Comment on Preliminary Report of Whois Task Force
To Whom It May Concern: I am intellectual property counsel for the American Red Cross charged with protecting the AMERICAN RED CROSS and RED CROSS trade names. I write to provide the following comments on the preliminary report of the Whois Task Force. In short, the American Red Cross has serious concerns about the proposal (in Annex A of the preliminary report) to eliminate much of the contact information that has always been available via Whois services and replace it with information on an "operational point of contact." We urge ICANN not to adopt this proposal which would impede the ability of the American Red Cross to rapidly shut down fraudulent web sites that injure the public and undercut our humanitarian mission. Additionally, we urge ICANN to work to phase out the proxy services that currently conceal the identity of domain name registrants, to provide a clear and predictable procedure for rapid access to any Whois data that is withheld from public access and to take steps to improve the accuracy of Whois data. The American Red Cross is a non-governmental, humanitarian organization, led by volunteers, that provides disaster relief to victims of disasters and helps people prevent, prepare for and respond to emergencies around the world. The American Red Cross accomplishes this goal by working within the International Red Cross and Red Crescent Movement - the world's largest humanitarian network with more than 180 national societies around the world. Since 1905, the American Red Cross name has been protected by statute in the United States, now codified as 18 U.S.C. §§ 706 and 917. In 1999, the United States Congress protected the American Red Cross from bad faith registration of domain names containing the RED CROSS name and the trafficking in or use of such domain names on the Internet by incorporating the American Red Cross statute (18 U.S.C. § 706) into the Anticybersquatting Consumer Protection Act, 15 U.S.C. § 1125(d)(1)(A)(ii)(III). The American Red Cross owns and maintains a number of websites, including websites containing the words RED CROSS. The American Red Cross' public website is www.redcross.org <http://www.redcross.org/> . In 2006, www.redcross.org <http://www.redcross.org/> saw 7.9 million unique visitors (about 650,000 new each month) and an average of 88,685 page views (about 1.7 million hits) per day to the site. Pursuant to its statutory authority, the American Red Cross has actively pursued websites, domain name registrations and e-mail campaigns that have used the RED CROSS name without authorization, including those directing donations to websites other than those authorized by the American Red Cross. Hundreds of unauthorized third parties have registered domain names containing the words RED CROSS. In particular, national disasters like September 11th and Hurricane Katrina or international disasters like the Southeast Asia tsunami resulted in significant spikes in the number of third parties registering domain names containing the words RED CROSS. By way of example, in the days after Hurricane Katrina made landfall on August 25, 2005, the following domain names were registered by third parties unaffiliated with and unauthorized by the American Red Cross: o www.katrinaredcross.com <http://www.katrinaredcross.com/> o www.donateredcross.com <http://www.donateredcross.com/> o www.red-cross-help.com <http://www.red-cross-help.com/> o www.americaredcross.org <http://www.americaredcross.org/> This is a very limited sample of unauthorized domain names registered in the days after Hurricane Katrina. Many of the unauthorized websites at domain names containing the words RED CROSS fraudulently solicit donations. As another example of the egregious nature of some of these unauthorized activities, a third party registered www.american-redcross.org <http://www.american-redcross.org/> in the days after the Southeast Asia tsunami and then proceeded to cut and paste the donation page from www.redcross.org <http://www.redcross.org/> to the new, unauthorized web site at www.american-redcross.org <http://www.american-redcross.org/> . The two donation pages (one legitimately belonged to the American Red Cross, the other was fraudulent) were nearly identical. The American Red Cross uses Whois data to shut down the web sites conducting these unauthorized and fraudulent activities. The owners, once discovered by the American Red Cross, will often shut down their web sites within minutes of receiving an email from the American Red Cross. At the height of disaster response, the American Red Cross often discovers these unauthorized web sites within days of the RED CROSS domain name being registered, and it is not uncommon that the American Red Cross can get the web site shut down within hours, thus mitigating the number of victims who unknowingly give money or personal financial information (credit card numbers, bank account and PIN numbers, etc.) to web sites that are not affiliated with the American Red Cross. For the owners that do not willingly (or immediately) shut down their web sites, the American Red Cross often notifies the registrant's hosting company (found through the Technical Contact details of Whois records) and/or the domain name registrar to alert them to the unauthorized and/or fraudulent activity being conducted by the domain name registrant. Lastly, the American Red Cross uses Whois data to further investigate these unauthorized and fraudulent activities and ultimately assist federal, state and local law enforcement. Pretending to be a member or agent of the American Red Cross for purposes of soliciting money or materials is a federal crime, and the American Red Cross' ability to assist federal law enforcement in pursing these registrants is critical. All of these uses of Whois data fall outside the scope of the oPoC proposal in the Preliminary Task Force Report on Whois Services. Requiring that the American Red Cross contact the operational point of contact is at best a needless delay and at worst ineffective. Without publicly available and accurate Whois data, the American Red Cross is incapable of shutting down unauthorized and fraudulent RED CROSS websites quickly enough to minimize the impact on American Red Cross donors, the victims of the disasters and the public at large - all of whom are impacted when members of the public, intending to support the victims of a disaster by contributing to the American Red Cross' disaster relief fund, instead unknowingly give their money and financial information to someone perpetrating a fraud. If ICANN adopts the oPoC proposal, the American Red Cross will no longer have the information it needs to quickly shut down unauthorized and fraudulent RED CROSS web sites. The number of victims unknowingly using these unauthorized RED CROSS web sites to donate after a disaster will likely increase, and the money will not reach its intended target - the victims of the disaster. In the long run, reduced public confidence in the integrity of online donation sites could reduce the ability of the American Red Cross, and similar organizations, to use the Internet to raise funds quickly and efficiently to help disaster victims and respond to emergencies. Continuing to have access to Whois data is imperative in the continuing struggle to shut down unauthorized RED CROSS websites - even in times when there is no ongoing national or international scale disaster response underway. Additionally, it would be particularly helpful to the American Red Cross if ICANN requires registrars to phase out proxy services that currently conceal registrants' identities. The number of unauthorized RED CROSS domain names used for nefarious purposes and hidden behind a proxy service is increasing at an alarming rate. The American Red Cross has had very little success in shutting down such sites by contacting the registrant's proxy service. I urge ICANN not to adopt the oPoC proposal and instead establish a clear and predictable procedure for rapid access to any Whois data that is withheld from public access. ICANN must require registries and registrars to actively ensure that the contact data submitted by registrants is accurate and current and easily and quickly accessible to the public. I urge ICANN not to adopt the oPoC proposal. Respectfully submitted, Julie A. Ortmeier Senior Counsel American Red Cross 2025 E St., N.W. Washington, D.C. 20006 Phone (202) 303-5356 Fax (202) 303-0146 OrtmeierJ@xxxxxxxxxxxxxxxx This e-mail message contains information from the Office of the General Counsel at the American Red Cross and may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this e-mail message is prohibited. If you have received this e-mail message in error, please notify me by telephone (202) 303-5356 or by reply e-mail (OrtmeierJ@xxxxxxxxxxxxxxxx) immediately and delete this e-mail message from your computer. Thank you.