I was on the front lines of the SOPA wars, because SOPA touched on two matters of strong personal and professional importance for me: protecting the Internet infrastructure, and protecting the economy from Internet related crime. I've continued to study this field and advise industry participants in the years since then. The 2017-02-20 paper by Annemarie Bridy entitled Notice and Takedown in the Domain Name System: ICANN's Ambivalent Drift into Online Content Regulation deserves an answer, which I shall attempt here.
At issue is the Trusted Notifier Program, as instituted in a series of Memorandum of Understanding (MoU) agreements between rights holders such as the Motion Picture Association of America (MPAA) and Internet domain registries such as Donuts, Inc. It is quite important when evaluating these agreements to note that they are nonbinding and that they lack consideration: no money is changing hands, and the parties are each self-motivated.
These MoU agreements create no new category of action, in that any "takedown" activities which result from the existence of such MoU must be for causes and using remedies already enumerated in other contracts among Internet Corporation for Assigned Names and Numbers (ICANN) and the registry, and between the registry and some registrar, and between the the registrar and some registrant. Only the process of notification is affected.
With those parameters established, let's begin. Bridy states:
"Although ICANN has continued to resist direct involvement in copyright enforcement activities, it accommodated right holders in 2013 by altering its contracts with DNS intermediaries to support a system of extra-judicial, notice-driven sanctions, including cancellation of domain names for "pirate sites" about which right holders complain. Through these contractual modifications, ICANN has abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation in the Internet's new generic Top Level Domains (new gTLDs)."
I think it ought to be understandable why rights holders complain, but to remove all doubt, many artists wish to monetize their work, and so they engage with publishers to promote and distribute their works, and to protect those works against infringement. Those publishers may create industry trade associations to work for the mutual betterment of the overall economy and the industry and its participants. One of the activities common among trade associations is lobbying, either for legislative relief (of which SOPA was a wickedly low quality example) or in standards organizations and other industry trade associations, of which ICANN is sort of an example.
While the abetment described here has certainly occurred, there is no evidence that this was the sole or even primary purpose of the development and implementation of these online content protections. ICANN as a company has no opinions of its own; its role is to facilitate policy development and to isolate and implement consensus positions when they occur. My own broader supposition as to the reason these burdens were placed on the new gTLD holders is that the Internet has made everything and everyone less safe, and that every representative of every economy and every industry has clamoured — and reasonably so! — for better accountability and recourse among Internet participants. Rights holders are only one clamourer out of many here.
"For domain name registrants, who are the target of this new — and wholly unregulated — enforcement program, and for members of the public who worry about increasing online censorship, the development is cause for concern."
At the mention of "regulation" we must pause and consider that the Internet is wholly unregulated; it has no regulators and no regulation. This lack of regulation has been called one of the Internet's great strengths, and being unregulated is a universal property of all Internet activities, in no way unique to the Trusted Notifier Program. In addition, let's consider that some members of the public whose concern should be piqued by the Trusted Notifier Program are intellectual property thieves, whose activities are expressly prohibited by many contracts now in force within the ICANN sphere of influence.
"Copyright may simply be the first use case for what is intended to become a broad program of notice-driven, registry-brokered domain takedowns."
Indeed it may be. Alternatively it might not be. I don't think it's wise to rest other arguments or suppositions on a "maybe" of this magnitude. More broadly, the unregulated nature of the Internet has now been used as a "stay out of jail free" card by millions of criminals whose successes were not possible in the pre-online era. Some redress of balance is both inevitable and necessary. To the extent of its inevitability, all of us have a responsibility to treat it as necessary and to help engineer a high-quality result. Ideally this will mean that every criticism of a proposal will be accompanied by some counter-proposal that acknowledges the basic goals and provides a less costly way to achieve those goals.
"As a practical matter, interest groups that are well-funded and well-organized, including trade associations representing corporate intellectual property right holders, have resources and capacity to participate that most individuals and public interest groups lack. ... The less sophisticated and economically powerful stakeholders within ICANN enjoy comparatively less access and influence."
I think this is demonstrated to be false by the existence of the new gTLD program, which no Internet end-user asked for, and which proceeded from inception to implementation with no commercial support outside of the commercial registrars and registries. The most powerful force in the ICANN sphere is hardly the intellectual property community; one also wonders how WHOIS privacy could ever have existed in any form had the intellectual property constituency been as powerful as Bridy describes here.
Of special note, to qualify a reference is to highlight it: a statement regarding corporate intellectual property rights holders is to implicitly question the validity of such holders compared to individual (non-corporate) rights holders. I disagree with this implication, both since corporations are made up of individuals whose rights still deserve protection, and because corporations of this kind often represent individual rights holders on a limited-partnership basis. There are many legitimate complaints to be lodged against corporatism, but, Bridy has not provided an example here.
