Comments of Various Companies and Organizations on the Preliminary Task Force Report on Whois Services
These comments on the Preliminary Task Force Report on Whois Services are respectfully submitted by the following: American Standard Inc. Bank of America Corporation Belo Corp. Expedia, Inc. First California Mortgage Company International Federation of Film Producers Associations International Video Federation Marina District Development Company, LLC d/b/a Borgata Hotel Casino & Spa The MCPS-PRS Alliance Limited M Financial Holdings Incorporated National Geographic Society The Procter & Gamble Company * * * January 15, 2007 Comments on the Preliminary Task Force Report on Whois Services On behalf of the companies and organizations listed below, we write to provide our comments on key aspects of the Operational Point of Contact ("OPoC") and Special Circumstances Proposals contained in the Preliminary Task Force Report on Whois Services, and on the proposals for access to Whois data that are summarized on pages 24-27 of the Preliminary Task Force Report on Whois Services. As discussed further below, we have significant concerns about and objections to the OPoC proposal. We believe the Special Circumstances proposal strikes a better balance between addressing registered name holder ("RNH") privacy concerns while preserving the critical ability to access RNH contact data in a timely manner. We also have concerns about and objections to many of the informal proposals for access to data no longer disclosed in Whois that are contained in pages 24-27 of the Preliminary Task Force Report. OPoC Proposal The OPoC proposal would eliminate from published Whois data the RNH's postal address, city, and postal code, and would eliminate all information - most notably the telephone number, fax number, and email address - for the administrative and technical contacts (collectively, the "RNH contact data"). Only the RNH's name, state/province, and country will remain publicly accessible. In most instances, it will be exceedingly difficult if not impossible to locate an individual RNH based solely on that accessible information. Detailed contact information will be accessible only for the person or entity designated by the RNH as its OPoC. Under the current proposal, the OPoC has no obligation to forward to the RNH any communications of any kind other than those directly related to resolving operational issues. Further, the OPoC proposal contains no "minimum qualification" requirements or standards for the OPoC. Similarly absent is a requirement that the OPoC provide advance consent to being so designated. Consequently, an individual RNH could designate his neighbor or former employer as the OPoC and the designee would not learn of its designation until a problem arose. The OPoC proposal will cause significant delays in accessing critical RNH contact data and may well effectively eliminate that access. Such delays and elimination could cause harm to consumers, including the very consumers that the OPoC proposal is ostensibly intended to protect. The OPoC proposal raises serious questions as to where (and how) a person with a legitimate interest in accessing the RNH's contact data could pursue that access and whether a U.S. court would ever grant it. In addition, the OPoC proposal calls into question the ability of owners of U.S. trademarks and service marks to pursue in rem causes of action under the U.S. AntiCybersquatting Consumer Protection Act. 15 U.S.C. § 1125(d) et seq.. In both circumstances, the RNH itself - the very person the OPoC proposal is ostensibly designed to protect - could be deprived of notice and the opportunity to be heard. We elaborate on each point below. On its face, the OPoC proposal will cause significant delays in accessing critical RNH contact data - postal and email addresses, and telephone numbers - and may well effectively eliminate that access. Immediate access to such RNH contact data is critical for companies such as ours because it is essential to our ability to act promptly against cybersquatters, to stop quickly the online sale of counterfeit products, and/or to counteract immediately phishing schemes or other online fraud schemes. (We note that the OPoC proposal is also devoid of any provision for providing law enforcement authorities with access to this RNH contact data.) The longer a phishing scheme operates in association with a particular domain name, the greater the number of consumers who will be harmed financially and the greater the severity of that harm. Similarly, the longer counterfeit products can be sold and offered for sale through a website associated with a particular domain name, the greater the number of consumers who will be harmed. This is especially true for any counterfeit products capable of causing physical harm. Finally, the longer a cybersquatter can use an infringing domain name, the greater the number of consumers who are likely to be harmed by consumer confusion. Delays of even one day can, and do, entail significant consequences. It has been suggested that the OPoC proposal, once implemented, would coexist with private registration services. The overlay of private registration on top of OPoC would further exacerbate the delays and inaccessibility noted above. The OPoC proposal also raises serious questions as to where (and how) a person with a legitimate interest in accessing the RNH's excluded contact data could pursue that access, whether any U.S. court would grant such access, and how the RNH would receive notification of the proceeding. We assume for purposes of illustration that the underlying claim (e.g., infringement, cybersquatting, counterfeiting, phishing) would be within the subject matter jurisdiction of a U.S. federal court and that both the registrar and RNH are domiciled in the United States. At a minimum, the OPoC proposal raises the following questions: In which federal district court would a party pursue access? The U.S. District Court for the Central District of California, where ICANN is located? The federal district in which the registrar is located? The federal district in which the ISP hosting the associated website (assuming there is one) is located? The federal district where the RNH is located? For those 24 states that contain more than one federal district, would the most populous district be considered the "default" district? Independent of the forum issue, how does one provide the RNH with service of process for the purpose of providing notice? The name, state/province, and country information in the Whois record does not provide sufficient detail to permit service and the OPoC has no obligation to forward such communications or to accept service. Will it be necessary for the party seeking access to the RNH contact data to have the court issue a subpoena to ICANN? To the registry? To the registrar? Even if a court were to allow the matter to proceed without service, it seems unlikely that, for example, the U.S. District Court for the Southern District of New York would entertain an action where the only basis for personal jurisdiction over the registered name holder-defendant were (i) the fact that Whois identified the RNH's state as New York; and (ii) the fact that the district is the most populous one in the state. With regard to specific actions, the OPoC proposal could prevent the owners of U.S. trademarks or service marks from using the principal method for obtaining in rem jurisdiction under the U.S. AntiCybersquatting Consumer Protection Act ("ACPA"), 15 U.S.C. § 1125(d) et seq, and could, in light of the issues noted above, potentially preclude all claims under ACPA. ACPA provides for two causes of action - in rem against the domain name itself and in personam against the domain name registrant/registered name holder. In light of the difficulties noted above, most owners of U.S. marks may have no alternative but to seek to proceed in rem instead of in personam. Under ACPA, a mark owner usually obtains in rem jurisdiction by showing that it was not able to find a person who would have been a defendant even though the owner exercised due diligence by "sending a notice of the alleged violation and intent to proceed under this paragraph to the registrant of the domain name at the post and e-mail address provided by the registrant to the registrar; and publishing notice of the action as the court may direct promptly after filing the action." 