Comment on Preliminary Report of Whois Task Force

[<OrtmeierJ@xxxxxxxxxxxxxxxx>]

To Whom It May Concern:

I am intellectual property counsel for the American Red Cross charged with 
protecting the AMERICAN RED CROSS and RED CROSS trade names.  I write to 
provide the following comments on the preliminary report of the Whois Task 
Force.  In short, the American Red Cross has serious concerns about the 
proposal (in Annex A of the preliminary report) to eliminate much of the 
contact information that has always been available via Whois services and 
replace it with information on an "operational point of contact."  We urge 
ICANN not to adopt this proposal which would impede the ability of the American 
Red Cross to rapidly shut down fraudulent web sites that injure the public and 
undercut our humanitarian mission.  Additionally, we urge ICANN to work to 
phase out the proxy services that currently conceal the identity of domain name 
registrants, to provide a clear and predictable procedure for rapid access to 
any Whois data that is withheld from public access and to take steps to improve 
the accuracy of Whois data. 

 

The American Red Cross is a non-governmental, humanitarian organization, led by 
volunteers, that provides disaster relief to victims of disasters and helps 
people prevent, prepare for and respond to emergencies around the world.  The 
American Red Cross accomplishes this goal by working within the International 
Red Cross and Red Crescent Movement - the world's largest humanitarian network 
with more than 180 national societies around the world.  Since 1905, the 
American Red Cross name has been protected by statute in the United States, now 
codified as 18 U.S.C. §§ 706 and 917.  In 1999, the United States Congress 
protected the American Red Cross from bad faith registration of domain names 
containing the RED CROSS name and the trafficking in or use of such domain 
names on the Internet by incorporating the American Red Cross statute (18 
U.S.C. § 706) into the Anticybersquatting Consumer Protection Act, 15 U.S.C. § 
1125(d)(1)(A)(ii)(III).  The American Red Cross owns and maintains a number of 
websites, including websites containing the words RED CROSS.  The American Red 
Cross' public website is www.redcross.org <http://www.redcross.org/> .  In 
2006, www.redcross.org <http://www.redcross.org/>  saw 7.9 million unique 
visitors (about 650,000 new each month) and an average of 88,685 page views 
(about 1.7 million hits) per day to the site.  

 

Pursuant to its statutory authority, the American Red Cross has actively 
pursued websites, domain name registrations and e-mail campaigns that have used 
the RED CROSS name without authorization, including those directing donations 
to websites other than those authorized by the American Red Cross.  Hundreds of 
unauthorized third parties have registered domain names containing the words 
RED CROSS.  In particular, national disasters like September 11th and Hurricane 
Katrina or international disasters like the Southeast Asia tsunami resulted in 
significant spikes in the number of third parties registering domain names 
containing the words RED CROSS.  By way of example, in the days after Hurricane 
Katrina made landfall on August 25, 2005, the following domain names were 
registered by third parties unaffiliated with and unauthorized by the American 
Red Cross:

 

o     www.katrinaredcross.com <http://www.katrinaredcross.com/> 

o     www.donateredcross.com <http://www.donateredcross.com/> 

o     www.red-cross-help.com <http://www.red-cross-help.com/> 

o     www.americaredcross.org <http://www.americaredcross.org/>                 

 

This is a very limited sample of unauthorized domain names registered in the 
days after Hurricane Katrina.  Many of the unauthorized websites at domain 
names containing the words RED CROSS fraudulently solicit donations.  As 
another example of the egregious nature of some of these unauthorized 
activities, a third party registered www.american-redcross.org 
<http://www.american-redcross.org/>  in the days after the Southeast Asia 
tsunami and then proceeded to cut and paste the donation page from 
www.redcross.org <http://www.redcross.org/>  to the new, unauthorized web site 
at www.american-redcross.org <http://www.american-redcross.org/> .  The two 
donation pages (one legitimately belonged to the American Red Cross, the other 
was fraudulent) were nearly identical.

