City Of London Police Cannot Seize Domains Just Because Hollywood Says The Websites Are Infringers
from the due-process-matters dept
Last fall, we noted that the City of London Police, who had just set up a special “intellectual property crime unit” which appeared to be taking orders directly from Hollywood, had issued bizarre orders to registrars, based on no court order or ruling, that they hand over domain names to the police, point them to a splash page that advertised Hollywood-approved businesses, and block the transfer of those domains to anyone else. A bunch of registrars actually did this, despite the lack of a court order or ruling of any kind. Just because the City of London Police said so. The only registrar who apparently resisted was EasyDNS, who pointed out that there’s such a thing called due process. Furthermore, EasyDNS pointed out that the registrars who complied with the order almost certainly violated ICANN policies for registrars, which has a very specific set of conditions under which a registrar can freeze a whois record, none of which include “because some Hollywood-controlled police force says so.”
The owners of at least one of the frozen domains sought to then (smartly) move the domain to EasyDNS, who would actually protect them. EasyDNS went to Verisign with a “request for enforcement” against the registrar who froze the whois, the incredibly misnamed “Public Domain Registry.” For reasons that make no sense at all, Verisign responded with a “no decision.”
EasyDNS appealed that ruling, and finally after all of that, the National Arbitration Forum has pointed out exactly what EasyDNS said from the very beginning: Public Domain Registry cannot freeze the domain:
No court order has been issued which would prohibit the transfer of the domain names at issue from the Registrar of Record to the Gaining Registrar. Therefore, there is nothing in the Transfer Policy which authorizes the Registrar of Record to refuse to transfer the domain names.
The ruling notes that while one may think it makes sense to obey a request from the police, “the Transfer Policy is unambiguous in requiring a court order before a Registrar of Record may deny a request to transfer a domain name.” It further notes, correctly, the nature and importance of due process, as without it, abuse is too easy:
To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police. Presumably, the provision in the Transfer Policy requiring a court order is based on the reasonable assumption that the intervention of a court and judicial decree ensures that the restriction on the transfer of a domain name has some basis of “due process” associated with it.
Public Domain Registry tried to defend itself, by arguing that it could freeze the domains because “their involvement in fraudulent activity.” However, the arbitration ruling says both that this is wrong and a total misreading of ICANN’s transfer policy. It’s wrong in that no one has actually presented any evidence of fraudulent activity, and because the sites being used for fraudulent activity is not one of the reasons why a registrar can block a transfer.
The Registrar of Record argued that a basis for withholding the transfer of the domain names was their involvement in fraudulent activity. The Response stated that the three domain names “were involved in criminal distribution of copyrighted material directly or indirectly and are liable to prosecution under UK law which serves as evidence of fraud” under the Transfer Policy. First, the Registrar of Record’s assertion is not correct as the London Police Request does not state that it has evidence of fraud. The Registrar of Record apparently contacted the London Police, as the Registrar states that the London Police have “agreed to answer any and all questions that might arise with regards to these domain names.”
Second, the reference to “evidence of fraud” in the Transfer Policy does not refer to fraudulent conduct by the holder of the domain name, but evidence of fraud with respect to the transfer of that domain name
Kudos to Mark Jeftovic and EasyDNS for fighting for basic due process. If you’re looking for a DNS provider or registrar, they seem like a good one, who is willing to actually stand up for their users’ rights and basic concepts like due process. If you’re looking for a registrar to avoid, Public Domain Registry immediately goes to the top of the list, for not only failing to comprehend the official transfer policies it is bound to uphold, but for not even remotely caring about basic due process, and being willing to lock down domains despite absolutely no judicial review.