A fundamental rule of trademarks is that they have to be distinctive, and that nobody can register a trademark on a generic term like "wine" or "plastic." In a case decided today by the U.S. Supreme Court, the court decided 8-1 that online travel agent Booking.com could register its domain name as a trademark. In this case, I think the majority got it wrong, and Justice Breyer's lone dissent is correct.
The U.S. Patent and Trademark Office (USPTO) had claimed that since "booking" is a generic term, if you add ".com" to it, it's still generic, just like adding "company" to a name. The case law on this issue seems to be pretty thin since everyone cites the same two cases. The first is an 1888 case Goodyear's Rubber Manufacturing Co. et al. vs. Goodyear Rubber Co. The court held that since at the time Goodyear Rubber was a widely used term (rubber wasn't very useful until Charles Goodyear patented his vulcanization process), the name was generic, and one Goodyear Rubber company couldn't keep the other from using a similar name. The other is a 1985 case Park N' Fly Inc. v. Dollar Park and Fly, Inc., where the court again found that "Park and Fly" describes what an airport parking company does, the name is generic, and the first company couldn't keep the other, which was in a city where the former didn't operate, from using a similar name.
In this case, the court decided that ".com" isn't the same as "company," and what matters is whether consumers identify the name with the company. The company submitted surveys saying that 75% of consumers surveyed thought Booking.com is a brand name, while only 35% thought washingmachine.com was a brand name, so it's a trademark. (It happens that washingmachine.com belongs to online appliance merchant Wayfair, but they don't promote it at all.)
Not so fast, replies Justice Breyer. For one thing, people have heard of Booking.com, so all the survey shows is whether the name is familiar, not whether it's non-generic. If someone did as much promotion for a laundry machine site washingmachine.com as Booking.com has done for its site, people would likely think it's a brand, too.
Furthermore, since everyone agrees that a domain name can only belong to one owner, whatever confusion a trademark is supposed to prevent can't happen since nobody else can use Booking.com. (He observes there can be many Wine Companies, but only one wine.com.) What else would they do with a trademark registration? Booking.com says they have ho plans to challenge other names like Bookings.com, eBooking.com, Booker.com, or Bookit.com, but he notes that this sets a precedent and other registrants are not likely all to be so restrained.
The main thing that Booking.com can do with its trademark is to use it in ICANN UDRP challenges, where in practice, a party with a registered trademark always wins. But since Booking.com already owns similar names Booking.org, Booking.net, Booking.info, Booking.biz, Booking.us, Booking.travel, and Booking.cm, what problem would their trademark solve?
I agree with Breyer — generic domain names are generic names, and allowing trademark registration will offer no meaningful benefits to the registrant or the public while allowing endless UDRP mischief.
It, perhaps, does not have to be said that cybersquatting is an intentional tort. No one would expect the respondent to admit unlawful intention, but complainant's proof must nevertheless support that contention. The Panel in Hästens Sängar AB v. Jeff Bader / Organic Mattresses, Inc. FA2005001895951 (Forum July 31, 2020) reminds us that it takes more than bad faith use of a domain name to find cybersquatting. And in the process of analyzing the facts, it shows us the shortcomings of proof to establish bad faith registration.
As it happens, there is no issue of intention in Hastens. Respondent was well aware of Complainant's trademark; in fact, admits targeting it but for a legitimate purpose: "[I]t asserts that [in registering <comparetohastens.com>] it intends to employ the disputed domain name, as well as the other 'compare to' domain names that it registered, in connection with its bona fide sales of commercial products." Respondent explains that "consumers can compare its commercial products with Complainant's at in-person retail locations."
"Compare to" advertising has received attention in trademark and false advertising cases in the U.S, and most likely in other jurisdictions but (to my knowledge) this is its first appearance in a UDRP dispute. There is a question as to whether this matter is even within the scope of the UDRP. The Panel appears to have it both ways as indicated by the italicized final clause:
It is true that such a comparison website, if launched, may attract consumers to it. But, if the website is properly designed, it likely would not cause confusion as to source, sponsorship or affiliation; rather, it should be clear that the website does not come from Complainant but rather from a competitor of Complainant. It also is true that such a comparison website might be designed to divert business from Complainant to Respondent, but that is not the kind of disruption of a competitor's business contemplated by the Policy as evidence of bad faith registration and use. (Emphasis added)
But instead of dismissing the complaint on this ground, the Panel finds an alternative reason which essentially contradicts the first:
Whether Respondent engaged in bad faith registration requires consideration of Respondent's intent. Respondent asserts that it registered the domain name in order to establish a comparison website, which, as noted above, could be a permissible use of the disputed domain name. Although Respondent did not come forward with affirmative evidence to establish demonstrable preparations to create such a website (which is a specific requirement under the policy for establishing rights or legitimate interests in a domain name), a finding a bad faith requires more.
In following through on the alternative, the Panel continues:
It is not enough that Complainant show that Respondent failed to come forward with evidence of its demonstrable preparations; rather, Complainant must come forward with evidence the establishes, by a preponderance of the evidence, that Respondent in fact registered the disputed domain name with a bad faith intention to cybersquat on the domain name. Such evidence might include evidence of an intent to sell the disputed domain name to Complainant for a profit, to prevent Complainant from reflecting its own trademark in a corresponding domain name, to disrupt Complainant's business, or to attract consumers to the website to which the domain name resolves by creating a likelihood of confusion as to the source, sponsorship or affiliation of the website.
For a complainant to succeed it must submit "sufficient evidence to establish any of these examples of bad faith registration" but it has failed to do so, and this coupled with Respondent's proof in the form of an affidavit which the Panel finds "credible with respect to Respondent's intent at the time of registration" warrants dismissing the complaint.
The decision is remarkable in examining the facts and circumstances from different perspectives, which is highly educational, but it is also serpentine in the manner in which the Panel reaches its conclusion. The Panel was absolutely correct in noting that while a "compare to" domain name may have a disruptive impact on a complainant, it "is not the kind of disruption of a competitor's business contemplated by the Policy as evidence of bad faith registration and use." If this is so, cannot the bad faith analysis be dispensed with entirely? If a claim exists, it belongs in another forum.
Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP
Trump and his enablers are well known to disrespect if not disdain legal systems, including public international law. He has effectively abrogated every treaty instrument relating to international communications at the whim of a tweet. His behavior has dishonoured the USA in a way that will take years to remedy. Trump's actions to ban access to Android Operating System updates on Chinese products have significantly harmed cybersecurity worldwide. His latest summary actions against Tik-Tok and We-Chat to further a Trump Firewall are beyond reprehensible.
However, international legal systems still exist and can be leveraged to begin holding Trump accountable. Some of the potential causes of action are legislative in nature and operate over a longer time period. There is a relatively unknown mechanism for reporting infractions and enhancing accountability that is described here. Although, these actions must be done by Nation State representatives, they can potentially be very effective and enhanced as a result of Trump's extraordinarily egregious behavior.
Public International Law of the ITU
The treaty instruments of the International Telecommunication Union (ITU) have provided the fundamental foundation for all international telecommunication since 1850. Every nation in the world exercises exclusive, absolute sovereignty over its communication networks and services. However, through the ITU treaty provisions which have been universally ratified, those same nations agree to interconnect their communication networks, transport traffic, and allow for services across their borders for larger social and economic good.
All electronic communications today are based on these treaties. Except during time of war, no nation is permitted to take the kinds of unilateral actions taken by Trump. Consistent adherence to these norms has existed over the past 170 years among almost all nations and remain a bedrock of international cooperation.
Causes of action pursuant to ITU Resolutions 64 and 69
The idea for a global norm to ban unilateral, discriminatory denial of access to network facilities and services arose at the ITU's World Telecommunication Development Conference at Buenos Aires in 1994 and resulted in the adoption of WTDC-94 Resolution 5. When the nations of the world convened at the ITU Plenipotentiary Conference at Kyoto later that year, they placed the norm in the Final Acts of the ITU (Kyoto) treaty instrument as Resolution 64 – Non-Discriminatory Access to Modern Telecommunication Facilities and Services. It resolved "that there should be non-discriminatory access to telecommunication technologies, facilities and services established on the basis of ITU-T and ITU-R recommendations" and called for the ITU to play a leading role to implement the norm.
Eight years later, when the nations of the world convened at the ITU Plenipotentiary Conference at Marrakesh in 2002, a concern for non-discriminatory access to Internet resources was expressed by the German ambassador to the assembled nations. He stated that "the [Internet] should, therefore, be regarded as an important part of national infrastructures and non-discriminatory access for all citizens and companies to a stable and secure network must be assured." See Minutes of the First Plenary Meeting, Plenipotentiary Conference (PP-02), 25 Sep 2002.
In 2006, at the Antalya Plenipotentiary Conference, Resolution 64 was expanded to include "Non-discriminatory access to modern telecommunication/information and communication technology facilities and services."
Two years later, when the World Telecommunication Standardization Assembly (WTSA) was convened at Johannesburg in October 2008, a collective concern arose that unilateral actions might be taken to access Internet-based services. The result was Resolution 69 directed at all Nation-States "to refrain from taking any unilateral and/or discriminatory actions that could impede another Member State from accessing public Internet sites, within the spirit of Article 1 of the Constitution." Article 1 is a list of the eighteen reasons why all nations have entered into a universal treaty that enables global communications among themselves and extends back to 1850.
Especially significant was that WTSA-2008 provided a cause of action mechanism for Resolution 64 infringements — in the form of a process to enable a nation to report incidents of where another nation impeded access to Internet services. This Resolution 69 mechanism was subsequently implemented via a web-based infringement portal that allowed not only reporting, but for responses by the alleged infringing nation. The concept was to allow both for transparency and due process and enable global shaming for egregious unilateral behavior.
As concern over unilateral Internet actions grew after 2008, the support for Resolutions 64 and 69 among the world's nations increased significantly. At the Plenipotentiary Conference at Busan in 2014, the WTSA Resolution 69 provision was added to Resolution 64 of the ITU treaty, stating that nations should "refrain from taking any unilateral and/or discriminatory actions that could impede technically another Member State from having full access to the Internet, within the spirit of Article 1 of the ITU Constitution and the WSIS principles."
The expanded scope of concern was also reflected at the WTSAs held in 2012 and 2016. The scope of Resolution 69 was widened to include "use of Internet resources and telecommunications/information and communication technologies," and numerous links to other related intergovernmental activities and mandates were identified. Additional responsive actions were also added to encompass and involve almost all ITU bodies, including "to submit contributions to the ITU-T study groups that contribute to the prevention and avoidance of such practices."
As Trump became increasingly unstable and hostile to international cooperation after coming into power, the ITU Plenipotentiary Conference held at Dubai in late 2018 witnessed a new focus on Resolution 64. Its non-discriminatory access norm appears no less than 22 times throughout the treaty instrument. See Final Acts of the Plenipotentiary Conference (Dubai, 2018).
At this point, the actual reporting of incidents pursuant to Resolution 69 has been minimal — consisting of 37 incidents identified by Sudan against the United States between 2009 and 2016. The incidents reported are actually very good examples of unilateral, discriminatory transgressions of Resolution 64 and include USA impairments of access to website and cybersecurity tool providers, operating system vendors, application providers and associated services. The last two incidents were filed in April and May of 2016 and describe several incidents, including the banning of access to Apple Inc. iPhones, iPad and Operating Systems. Rather embarrassingly, the USA has never once provided a response.
Potential Actions Against Trump
As a result of Trump's recent actions and in light of the next WTSA being held in three months with preceding meetings of ITU-T Study Groups, there are several potential actions that could ensue to implement the Resolution 64 treaty provisions.
The simplest action would simply consist of any of the 192 other ITU Member States to begin filing Resolution 69 complaints concerning Trump's actions similar to those done by Sudan using the extremely easy on-line filing process. Although USA citizens adversely affected by Trump's banning cannot themselves file an incident against Trump, other national administrations could file on behalf of individuals, classes of individuals, or organizations in the USA. The net effect of this activity in itself can be reported publicly and would constitute a global shaming of Trump's behavior and an affirmation of public international law.
Resolution 69 also provides for several additional actions that significantly further amplify the submissions. The ITU-T bureau Director is required to integrate and analyse the reported incidents in reports to the Member States, the Standardization Advisory Group, and the next WTSA, which occurs in November.
Any ITU-T members can also make submissions "to the ITU-T study groups that contribute to the prevention and avoidance of such practices." With several study group meetings occurring in the coming weeks, actions could be undertaken there through submissions that establish new work items and provide reports to the WTSA-20.
The three ITU Directors (Telecommunication Standardization, Radiocommunication and Telecommunication Development Bureaus) must also "report on progress on [the Article 69] resolution through a report of the Secretary-General to the ITU Council.
It is the WTSA-20 itself, however, that could serve as a means for collective legislative action against Trump's unlawful behaviour that profoundly affronts the basic tenets of the ITU and international cooperation for global communication. Here, there are many options ranging from enhancement of Resolution 69, creation of new ITU-T Questions for multiple Study Groups, and recommendations to the next Plenipotentiary Conference. Provisions could even be made for entities other than Nation States to file incident complaints.
It is noteworthy that WTSA-20 convenes on 17 November — exactly two weeks after the U.S. national election that should likely expel Trump from office. However, Trump's representatives will still be representing the U.S., and the new Biden Administration will not come into power for two months. As occurred in the past, it seems essential for the nations of the world to strongly condemn Trump's conduct and to set both a benchmark and a continuing mechanism for promoting acceptable behaviour under public international law. In a world of global 5G/F5G extraterritorial virtualized architectures and services, that benchmark concerning unilateral or discriminatory actions that could impede technically another Member State will be especially critical.
The battle to purge child abuse images from the Internet has been lost. That doesn't mean that we can't or shouldn't continue to work towards the elimination of image-based abuse. But it is widely acknowledged by law enforcement, reportinghotlines, and preventiongroups alike that this can't be achieved merely by censoring images from the Internet and by criminalizing those who access or share them — which are the only strategies that society has focused on until now.
Completely censoring abuse images from the Internet has proved intractable because it would require the surveillance of all communication channels, including those that are end-to-end encrypted. It simply isn't possible for communications to be both securely encrypted and also to be mass-scanned for child abuse images, and even the proposed Lawful Access to Encrypted Data Act wouldn't require such a gaping backdoor to be installed in secure communication apps and services. Even if such a mandate were put in place, free, open-source encryption software is now ubiquitous. Secure communications are here to stay.
As for criminalization, at some point, higher penalties for image-based abuse no longer have any further deterrent effect — and we reached that point long ago. Under existing state and federal laws in the United States, those convicted of possessing abuse images can easily receive a longer sentence than those convicted of the hands-on sexual abuse of a child. Yet as penalties for possession offenses have skyrocketed, rates of offending have increased along with them. Criminalization also has lifelong harmful effects on families and communities. Up to 15% of offenders are children themselves — and in some cases the victim and the perpetrator are one and the same.
Governments, nonprofits, and tech companies have failed
Responsibility for the harm that children suffer through the creation and circulation of abuse images lies solely with those who create and circulate them. Those harms are real, and we can't simply ignore them. But responsibility for our failure to contain this crisis lies with those who have been entrusted with the responsibility to do so. Since governments, large child safety nonprofits, and technology companies have all doubled down on the two-prong approach of censorship and criminalization, they all share the blame for its failure.
For governments, the emotional topic of child sexual abuse is routinely invoked to justify repressive laws and policies that could never otherwise secure passage. An example is FOSTA/SESTA, a law originally promoted as a solution to child sex trafficking, but which in fact targeted adult sex workers for criminalization and censorship. Aside from the harm that itdidto sex workers — which can hardly be regarded as an unintended consequence — the law has also made the investigation and prosecution of real child sex trafficking cases more difficult than before, and resulted in censorship ofcontent about abuse prevention.
Technology companies have long borne the brunt of demands from governments and their allied child safety groups to adopt their censorship agenda. Over the past decade, they have increasingly capitulated by co-opting and partnering with these pro-censorship groups. In 2017, Facebook was the first tech company to join NCMEC in supporting FOSTA/SESTA. Most of the tech company representatives at this month'ssummitof INHOPE , the association of abuse reporting hotlines, are also alumni of government-linked groups — Twitter's from NCMEC, and Google's from the NSPCC. In short, large tech companies have not offered an effective check on the government's agenda, but have swallowed it whole.