 

The American Red Cross uses Whois data to shut down the web sites conducting 
these unauthorized and fraudulent activities.  The owners, once discovered by 
the American Red Cross, will often shut down their web sites within minutes of 
receiving an email from the American Red Cross.  At the height of disaster 
response, the American Red Cross often discovers these unauthorized web sites 
within days of the RED CROSS domain name being registered, and it is not 
uncommon that the American Red Cross can get the web site shut down within 
hours, thus mitigating the number of victims who unknowingly give money or 
personal financial information (credit card numbers, bank account and PIN 
numbers, etc.) to web sites that are not affiliated with the American Red Cross.

 

For the owners that do not willingly (or immediately) shut down their web 
sites, the American Red Cross often notifies the registrant's hosting company 
(found through the Technical Contact details of Whois records) and/or the 
domain name registrar to alert them to the unauthorized and/or fraudulent 
activity being conducted by the domain name registrant.  Lastly, the American 
Red Cross uses Whois data to further investigate these unauthorized and 
fraudulent activities and ultimately assist federal, state and local law 
enforcement.  Pretending to be a member or agent of the American Red Cross for 
purposes of soliciting money or materials is a federal crime, and the American 
Red Cross' ability to assist federal law enforcement in pursing these 
registrants is critical.  All of these uses of Whois data fall outside the 
scope of the oPoC proposal in the Preliminary Task Force Report on Whois 
Services.  Requiring that the American Red Cross contact the operational point 
of contact is at best a needless delay and at worst ineffective.  Without 
publicly available and accurate Whois data, the American Red Cross is incapable 
of shutting down unauthorized and fraudulent RED CROSS websites quickly enough 
to minimize the impact on American Red Cross donors, the victims of the 
disasters and the public at large - all of whom are impacted when members of 
the public, intending to support the victims of a disaster by contributing to 
the American Red Cross' disaster relief fund, instead unknowingly give their 
money and financial information to someone perpetrating a fraud.

 

If ICANN adopts the oPoC proposal, the American Red Cross will no longer have 
the information it needs to quickly shut down unauthorized and fraudulent RED 
CROSS web sites.  The number of victims unknowingly using these unauthorized 
RED CROSS web sites to donate after a disaster will likely increase, and the 
money will not reach its intended target - the victims of the disaster.   In 
the long run, reduced public confidence in the integrity of online donation 
sites could reduce the ability of the American Red Cross, and similar 
organizations, to use the Internet to raise funds quickly and efficiently to 
help disaster victims and respond to emergencies.   

 

Continuing to have access to Whois data is imperative in the continuing 
struggle to shut down unauthorized RED CROSS websites - even in times when 
there is no ongoing national or international scale disaster response underway. 
 Additionally, it would be particularly helpful to the American Red Cross if 
ICANN requires registrars to phase out proxy services that currently conceal 
registrants' identities.  The number of unauthorized RED CROSS domain names 
used for nefarious purposes and hidden behind a proxy service is increasing at 
an alarming rate.  The American Red Cross has had very little success in 
shutting down such sites by contacting the registrant's proxy service.

 

I urge ICANN not to adopt the oPoC proposal and instead establish a clear and 
predictable procedure for rapid access to any Whois data that is withheld from 
public access.  ICANN must require registries and registrars to actively ensure 
that the contact data submitted by registrants is accurate and current and 
easily and quickly accessible to the public.  I urge ICANN not to adopt the 
oPoC proposal.

 

Respectfully submitted,

 

Julie A. Ortmeier

Senior Counsel

American Red Cross

2025 E St., N.W.

Washington, D.C. 20006

Phone (202) 303-5356

Fax (202) 303-0146

OrtmeierJ@xxxxxxxxxxxxxxxx

 

This e-mail message contains information from the Office of the General Counsel 
at the American Red Cross and may be confidential or privileged.  The 
information is intended to be for the use of the individual or entity named 
above.  If you are not the intended recipient, be aware that any disclosure, 
copying, distribution or use of the contents of this e-mail message is 
prohibited.

 

If you have received this e-mail message in error, please notify me by 
telephone (202) 303-5356 or by reply e-mail (OrtmeierJ@xxxxxxxxxxxxxxxx) 
immediately and delete this e-mail message from your computer.  Thank you.