening yet) seems plausible. If you’ve got a compromised server you did not fix yet (afterall doing nothing to prevent inaccuracies in your taxes when you know they exist is definitely going to be considered intent when you get audited), and you also used private registration that puts you in a very bad place.
Re: Re: It's a two prong test for a reason
This ruling frankly scares me… because determining intent to spam simply by the fact that nothing was done to prevent or stop it after a server is compromised (i.e. you did not even know it was happening yet) seems plausible.
Then you clearly do not know what the word “intent” means. Intent requires purpose, not recklessness. If someone does not know something is happening, then there’s no way he can intend on said something happening.
It was just a matter of time...
The 9th Circuit is activist again!
We should use their stupidity against them. This would make it easier to expose whoever is behind astroturf or any other kind of deceptive lobbying website that pretends to speak for consumers/voters.
The problem with the article is that it fails to clarify that the court was considering a constitutional challenge to the statute. The statute prohibits “material falsity” in headers, etc. Material falsity is defined in the statute as follows:
“header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation. “
The court properly found that AS DEFINED, the use of privacy in WHOIS met the definition that was stated in THIS statute. I know of no other statute that defines material falsity in such a broad context and in fact cases dealing with the ACPA have clearly stated that there is no material falsity in WHOIS if the WHOIS actually provides an effective means of contact. The ACPA does not use “impair”.
Not a problem...
The court is saying that if a spammer cannot be identified, then having a phony domain name shows intent that they were trying to hide their identities.
I’m really not seeing a problem here. I don’t think they’re going to go after people who sent 12 bad spams with a compromised server.
Beyond the legal ramifications...
1. It’s been a best practice in anti-spam engineering for quite some time to refuse all mail from domains so registered, and multiple blacklists exist to facilitate that. Yes, this is arguably bad for people holding such domains who aren’t spammers, but unfortunately, “privately-registered domain” is just about synonymous with “spammer/phisher/abuser domain”. This is, of course, completely the fault of the registrars who are eager to profit by offering such services but completely unwilling to do anything meaningful (and therefore expensive) about controlling the resulting abuse.
2. I’ve long held to the principle that while anonymous use of the Internet is valuable and should be protected, anonymous operation of the Internet is intolerable and should be rejected outright. And certainly, domain ownership — which implies control of the relevant DNS zone — is operation, as much as control of (let’s say) a router or a mail server or a network.
Note as well that there is absolutely no need of any kind for someone to take an operational role in order to merely use the Internet. It’s a choice, and frankly, for people who actually want to remain anonymous, they’re better off staying the heck away from operational roles, because those of course leave a trail that leads right back to them.
(In case that’s not clear: some of these registrars are selling supposedly-private registration data, because it’s quite profitable and nobody is likely to notice or complain. Some are leaking it due to poor security. Some — probably more than we know — are rolling over without a fight when the data’s requested by a government entity. So anyone incredibly stupid enough to think that this private registration is actually private is well, incredibly stupid.)