A lesson from the music industry
Napster, the original peer-to-peer music sharing app that was released in 1999, created a massive headache for the music industry when its revolutionary model of music distribution led to an explosion in copyright infringement. The industry's initial response to this was exactly the same as the response that society has taken to the problem of child abuse imagery — censorship and criminalization. Indeed, many of the same underlying technologies are used to censor child abuse images as those that were developed to control digital content piracy.
But the industry soon learned that these approaches didn't work, and that in some ways they made the problem worse. Consumers resented being treated as criminals, incorporated music piracy as part of the counter-cultural identity of their generation, and as soon as one file-sharing app was shut down, they moved to another. In the movie The Social Network, when Napster founder and Facebook investor Sean Parker claims that Napster "brought down the record company," Mark Zuckerberg objects, "Sorry, you didn't bring down the record companies. They won." Parker responds, "In court."
Eventually, the music industry came around to the idea that they needed to compete with Napster on its own terms, by providing a better, equally convenient alternative. When they finally did so by licensing affordable music streaming and downloads, the piracy problem largely went away by itself.
What we should be doing instead
The government-linked child safety sector and its tech allies have yet to reach the same realization as the music industry. And so they persist in the idea that ever-tougher criminal penalties, combined with the increased surveillancethat wouldbe required to make these practical to enforce, will eventually be sufficient to eliminate abuse. But after more than 20 years of this experiment, it's finally time to call it a failure. If we continue down this path, things aren't going to get better; they'll continue to get worse.
To actually make progress towards solving the problem of child abuse online, we need to do what the music industry eventually did: we need to build a better pathway for people who are drawn towards it. Erecting border walls and surveillance posts around the Internet sends the wrong message to these people, and will only encourage them to circumvent these measures. Rather than trying to ensure that abuse images can't be accessed or shared, instead, we need to focus on ensuring that there are better alternatives, so that fewer people feel the need to seek those images out.
Convincing people that viewing sharing such images is harmful and wrong is a necessary and important part of achieving this outcome. But as with the drugs war, "Just say no" goes only so far — the allure of the taboo is palpable. And as police are now realizing, this allure can extend even to offenders who aren't otherwise sexually attracted tochildren (in other words, those who don't fit the psychological profile of pedophiles). In short, there are a lot more people willing to perpetrate image-based abuse than even experts previously believed.
What does a better alternative look like for these people? In the broadest sense, anything that could prevent them from abusing a real child should be considered as a viable alternative. In some cases, this just means education so that they realize their behavior comes at a cost to children: viewing abuse images is not a victimless crime, and many people who offend still don't understand that. Once they do understand it, that provides enough incentive for them to stop. Others may require peer or professional support to make that connection and to adjust their behavior accordingly.
For others still, it may also help them to be able to explore their taboo thoughts and feelings through victimless outlets such as art, fiction, role play, or sex toys. These aren't an indication of an unusual sexual interest in specific individuals, but in the broader population, some users of these materials may be doing so as a coping mechanism. Prostasia Foundation is the only child protection organization raising funds for research on whether such outlets could be a tool in diverting these people away from offending against real children, as initial research suggests may be the case.
Active opposition to alternatives that could prevent offending
Far from promoting or supporting research into such alternatives, the government-linked child safety groups actually want them banned. Historically, many of these groups were associated with the false Satanic sex panic that was a precursor to QAnon, and still today they remain intolerant of sexual minorities and of sexual expressions that are commonly (and wrongly) stigmatized. Their stated justification for criminalizing such expressions is that they are linked with real child sexual abuse — however there is no evidence supporting this claim.
The NSPCC, for example, rails against 18+ pornography and sex dolls that are too "young looking." NCMEC allows those reporting child abuse images to include anime, drawing, cartoon, virtual or hentai images, and includes these and other lawful images in reports to foreign police forces. The Canadian Center for Child Protection, which does the same, once reported a 17 year old Costa Rican girl over cartoon images that she posted online, resulting in her arrest by authorities. The reporting hotline association INHOPE has refused to put an end to these practices.
Due to their close partnership with these groups, governments and tech companies have fallen into line behind their stigma-driven policies. During 2019, a raft of laws banning sex dolls were passed in the United States and overseas, despite ongoing research into their therapeutic applications. Under pressure from a stigmatizing press report initiated by a conservativeactivist who represents the NSPCC and other British groups, Facebook cracked down on the adult DD/lglifestyle community. Other tech companies have been making similar censorship moves; Reddit, for example, banned almost twice as much content for "minor sexualization" in 2019 than in 2018 due to an expansion of its policies and enforcement practices to include fictional content such as 18+ ageplay and manga art.
To be clear, this means that not only are governments and big tech companies failing at addressing the misuse of real child abuse images through their blinkered preoccupation with criminalization and censorship, but by extending this censorship to lawful and possibly therapeutic outlets for some people who might otherwise be drawn to illegal content, they could actually be making the problem worse. Additionally, by establishing a precedent that content should be banned because it is immoral, rather than because it is harmful, they have played into the hands of those whose agenda includes banning other "immoral" content such as 18+ pornography.
Independent platforms are leading the way
It may be too late to disentangle large tech companies from the puritan agenda of the government-linked censorship cartel. At least for now, that agenda is being fought elsewhere, such as in the Supreme Court, where FOSTA/SESTA remains under constitutional challenge. But in the meantime, our hope for a more evidence-based approach to the prevention of online child abuse lies with smaller platforms.
For example Fanexus, a soon to be launched social media platform for fandom communities and creators, and Assembly Four, a sex worker and technologist collective that operates platforms for sex workers and their clients, are both dedicated to providing censorship-free spaces for their respective communities online. But at the same time, they are also working proactively to ensure that these platforms are not misused to perpetrate the abuse or exploitation of minors.
Because so much attention has been devoted to censorship and criminalization as the solution to child sexual abuse, we are still navigating the contours of a more prevention-focussed approach. Legally and technically, what can be done to limit the availability of unlawful images of minors online, and what can't? How platforms moderate content without resorting to a checkbox approach that embeds harmful stereotypes and assumptions? What does safeguarding look like, for platforms that allow fictional content that references child abuse? What content warnings are sufficient for such material when it may be triggering for survivors?
These are questions we must now engage with seriously, although answering them will require an investment in research, and a willingness to engage with stigmatized topics and communities rather than sweeping them off our platforms and into darker corners of the Internet. The importance of this investment has been overlooked for so long because many people falsely believe that prevention isn't possible — but it is.
We can effectively work towards the elimination of image-based abuse, but not through mass surveillance and censorship or by further enabling the expansion of the carceral state. Instead, we'll solve it step by step as more individuals who now resort to the use of unlawful sexual images of minors decide for themselves that a better alternative exists for them… and as generations to come follow in their footsteps.
We look forward to the day when we can call the battle against image-based abuse a success, and we invite you to join us in fighting it.
Written by Jeremy Malcolm, Executive Director, Prostasia Foundation
I have returned to the subject of the title on a number of occasions and it is worth revisiting. Like judicial proceedings, the substance of disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP) and Panel determinations are publicly available. The Internet Corporation for Assigned Names and Numbers (ICANN) mandates in its Rules that all decisions must be delivered to the parties within "three business days" of their receipt of the decision and posted on providers' websites. In earlier essays, I have noted that public availability of underlying narratives and Panels' reasoning to determination is conducive to a buildup of a jurisprudence of domain names and that this jurisprudence is distinct from trademark infringement law. It favors outcomes on the merits rather than on a Panel's interest-based experience. It also favors consensus views to the extent they have been achieved. This, in turn, supports predictability of outcome and is a highly valued feature of the UDRP.
The question that arises and concerns us here is the general perception of respondents alleged to be cybersquatting who are not that at all. There have in the past been questionable decisions that have bent in the wrong direction such as (bad faith based on respondent being a certain kind of "speculator" ) (2000) and (bad faith based on respondent demanding too high a price for the domain name) (2018) (points well-argued by Nat Cohen of Telepathy, Inc. most recently in an online interview). Interestingly the analysis in turned out to be a dead-end that did not help Telepathy, the respondent in that case. (See earlier essay, Dead Ends: The Achievement of Consensus in UDRP Jurisprudence). The jurisprudence on the issue of speculation developed more along the lines analyzed by the dissent; with , the UDRP award was vacated by stipulation in a subsequently filed lawsuit under the Anticybersquatting Consumer Protection Act (ACPA) in favor of the domain name holder. No doubt there will be future questionable decisions for which the only remedy, there being no appeal process within the UDRP, is an action in a court of competent jurisdiction (the ACPA in the U.S), but overall (grumbling aside), the UDRP performs well for both mark and brand owners as well as domain name investors. Some would-be principles biased in favor of brand owners, such as "retroactive bad faith" and bad faith based on domain name renewal date, have been rejected, and the theories officially discarded.
That domain names may be identical or confusingly similar to trademarks or service marks only gets a complainant to first base in a UDRP proceeding. How do panelists perceive these registrants who lawfully register domain names? Do they come to their task interest-based by their representation of brand and trademark owners, for it is no secret that a very high percentage of panelists are drawn from that rank and very few from the ranks of those representing parties alleged to be cybersquatters?
Of course, the questions cannot be answered with absolute certainty, and care has to be taken to avoid falling into one's own prejudice, but some clue to panelists' neutrality can be drawn from the decisions. The jurisprudence as it has developed is strong in protecting interests; however, the facts align. Approximately 8% of complaints are dismissed. In those complaints that have been upheld and domain names transferred, there are no doubt some that are questionably decided, a few of them (like the ADO award vacated or corrected in ACPA actions.
When we come to consider the matter, it is important to take note of how a jurisprudence develops and its stabilizing effect on neutrality. This is curiously illustrated in a Tweet posted a couple of weeks ago, referencing a just-decided dispute involving DSPA B.V. v. Bill Patterson, Reserved Media LLC, D2020-1449 (WIPO August 13, 2020). In the Tweet, Nat Cohen congratulated John Berryhill in successfully defending , and Mr. Berryhill responded with this important assertion: the "Panel [he stated] relied onInstrumentation Northwest, Inc. v. INW .COM c/o Telepathy, Inc. D2012-0454 (WIPO June 1, 2012) ()." I underscore "relied on" because that captures the essence of how the law develops. Earlier decisions, as they are tested for their acuity and good sense, become the foundation of the jurisprudence. It is obvious that the majority's "crew" analysis did not have the support of other panelists, and its "speculator" view became a dead end.
For parties, consistency and predictability are an essential virtue of a judicial proceeding. No one wants to be surprised. This goes for routine disputes as well as others involving more complex facts. Cases involving dictionary words, common phrases, arbitrary letters that could be acronyms, and cultural expressions like "down pat" — iCommand Ltd v. Johnny Gray, ArtWired, Inc., D2020-1438 (WIPO August 11, 2020) — constitute a very small percentage of cybersquatting disputes, but because these domain names are generally held by investors (speculators to some!) in the business of acquiring and reselling domain names they present a telling commentary on how the perception should be framed.
Approximately ninety-two percent of complaints are against domain name holders who have no defense to their registrations and rarely appear to defend their choices, so it is not surprising that there would be a general perception among those impacted that all registrants accused are cybersquatters. The high percentage, no doubt, contributes to a myopic perception. But whatever the perception may be, when it comes to asserting a claim, the outcome is on the merits. Respondent does not have to prove good faith; the complainant has to prove bad faith.
In a recent online interview, I was presented with a series of questions. One of them seemed to suggest an equation between cybersquatters and investors: "Many domain investors think taking a risk on a clearly infringing domain is no big deal. Some have made jokes, others have talked about earning parking revenue until they get a UDRP." My response: "The question must be rephrased to read 'many domain cybersquatters' may think it not a 'big deal.' Cybersquatters can take the 'no big deal' position because the worst remedy under the UDRP is losing the domain name. That's why they could care less." This, too, obviously fuels brand owners' perception of domain name registrants, but there is no equation between cybersquatters and investors.
Indeed, the point about lawful registration and use is emphasized with great clarity in the Concurrence in iCommand:
Complainant takes exception to the fact that the Domain Name is for sale at what is, in its opinion, a "highly inflated" price. This again is not a ground of bad faith and in any event, whether the price demanded by a seller of any commodity is excessive is, like beauty, in the eye of the beholder,
When we talk about perception, then, we mean a first reception of the matter by those not specifically knowledgeable about the facts and the law or biased to a view regardless of the facts and the law. It is a sort of "first impression." When we look closely at cases like DSPA and iCommand we see panelists reflecting on the merits of a complaint. In fact, this even-handed approach is reflected in the WIPO Overview:
Panels have recognized that merely registering a domain name comprised of a dictionary word or phrase does not by itself automatically confer rights or legitimate interests on the respondent; panels have held that mere arguments that a domain name corresponds to a dictionary term/phrase will not necessarily suffice.
Further,
Over the course of many UDRP cases, panels have acknowledged further grounds which, while not codified in the UDRP as such, would establish respondent rights or legitimate interests in a domain name. For example, generally speaking, panels have accepted that aggregating and holding domain names (usually for resale) consisting of acronyms, dictionary words, or common phrases can be bona fide and is not per se illegitimate under the UDRP.
Whether the registration is lawful or unlawful depends on the domain registrant's intention as that is disclosed directly or inferentially by the evidence. Two cases can be offered to illustrate the point. In Mr. Gildo Pallanca-Pastor v. Tech Admin, Virtual Point Inc., D2020-1698 (WIPO August 20, 2020) ( the challenged domain name is a coined word which has attracted several businesses to use it in commerce — "[s]ome are using the term as a business name and others as a product name" — before respondent acquired it in a registrar's auction. Citing earlier cases (as we saw in the Berryhill comment), the Panel noted that "[i]n the context of domainers, panels have generally assessed the issue of registration in bad faith objectively” (emphasis added).
In the second case, Insider, Inc. v. DNS Admin / Contact Privacy Service, FA1912001874834 (Forum February 3, 2020), the phrase in dispute is "business insider." At first glance, this may seem like a lawful registration of a common phrase, but the evidence did not support this. Panel noted that "where it is found . . . that a respondent's modus operandi can be summarized as registration of a domain name that is confusingly similar to the mark of another followed by exploitation of the domain name for profit while awaiting its eventual sale, the 'reseller' label will not serve to avoid a finding of bad faith in the registration and use of the domain name."
These cases and the WIPO Overview contradict interest-based determinations: "investing in genuinely generic terms, for purpose of resale, [that would constitute] . . . a legitimate business . . . [then a respondent's] acquisition of domain names consisting of common, dictionary terms for resale can confer rights and legitimate interests upon entrepreneurs who engage in this activity." Platterz Inc. v. Andrew Melcher, FA 1729887 (Forum June 19, 2017). The more difficult issue and more difficult to assess is some panelists' tendency in the guise of "objectivity" overstepping their roles by improperly ruling on issues that properly belong in a court of competent jurisdiction.
Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP
RIPE NCC and CENTR have released a statement today in response to the upcoming European Commission's Digital Services Act, urging policymakers to distinguish between the Internet's core infrastructure and operations. The new Digital Services Act is considered a significant piece of regulation — an update to the E-Commerce Directive of 2000 — that will provide the legal framework for regulating digital services in the EU and sets out the liability regime for "information society service" providers. Both the RIPE NCC and CENTR are urging policymakers to make a distinction between the Internet's core infrastructure and operations and to protect the core infrastructure from unnecessary and disproportionate intervention. Read the full release here.
