As the Internet continues to grow and become an integral part of our lives, so too does the potential for legal abuse by cybervillains. In fact, a new area of concern has arisen involving cybersquatting and other unauthorized use of intellectual property that could be of great significance to any person or business that owns, licenses or uses a brand name. That concern is anonymous domain name registration.
Domain name registration records are supposed to be publicly available via WHOIS, an online database that provides contact information for the registrant of a domain name to anyone, free of charge. This service is mandated by the Internet Corporation for Assigned Names and Numbers (ICANN) and theoretically consists of accurate contact information for all domain name registrants. An example of a WHOIS lookup can be found at Network Solutions Inc.
The 1993 Cooperative Agreement with the Department of Commerce gave Network Solutions the exclusive right to handle all of the domain name registrations for the Web. In April 1999, ICANN, a private-sector, not-for-profit corporation in Marina del Rey, Calif., established the new competitive Shared Registry System so that any company (in addition to Network Solutions) that met ICANN’s accreditation and operations criteria could become a domain name registrar by agreeing to the Registrar Accreditation Agreement (RAA). By the end of 2000, there were 159 ICANN-accredited registrars. In June 2005, there were 471 ICANN-accredited registrars, and as of June 19, 2006, there were 763 ICANN-accredited registrars.
The RAA mandates that all registrars must maintain a WHOIS database, free of charge, that is available to the public and that consists of accurate registered name and contact information for the owner of any domain name that the registrar has registered. The purpose of the WHOIS database is to have "A database of contact information sufficient to contact the registrant or their agent(s) to enable the prompt resolution of technical, legal and other matters relating to the registrant’s registration and use of its domain name."
Until recently, everyone had the ability to immediately learn the identity of an alleged intellectual property infringer/cybersquatter/online thief (collectively, known as cybervillains) by doing a free WHOIS lookup search to review the public record as per the ICANN rules. This assisted in going after cybersquatters and others who violated the rights of intellectual property owners online.
In fall 2002, however, Go Daddy Software Inc. began offering Internet users anonymous domain name registrations through its sister company, Domains By Proxy (DBP). When a customer uses DBP to purchase a domain name, DBP’s contact information shows up in the WHOIS records as the registered owner— yet the true owner has the ability to control and/or transfer the domain name. Shortly after DBP’s debut, numerous companies offering anonymous registrations began flourishing. These privacy companies are usually not ICANN-accredited registrars, but are affiliated with ICANN-affiliated registrars, many of which offer a privacy company’s protection along with a sale of a domain name registration, usually for an added price. Sometimes a private registration with an affiliate company is included as a way of enticing new business to use that registrar to register a customer’s domain name.
Privacy companies usually require that their customers represent that they are not violating any third party’s intellectual property and threaten to remove the veil of anonymity if there is an allegation of infringement. In reality, though, the privacy companies cater to cybervillains. The cybervillains want to keep their contact information private for nefarious reasons — and that is why cybervillains are willing to pay a premium to privacy companies to ensure their contact information is not made public via the WHOIS records. Privacy companies drag their feet when requested to furnish contact information — a fact that they tout to their cybervillain customers.
While there are legal remedies available to address the acts of the cybervillains (and privacy companies), they are costly and time-consuming. The cost of a Uniform Dispute Resolution Policy arbitration is at least $1,500 (plus attorneys’ fees). An Anticybersquatting Protection Act action is even more expensive and is not a valid threat against the privacy companies. These approaches are a far cry from ICANN’s WHOIS information policy purpose.
With the abundance of anonymous registrations being facilitated by privacy companies, it has become more costly and time-consuming for intellectual property owners to protect their rights online. Without some level of accountability for privacy companies, this problem is going to become more severe. Until action is taken by ICANN or the U.S. government, these cybervillains will have another trick up their sleeve.
Jason H. Fisher is an associate in the Los Angeles office of Buchalter Nemer. He practices in the areas of e-commerce and cyberlaw, business litigation, copyright and trademark law, and entertainment/new media law. Contact him at JFisher@buchalter.com.