15 U.S.C. § 1125(d)(2)(A)(ii)(II). The trademark owner obviously cannot send any such notice of alleged violation to the RNH's post and e-mail addresses if the owner does not have access to those addresses. The OPoC proposal excludes those addresses from the published Whois data. The other method for obtaining in rem jurisdiction under ACPA is to persuade the court to find that the owner "is not able to obtain in personam jurisdiction over a person who would have been a defendant in a civil action under [§ 1125(d)(1)]." Courts could potentially make such a finding based solely on the trademark owner's recitation of the inability to access RNH contact data sufficient to establish personal jurisdiction anywhere. The mark owner would then proceed in rem, which might effectively deprive the RNH of notice and the opportunity to be heard. Alternatively, courts might find that the trademark owner had not met its burden of showing an inability to obtain in personam jurisdiction and, as a result, refuse to allow the owner to proceed in rem. Under such circumstances, the trademark owner could not proceed under ACPA either in personam or in rem. Finally, we also have some concern about the portion of the OPoC proposal relating to complaints about inaccurate Whois data. The proposed "remedy" for an RNH's failure to update or correct the alleged inaccurate Whois data is to place the domain name on "hold." Regardless of whether placing a domain name on "hold" means either that the name will continue to resolve but no changes can be made to the registration or that the name will not resolve and no changes can be made to the registration, this "remedy" is insufficient. Because complaints about Whois data accuracy are most likely to arise when the domain name is being used in a way objectionable to the complaining party, allowing the domain name to continue to resolve perpetuates the objectionable use. Similarly, permitting the RNH to maintain the registration despite its willful failure to correct or update its Whois data also perpetuates the objectionable conduct. For these reasons, we encourage rejection of the current OPoC proposal. Special Circumstances Proposal We believe that the Special Circumstances proposal strikes a better balance between privacy concerns while preserving the critical ability to access RNH contact data in a timely manner. Its eligibility requirements are sufficiently tailored to protect from disclosure the contact information for those individuals whose personal safety or security would be jeopardized while limiting through the proposed non-commercial use requirement and numerical ceilings the number of domain names for which RNH contact data would be shielded. Requiring periodic monitoring of the domain name's use will also minimize the abuse of the disclosure shield. Further, the inclusion of a challenge mechanism that would be available to the potential applicant, law enforcement, and others with a legitimate objection to the designation also ensures both that eligible individuals are not rejected and that the Special Circumstances designation is not used for illegitimate purposes. Other Proposals for Access to Data Removed from or Shielded from Whois We comment below on each of the proposals for access to data no longer disclosed in Whois that are contained in pages 24-27 of the Preliminary Task Force Report. 1. Obtain Contact Data From Registrar. A proposal that parties seek to obtain RNH contact data from the registrar and that the registrar disclose the RNH contact data to a requesting party is not only unworkable but will undoubtedly impose significant business costs on both the requesting party and the registrar. First, it is highly doubtful that any registrar could provide the RNH contact data in the short timeframe that we believe is essential. Immediate turnaround seems unlikely. Second, the disclosure of the RNH contact data should not be within the discretion of the registrar. Third, the proposal could result in extensive litigation that would unduly tax the resources of the registrar, the requesting party, and the courts. It is in no one's interest to adopt a proposal that could potentially result in an incessant stream of court actions in which the registrar was either named as a defendant and subject to discovery or named as a third party and subject to subpoena. 2. UDRP Mechanism. The substance of the proposal is not clear from the report. Accordingly, we reserve comment at this time. 3. Process for Disclosing Access to Whois Data. We have concerns about the ability to use the proposed process in the short timeframe we believe is essential. Immediate determinations of whether access will be granted and disclosure of the withheld data, which are critical in instances of online fraud, online counterfeiting and cybersquatting, seems unlikely. We reserve comment on any future elaboration of the requesting process, standards for disclosure, and identification and qualification of the third party selected to make the determinations. 4. Contractual Limitations on Use of Data. Because there is no real detail as to the contractual specifications and technical mechanism contemplated by such a proposal, we reserve comment. 5. Domain Name Lapse In Lieu of Disclosure. We object to this proposal because preventing the domain name from resolving in the future does not "cure" the past harm caused by a "phisher", a company selling counterfeit products online, a cybersquatter or perpetrator of other online fraud. Access to the RNH contact data remains essential. * * * Thank you for your consideration of these comments. Respectfully submitted, American Standard Inc. Bank of America Corporation Belo Corp. Expedia, Inc. First California Mortgage Company International Federation of Film Producers Associations International Video Federation Marina District Development Company, LLC d/b/a Borgata Hotel Casino & Spa The MCPS-PRS Alliance Limited M Financial Holdings Incorporated National Geographic Society The Procter & Gamble Company <<Final Whois comments for submission.pdf>> This message is from a law firm and may contain information that is confidential or legally privileged. If you are not the intended recipient, please immediately advise the sender by reply e-mail that this message has been inadvertently transmitted to you and delete this e-mail from your system. Thank you for your cooperation.
Final Whois comments for submission.pdf