The great problem with ignorance is that it leads to disaster when one acts in the belief that he (and not infrequently a corporate "it") is invulnerable to error. The Uniform Domain Name Dispute Resolution Policy (UDRP) is fundamentally a straightforward rights protection mechanism, but as in all clearly written laws, ignorance of its application and of its evidentiary demands can (and generally does) lead to disaster. Mark owners are not entitled to relief because they own marks; resellers are not liable as cybersquatters because they hold domain names identical or confusingly similar to complainants' marks. Any complainant who has a mark, regardless of the timing of its first use in commerce, has standing to maintain a UDRP proceeding, but the catch — and here is where the uninformed need specialized counsel — if a mark postdates the registration of a domain name uninterruptedly held by a respondent the complainant has no actionable claim. Such a circumstance is found in Sahil Gupta v. Michal Lichtman / Domain Admin, Mrs Jello, LLC, D2020-1786 (WIPO September 15, 2020) (<spase.com>). Complainant (by all measures innocent of any understanding of the UDRP and believing in the rightness of his cause) "asserts that the Respondent registered and is using the disputed domain name in bad faith [because it] has acquired a well-known and longstanding reputation of 'domain squatting' for the sole purpose of hoarding domains names to extort the trademarks of business owners."
Setting aside Mrs. Jello's reputation as a reseller of domain names, whatever it may be, it has a lawful right to "hoard[ ] domain names" in pursuit of its business, and if its acquisition predates the trademark or service mark, its domain name is invincible to forfeiture. If, and this is a big "if," the domain name resolves to a website demonstrably infringing complainant's mark, there could possibly be a case of trademark infringement, but that's not a claim actionable in a UDRP proceeding.
However, in this case, the evidence is simply that complainant acted in ignorance of the law and now finds himself the butt of mock and jears which he finds humiliating (if I read the Tweet-leaves correctly). The decision indicates complainant was "internally represented." I trust this is a euphemism for the party himself without guidance from knowledgeable counsel. I will say, however, that despite his having done all the wrong things, he is innocent; a small player. There have been far worse by complainants represented by lawyers in large and sophisticated law firms who really deserve censure. See, for example, also sanctioned with reverse domain name hijacking Mountain Top (Denmark) ApS v. Contact Privacy Inc. Customer 0133416460 / Name Redacted, Mountaintop Idea Studio, D2020-1577 (WIPO September 1, 2020) (<mountaintop.com>). Mocks and jeers should rather be reserved for complainants' sophisticated counsel who litigate in ignorance of the law.
Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP
When brands think about registering a trademark, it's natural to consider the classes that match the direct nature of their products and services. A car manufacturer would register under vehicles1; an apparel brand would register in clothing, footwear, and headwear2 — and perhaps jewelry3 if they offer accessories.
What might not immediately spring to mind would be to register a trademark for the aforementioned products in I.C. Class 9, which, among other things, covers music, downloadable media, and music CDs.
However, CSC has seen an increase in the number of brands used in album cover artwork, song titles, and even artists' names. Certain genres of music — especially hip-hop — may lean towards certain brands as signifiers of wealth and success; jewelry, luxury vehicles, and premium alcohol are just a few examples. In a 2017 article4, Fortune.com highlighted the 12 most referenced brands in pop music over the previous three years. Two-thirds of these brands were luxury vehicles, with Rolls-Royce the most referenced. Non-car brands included Rolex, Jordan sneakers, Hennessey, and Xanax.
CSC's experience in enforcing trademark rights upon digital music services has revealed many nuances, and the enforcement process is not always straightforward.
While brands in the related industries could enforce based on a likelihood of confusion argument, this is not always reliable when the brand and the artist are in completely different industries. In the late 90s, for example, Mattel took Scandinavian pop group Aqua to court over the use of a trademarked color and references to Barbie dolls in their song "Barbie Girl." The case was dismissed, with Judge Alex Kozinski stating, "If we see a painting titled "Campbell's Chicken Noodle Soup," we're unlikely to believe that Campbell's has branched into the art business … nor upon hearing Janis Joplin croon, "Oh Lord, won't you buy me a Mercedes Benz?" would we suspect that she and the carmaker had entered into a joint venture5."
It may be difficult to enforce upon song titles and artists' names that include brands or registered brand terms due to possible infringement on rights such as freedom of expression. That said, platforms are generally compliant when it comes to the use of copyrighted images or logos — for example, in album cover artwork.
Protecting a non-music brand's intellectual property (IP) rights in a musical class can be a tricky area to navigate. On some music platforms, an I.C. Class 9 registration is a pre-requisite for the completion of any trademark reports, so it may be worth non-music brands considering this as a viable registration to protect their IP. If your brand is in one of the previously mentioned most-used categories, it may be a good idea to add the larger music download sites to your monitoring list. CSC can enable this, and gather relevant data so we can advise brands when a potential infringement occurs, and give guidance on how to enforce upon these instances to protect IP rights.
The Internet has enhanced freedom of communication, ignored national borders, and removed time and space barriers. But the Internet sphere was never a law-free zone. Already ICANN's "Articles of Incorporation" (1998) constituted that the management of critical Internet resources has to take place within the frameworks of "applicable national and international law". And in 2015, all the 193 UN member states confirmed the general applicability of international law in cyberspace. Nevertheless, the issue is part of an ongoing international controversy.
The basic agreement is overshadowed by fundamental disagreements on the "How". The UN Charter, UN conventions on international humanitarian law and human rights, and many other universal legal instruments have been negotiated in the pre-digital age. Now, different parties have different interpretations in the digital age, including how the existing legal instruments should be applied in today's interconnected world. Is hacking into foreign networks a "use of force", forbidden by Article 2.4 of the UN-Charter? And if yes, would such an attack trigger article 51, which defines the right of self-defense, and allow a "hack back"? Can "Cyber sovereignty" be extended beyond national borders? Who decides on the "attribution" of a cyberattack? What about a "drone war" where people are killed using joysticks, networks, and facial recognition software? Should there be a moratorium or even a ban for Lethal Autonomous Weapon Systems (LAWS)? Are there mechanisms for the peaceful settlement of cyber disputes? How does "digital mass surveillance" violate the human right to privacy? What is the role and the legal status of non-state actors, acting as curators for content control or proxy-hackers? Online theft of intellectual property is illegal, but what about state-sponsored online-espionage?
For years, those disputes and other controversial law-related cybersecurity issues have been on the agenda of the 1st Committee of the UN-General Assembly and its two sub-groups, the Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG). To bring more light into the legal grey zones of cyberspace, the OEWG convened in December 2020 a series of multistakeholder expert seminars, starting on December 4, 2020, with a special session on "International Law". The Japanese Cyber Ambassador Takeshi Akahori and Prof. Dapo Akande from Oxford University co-chaired the meeting. Liis Vilhul, Marietje Schaake, Harriet Moynihan, Sheetal Kumar, Jan Neutze, Duncan Hollis, Tilman Rodenhäuser and others testified. It was an excellent high-level discussion among policymakers and legal experts. It confirmed the existing agreements, but it also reconfirmed the existing disagreements.
Capacity Building: What about some Cybersecurity books under the Christmas Tree?
There is no shortage of expert knowledge about the threats in the digital world. The risks of the militarization of cyberspace are well known. As some speakers outlined, more than 60 countries have now developed offensive cyber-capabilities. However, governments are far from a consensus, creating a legal framework, and minimizing the risks for a digital disaster. Even shocks like COVID-19 seem to produce more intergovernmental controversies, not less. Experts have no problems agreeing that attacking data centers of hospitals, medical research institutes or supply chains for vaccines is unacceptable and should be treated as an illegal action. However, such attacks are taking place without any consequences.
Do diplomats and policymakers really understand the threats of escalating cyberattacks and their cascading side effects? Could enhanced capacity building, as discussed in the OEWG, help limit risky behavior in cyberspace?
The short answer to the second question is probably "yes". Capacity building is a good idea. Nobody can refuse it. It can help to build trust among adversaries. But it also needs a political will.
Enhanced legal knowledge is available. We have the "Global Forum on Cyber Expertise" (GFCE), databanks, archives and many academic books. And we do have the Tallinn Manual 2.0, something like the "Cybersecurity Bible". Reading books — in particular between Christmas and New Years' Eve — makes a lot of sense. Wouldn't it be a good idea to put some new books under the 2020 Christmas Trees? Here are four recommendations from the 2020 edition:
Francois Delerue: Cyber Operations and International Law
The book "Cyber Operations and International Law", published by the Cambridge University Press, was written by Francois Delerue, a researcher from the Institute for Strategic Research of the Paris-based Ecole Militaire (ISREM). It offers a comprehensive analysis and a systematic examination of attribution, lawfulness, and remedies regarding the cyber activities of state and non-state actors. He makes it clear that in the 2020s, the militarization of the Internet is a fact, and "cyberspace is considered to be another domain for military activities".
According to Delerue, state-sponsored cyber operations take "a mosaic of forms and serve an array of purposes". But he also argues that cyberwarfare is often in the center of the public discussion and is not only ill-defined but also just the "tip of an iceberg". The majority of state-sponsored cyber activities occur below the threshold of cyberwarfare. They do not produce "death and destruction" in enemy states, but they can create chaos and confusion in societies.
Delerue recommends looking beyond the "prohibition of the use of force" principle and analyzes deeper consequences of the violation of other jus cogens principles of the UN-Charter as territorial sovereignty or the principle of non-intervention. Delerue argues that "international law does not leave States helpless against cyber operations, even when the right to self-defense cannot be invoked. He makes it clear that "the perpetrating State has to provide full reparation for the damage caused by its cyber operations." He analyzes states' responsibility if their territory is used for the transit or launch of cyber operations by third parties.
In this context, he offers a very useful concept for the controversial issue of "attribution". He distinguishes between "attribution to a machine, to a human and to a State" and proposes a variety of specific procedures and how to identify and react to unfriendly actions. Delerue also makes clear that there is a distinction between state-sponsored cyber operations and cybercrime. "State cybersecurity and private cybersecurity are covered by two different legal frameworks".
Matthias Kettemann: The Normative Order of the Internet
Kettemann is with the Leibnitz Institut in Hamburg. His book is published by the Oxford University Press. He tries to "decomplexify and demystify" Internet regulation and offers a "sophisticated multilayered model of a comprehensive and nuanced regulatory order" between "utopian ideals" and "technocratic pessimism". He says that there is no "Grundnorm" within the Internet Governance Ecosystem. The legal framework for the Internet is "hybrid in nature" and consists of several interconnected layers. It is a complex of norms, values and practices that relate to the use and development of the Internet.
He discusses Lawrence Lessig's the "Code-is-Law-Slogan" and concludes that "code does not just appear, it is written in processes (that can be regulated) by coders who can be subjected to norms, employed by companies with values and targets to be debated in public forums, with aims and functions that can be measured against the finalities of the normative order of the Internet." And he concludes that "protocols therefore have politics" and "norms need to be consistently applied to their development and implementation". This finding, he adds, also applies "to algorithms and algorithmic decision-making, including selection and recommendations logics that have clear implications for rights and freedoms". He supports the multistakeholder model but recognizes that this model - as it stands now in 2020 - "suffers from substantial conceptual deficits."
In his summary, he states: "The rule on (and of) the Internet must protect rights and values online (the Internet's nomos), legitimize the exercise of private and public authority (through stabilizing the nomos normatively and through narratives) and ensure a fair distribution of basic goods and rights as they relate to the Internet, including Internet access and access to Internet content."
Niels ten Oever: Wired Norms
Niels ten Oever has worked for many years with the human rights organization "Article 19". His "Wired Norms: Inscription, resistance and subversion in the governance of the Internet infrastructure" is based on his dissertation, which he defended in summer 2020 at the University of Amsterdam. He analyzes the interrelationship between technical arrangements and legal norms, particularly in human rights. He looks into policies and practices of three technical organizations — ICANN, IETF and the Regional Internet Registries (RIRs) — and identifies frictions between the multilateral Internet Governance regime, which regulate public policy issues (as privacy or information content) and self-regulatory multistakeholder and private Internet governance regimes, which are dealing with technical issues (as Internet protocols, standards, domain names and IP addresses).
He concludes that one should not see this friction as a "structural misalignment" but as "mutually beneficial". While states may not want to focus on the interconnection and innovation of technologies, transnational corporations do not need or want to develop their own policies and standards vis-a-vis social and legal norms. He argues for a "wiring of norms" and hopes that cross-pollination between the two regulatory worlds could produce "alternative routes to govern the Internet."
Dennis Broeders & Bibi van den Berg: Governing Cyberspace
"Governing Cyberspace: Behaviour, Power and Diplomacy", published by Rowman & Littlefield in 2020, is based on papers presented at a conference on responsible behavior in cyberspace in November 2018 in The Hague. It includes papers like "Electoral Cyber Interference, Self-Determination and the Principle of Non-Intervention in Cyberspace" (Nicholas Tsagourias), "Violation of Territorial Sovereignty in Cyberspace" (Przemyslaw Roguski), the Multistakeholder Model on Internet Governance (Jacqueline Eggenschwiler & Joanna Kulesza) and on cyber activities of China (Rogier Cremers), Russia (Xymena Korwoska) and NATO (Steven Hill & Nadia Marsan).
Alexander Klimburg and Louk Faesen, in their paper "A Balance of Power in Cyberspace," argue in favor of a "holistic approach". The Internet has linked cybersecurity issues, digital economy, human rights and technology development (as AI or IoT) in a new way, which has consequences for all kinds of global diplomatic negotiations. They see in the United Nations and the first three committees of the UN General Assembly an already existing political mechanism for such a "holistic approach" to develop regulatory frameworks for cyberspace and digital cooperation.
Klimburg & Faesen use the "balance of power theory" to explain that a realistic approach to stability and international order needs compromises that will give all parties the same "relative security and relative insecurity". Stability in cyberspace "hinges upon the acceptance of the framework of the international order by all major powers, at least to the extent that no state is so dissatisfied that it expresses it in a revolutionary foreign policy." They describe this as a challenge to find solutions based on the "recognition of the limits" by the states with regard to the "technical reality of the domain inhibiting one party from deciding universally and unilaterally, arguably defined as the multistakeholder reality in the context of cyberspace." Balancing states' interests in cyberspace are crucial. The holistic approach could be the start of a new beginning in creating stable and peaceful cyberspace.
Looking forward towards 2025
To have academic expertise is very good. But time is ripe now for governmental positioning. A number of states — Finland, New Zealand, France and Estonia — have recently published their legal opinion about the applicability of international law in cyberspace.
The issue of the use of force and countermeasures in cyberspace is one of the key problems. New Zealand published its paper on the eve of the OEWG seminar series on December 1, 2020. It expressed its willingness to explore collective countermeasures in the "collective interest in the observance of international law," citing the "potential asymmetry between malicious and victim states." It says that "state cyber activity will amount to a use of force if it results in effects of a scale and nature equivalent to those caused by kinetic activity which constitutes a use of force at international law. Such effects may include death, serious injury to persons, or significant damage to the victim state's objects and/or state functioning". Cyberattacks against hospitals could be such a case. Estonia maintains a similar position, France recently rejected collective countermeasures, while Finland has avoided the matter altogether. In the OEWG seminar, the question was discussed, whether the publication of "national papers" is useful or could have counter-productive effects, allowing "silent governments" to move away from globally accepted norms.
There were a lot of references to the so-called "like-minded countries." If they agree, this will set the first standard for global arrangements. It is undoubtedly true that it is much easier to agree among governments that share the same values. However, we live in a divided world where different value systems co-exist. In this divided world, we have one Internet. There is no alternative to the complicated and burdensome process to sit together and figure out how arrangements can be made among partners that are also competitors and adversaries in an interconnected world. Probably a legal opinion of the International Law Commission would be helpful to agree on something like a globally accepted "framework of interpretation."
But in any case, it will take some time to make progress. Nevertheless, there are some encouraging signs. The fact that the UN becomes more and more a place where not only governments but also non-state actors discuss highly politicized issues as cybersecurity is an interesting step forward towards a new culture of global policy development. The extension of the OEWG mandate by the 75th UN-General Assembly until 2025 is another interesting signal.