"Starting with the launch of the new gTLDs, copyright holders appear to be laying the groundwork for a broad program of DNS-based enforcement, with the long-term goal of implementing a UDRP-like procedure for claims of piracy and counterfeiting that are wholly unrelated to any bad-faith or confusing use of domain names."
Since Bridy later on explains the differences between the Trusted Notifier Program and the UDRP, it's a mystery that copyright holders are here accused of trying to conflate them. However, the key phrase here is "appear to be", because only this subjective declamation is provided — no evidence to support an objective basis for conclusion or even for a shared perspective. It's as though Bridy had written that "people are saying" that the described groundwork was being laid. And if there is any indication anywhere in this or any record that copyright holders are seeking recourse against good-faith (or at any rate, non-bad-faith) actors, I would like to have it spotlighted so that we can all consider and discuss it.
"For ICANN, describing the trusted notifier program as a form of voluntary 'self-governance' for registries diverts attention from the uncomfortable fact that the program is, in fact, a new form of DNS governance that draws its legal force from ICANN's web of contracts with DNS intermediaries."
The thing I find uncomfortable is the implication that ICANN might be actively trying to divert attention. I don't think that's so. ICANN is correct to call the Trusted Notifier Program a form of voluntary self-governance, because ICANN is not a party to the MoU agreements which underlie that Program, and because there is no evidence that ICANN's web of contracts was crafted to support this Program in particular. In fairness, the Trusted Notifier Program really is a new form of DNS governance, because it draws upon and highlights the alignment of interests between registries and registrars on the one hand who want and need a better and cheaper way to enforce their contracts, and rights holders on the other hand, who want and need exactly the same thing.
"Because the program does not require the registry to actually investigate the complaint or to solicit a response from the registrant, there is a high risk that participating registries will default to a rubber stamp approach."
I don't think it's up to ICANN, or rights holders, to manage such a "high risk", if there is one. Rather, a registry or registrar should be concerned that in today's highly transparent "fish bowl" culture, a rubber stamp approach will reliably create the wrong kind of headlines. Prudence and care are certainly warranted, but must not outweigh respect for the rights of those who may be injured even more by inaction or slower or overly cautious action.
"From the perspective of right holders, the DNS is a much more efficient field for copyright enforcement than courts are."
I think this is both obvious and misleading. The courts have borders, where the DNS does not. The burden of establishing standing and jurisdiction within the judicial borders of each DNS industry participant whose participation is required for effective takedown, is so unimaginably high as to be effectively infinite. The Internet's technical and contractual structure has helped millions of criminals effectively bypass the system of laws and treaties by which the world's economies capped their losses in the pre-online era. Adjustment and redress of this imbalance is as inevitable as it is necessary. If the DNS industry did not want to see these problems on its doorstep, then it ought to have practiced better self-governance. Note: that option is still open to us.
"From the perspective of registrants and website users, however, privately administered blocking of entire Internet domains raises serious issues relating to transparency, fair process, and freedom of expression."
This, again, is both obvious and misleading. The standard for action here is "dedicated to abuse or infringement". The number of times that a critic or someone else acting in good faith (or at least, not in bad faith) will face overzealous takedown under that standard can be expected to be low, and easily dwarfed by the number of intellectual privacy thieves (who would in these terms be considered to
act in "bad faith") who will continue to succeed. I was no fan of the MOOO.COM takedown but because of the "fish bowl" level of transparency and accountability that all takedown actions will be subjected to, I don't expect a reprise. Past mistakes must wizen us, not paralyze us.
"The MPAA's trusted notifier program is among a growing number of privately negotiated voluntary enforcement agreements between corporate copyright holders and Internet intermediaries."
I hope so. Because during SOPA, this is what we (the Internet technical community) told the rights holders that they should do instead of SOPA. After SOPA died its well-deserved death, some of us "from the Internet" engaged with the rights holder communities, to learn what their problems were, and to help broaden their sense of possible solutions. The Trusted Notfier Program is one of the fruits of that engagement. It makes no new law; it is in no way sneaky; it merely makes more efficient a set of takedown-related activities which all parties to the MoU agreement are already committed to. In other words it is an example of exactly how the Internet was built, and how it grew, and why it has succeeded.
Perhaps if the real problem is the content of the ICANN Registry and Registrar agreements, then that's where this complaint ought to be refocused. Asking interested parties not to cooperate on matters of their aligned interest will never be effective. Notice and takedown, at scale, without borders, requires mutual cooperation. And that's what the Trusted Notifier Program is meant to effect.
Written by Paul Vixie, CEO, Farsight Security