Perkins Coie comments -- ICANN WHOIS policy

["Schneller, Matthew (Perkins Coie)" <MSchneller@xxxxxxxxxxxxxxx>]

Perkins Coie LLP is a law firm with offices across the United States, based in 
Seattle, Washington.  We write on behalf of our clients regarding the ICANN 
proposals to revise the WHOIS data system. 

> History and Purpose of the WHOIS System
>
> At present, ICANN requires accredited registrars to collect and provide free 
> public access to the name of the registered domain name and its name servers 
> and registrar, the date the domain was created and when its registration 
> expires, and the contact information for the registered domain name holder.  
> Each is vitally important to trademark owners.  Assume there is a domain name 
> (the "Domain Name") that is confusingly similar to a trademark (the "Mark") 
> owned by a US-based commercial venture (the "Mark Owner"), and that is used 
> to provide or advertise for services (the "Services") competitive with those 
> provided under the Mark. 
>
> The registration date allows the Mark Owner to determine whether it obtained 
> rights in the Mark prior to registration of the Domain Name.  If so, the Mark 
> Owner may be able to obtain transfer of the Domain Name via the Uniform 
> Domain Name Dispute Resolution Policy ("UDRP"); if not, the Mark Owner may 
> focus on its options under the Anticybersquatting Consumer Protection Act 
> ("ACPA"), 15 U.S.C. § 1125(d), which allows a Mark Owner to press a claim 
> based on either bad faith registration or bad faith use by the Domain Name 
> holder.  The contact information for the Domain Name holder is even more 
> crucial.  It allows the Mark Owner to research whether the Domain Name holder 
> may have rights or legitimate interests in the Domain Name.  It also allows 
> the Mark Owner to assess whether the Domain Name holder owns other domain 
> names that are confusingly similar to the Mark, and to find whether the 
> Domain Name holder is a serial cybersquatter by conducting a reverse WHOIS 
> searches or by researching prior UDRP and ACPA decisions.  The contact 
> information also allows the Mark Owner to contact the Domain Name holder, 
> inform the Domain Name holder of its rights, and potentially amicably resolve 
> any dispute over the Domain Name and its contents.
>
> The "Operational Point of Contact" Proposal is Insufficient to Protect the 
> Interests of Trademark Owners
>
> The proposal to require an "Operational Point of Contact" ("OPOC"), Motion # 
> 1 before ICANN, proposes a new system that would strictly limit access to 
> WHOIS information by substituting "proxy" data for actual contact information 
> by the registrant.  In essence, the proposal formalizes proxy or privacy 
> services as ICANN policy.  See Liz Gasster, Staff Implementation Notes, WHOIS 
> Working Group Report at 5 (Oct. 11, 2007).  Under present experience with 
> WHOIS "privacy" or "proxy" services, it is impossible to determine common 
> ownership of domain names, important for determining bad faith under UDRP 
> par. 4(b), and it may be difficult to determine where personal jurisdiction 
> exists for a legal action.  The problem would be equally significant under 
> the OPOC proposal.  Moreover, the reply rate to legitimate e-mail demands are 
> very low, and frequently result in e-mails that "bounce" from the address 
> listed in WHOIS records.  It is not possible to contact such registrants 
> directly via post or fax, or to receive any assurances that the actual 
> registrant has received any communication from the proxy/privacy service.  
> Most importantly, even if the OPOC contact information allows a trademark 
> owner to contact a domain name holder, it would not allow the trademark owner 
> to assess previous and ongoing domain name (mis)use by the domain name 
> holder.  Enacting this revision in a way that provides an enforceable means 
> to contact the domain name holder but does not also provide broad, unlimited 
> access to underlying data by trademark owners, will similarly adversely 
> affect trademark owner's ability to show bad faith registration and use by 
> serial cybersquatters.>
>
> Common sense and the Staff Implementation Notes identify a number of other 
> insuperable problems. 
>
> First, the OPOCs are entirely unaccountable to ICANN.  Staff Implementation 
> Notes at 5, 9.  The plan does not require that the OPOC providers have a 
> contract with ICANN, nor is it even clear that ICANN even has authority to 
> enter into contracts with non-registrars.  Because ICANN will not have 
> privity of contract with the OPOC providers, there is absolutely no way to 
> ensure that OPOC providers actually transmit correspondence to domain name 
> registrants.  As proposed, the only required contractual relationship will be 
> between domain name holders and OPOCs.  The "reveal" option, which (if 
> adopted) would require an OPOC to reveal registrant data within 72 hours if 
> the domain name holder is non-responsive to legitimate demands, will be a 
> dead letter without ICANN holding enforcement power.  The system would be 
> even more laughable if, as contemplated by the Staff Implementation Notes, 
> the registrant could be its own OPOC.  See Staff Implementation Notes at 7.
>
> Second, if the system is a pure pass-through, it will not serve its stated 
> purpose -- to relieve domain name owners from spam e-mail generated by 
> data-scapers who have pulled domain name registrants' contact information 
> from WHOIS databases.  If the system is not a pure pass-through, it could 
> impose significant costs by requiring the OPOC to scrutinize each incoming 