The new UN resolution on an extended OEWG calls for enhanced multistakeholder discussions. It recommends that the new OEWG should not only facilitate "the exchange of views among States on specific issues related to its mandate." Still, it may also decide "to interact, as appropriate, with other interested parties, including businesses, non-governmental organizations and academia." But again, it is the "How" which is the problem. How will non-state actors become involved? What is "appropriate"? And how will governments take ideas from non-state actors on board? With the Paris Call, the Tech Accord, and the Final Report of the Global Commission on the Stability of Cyberspace, there are already good examples of multistakeholder cooperation in developing cyber norms on the table. The next opportunity is to move forward and propose some innovative procedures for future interactions among state and non-state actors in cybersecurity in the forthcoming OEWG meeting in March 2021.
The Government of Niue, a small island 2,400 kilometers northeast of New Zealand, launched proceedings today demanding a "redelegation" of its country code top-level domain, .nu, from the Internet Corporation for Assigned Names and Numbers (ICANN). Jack Kerr, who first broke the news in Business Insider, notes, "the .nu domain has never been in the hands of the Niuean people, with control currently resting with the Internet Foundation of Sweden (IIS), the body in charge of that country's .se space." Kerr adds that Niue is also pursuing a case in the Swedish legal system demanding tens of millions of dollars made from the sale of .nu domains. Pär Brumark, the Swedish domains expert who is leading a delegation on behalf of Niue to claim its space, tells BI, "This is the big one."
Agency asserts interest in trademark protections for Internet's largest domain name registry
According to media sources, the National Telecommunications and Information Administration (NTIA) wrote to Verisign last Friday, objecting to the company's plan to auction o.com to the highest bidder. The planned release for o.com — described by the Second Amendment to the .com Registry Agreement and intended as a pilot for the remaining reserved single-character .com names — involved an opaque consideration process that ignored community input and set aside hard-won trademark protections developed by stakeholders in order to maximize dollars earmarked for an unidentified cadre of non-profit organizations.
The two-page letter asserts that:
NTIA retains rights pertaining to single-character .com names stemming from the fact that it was the U.S. Government which required single-character names at the second-level to be reserved from initial registration in 1993;
the release of o.com, and presumably the other remaining reserved .com single-character names, requires NTIA approval; and,
such approval is likely to be withheld unless the release procedure incorporates "policies, procedures, and protections used for all domain names."
This last point vindicates the position of the Intellectual Property constituency (IPC) and other stakeholders that specifically called for the implementation of the Trademark Clearinghouse and Sunrise Period mechanisms that were created to protect brand owners and trademark registrants. The omission of these hard-won protections can't be considered an oversight because it was quite deliberate. The views of the IPC and others were offered during yet another example of the kangaroo court-style of public comment period that seems to be ICANN's new normal and where community input is solicited only to fall upon deaf ears before hitting the circular file.
In this case, ICANN's board dismissed intellectual property rights protections as inapplicable because the .com Registry Agreement is, among other things, a decaying relic from prehistoric times that predates the development of modern safeguards for intellectual property rights online. ICANN's board also cited as precedent the release of .biz (2008), .info (2010), and .org (2011) single-character reserved names without a sunrise period — it's a little surprising that the board seems to have forgotten that sunrise periods didn't exist until 2013. But it's difficult to be too surprised considering that when asked about the vote to approve the o.com auction at ICANN's Kobe meeting, a number of board members didn't recall the issue being raised in the first place, let alone voted on.
Given the propensity of Verisign and ICANN to seek absolution in the loopholes of an obsolete legacy agreement, stakeholders might have a brighter future if they follow their lead and stop asking for what isn't in the .com Registry Agreement and get laser-focused on what is — particularly those elements that a federal appellate ruling says "unlawfully restrain trade." In the meantime, NTIA's timely intervention reinforces the position taken by the IPC and others that the release of o.com — along with the other remaining single-character .com names — must be subject to the same procedures, policies and protections as every other newly available domain name.
NTIA's concerns mostly pertain to the charitable contributions, possibly constituting a price that exceeds what is currently allowed by the Cooperative Agreement and that this would require explicit NTIA approval. The agency further questioned whether the compensation for auction vendors would also exceed the allowable wholesale price for .com domain names.
The gravity of the letter is greatly expanded by considering that it was signed and sent last Friday by NTIA's then-acting administrator, Adam Candeub, who has since been tapped by the White House for a new role as Deputy Associate Attorney General — a Justice Department job which oversees the Antitrust Division, among other things. It is counter-intuitive to assume that he would abandon such recently demonstrated interest in these issues after being elevated to a role that offers such greatly expanded opportunities for addressing them.
Another factor is the potentially shortened timeframe to effect solutions. January 20th is likely an important inflection point for Mr. Candeub and, thus, should be seen similarly for Verisign and ICANN as well. Ignoring NTIA's letter or trying to run out the clock would be myopic and risks drawing greater scrutiny from DOJ and others that could carry over into the next administration — which isn't far-fetched considering the president-elect was Vice President when the 2012 price cap was imposed. Any expanded inquiry would necessarily seek to know the motives of two organizations that, on paper at least, have no interest, rights, or standing for these single-character names beyond the maximum allowable price of $7.85 — in essence, it would become necessary to determine why ICANN and Verisign accepted such rapidly ballooning risk by seeking so mightily to deny the rights of others for something that they themselves hold no rights to whatsoever?
Albert Einstein once said that "problems cannot be solved with the same thinking that created them." However, given these evolving circumstances, it doesn't take a rocket scientist to know that hoping intransigence will result in an outcome other than a full competition review of .com — a long-overdue follow-up to DOJ's 2012 analysis which has already been requested by U.S. Senators Ted Cruz and Mike Lee — is putting a lot of shareholder value at risk for a gamble that, in retrospect, will be seen as arbitrary and capricious.
Besides — hope is not a strategy.
Written by Greg Thomas, Founder of The Viking Group LLC
Ahmed Mansoor is an internationally recognized human rights defender based in the Middle East and recipient of the Martin Ennals Award (sometimes referred to as a "Nobel Prize for human rights"), On August 10 and 11, 2016, Mansoor received an SMS text messages on his iPhone promising "new secrets" about detainees tortured if he clicked on an included link. Instead of clicking, Mansoor sent the messages to the Canadian Citizen Lab researchers. The researchers discovered that the links belong to an exploit infrastructure connected to the NSO Group, an Israeli-based "cyberwar" company that sells Pegasus, a government-exclusive "lawful intercept" spyware product.
Rafael Cabrera, a Mexican journalist, reported a conflict of interest involving the Mexican President and First Lady. On August 30, 2015, Cabrera received suspicious messages and was targeted. In 2017 in Mexico, the wife of a murdered Mexican journalist was also sent alarming text messages concerning her husband's murder, designed to trick her into clicking a link and infecting her phone with the Pegasus spyware. In 2018, a close confidant of Jamal Khashoggi was targeted in Canada by a fake package notification, resulting in the infection of his iPhone.
Mansoor and Cabrera are not the only victims. Citizen Lab has tracked and documented more than two dozen cases using similar intrusion and spyware techniques. We don't know the number of victims or their stories, as not all vectors are publicly known. Once spyware is implanted, it provides a command and control (C&C) server with regular, scheduled updates designed to avoid extensive bandwidth consumption. Those tools are created to be stealthy and evade forensic analysis, avoid detection by antivirus software, and can be deactivated and removed by operators.
Once successfully implanted on a victim's phone using an exploit chain like the Trident, spyware can actively record or passively gather a variety of different data about the device. By providing full access to the phone's files, messages, microphone, and video camera, the operator can turn the device into a silent digital spy in the target's pocket.
These attacks and many others that are unreported show that spyware tools and the intrusion business have a significant abuse potential and that bad actors or governments can't resist the temptation to use such tools against political opponents, journalists, and human rights defenders. Due to the lack of operational due-diligence of spyware companies, these companies don't consider the impact of the use of their tools on the civilian population nor comply with human rights policies.
The Commercial Spyware Abuse: A Global Problem
The growing privatization of cybersecurity attacks arises through a new generation of private companies, aka online mercenaries. This phenomenon has reached the point where it has acquired its own acronym, PSOAs, for the private sector offensive actors.
This harmful industry is quickly growing to become a multi-billion dollar global technology market. These newly emerging companies provide nation-states and bad actors the option to buy the tools necessary for launching sophisticated cyberattacks. This adds another significant element to the cybersecurity threat landscape.
These companies claim that they have strict controls over how their spyware is sold and used and have robust company oversight mechanisms to prevent abuse. However, the media and security research groups have consistently presented a different and more troubling picture of abuse.
Spyware tools are being sold to government clients, or in some cases, to private companies without appropriate controls over how it is employed by those clients. These tools are used to hack into the devices of civil society activists, journalists, lawyers, political opposition, and human rights defenders — with potentially lethal consequences.
The growing abuse of surveillance technology by authoritarian regimes with poor human rights records is becoming a disturbing new, globally emerging trend. The use of these harmful tools has drawn attention to how the availability and abuse of highly intrusive surveillance technology shrink already limited cyberspace in which vulnerable people can express their views without facing repercussions such as imprisonment, torture, or killing.
Solving this global problem will not be easy nor simple and will require a strong coalition of multi-stakeholders, including governments, civil society, and the private sector, to reign in what is now a "Wild West" of unmitigated abuse in cyberspace. With powerful surveillance and intrusion technology roaming free without restrictions, there is nowhere to hide, and no one will be safe from those who wish to cause harm online or offline. Not acting urgently by banning or restricting the use of these tools will threaten democracy, rule of law, and human rights worldwide.
Accountability, Attribution, and International Law: Post-SolarWinds
On December 7, 2020, the US National Security Agency issued a cybersecurity advisory warning that "Russian State-sponsored actors" were exploiting a vulnerability in the digital workspace software developed by VMware (VMware®1Access and VMware Identity Manager2 products) using compromised credentials.
A malware called SUNBURST infected SolarWind's customers' systems when they updated the company's Orion software.
On December 30, 2020, Reuters reported that the hacking group behind the SolarWinds compromise was able to break into Microsoft Corp and access some of its source code. This new development sent a worrying signal about the cyberattack's ambition and intentions.
Microsoft president Brad Smith said the cyber assault was effectively an attack on the US, its government, and other critical institutions, and demonstrated how dangerous the cyberspace landscape had become.
Based on telemetry gathered from Microsoft's Defender antivirus software, Smith said the nature of the attack and the breadth of the supply chain vulnerability was very clear to see. He said Microsoft has now identified at least 40 of its customers that the group targeted and compromised, most of which are understood to be based in the US, but Microsoft's work has also uncovered victims in Belgium, Canada, Israel, Mexico, Spain, the UAE, and the UK, including government agencies, NGOs, and cybersecurity and technology firms.
Although the ongoing operation appears to be for intelligence gathering, no reported damage has resulted from the attacks until the publishing date of this article. This is not "espionage as usual." It created a serious technological vulnerability in the supply chain. It has also shaken the trust and reliability of the world's most advanced critical infrastructure to advance one nation's intelligence agency.
The Russian denial raised the question of a gap of accountability in attributing cyberspace attacks to a nation-state or specific actor. Determining who is to blame in a cyberattack is a significant challenge, as cyberspace is intrinsically different from the kinetic one. There is no physical activity to observe, and technological advancements have allowed perpetrators to be harder to track and to remain seemingly anonymous when conducting the attack (Brantly, 2016).
To achieve a legitimate attribution, it is not enough to identify the suspects, i.e., the actual persons involved in the cyberattacks but also be able to determine if the cyberattacks had a motive which can be political or economic and whether the actors were supported by a government or a non-state actor, with enough evidence to support diplomatic, military, or legal options.
A recognized attribution can enhance accountability in cyberspace and deter bad actors from launching cyberattacks, especially on civilian infrastructures like transportation systems, hospitals, power grids, schools, and civil society organizations.
According to the United Nation's responsibility of States for Internationally Wrongful Acts article 2, to constitute an "internationally wrongful act," a cyber operation generally must be 1) attributable to a state and 2) breach an obligation owed another state. It is also unfortunate that state-sponsored cyberattacks violate international law principles of necessity and proportionality.
Governments need to consider a multi-stakeholder approach to help resolve the accountability gap in cyberspace. Some states continue to believe that ensuring international security and stability in cyberspace or cyberpeace is exclusively the responsibility of states. In practice, cyberspace is designed, deployed, and managed primarily by non-state actors, like tech companies, Internet Service Providers (ISPs), standards organizations, and research institutions. It is important to engage them in efforts to ensure the stability of cyberspace.
I will name two examples of multi-stakeholder initiatives to secure cyberspace: the Global Commission on the Stability of Cyberspace (GCSC), which consisted of 28 commissioners from 16 countries, including government officials, has developed principles and norms that can be adopted by states to ensure stable and secure cyberspace. For example, it requested states and non-state actors to not pursue, support, or allow cyber operations intended to disrupt the technical infrastructure essential to elections, referenda, or plebiscites.
Cyberpeace Institute is a newly established global NGO that was one-year-old in December 2020 but has the important goal of protecting the most vulnerable and achieve peace and justice in cyberspace. The institute started its operations by focusing on the healthcare industry, which was under attack daily during the COVID 19 pandemic. As those cyberattacks were a direct threat to human life, the institute called upon governments to stop cyber operations against medical facilities and protect healthcare.
I believe that there is an opportunity for the states to forge agreements to curb cyberattacks on civilian and private sector infrastructure and to define what those boundaries and redlines should be.
SolarWinds and the recent attacks on healthcare facilities are important milestones as they offer a live example of the paramount risks associated with a completely unchecked and unregulated cyberspace environment. But it will only prove to be a moment of true and more fundamental reckoning if many of us, governments, and different multi-stakeholders played a part, each in their respective roles, in capitalizing and focusing on those recent events by forcing legal, technological, and institutional reform and real change in cyberspace.
It's time to take a stand or a knee!
The effects of the Solarwinds attack will not only impact US government agencies but businesses and civilians that are currently less secure online. Bad actors are becoming more aggressive, bold, reckless and continue to cross the red lines we considered as norms in cyberspace.
Vulnerable civilians are the targets of the intrusion tools and spyware in a new cyberspace wild west landscape. Clearly, additional legal and regulatory scrutiny is required of private-sector offensive actors or PSOAs. If PSOA companies are unwilling to recognize the role that their products play in undermining human rights or address these urgent concerns, then, in this case, intervention by governments and other stakeholders is needed.
We no longer have the privilege of ignoring the growing impact of cyberattacks on international law, geopolitics, and civilians. We need a strong and global cybersecurity response. What is required is a multi-stakeholders' courageous agenda that redefines historical assumptions and biases about the possibility of establishing new laws and norms that can govern cyberspace.
Changes and reforms are achievable if there is will. The Snowden revelations and the outcry that followed resulted not only in massive changes to the domestic regulation of US foreign intelligence, but they also shaped changes at the European Court of Human Rights, the Court of Justice of the European Union, and the UN. The Human Rights Committee also helped spur the creation of a new UN Special Rapporteur on the Right to Privacy based in Geneva.
The new cyberspace laws, rules, and norms require a multi-stakeholder dialogue process that involves participants from tech companies, academia, civil society, and international law in global discussions that can be facilitated by governments or supported by a specialized international intergovernmental organization.
Shareholders benefit from registry operator providing sanctuary to online criminals and child sex abusers; Congress instructed NTIA to fix the problem — here's how.
"The Internet is the real world now."
This assessment was offered by Protocol, a technology industry news site, following the very real violence on Capitol Hill during the counting of the electoral college votes that officially determines the next president of the United States. The media outlet went on to say that, "[t]he only difference is, you can do more things and reach more people online — with truth and with lies — than you can in the real world."
Despite a seminal role as the Internet's originator and a global leader in technology adoption, Americans have often struggled with addressing the negative ramifications of technology. One example is the debate about violence in video games, which has been cited as possibly contributing to tragic incidents of gun violence in American schools. Concerns about possible correlations between what teenagers were seeing in video games and what a small number of students then chose to act out in real life sparked a national conversation involving policy makers, parents, teachers, students, video game companies and a myriad of other stakeholders seeking solutions that might address the issue.
This robust engagement by a broad spectrum of stakeholders, particularly the video game industry itself, sits in stark contrast to the anemic, trying-but-not-really, effort seen from ICANN and its registry operators and registrars to make domain name registrant identification data available to U.S. law enforcement, American consumers, intellectual property owners, and other stakeholders with legitimate access needs.
To briefly summarize, following the global adoption of the European Union's General Data Protection Regulation (GDPR), ICANN unilaterally determined that the WHOIS database — which had been operating since the modern Internet's inception and before ICANN was created — contravened the E.U.'s new law and relieved registries and registrars from contractual obligations that required the collection of WHOIS registrant data.
ICANN then convened the comically misnamed and hapless Expedited Policy Development Process, or EPDP, to convene stakeholders and develop a solution. This so-called expedited process — which has been declared a failure of the multistakeholder governance model by ICANN's Governmental Advisory Council along with its Business and Intellectual Property Constituencies and others in minority statements accompanying proposed recommendations — has taken years to develop a proposed solution that enjoys little support from the stakeholders that developed it, isn't likely to be effective, and, in any event, will be implemented at a leisurely pace expected to be completed somewhere between years from now and never.
Considering that the availability of registrant identification data to anyone with access to the Internet has been a stated Internet policy imperative of the U.S. government since before ICANN existed and was referred to simply as NewCo, it is fair to consider that there is more — much more — to this process failure than meets the eye.
The reality is that registry operators and registrars have never been fans of collecting, storing, and making registrant identifiers available. However, before ICANN unceremoniously disposed of WHOIS, every registry operator provided what is known as Thick WHOIS data — which, as the adjective suggests, includes registrant identifiers along with basic Thin WHOIS data about the domain name itself — with one glaring exception: Verisign.
Thick WHOIS was approved for implementation by ICANN's Board in February 2014. Nearly three years passed until a Proposed Policy Implementation plan was issued for .com, .net, and .jobs — all Verisign-operated — to transition to Thick WHOIS and also set deadlines of May 2018 and February 2019 for compliance. Five years would seem a generous allotment of time for complying with a data-collection rule that every single other registry and registrar were already complying with.
However, in October 2017, May 2018, October 2018, and March 2019, ICANN's Board granted six-month extensions requested by Verisign. Finally, in November 2019, ICANN's Board acquiesced to Verisign's fifth extension request by granting an indefinite deferral until a group of conditions are satisfied pertaining to implementation of the EPDP — developed replacement for WHOIS — which, as previously noted, is now known to be somewhere between years from now and never.
It is unclear what persuaded ICANN's Board that these delays affecting a majority of the Internet's domain names were in the public interest or anything other than a terribly awful idea. However, given recent evidence of ICANN's susceptibility to loosening consumer pricing safeguards after receiving $20 million contribution earmarked for "security, stability, and resiliency," one is forgiven for being curious about the street value of such pliancy.
What is beyond certain is that compliance costs weren't prohibitive for any of the much smaller and less profitable registries and registrars who all complied dutifully while their much bigger and much wealthier fellow registry skated by with endless delays. A sentient observer is forgiven for concluding that there is a double standard where, on one hand, the Internet's largest domain name monopolist enjoys a close working relationship and cozy alignment with ICANN that produces tangible beneficial outcomes while, on the other hand, are the hoi polloi, the great unwashed, and les miserables — otherwise known as everybody else.
Regardless, security, stability, and resiliency, or SSR, is an unfortunate, limited, and network-centric view of the mission for Internet policy that is dangerously outmoded. A more modish view, perhaps, would put humans at the center of Internet policy development and this may result in which could result in a more expanded and expansive view, not of authority or mandate, but of obligation and duty as more stakeholders began viewing safety as a necessary addition to the SSR trifecta.
That being said, the consequences of network-centric thinking are clear and terrible things are being perpetrated in the deep shadows cast by the void of registrant identifier data. The harm to American persons and property is undeniable and multiple U.S. federal agencies have weighed in with increasing alarm.
In 2006, then-Chairman of the Federal Trade Commission, Jon Leibowitz, traveled to ICANN's meeting in Morocco and warned that, "(t)he FTC is concerned that any attempt to limit Whois to this narrow purpose will put its ability to protect consumers and their privacy in peril."
More recently, in 2020, the FTC wrote to Congress and said, "(t)he FTC uses this (WHOIS) information to help identify wrongdoers and their location, halt their conduct, and preserve money to return to defrauded victims."
The Department of Homeland Security has also weighed in, saying in a 2020 letter that, "(s)ince the implementation of GDPR, HSI has recognized the lack of availability to complete WHOIS data as a significant issue that will continue to grow." DHS also cited in the same letter that lack of WHOIS information as hindering its response times to criminal activity.
Perhaps most damning, however, is the State Department's official statement of U.S. policy regarding GDPR which declared, "...WHOIS no longer functions properly. As a result, criminal investigations necessary to protect the public — including the most vulnerable, such as children who are subject to online sexual abuse — have been impeded."
Let that sink in for a moment: the official position of the United States government is that the deliberate dysfunction of WHOIS directly correlates to the sexual victimization of children. Then consider the words written in a letter by a consortium of groups combatting online sexual abuse of children which said:
"Verisign is uniquely unforthcoming. We have regularly worked and had conversations with just about every Internet company you can think of and quite a few you are unlikely to know. Only Verisign has been so utterly uncommunicative. This is a very poor show and runs completely contrary to the spirit of multi-stakeholderism."
The letter continues in strong and unequivocal language:
"To put the matter plainly, it is immoral for a business to attempt to deflect responsibility by arguing these matters are the sole provenance of law enforcement and courts. As the dominant registry in the global system, Verisign should be taking a leadership position, adopting voluntary procedures to combat online child sexual abuse."
Considering that a 2017 report of the Internet Watch Foundation found that 79% of all child sexual abuse webpages reside in .com and .net, one might consider appealing to those who are actually benefitting from the registration fees that are collected by Verisign for the domain registrations used for such heinous activity. A quick search online reveals that Verisign is, by and large, owned by a veritable cornucopia of the richest and most powerful institutional investment firms in the world.
There are too many to list here but, as of September 2020, the top four, each with an equity position that exceed $1 billion, are Berkshire Hathaway, Vanguard Group, BlackRock, and Renaissance Technologies. Far from enlightened, however, Verisign shareholders are, in fact, malefactors of great wealth who are profiting from registration fees that are paid to Verisign by intellectual property thieves, child sex abusers, and other criminals that operate in the Internet's largest registries. These bad actors remain unmolested because the registry operator not only didn't implement essential Thick WHOIS data requirements that protect Americans but also stood by and did nothing while ICANN incinerated WHOIS entirely.
It is important to keep in mind that this is a company operating risk-free legacy registries entrusted to it by the U.S. government with the explicit understanding that it could enjoy ridiculously massive profits in exchange for nothing more than protecting the public interest. Considering the literally gross profit margins being generated, the question for shareholders is simple: if they are benefiting from this, then they should know about it; if they aren't, then it shouldn't be happening.
The time for discussion and debate is over. There is too much bad faith, too many agendas, and too much water under the bridge. Fortunately, since there is no requirement that ICANN must oversee the collection of registrant identifiers — and it has more than proven itself incompetent and incapable of doing so — the solution is likely very simple.
Availability of registrant identifiers has always been a priority of the U.S. government and it should solve the problem in much the same way that the E.U. precipitated it: by setting a policy that must be complied with by every registry and registrar that maintains a domain name registration that is, or may be, accessed by an American citizen. Failure to comply should result in the levying of hefty fines and, if necessary, seizures of domain names and other assets just as the U.S. Treasury Department does for money laundering, terrorist financing, narcotics distribution, and other crimes. Why should online sexual abuse of children, illegal opioid sales, intellectual property theft, and other crimes that harm Americans be combatted any less vigorously?
In the past, domain name registrant data could be found online at internic.net and after ICANN's formation, it was granted a license to the InterNic trademark and website. But the trademark is still owned by the U.S. Commerce Department which should send a strong and unmistakable message of no-confidence to ICANN and its contracted parties by cancelling the license and reclaiming its property as the new forever home for registrant identifier data that is "available to anyone with access to the Internet."
Written by Greg Thomas, Founder of The Viking Group LLC
When one person transmits the speech of another, we have had three legal models, which I would characterize as Magazine, Bookstore, and Railroad.
The Magazine model makes the transmitting party a publisher who is entirely responsible for whatever the material says. The publisher selects and reviews all the material it published. If users contribute content such as letters to the editor, the publisher reviews them and decides which to publish. The publishing process usually involves some kind of broadcast, so that many copies of the material go to different people.
In general, if the material is defamatory, the publisher is responsible even if someone else wrote it. In New York Times Co. v. Sullivan, the court made a significant exception that defamation of public officials requires a plaintiff to show "actual malice" by the speaker, which makes successful defamation suits by public figures very rare.
The Bookstore model makes the transmitting party partly responsible for material. In the 1959 case Smith v. California, Smith was a Los Angeles bookstore owner convicted of selling an obscene book. The court found that the law was unconstitutional because it did not require that the owner had "scienter," knowledge of the book's contents, and that bookstore owners are not expected to know what is in every book they sell. (It waved away an objection that one could evade the law by claiming not to know what was in any book one sold, saying that it is not hard to tell whether one would be aware or not.) In practice, this has worked well, allowing bookstores and newsstands to sell material while still having to deal with defamatory or illegal material if told about it. Bookstores and newsstands engage in limited distribution, selling a variety of material but typically selling one copy of a book or magazine at a time to a customer.
The third is the Railroad model, or common carriage. Originally this applied to transport of people or goods, in which the carrier agrees to transport any person or any goods, providing the same service under the same terms to everyone. In the US, telephone companies are also common carriers, providing the same communication service to everyone under the same terms. As part of the deal, the carriers are generally not responsible for the contents of the packages or messages. If I send a box of illegal drugs or make an illegal, threatening phone call, I am responsible, but UPS or the phone company is not.
Common carriage has always been point to point or at most among a set of known points. A railroad takes a passenger or a box of goods from one point to another. A telephone company connects a call from one person to another, or at most to a set of other places determined in advance (a multipoint channel.) This is nothing like the publisher, which broadcasts a message to a potentially large set of people who usually do not know each other.
How does this apply to the Internet? Back in 1991 in Cubby vs. Compuserve, a case where a person was defamed by material hosted at Compuserve, a federal court applied the bookstore standard, citing the Smith case as a model. Unfortunately, shortly after that in Stratton Oakmont vs. Prodigy, a New York state court misread Cubby and decided that an online service must either be a publisher or a common carrier and since Prodigy moderated its forum posts, it was a publisher.
In response, Congress passed section 230, which in effect provided the railroad level of immunity without otherwise making providers act like common carriers.
There are not many situations where one party broadcasts other people's material without going through a publisher's editorial process. The only one I can think of is public access cable channels, which unsurprisingly have a contentious history, mostly of people using them to broadcast bad pornography. The case law is thin, but the most relevant case is Manhattan Community Access Corp. v. Halleck, where the Supreme Court ruled 5-4 that even though a New York City public access channel was franchised by the state, it was run by a private entity so the First Amendment didn't apply. These channels are not a great analogy to social networks because they have a limited scope of one city or cable system, and users need to sign up, so it is always clear who is responsible for the content.
Hence Section 230 creates a legal chimera, splicing some common carrier liability treatment on a broad range of providers who are otherwise nothing like common carriers. This is a very peculiar situation and perhaps one reason why Section 230 is so widely misunderstood.
Does this mean that the current situation is the best possible outcome? To put it mildly, a lot of people don't think so. Even disregarding those who have no idea what Section 230 actually does (e.g., imagining that without 230, their Twitter posts would never be deleted), there are some reasonable options.
The magazine model, treating every platform as a publisher, won't work for reasons that I hope are obvious--the amount of user-contributed material, even on small sites, is far more than any group of humans could possibly review. (On my own server, I host a bunch of web sites for friends and relatives, and even that would be impossibly risky if I were potentially liable for any dumb thing they or their commenters might say.)
The bookstore model, on the other hand, worked when the Cubby case applied it to Compuserve, and it could work now. Sites are immune for the material they haven't looked at or been told about, but they have to do something when notified. Getting the details right is important. The copyright notice and takedown rules of the DMCA sort of work but are widely abused by people sending bogus complaints in the (often correct) hope that sites will take the material down without reviewing the complaint or allowing the party that posted the material to respond. There has to be a reasonable balance between what is a notice and what is a reasonable response, but that doesn't seem impossible to figure out.
Written by John Levine, Author, Consultant & Speaker
Rampant dysfunction currently plagues the Internet's root zone where a predatory monopolist has captured ICANN and is bullying stakeholders. This harms the public interest and must be addressed — here's how.
Introduction: How To Save The Internet In 3 Simple Steps
In the world of ICANN and Internet policy, complexity is manufactured to create an illusion that issues are impenetrably technical such that normal and everyday principles can't apply. This causes a pervasive and entrenched phenomenon of eyes that glaze over at the mere mention of the word "ICANN" — including those of government regulators and other officials that might otherwise take more of an active interest. Thus, only rarely does anyone attempt untangling one of the messy issues impacting Domain Name System (DNS) governance that often resemble a Gordian knot. Instead, most take a leap of faith by entrusting matters to ICANN along with its contracted parties and other stakeholders before finding something else to do.
Untangling these Gordian knots — and there are more than one — requires an accurate understanding of what is going on in an interconnected web of intrigue with many moving parts and different players. Today, the Internet's root zone, like a failed state, is dominated by predatory corporate warlords intent on maximizing control of Internet infrastructure that they don't own but which they feel entitled to. Their pursuit of this anticompetitive aim has thoroughly corrupted the entire DNS ecosystem and is normalized as the status quo.
Some argue for replacing ICANN with a new organization created by an amorphous "global community of stakeholders." However, this is dangerously naive at best because the exact same fate would likely befall any successor to ICANN if what causes the dysfunction isn't fixed first. A much darker view recognizes that, since the IANA transition, certain interests with their own agendas have loosely aligned around the common goal of a root zone that is beyond U.S. jurisdiction. This should raise questions, if not outright suspicions, about whether governance dysfunction is being purposely exacerbated towards a full-blown crisis that can be exploited to achieve the aim of these inimical interests.
The possibility that this theory is even partially true adds to the impetus for addressing the corruption, dysfunction, and capture that makes the Internet's root zone resemble a failed state. Doing so requires a reboot of the Internet's root that restores governance back within design parameters by properly implementing privatization while also resetting certain areas where non-standard deviations are causing harmful downstream effects. At a minimum, such a reboot must:
Undo Amendment 35 of the NTIA-Verisign Cooperative Agreement;
Delete Presumptive Renewal From Legacy Registry Agreements;
Open the Internet's Largest Registry to Market Competition.
Necessarily, this is an ambitious agenda — so let's pop the hood and take a closer look at how to save the Internet in three simple steps.
Ctrl-Z: Undo Amendment 35 of the NTIA-Verisign Cooperative Agreement
The cooperative agreement — which was first signed by the U.S. government and Network Solutions, Verisign's predecessor-in-interest, in 1993 — is a foundational document of Internet governance and the legal instrument by which the U.S. government delegates key management functions of the Internet's DNS to the private sector. It has been amended thirty-five times, most recently in October 2018, when the U.S. Commerce Department exercised a unilateral renewal option while also approving transformative modifications to the agreement that singularly benefit Verisign at the expense of the public interest.
First and foremost, Amendment 35 removed an essential pricing safeguard that was implemented in 2012 and capped the maximum price that Verisign could charge for .com domain names at $7.85. This price restriction — which protected .com domain name registrants from arbitrary and excessive price increases by Verisign — resulted from the findings and recommendations of a 2012 empirical review of .com's market power conducted by the U.S. Justice Department.
Oddly, the Commerce Department's decision to remove the pricing safeguard wasn't based on updated empirical findings from the Justice Department, which hasn't conducted any formal competition review of .com since 2012. The absence of any updated review is conspicuous, particularly because it ignores at least one Congressional request for an updated review, dating from 2016, and also contradicts the Justice Department's own expectations regarding the cooperative agreement and assurances that were provided to Congress, also in 2016.
The consequences of the Commerce Department's decision to remove this essential consumer protection became clear in short order when ICANN disregarded an unprecedented outpouring of more than 9,000 public comments unanimously opposing any increase in .com pricing and, instead, sold pricing power to Verisign for $20 million.