> e-mail for its "legitimacy," generating substantial amounts of work for the 
> OPOC and costs which would be transmitted to the domain name holder.  If 
> registrar are required to verify OPOC e-mail addresses, this system could 
> also impose substantial additional costs, which would undoubtedly be passed 
> through to consumers.  Despite its costs, the system would provide no means 
> for ensuring the continued viability of such e-mail addresses.  Staff 
> Implementation Notes at 8.  The inaptly-named Non-Commercial Users 
> Constituency notes that its real purpose in seeking this change is to prevent 
> "surveillance by intellectual property lawyers."  GNSO Whois Task Force, 
> Final Task Force Report on Whois Services, at 13.5(5) (Mar. 12, 2007).
>
> Third, the responsibilities of the OPOC are entirely unclear.  As the listed 
> owner of the Domain Name, a court could reasonably hold the OPOC liable for 
> any trademark infringement on the website in its name.  This would 
> undoubtedly be tested in court, with good-faith domain name owners forced to 
> shoulder larger OPOC fees to subsidize OPOCs' defense of cybersquatters. 
>
> Fourth, provisions regarding access to underlying data records are hopelessly 
> vague.  Motion 1 is unclear.  It is inconsistent about whether registrars 
> and/or would be guaranteed to have access to underlying data (a "thick" 
> registry), or if all underlying data is only accessible to the OPOC (a "thin" 
> registry).  Staff Implementation Notes at 10-11.  The proposal also provides 
> vague standards to sanction accessors of data for abuse of limitations on 
> access; in the hands of unscrupulous OPOCs, this option will undoubtedly be 
> used to punish trademark owners and their representatives without proper 
> process or appeal.  Similarly, proposal to provide access to underlying 
> records only for a fee, while providing a deterrent to improper data 
> scraping, would also provide an improper deterrent to entirely legitimate 
> inquiries by trademark owners.  Requiring encrypted databases, authenticating 
> access requests, or other proposals would similarly impose costs on 
> registrars, who would pass those costs along to registrants or trademark 
> owners making legitimate inquiries.
>
> Abolishing WHOIS Entirely is Even Worse
>
> Simply abolishing WHOIS requirement in total by 2008, as set forth in Motion 
> 3 before ICANN, would be highly detrimental to trademark owners generally and 
> our clients > in particular.  All the reasons discussed above apply with even 
> greater force.  It is not even clear how UDRP arbitration providers would 
> perform formalities checks, since there would be no way to verify the 
> identity of, or even to contact, the domain name holder.  Arbitration 
> providers could not institute proceedings, and if instituted would have no 
> way to permit the domain name holder to prepare or file a response, or to 
> verify that any response filed was filed by the appropriate party.  See WIPO 
> Supplemental Rules, Rule 5 (Dec. 1, 1999), available at 
> http://www.wipo.int/amc/en/domains/rules/supplemental/#5; National 
> Arbitration Forum, UDRP Supplemental Rules, Rule 1(d) (Jan. 1, 2006), 
> available at http://domains.adrforum.com/resource.aspx?id=651.  Carrying this 
> Motion would de facto eliminate the UDRP as a viable means for resolving 
> trademark disputes, and have the practical effect of shunting all U.S.-based 
> domain disputes to the in rem provisions of the ACPA.  15 U.S.C. § 
> 1125(d)(2)(A).  If so, trademark owners would likely seek revision of this 
> provision to provide for discovery of the identity of the domain name holder, 
> and for imposition of actual or statutory damages.
>
> We Recommend Further Study of WHOIS Data and Its Uses
>
> The current WHOIS system contains numerous flaws.  The domain name holder 
> information is frequently, and often willfully, inaccurate, with little 
> effective remedy available for rights holders.  The Whois Data Reminder 
> Policy, issued in 2003, has been simply inadequate to the task -- we have 
> never encountered a registrar that has cancelled the account of a paying 
> customer for failure to provide accurate WHOIS data.  As noted by the Staff 
> Implementation Report, the most recent study of WHOIS records dates from 2002 
> and was "not statistically valid."  Staff Implementation Notes at 15-16.  
> Even the Implementation Notes envision only a study of willing registrants 
> before they register domain names.  A broader study focused on actual 
> pre-existing domain names, which estimates the relative response rates of 
> both "normal" domain name holders and privacy/proxy domain name holders, 
> would be required to determine the extent to which existing WHOIS data is 
> accurate, complete, and actually permits permit legitimate parties to contact 
> the domain name holder.  Prior to instituting OPOC motion and 
> institutionalizing proxy/privacy services, ICANN should create and obtain a 
> quantitative analysis of the existing proxy/privacy systems, and their 
> effectiveness in serving domain name holders and other domain name 
> constituencies.
>
> Thank you for your consideration.
>
Perkins Coie LLP
1201 Third Avenue, Suite 4800
Seattle, WA 98101
ph:(206) 359-3208
fax: (206) 359-4208
www.perkinscoie.com



NOTICE: This communication may contain privileged or other confidential 
information. If you have received it in error, please advise the sender by 
reply email and immediately delete the message and any attachments without 
copying or disclosing the contents. Thank you.