The removal of such an essential consumer safeguard without any empirical basis for doing so harms the public interest. But Amendment 35 makes other changes to the cooperative agreement that fundamentally transform the nature of the relationship between the U.S. government and Verisign. The most problematic of these is that Amendment 35 makes any future amendment of the cooperative agreement — including any potential regulatory action — subject to mutual consent of both parties. This means that reinstating the pricing safeguard would require Verisign's consent, and the likelihood of this happening is between slim and none — and slim just left town.
The troubling terms of Amendment 35, however, aren't nearly as disturbing as the process by which it was allegedly approved. According to sources, former Secretary of Commerce Wilbur Ross sidelined the responsible agency, the National Telecommunications and Information Administration (NTIA), and personally directed the cooperative agreement renewal and Amendment 35.
On September 19, 2018, Secretary Ross met privately in his office with then-NTIA Administrator David Redl. During this brief meeting, Secretary Ross is alleged to have handed Redl a document containing the text of what later became Amendment 35 and instructed him to amend the cooperative agreement with the provided text without any further modification or review. Sources have further alleged that Secretary Ross received the document that was provided to Redl while attending a dinner function the prior evening at which other senior government officials, including the Secretary of State, were also present.
Although sources did not identify the person or persons that allegedly gave the document to Secretary Ross, publicly-available official records from the Commerce Department and NTIA confirm that the private meeting with Redl took place as described as well as the dinner function the night before. These allegations, along with the corroborating official records, suggest that improper political interference occurred that involved the highest levels of the Commerce Department, including the Secretary. If true, this would explain how Amendment 35 — truly a terribly awful deal — came to be approved. At a minimum, much greater scrutiny is needed that can shed light on the circumstances surrounding Amendment 35.
Notwithstanding the veracity of these allegations, the government should ask a federal judge to nullify Amendment 35 to the cooperative agreement with Verisign, pursuant to the Administrative Procedures Act. The terms of the amendment are anathema to the public interest and hamstring the government from effectively protecting consumers and the broader public interest. Also, Congress wasn't consulted, and the timing of the amendment — which was signed a month early at the end of October while Congress was in recess for the 2018 mid-term election — raises concerns about whether Congress was deliberately kept in the dark in order to avoid oversight.
The result is a deal that lopsidedly benefits Verisign at the expense of, literally, everyone else. Accordingly, the new Administration should prioritize the interests of DNS stakeholders, .com registrants, and fans of good government by hitting Ctrl-Z to undo Amendment 35 so that it can be replaced with an amendment that adheres to proper procedures, relies on a full and updated empirical review of the market power of .com, and, most importantly, benefits the public interest.
Stay tuned for Part 2 — Delete Presumptive Renewal From Legacy Registry Agreements — Coming Soon!
Written by Greg Thomas, Founder of The Viking Group LLC
As I write this, it is World Holocaust Day, 27th January 2021, a memorial of the atrocious events that shocked and outraged the conscience of humanity and gave birth to the Universal Declaration of Human Rights in 1948, the year that Holocaust victims majority of whom were Jews re-established the nation of Israel. Most of us can never begin to imagine the extent of the atrocities but relive the experiences through movies or documentaries, including but not limited to Spielberg's 1993 Schindler's List, Son of Saul, Europa Europa, The Lady in Number 6: Music Saved My Life, Secret Lives: Hidden Children and their Rescuers During WWII. I am also reminded of visits to the United States Holocaust Memorial Museum and in particular the Propaganda section. Lest we forget, incitement to hate a particular people was propagated through the media when state broadcasting units fuelled and created a culture and environment conducive to the movement to extinguish Jews through the Holocaust where the majority thought it was a righteous act to extinguish an entire race but with the passage of time, remorse, shame, repentance, forgiveness and a semblance of peace and justice.
As I am sat perched on my chair, with a mug of coffee in hand, on this wintry night, I am also reminded of being in Paris in 2018 on the 100th Anniversary of World Armistice Day, where over 60 Heads of State including the past President of the United States of America, Donald Trump, Germany's Angela Merkel, Canada's Justin Trudeau and Russia's Vladimir Putin joined the French President Emmanuel Macron to reflect on lessons from the Armistice and the state of world peace. The Armistice did not mean peace as there were appalling wars that ensued for several years. Even a few days after the 100th Anniversary of the Armistice Day, there were protests in France against fuel taxes and marches by the gilets jaunes (yellow jackets).
On 12th November 2018, one day after the 100th Anniversary of the Armistice in Paris as the world gathered for the first edition of the Paris Peace Conference that week, the 13th United Nations Internet Governance Forum (IGF) was also in session in Paris where my colleagues and I had organized a Main Session which I chaired, titled "Media as a Cornerstone for Peace, Assault on Media Freedom as a Cornerstone for Peace, Assault on Media Freedom and Freedom of Expression," watch the session or view the transcripts here. The decade before had witnessed the Arab Spring, conflicts, imprisonment of journalists and attacks on media freedoms in certain regimes and in Western Democratic countries, emergence of fake news, media losing credibility, capture of media by some corporates.
The Main Session featured global experts who were actively monitoring the pulse of media, assault on freedom of expression and media freedoms and conflicts. It featured experts such as Professor Luz Estella Nagle, former Judge in Colombia who confronted drug lords and corruption in Colombia of Stetson University College of Law, Professor Rasha Abdullah from the American University in Egypt and expert in journalism and author of the Internet in Egypt and the Arab World, Mr. Giacomo Mazzone, Head of Institutional Relations of the European Broadcasting Network Union, Facebook India's Ankhi Dass, Pakistan's Digital Rights Shmyla Khan, Professor Yik Chan Chin, author of Internet Governance in China: the Network Governance Approach from the Liverpool University in China. These experts shared their reflections and heralded a warning of what was coming.
As humanity stands in 2021 on the precipice of economic depression, food shortage, business closures, property seizures, amongst underlying geopolitical wars, civil wars and the express dominance of Big Tech, the usurpation of access to free knowledge, increasing censorship and abuse, our civil liberties and freedoms are in grave danger.
The continuous assault on our freedoms and liberties where the media has been captured by either State or elite few who control interests in the media to manipulate them to do their bidding.
Regardless of whoever is in control, the media continues to be a tool for propaganda. Today as we reflect on the World Holocaust Day and the lessons from history, it would appear that we have not learnt the lesson. The propaganda and peddling content by either the State or the elite who have manipulated censorship of content to perpetuate their agenda at the expense of global public interest.
When the media in Western democracies remove consumers' right to choose content and form their opinions. The takeover by Big Tech of freedom of expression veiled under the guise of "fake news", "political palatability" or "commercial agenda" and censorship of social media that has influenced people's behavior, kicking people off platforms because they peddle content foreign to our ideologies is the nail on the coffin on freedom of expression.
In previous pieces, I had highlighted Twitter banning Linehan and since then, outgoing President Donald Trump was banned from Twitter whilst still President on the 8th January 2021. Today, it was reported that Colleen Oefelein, an associate literary agent with New York's Jennifer De Chiara Literacy Agency was dismissed after her boss learned that she owned accounts on Gab and Parler (2021, Apex World News). Mexico's Cardinal Juan Sandoval Iniguez is reported today to have been censored by Facebook for saying in a video that the pandemic will last for several years and for blasting Bill Gates (2021, Apex News). Bill Gates is one of the major shareholders within Facebook, and it would appear that content relating to him, the vaccines, the pandemic are all censored across most social media platforms.
In 2016, Professor Rasha Abdullah had highlighted in a workshop with then UN Special Rapporteur David Kaye that the definition of fake news should be where it has the intention to deceive. On 3rd March 2017, United Nations Special Rapporteur on Freedom of opinion and expression, David Kaye, along with his counterparts from the Organization for Security and Co-operation in Europe (OSCE), the Organization of American States (OAS), and the African Commission on Human and Peoples' Rights (ACHPR) issued a Joint Declaration on Disinformation and Propaganda, see here.
There is increasing censorship by most Social Media platforms forcing people to also choose to be on platforms that do not censor content and promote open and free internet platforms that encourage freedom of expression. The takeover of media and all social media platforms is an aggressive war against the freedom to think, freedom to reason, freedom to compare information, freedom to form and hold opinions and freedom to express oneself.
The assumption that censorship is necessary because people are incapable of differentiating content is as absurd as it is ridiculous, particularly when used as a weapon to take away our freedoms!
Sir Tim Berners Lee, who invented the World Wide Web in 1989 and his World Wide Web Foundation had launched a campaign in November 2018 where he was advocating for diverse stakeholders to back a new Contract to protect people's rights and freedoms, see here. The Contract is of the philosophy that knowledge must be kept free whilst strengthening laws, regulations and companies to ensure "pursuit of profit" is not at the expense of human rights and democracy.
If there is a time where information about the pandemic, vaccine and COVID has to be accessible and transparent, it is now! People have the right to understand the ingredients of the vaccines and its impact on their health instead of having content filtered or censored in the name of public good. Put simply, people have the right to access knowledge and knowledge must remain free.
To think that 25 years ago, John Perry Barlow in his Declaration of the Independence of Cyberspace understood the threats by governments and wonder whether, in his declaration, he should have also considered the takeover of these freedoms by non-government entities. If we travel back in time in 2018 in Paris where Professor Luz Estelle Nagle had reminded us that the media is the fourth pillar in a democracy, and she had mentioned way back then that people were losing faith in the media. Professor Nagle had forewarned that the censorship by companies that pay for advertisements was a threat.
Today, as we commemorate World Holocaust Day, we see the same evil that desired to control content then at work trying to control content and censor freedom of expression and civil liberties. Censorship is an evil that possesses those in power or in this information age who influence to cause them to behave in ways that affect us all.
What is increasingly apparent is that in this ecosystem or appearance of democracy, interests have captured key stakeholders in influencing legislation, exploiting the Big Technology companies where they have become more powerful than nation-states. Two days ago, we witnessed the likes of Facebook and Google threatening to pull out of Australia over attempts by the government to require the companies to pay news publishers for articles it links to, see here. That, though, is for another time.
It is a sad day when the media has been weaponized and taken over not only by States as propaganda machines but by the corporate dollar. Those who rise to question these are seen as madmen or fired. Who will guard and defend the freedom of cyberspace, and was it ever really free? The internet must remain open and free!
The erosion of our civil liberties is already at our doorstep. We need to arise and speak up whilst we still can and push back the forces of evil.
"We are still in the early days of an information civilization. The third decade is our opportunity to match the ingenuity and determination of our 20th-century forebears by building the foundations for a democratic digital century."1 (Shoshana Zuboff)
One of the consequences of the Jan 6th events is a renewed attention towards Surveillance Capitalism as a key doctrine undermining democracy.2 This 2-part series of articles discusses the emergence, rise, and fall of Surveillance Capitalism under the premise that the better we understand the danger at the door, the better we are able to confront it.
Born out of the opportunity to monetize data
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks." Article 12 UDHR3
Privacy is a human right! We communicate, trade, negotiate, love and hate over the Internet, but we have become used to and accept that someone somewhere is observing everything we do. How did this state of affair come about? We need to look at its history to get answers.
In the beginning, privacy was not even an issue. The first digital networks were small, privacy was simply expected and respected, and those who did not observe the rules became subjected to peer pressure. In 1989 Tim Berners-Lee's Hypertext Transfer Protocol (HTTP) enabled the creation of the World Wide Web, but things were still off for a slow start due to a lack of mass appeal.4 This changed in 1993 with the introduction of the mosaic browser that combined different protocols and increased the practical uses of the www to such an extent that it became an attractive proposition for commercial networks to offer services to consumers. Computers moved in status from being a nerd's luxury item to a must-have necessity, making the Internet the next "big thing." The world stood at the beginning of the digital age. Software was changing everything, and the steel and iron atoms of the industrial age began to be replaced by bits. Spurred on by the 1997 US Taxpayer Relief Act, which lowered the capital gains tax, venture capital investors, not wanting to lose out on new opportunities, found their way into Silicon Valley. An Entrepreneur would come up with an idea, and as there were no experiences and precedence to go by, its potential had to be guestimated. With a little bit of luck and a convincing pitch, investments enabled entrepreneurs to create the infrastructure they needed. The plan was to eventually go public with an initial public offering (IPO) to satisfy the initial investors and get the cash to grow. Investments in technologies were further encouraged by investment banks, that stood to profit most as even the most rudimentary dotcom companies achieved massive valuations that stood in stark contrast to their real potential earnings. In 2000 the majority of the supposedly golden cows still only ate green bucks but failed to give any milk, the so-called dotcom bubble burst taking with it the majority of dotcom startups.
Trendsetter Google
The Google startup survived and grew in the early 2000s, its search engine based on a dual revenue model of selling both keyword advertising and the resulting clicks to the highest bidder. Google was different from other search engines. It added meaning to numbers by basing its search result not just on how many times a page had been clicked on before, but its algorithm also took into account how the page related to others, giving the search result more relevance. Despite running into trouble when another company sued it over alleged infringements of pay-per-click and bidding patents, Google was growing. Under its CEO Eric Schmidt, who joined in 2001, Google systematically developed its capacity to make predictions about its users. True to Google's concept to add meaning to search, user data could be fed to algorithms to predict behavior, minimizing uncertainty and commercial risk. The data used was a free waste byproduct of the search that was previously stored unused on the Google servers. The more data, the better the predictions, so consequently, in 2003, Google began to acquire new data sources such as Blogger websites to increase its abilities to collect data. It never looked back. Many companies followed Google and offered their digital gadgets free of charge in exchange for personal data that could be monetized: Surveillance capitalism was born.5 The only small problem was that it was immoral and infringed on basic human rights, such as privacy.
About Unicorns
The dotcom bubble crash of the early 2000s put an end to many dotcom dreams. Both dotcoms and investors had to change the way they did business. The dotcoms discovered surveillance of its users' data as a reliable income stream, and venture capitalists learned that they could use the predictions to minimize their risk.
The hunt for the elusive "unicorns"6 was on. Unicorns are tech companies that achieved a market value of one billion USD or more by disrupting, taking over, and dominating existing human economic and social behaviors, like taking a taxi, finding a plumber, or just talking to neighbors and friends, through software. The new "business model" is to establish the unicorn as the sole communication channel between people and those who provided real work or service for their customers. Hardly any unicorn has any interest in the craft required to provide a product or service; its only interest is to control the exchange between provider and customers and so enabling a multitude of revenue making channels.7
Marauding Armies.
"Blitzscaling," seeking a lightning-fast path to building massively valuable companies, became the method for the creation of a Unicorn. The key factor for success is to control of the targeted marked segment by introducing and establishing new disruptive software as the "new way to do things", and doing so quick enough to deter competition, prevent regulators and existing businesses to react, and reach a market share that represented a de facto monopoly. The aim is to drive as many users as possible to the new ways in the shortest possible time. Blitzscaling is the cyber economy equivalent of a marauding army's attack on an unsuspecting country. All means to reach the goal are pursued and justified in the name of "innovation." If things got ugly and public, there was always the option to say sorry later after a new and secure digital beachhead has been created.
Blitzscaling unicorns were supported by technical and infrastructure advances that allowed entrepreneurs to create and deploy their software as apps requiring only a minimum of infrastructure. The smartphone became distribution channels for the product in the form of apps, social media became the medium for marketing, and cloud computing enabled startups to scale up with growing demand.
Feeding the Beast
Massive up-front investments where required to push the "innovation" into all aspects of a person's live and into their minds, with the Internet of Things (IoT) enlisting homes, cars, and electronic devices in that assault. The biggest part of the needed investment is to disrupt existing channels by undercutting prices for as long as required, to displace or incorporate existing players. Looking and acting big is the key to become big. Almost like Unicorns that are not real, the digital unicorn task is to make others believe that they are real and have unlimited growth potential. Unicorns begin life with massive debt owed to investors through increasingly bigger funding rounds that were justified with promoted/perceived increases in the dotcom's valuation.8 The promised day will come when the IPO rewards all handsomely. As a result, IPOs routinely overvalue the companies. While investment bankers' cash out with huge profits, the financial breadcrumbs together with debt and risk are frequently left to the personal investors and pension funds.9
Risk Free Investment
Dotcoms and investment funds seem to be a match made in heaven. Dotcoms need massive amounts of investment to feed their unicorns, but in return, they offer what investors want most: risk-free investment. The age-old problem of doing business is that the customer inconveniently has a certain amount of free will and choice, causing uncertainties and the risk of failure. Digital technologies can be used to predict and influence customers' behavior. The more and better the data, the lower the risks. The dotcoms had tasted the forbidden fruit of using private data that was not theirs. Why just observe existing behavior if there is the ability to manipulate behavior and to create the desired trends and realities? (How this is done we discuss later). It is no longer necessary to expose venture capitals to the risks associated with customers' fickle minds when customers can be created around a product.
The goal is to eliminate the human element completely when it comes to investments. The entrepreneur with his innovation is an uncertain decision-maker and is replaced by an algorithm that decides where investments are made. Surveillance capitalism algorithms analyze data to identify market segments to be exploited, create the software to take it over, manage the processes that manipulate people, and disrupt the existing channels until the predicted result is achieved. The real innovation is that the human factor has become predictable and eliminated as a hindrance to success and a risk factor: human needs and public good stop playing any role in investment. Subsequent "Innovation" only takes place to perfect the investment strategies and their execution.10
The goal is to create a golden age of surveillance capitalist-based investment banking, in which machines eliminated the human factor and citizens become mindless customers that create wealth for an ever richer elite. Well, it has not yet quite turned out like that. Following the sound advice to "know thy enemy," we will look at surveillance capitalist values and behavior in the next chapter. We will then discuss how to counter arbitrary interference with our privacy, family, home and correspondence, honor and reputation, and secure the protection of the law against such interference or attacks.
Surveillance Capitalism Values
The dotcom bubble put the Internet at a crossroads. Would users focus on searching the Internet for data, or would the Internet apps search user data for profit? In other words, would it be a space for human development governed by human rights, or would it be a space dominated by data mining and the accumulation of wealth by the few?
Surveillance capitalism still is a risky business. By eliminating some uncertainties, it created new ones. What would happen if Internet users fully understood internet search costs in terms of exploitative data use? Would they demand that their governments outlawed certain digital data use practices? Should morality stay in the way, or be pushed aside, in the cause of a good return. Should measures be taken to justify the unjustifiable in order to mitigate socio-political risks from unhappy citizens?
Separating what belongs together.
The way surveillance capitalist separates a person from one's data reveals that separating what belongs together is a basic principle and instrument for its disruptions disguised as innovations. Surveillance capitalists insist that they have rightful ownership of the personal data they collect. They use several arguments to justify this daylight robbery. One argument is they created and own the platforms. In terms of the data generated, what goes on there and through them is naturally theirs, and they can do with it what they want. Another argument that users willingly agreed to terms of use set out by the application, exchanging data privacy for application use. However, many (most?) users are not aware of what they have agreed to, or they have no choice but to agree because the platform has attained such a dominance that there is no alternative.
The principle that surveillance capitalism operates on is based on separating what belongs together in terms of one's basic human rights. The following explores some examples from the surveillance capitalist's book of separation tricks:
Separating price from product
Surveillance capitalism's digital practices extract meaning from data to sustain completely new business models. Traditionally trade is an exchange of goods against other goods or for monetary payment. There might be free samples as an inducement to try products or services, but that does not last. Surveillance capitalism permanently offers free digital products and services, such as games and social media platforms. It can do so for two reasons.
Digital goods and services basically have up-front costs of production, mainly involving their coding. Unlike a product like a watch or a shoe, where each unit has a distinct production cost, once created, the marginal cost of an online platform allows scaling, as use goes from the few to the millions, at a minimal cost. There may be little economy of scale, but there is also little diseconomy of scale.
Surveillance capitalism had created a new commodity-based currency: personal data and established digital business practices that make it readily exchangeable and transferable into monetized wealth. It created a new way of doing business:
Free digital platforms create personal data
Personal data is used to make predictions about individuals
The predictions are sold to companies to sell products
As the digital marketplace grew, surveillance capitalism killed competition by offering their good for free. Customers became users, conditioned to get their goods for free on the Internet. Few dared to ask what the price was because as the saying goes: "Don't look a gift horse in the mouth".12 Surveillance capitalism, with their bribe of free goods managed to create image of trustworthiness. They had created a Trojan horse that we consumers willingly, gratefully, happily, and without suspicion, pulled into our homes and lives, only to wake up as subjects of surveillance capitalism. Today we need to update another old saying to: "Beware of digital gadgets bearing gifts!"13
Separate the Internet from law and governance.
Surveillance capitalism denies any jurisdiction over its digital business practices. In a space where there is no law, nobody can be held accountable for breaking it. Where there are no human rights protections, nobody can violate them. One must have the audacity to argue that the Internet is a governance free zone. This is just what Google's Eric Schmidt and Jarred Cohen (head of the Google Ideas think tank) did when they proclaimed in their 2013 book that the Internet is "the world's largest ungoverned space."14 Nature abhors a vacuum, and where there is no governance, the space will be filled by those whose who can assert power. Knowledge is power, and who is more powerful than those in possession of knowledge about everybody and everything. It comes with the territory that those who have the knowledge also think that they know what is best for everyone. Trust big cyber-brother; all it needs is to give him access. As Schmidt and Cohen state: "the best thing anyone can do to improve the quality of life around the world is to drive connectivity and technological opportunity," apparently in the absence of governance.
Separate what you say from what you do.
There is no contradiction when Schmidt and Cohen write in the next sentence; "When given the access, the people will do the rest." Another trick from the surveillance capitalist's playbook is to say exactly the opposite of what they really mean or do. When they talk about "the people," they mean big cyber brother, when they give themselves the motto "Don't be evil," they indicate their intention to be evil, and changing to "Do the right thing," tells us that they are not planning to do so. Google chief executive Sundar Pichai wrote in the NY Times that "privacy cannot be a luxury good."15 "Five months later, Google contractors were found offering $5 gift cards to homeless people of color in an Atlanta park in return for a facial scan."16 This reverse meaning speech of surveillance capitalism makes it easy to understand what is going on. If they say they care, you know, it may contribute to hard times for us all. If they talk about freedom, measures to increase digital subservience and slavery are implemented. If they talk about community, be prepared to lose friends. Understanding surveillance capitalism's reverse meaning patterns make every speech of Zuckerberg or Page quite an eyeopener.
Separate Rights from Responsibilities
If you want to take the evil turn on the road, if you want to deny freedom, if you want to stifle innovation, and violate human rights, send someone people might trust, preferable a wise white-bearded elder, and let him use reverse meaning speech to protest loudly against others that are doing what in fact you are doing. Present yourself as the defender of rights whilst your business is violating them.
Vint Cerf, widely acclaimed as one of the "fathers of the Internet" and Google's "Chief Internet Evangelist," demonstrated his mastery of the distraction trick in an NY Times article from 2014.17 Aware of the choice the Internet had to make, he sends everyone in the wrong direction by raising the alarm about others:
"The Internet stands at a crossroads. Built from the bottom up, powered by the people, it has become a powerful economic engine and a positive social force. But its success has generated a worrying backlash. Around the world, repressive regimes are putting in place or proposing measures that restrict free expression and affect fundamental rights."
He later exclaims: "Such proposals raise the prospect of policies that enable government controls but greatly diminish the "permissionless innovation" that underlies extraordinary Internet-based economic growth, to say nothing of trampling human rights." For Cerf, innovation justifies everything and gives it the status of a higher all overriding value, a golden calf that the people of Cyberspace worship. As a justification for the legal immunity of innovation he cites economic growth and perversely the defense of human rights.18 It is like letting a murderer go free because his freedom to kill justifies his deed.
Facebook and Amazon have different digital business models, but they are very similar when taking responsibility for content. The former refuses to prevent harm to their users from fake news and hate speech, while the latter refuses to protect its customers from dangerous and counterfeit goods. They both claim to be just providing a platform for the activities of others.
Separate yourself from Regulations and Product Responsibility
As the Cerf example above shows, one of the main concerns of surveillance capitalism is to avoid regulations that would restrict their activities at all costs.
If the platforms and apps are the means of production, the data they generate and host are the product. Surveillance capitalists are very keen on denying responsibility for content their platforms host. They have no interest whatsoever in content and are interested only in the data that is derived from it. Data is portrayed as neutral, in the sense that enabling someone to do something with the content does not establish any responsibility for the platform.
But data is never neutral; it always has consequences in one way or another. Platforms and apps are enablers, in the same way, that a gun shop enables the purchase of a gun. Surveillance capitalists are gun shop owners who insist that their freedom and their customers are paramount, and any restrictions constitute an infringement of their fundamental digital data processing rights. Like the NRA, they have an army of lobbyists active in the seats of political power to make their point, and as we will see below, they even managed to make governments the defenders of their exploitation.
Separating action from consequence, rights from responsibilities, and data from content has one chilling consequence. Surveillance capitalism simply does not care about the fate of the individual or group. Humanity is reduced to data sources that are to be managed according to my corporate needs without any obligation or reason to care. It is a very sobering thought that today we live in a world where the main providers of the technology on which we are increasingly dependent simply do not care about us.
Governments have the powers to regulate, so the corporate goal has been to stop them from doing so or make them co-conspirators that valued their association with surveillance capitalism as higher than protecting their own citizens. A big moment along the path to this goal came with 9/11. Intelligence agencies and commerce have one thing in common: they hate uncertainty. While people asked how it could happen and why nobody noticed anything, the surveillance capitalist realized the moment. They could bribe governments into submission through lobbyist bearing gifts or use economic arguments. Still, now there was a way to make governments addicted to the stuff surveillance capitalism sold: data and its analysis. It had what security agencies wanted, a way to observe and know all, and security agencies came knocking on the door. Surveillance capitalism was only too happy to oblige the new customer with data. A whole new market opened up, and surveillance capitalism was quick to exploit it (see Cambridge Analytica), not just for profit but also the interrelationship and dependencies it created. Governments quickly realized that regulating surveillance capitalism would harm them too, and so ensured that, with some harmful exceptions that have more the character of a band-aid than an effective law, the Internet is basically a law and governance free zone.
We can observe more or less effective Internet governance mechanisms, such as ICANN, only in areas that strengthen the technical stability of the network as the means of production itself, but nearly no governance that regulates its digital business practices and products.
Separating humans and humanity from knowledge
One way surveillance capitalism is keeping control is by controlling the labor market for computer scientists. It is able to do so by being able to pay the level of salaries that enables a graduate to pay of the student loan that she or he had occurred in educational institutions that are often heavily influenced by surveillance capitalists. ''In 2016, 57 percent of American computer science Ph.D. graduates took jobs in the industry, while only 11 percent became tenure-track faculty members. It is not just an American problem. In Britain, university administrators contemplate a "missing generation" of data scientists. A Canadian scientist laments, "the power, the expertise, the data are all concentrated in the hands of a few companies."19
Surveillance capitalisms need to control knowledge is also reflected in its increasing efforts to stop employees to move to other firms or to form start-ups. Knowledge once obtained has become exclusive property, sharing, and therefore enabling innovation is prohibited.20
We talked above the simple truth that knowledge is power. Surveillance capitalism has created a digital one-way system for knowledge that ensures that it knows, but we do not. They suck in all available data but never return it to the user, resulting in an ever-increasing imbalance between itself and the rest of the world, increasing the power of its corporation's day by day. Data can only be accessed and released in return for money or political protection.
Humanity reduced to a Data Source.
The main principle and way to operate surveillance capitalism are based on separating what belongs together. The person from its data, rights from responsibility, product from price and product responsibility, humans, and humanity from knowledge.
Through these separations' surveillance, capitalism avoids responsibility while at the same time ensuring maximum stability, access, and freedom not to care.
Separating action from consequence, rights from responsibilities, and data from content has one chilling consequence. Surveillance capitalism simply does not care about the fate of an individual or group. Humanity is reduced to a data source that to be managed independently of my needs or rights and without any obligation or reason to care. It is a very sobering thought that today we live in a world where the leading purveyors of the technology we increasingly depend on simply don't care about us.
Part 2, published here soon, discusses the rise and fall of Surveillance Capitalism.
The author would like to give a big THANKS to Prof. Sam Lanfranco. Without his support and input these articles would not be possible.
In Part 4 of the Freedom of Expression series, I had highlighted my concerns about the lack of transparency in ingredients of all the COVID-19 vaccines, which has been addressed by Council of Europe's Parliamentary Assembly, the same day (World Holocaust Day) I had raised these concerns.
A recent Resolution by the Parliamentary Assembly of the Council of Europe will see the further regulation of social media on content relating to COVID-19. The Parliamentary Assembly of the Council of Europe (PACE) is one of the two statutory organs of the Council of Europe. It is made up of 324 parliamentarians from the national parliaments of the Council of Europe's 47 member states.
The issue that surfaces from the Resolution pertaining to the Internet governance are who defines what "misinformation" and "disinformation" is in this context. Arguably there is content which censorship entities have classified as "hate speech," which has fallen into either of the above categories. Notably, to date, Council of Europe's Steering Committee on Media and Information Society (CDMSI), which is vested with the important mission to steer the work of the Council of Europe in the field of freedom of expression, media and Internet governance, is currently accepting submissions for consideration before the Ministerial recommendation is prepared in terms of approach to hate speech, including the context of the online environment by the 16th February 2021.
In its 5th Sitting this year on 27th January 2021, the Parliamentary Assembly passed Resolution 2632 (2021) on COVID-19 vaccines; ethical, legal and practical considerations.
Whilst noting that the rapid deployment of safe and efficient vaccines against COVID-19 would be essential to contain the pandemic, protect health care systems, save lives and restore global economies and highlighting the need for international cooperation, adequate vaccine management and supply chain logistics, it encouraged Member states to prepare immunization strategies to allocate doses in an ethical and equitable way deferring to bioethicists ad economists on distribution models should the vaccine be scarce.
Of significance, is the resolution that the vaccine must be a global public good with immunization be made available to everyone, everywhere and that with respect to the COVID-19 Vaccines to ensure the following:
that high-quality trials that are sound and conducted in an ethical manner in accordance with the Convention on human rights and biomedicine (ETS No. 164, Oviedo Convention) and its Additional Protocol concerning Biomedical Research (CETS No.195); (see 7.1.1)
that regulatory bodies in charge of assessing and authorizing vaccines against COVID-19 are independent and protected from political pressure; (see 7.1.2)
pay special attention to possible insider trading by pharmaceutical executives or pharmaceutical companies unduly enriching themselves at public expense by implementing the recommendations contained in Resolution 2071 (2015) on Public health and interests of the pharmaceutical industry: how to guarantee the primacy of public health interests? (see 7.1.6)
To put in place systems to monitor the long term effects and various other measures intended to safeguard the global public interest.
In a time where regulatory bodies in charge of assessing and authorizing vaccines against COVID-19 in jurisdictions like the United States of America have lost their independence with regulators being allowed to patent discoveries and abuse their positions in pushing their interests and where the US Congressional Parliament has issued indemnification for Pharmaceutical companies.
It was in 1950 when President Truman signed the Executive Order 10096, which has since enabled Federal employees to hold patents developed on Federal government time (Green, J. Government vs. the Federal Employee: Who Owns the Patent?, Letter from the Office of General Counsel). Federal courts have upheld this, see Heinemann v. the U.S., 796 F.2d. 451 (Fed. Cir. 1986) cert. denied, 480 U.S. 930 (1987). President Truman's Order was subsequently modified by President Kennedy transferring jurisdiction of patent determinations from the Government Patents Board to the Secretary of Commerce, and in 1988, as a result of President Reagan's initiative to transfer government technology to the private sector and to encourage federal employees to generate inventions, the US Commerce Department issued regulations (37 C.F.R. part 501) which addressed federal government ownership rights to patents developed by federal employees (supra).
The Supreme Court of the United States concluded that federal law protects vaccine makers from product-liability lawsuits that are filed in state courts and seek damages for injuries or death attributed to a vaccine see Brueswitz et al v Wyeth LLC, FKA Wyeth, Inc., et al , 562 U.S.223, 131 S.Ct.1068 (2011). The Brueswitz family had brought a lawsuit against Wyeth (now Pfizer) where they argued that their daughters suffered seizures after her third dose of the DTP vaccine in 1992 and that a safer alternative had been available but not made available to them. The vaccine was taken off the market in 1998 and replaced. Pfizer argued that a Supreme Court ruling favoring the family would have sparked countless lawsuits, threatening the supply of childhood vaccines. One of the rationales of the Supreme Court's decision came from the fact that vaccine manufacturers fund their sales from an informal, efficient compensation program for vaccine injuries. The Supreme Court explained that the National Childhood Vaccine Injury Act of 1986 (NCVIA or Act) preempts all design-defect claims against vaccine manufacturers brought by plaintiffs seeking compensation for injury or death caused by a vaccine's side effects.
We see the distinction between the Council of Europe and the United States in their approach, whether it is their approach to the treatment of corporates, taxation, safe harbor principles, and in this case arriving at producing a global public good without compromising the global public interest.
Of note also in Council of Europe's Parliamentary Assembly Resolution 2632 (2021) on COVID-19 vaccines; ethical, legal and practical considerations is the right to refuse the vaccine and not to be pressured in taking it not discriminated in not taking the vaccine.
The Parliamentary Resolution is also clear about ensuring:
that citizens are informed that the vaccination is NOT mandatory and that no one is politically, socially or otherwise pressured to get themselves vaccinated if they do not wish to do so themselves (see 7.3.1)
ensure that no one is discriminated against for not having been vaccinated, due to possible health risks or not wanting to be vaccinated (see 7.3.2)
take early effective measures to counter misinformation, disinformation and hesitancy regarding COVID-19 vaccines;
distribute transparent information on the safety and possible side effects of vaccines, working with and regulating social media platforms to prevent the spread of misinformation (see 7.3.4)
communicate transparently the contents of contracts with vaccine producers to make them publicly available for parliamentary and public scrutiny (see 7.3.5)
Other things being equal, I am glad that the Council of Europe has made it mandatory for pharmaceutical companies to publish and disclose all ingredients, side effects and pursuant to Resolution 2337 (2020) that parliaments are playing their triple role of representation, legislation and oversight in pandemic circumstances. What concerns me, though, is the increasing online censorship and the abuse thereof.
Note: For those who wish to make submissions to The Committee of Experts on Combating Hate Speech (ADI/MSI-DIS), send your submissions to CDMSI Secretariat by 16th February at the latest.
Rampant dysfunction currently plagues the Internet's root zone where a predatory monopolist has captured ICANN and is bullying stakeholders. This harms the public interest and must be addressed — here's how.
Introduction: Why the Internet Needs Saving Now
The first part of this series explained how Amendment 35 to the NTIA-Verisign cooperative agreement is highly offensive to the public interest. But the reasons for saving the Internet are more fundamental to Western interests than a bad deal made under highly questionable circumstances.
One of the world's foremost experts on conducting censorship at scale, the Chinese Communist Party's experience with the Great Firewall — which requires censorship checkpoints at each physical place where data flows across China's national border — has offered object lessons to all would-be tyrants that inefficient censorship is unideal and easily circumvented with readily-available software tools. It would be foolish to believe that China and others aren't looking at ways of improving the efficiency and efficacy of censorship — including by looking further up the Internet "stack."
The Internet is the global communications medium but, as a distributed network of networks that is designed to be massively redundant and where participation is entirely voluntary, there is no single point of failure and, consequently, no single choke point for controlling content with censorship. The next best thing, however, is a centralized domain name registry that offers the ability to not just block undesirable content, but to make it cease to exist.. This would make circumvention a moot point by leaving nothing to be accessed by getting around content blocking.
Doubters should consider Amendment 35 to the .com cooperative agreement where, amidst a terribly awful deal, the Commerce Department insisted that .com remain content-neutral. This clearly recognizes the threat of registry-level interference with content. Some engineers and others argue that users can point somewhere else if censorship becomes an issue. But this is a mackerel in moonlight that both shines and stinks at the same time. This is because, while technically true, the reality is that changing a single domain name is an extremely rare occurrence because of the massive effort and expense required to change habits, programming, and learned behaviors.
Just consider the recent history of over a thousand new top-level extensions and non-ASCII Internationalized Domain Names IDNs — such as Cyrillic, Hebrew, and Hangul scripts — which have required a significant Universal Acceptance effort that is still ongoing. Only in an ivory tower would changing a major domain name registry or the entire DNS be thought of as feasible. Even more alarming is to consider whether we would even know that such a change had become necessary.
It may be that we have already witnessed a major attempt to take control of a populous and popular legacy registry: Ethos Capital's attempt to buy control of the .org registry from the Internet Society (ISOC) in a closed-door transaction worth more than a billion dollars. Even at this lofty sum, .org wasn't being sold to the highest bidder — rather, it was being sold to whomever ISOC felt like selling it to. The transaction failed when ICANN's board unexpectedly declined to approve the change of control that is required by the .org registry agreement. Several former senior ICANN executives were involved in the transaction — including ex-CEO Fadi Chehade who was presented a consultant to the deal but, it later was revealed, is actually co-CEO of Ethos Capital. Meanwhile, the sources of funding for the acquisition — nearly a billion dollars — remain shrouded in mystery.
With that in mind, let's get to the second part of saving the Internet in three simple steps.
Ctrl-X: Delete Presumptive Renewal From Registry Agreements
In addition to addressing the terribly awful Amendment 35, the U.S. government also must step in and do what ICANN cannot do for itself since becoming neutered by terms of a 2006 settlement agreement that ended litigation with Verisign. This agreement established Verisign as the de facto .com registry operator in perpetuity in exchange for a pittance paid to ICANN. This may be the first lopsided quid pro quo between ICANN and Verisign — the original sin, perhaps — although any casual observer knows that it wasn't the last.
Following this 2006 settlement, ICANN became unable to counterbalance its contracted parties effectively. This became even more, the case after presumptive renewal became a standard feature of DNS registries and included in every registry agreement. Without the threat of Armageddon — namely, termination of rights to operate a registry — there is no meaningful oversight and a legitimacy gap has formed in the cavity left by the resulting accountability vacuum and which is poisoning everything.
Consider that presumptive renewal is usually seen with utilities, and the rationale is straightforward: a utility company is granted a monopoly in exchange for active government regulation, particularly on pricing; a utility makes large infrastructure investments in exchange for the assurances provided by presumptive renewal. However, this equation doesn't work without active regulatory oversight, and the whole edifice becomes rotten when infrastructure investment isn't ongoing but, as Klaus Stoll recently reminded readers of Capitol Forum, was amortized and depreciated long ago.
It is worth noting that governance integrity often deteriorates slowly as most people operate by established rules from habit, and it takes time for the mice to catch on that the cat's away. Also, these mice aren't stupid, and they know their interests aren't served by drawing attention to the anti-competitive bacchanal of profiteering that is occurring in the absence of appropriate oversight. Then, factor in that the root is arcane and technical, that there were no known operational failures, and that many are complicit by obscuring deliberately what has been going on, and that's how time flies to 2021, fifteen years after ICANN became a eunuch when everything seems broken, and everybody is pissed off, but nobody knows how to fix the problem — or maybe even why they're pissed off in the first place.
The U.S. government should incubate a renewal of governance legitimacy by asking a federal judge to find that presumptive renewal is inherently anti-competitive and that such language should be removed from registry agreements. Precedent for this is found in a 2010 ruling by the 9th Circuit of the U.S. Court of Appeals, in CFIT v. Verisign, which found that the .com registry agreement's presumptive renewal combined with the power to increase prices by up to 7% in four out of every six years plausibly indicates an anti-competitive conspiracy.
ICANN has repeatedly taken the position recently that it is not a price regulator. This is just about the biggest load of baloney and completely contradicts the premises under which ICANN was formed and the expectations that were set by the U.S. government and others as to the oversight role that "NewCo" was supposed to play in the DNS. ICANN's position has nothing to do with benefitting the public interest and everything to do with the reality that it is an organizational eunuch that overlooks its oversight responsibilities because presumptive renewal leaves it without any real enforcement mechanism. In short, it is cowed by fear of further predatory litigation by Verisign and, by seeking to avoid it, hangs the public interest out to dry.
No bueno.
There is an argument to be made that non-legacy registries face significantly more competitive operating environments and, as such, should maintain presumptive renewal in their agreements with ICANN. This author takes no position either for or against such an eventuality. However, the current presumptive renewal that is in all registry agreements is indelibly tainted by the circumstances in which Verisign and ICANN settled litigation in 2006. For presumptive renewal to have any legitimacy moving forward, it must be the product of deliberate community policy development following a judicial ruling that finds presumptive renewal combined with pricing power to be inherently anti-competitive and voids it from registry agreements.
It should be noted that one or more private parties can attempt to accomplish this by pursuing legal action against Verisign and ICANN — as noted earlier, it has been done before in CFIT v. Verisign. Significantly, a private party class-action lawsuit can seek to be awarded monetary damages. The Internet Commerce Association has estimated that registrants overpay for .com domain names by $1 billion every year. Since antitrust laws allow for awarding up to four years of damages trebled, a quick non-legal, back-of-the-envelope calculation reveals that a private party class-action lawsuit on behalf of all .com registrants might potentially seek damages somewhere in the neighborhood of $12 billion.
U.S. Senator Everett Dirksen is rumored to have once said, "a billion here, a billion there, sooner or later you're talking about real money" — perhaps the germane question is: will the next CFIT please stand up?
However, the downside of a private party suit is that potential litigants will do as CFIT did when they brought an antitrust suit a decade ago — settle and leave the job unfinished. This would be dangerous, and the root zone of the global Internet is too important to be left to the vagaries of private party class-action litigation. The U.S. government bears the responsibility for renewing root zone governance because it originated the Internet, installed the system of governance, indulged it, and ignored it, before unleashing the resulting warped monstrosity into an unsuspecting world after Fadi flew in on his magic carpet and cooked up some NetMundial nonsense in Brazil with now-disgraced Dilma.
Contrary to a recent commenter, who wrote, "if it ain't broke don't fix it," more appropriate here is the old saying, "you break it, you buy it." While the U.S. Government didn't necessarily break DNS governance, per se, it more than any other set the circumstances in which the dysfunction persists. It should act to fix the mess by hitting Ctrl-X and removing presumptive renewal from the root — Internet freedom may very well hang in the balance.
Stay tuned for the third simple step for saving the Internet — Ctrl-O: Open the Internet's Largest Registry to Market Competition. Also, be on the lookout for a post uncovering mysterious events from this past September that involved inexplicable and wild pricing adjustments, disappearing domain name registrations, and altered WHOIS records — all related to .com transliterated IDNs. For a sneak peek, check out Z.קום at 101domains.com — the full story is coming up next!
Written by Greg Thomas, Founder of The Viking Group LLC
For the longest time, it was an insurmountable challenge for those in the developing world to be able to afford to legally consume multimedia products. Prices originally set in Dollars, Euros or Yen often received insufficient adjustments to compensate for lower incomes, something that was compounded by local import or manufacture taxes that did little to alleviate matters. Markets starving to consume modern-day products were faced with an unrealistic pricing structure that was a bad fit for most citizens, especially for young people growing up without access to much capital in an increasingly digital world.
In the 1990s and 2000s, piracy thrived in regions such as LAC, CIS, Eastern Europe, Southeast Asia, among several others. In countries such as Brazil, it was often more usual to pirate than to purchase official goods when it came to products such as music, films, software, and video games. City centers were (and to a smaller extent still are) overtaken by street vendors selling piles of CDs and DVDs with photocopied covers housed in plastic envelopes and sold at a fraction of the cost found in legitimate stores.
The industry was, by and large, occupied waging intellectual property battles against developed world university students and upholding advantageous sales models such as that of the music CD, never quite looking into the issues of the developing world with a special lens. Solutions in developing countries were mostly focused on extensive police action against those selling the pirated goods, which amounted to little in the way of results, seeing as the demand side of the equation remained unaffected.
In the 2010s, developing markets observed a significant shift towards the consumption of legal goods as the young people grew into productive adults with access to more capital, and two factors can be seen as decisive in this shift: first, digital storefronts with price differentiation for countries with lesser purchasing power were established; second, streaming platforms offering flat fees for a relatively extensive catalogue of multimedia became available. This provided the correct incentives for many consumers not to want to be bothered by the hurdles of consuming pirated content.
In early 2021, the European Commission made a decision that is a subversion of proven best practices that convert informal consumers into legitimate purchasers, and if this act is a sign of their broader intentions, the only possible result is the increase in piracy rates in the developing world. Steam (the largest digital storefront for video games globally) and five major game publishers were fined to the tune of 7.8 million Euros for alleged "geo-blocking" practices. According to the official press release: "The Commission has concluded that the illegal practices of Valve [Steam's parent company] and the five publishers partitioned the EEA market in violation of EU antitrust rules."
In the same press release, the complaint is said to be rooted in: "bilateral agreements and/or concerted practices between Valve and each of the five PC video game publisher implemented by means of geo-blocked Steam activation keys which prevented the activation of certain of these publishers' PC video games outside Czechia, Poland, Hungary, Romania, Slovakia, Estonia, Latvia and Lithuania."
In other words, price differentiation meant to account for different market realities has been equated to geo-blocking, and thus deemed illegal within the EU. There are several reasons why this argument is inconsistent, but foremost is the stretching of the meaning of geo-blocking, which is normally understood to be the practice of stopping a user from being able to view specific content if they are accessing a certain service from a given region or their account is tied to a given region.
In this case, users from different regions are able to see the same products in the storefront, but if the user is purchasing the game from Poland, they will be offered a significantly reduced price in relation to a purchase originating from Germany. Since Steam's activation keys can be gifted and traded between users, this system ensures that a key bought within a lower priced region cannot be activated in one where the product costs more. While this method is not fool-proof, it works well enough for publishers to adjust prices in a way that makes sense for their audience. This is a widespread tactic adopted on the Steam storefront by almost all publishers, being not limited to the 5 that were cherry-picked by the EC to serve as examples.
There is clear correlation between the region cited as having lower prices and reduced local purchasing power. According to the World Bank, the GDP per capita/PPP Int$ in Hungary, Poland, Romania, Slovakia, and Latvia is within the 32-35.000 range, in comparison to Germany's 56.000 or Ireland's 88.000. Forcing the games to be sold at a flat price across the EU fails to acknowledge these disparities. It does not promote fairness, as the bloc does not have a homogenous economic reality.
On the aftermath of the ruling, a statement from the EC's Executive Vice-President Margrethe Vestager, in charge of competition policy, is of particular note: "The videogame industry in Europe is thriving, and it is now worth over € 17 billion. Today's sanctions against the 'geo-blocking' practices of Valve and five PC video game publishers serve as a reminder that under EU competition law, companies are prohibited from contractually restricting cross-border sales. Such practices deprive European consumers of the benefits of the EU Digital Single Market and of the opportunity to shop around for the most suitable offer in the EU."
The question that follows from Vestager's statement is: shop around how? Users can go to a different storefront altogether if they so desire, but how is this supposed to take place within the system of a single storefront in a manner that, as described by Vestager, would create more consumer choice? That proposition does not add up. What is being forced into practice is that users in the developing world will need to pay the same price for digital goods as those in the developed world, without sensitivity to their local reality. This is a significant step back from decades of progress in terms of creating a fair market where users can make legitimate purchases.
With the EU's growing appetite for the regulation of digital goods and several new regulations in the horizon, it is important to observe this event as an example of what is to come. Under the name of standardization of laws within the bloc, regions where there is less purchasing power will be more often forced into making choices between not having access to unreasonably priced goods or pirating that content. Many will choose the piracy route, and no amount of digital rights management will be able to stop it. Hopefully, other nations and blocs will not follow the EU's example, or we might be headed yet again for very difficult times in the commerce of digital goods.
