Home / Blogs

Notice, Takedown, Borders, and Scale

I was on the front lines of the SOPA wars, because SOPA touched on two matters of strong personal and professional importance for me: protecting the Internet infrastructure, and protecting the economy from Internet related crime. I’ve continued to study this field and advise industry participants in the years since then. The 2017-02-20 paper by Annemarie Bridy entitled Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation deserves an answer, which I shall attempt here.

At issue is the Trusted Notifier Program, as instituted in a series of Memorandum of Understanding (MoU) agreements between rights holders such as the Motion Picture Association of America (MPAA) and Internet domain registries such as Donuts, Inc. It is quite important when evaluating these agreements to note that they are nonbinding and that they lack consideration: no money is changing hands, and the parties are each self-motivated.

These MoU agreements create no new category of action, in that any “takedown” activities which result from the existence of such MoU must be for causes and using remedies already enumerated in other contracts between Internet Corporation for Assigned Names and Numbers (ICANN) and the registry, and between the registry and some registrar, and between the the registrar and some registrant. Only the process of notification is affected.

With those parameters established, let’s begin. Bridy states:

“Although ICANN has continued to resist direct involvement in copyright enforcement activities, it accommodated right holders in 2013 by altering its contracts with DNS intermediaries to support a system of extra-judicial, notice-driven sanctions, including cancellation of domain names for “pirate sites” about which right holders complain. Through these contractual modifications, ICANN has abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation in the Internet’s new generic Top Level Domains (new gTLDs).”

I think it ought to be understandable why rights holders complain, but to remove all doubt, many artists wish to monetize their work, and so they engage with publishers to promote and distribute their works, and to protect those works against infringement. Those publishers may create industry trade associations to work for the mutual betterment of the overall economy and the industry and its participants. One of the activities common among trade associations is lobbying, either for legislative relief (of which SOPA was a wickedly low quality example) or in standards organizations and other industry trade associations, of which ICANN is sort of an example.

While the abetment described here has certainly occurred, there is no evidence that this was the sole or even primary purpose of the development and implementation of these online content protections. ICANN as a company has no opinions of its own; its role is to facilitate policy development and to isolate and implement consensus positions when they occur. My own broader supposition as to the reason these burdens were placed on the new gTLD holders is that the Internet has made everything and everyone less safe, and that every representative of every economy and every industry has clamoured—and reasonably so!—for better accountability and recourse among Internet participants. Rights holders are only one clamourer out of many here.

“For domain name registrants, who are the target of this new—and wholly unregulated—enforcement program, and for members of the public who worry about increasing online censorship, the development is cause for concern.”

At the mention of “regulation” we must pause and consider that the Internet is wholly unregulated; it has no regulators and no regulation. This lack of regulation has been called one of the Internet’s great strengths, and being unregulated is a universal property of all Internet activities, in no way unique to the Trusted Notifier Program. In addition, let’s consider that some members of the public whose concern should be piqued by the Trusted Notifier Program are intellectual property thieves, whose activities are expressly prohibited by many contracts now in force within the ICANN sphere of influence.

“Copyright may simply be the first use case for what is intended to become a broad program of notice-driven, registry-brokered domain takedowns.”

Indeed it may be. Alternatively it might not be. I don’t think it’s wise to rest other arguments or suppositions on a “maybe” of this magnitude. More broadly, the unregulated nature of the Internet has now been used as a “stay out of jail free” card by millions of criminals whose successes were not possible in the pre-online era. Some redress of balance is both inevitable and necessary. To the extent of its inevitability, all of us have a responsibility to treat it as necessary and to help engineer a high-quality result. Ideally this will mean that every criticism of a proposal will be accompanied by some counter-proposal that acknowledges the basic goals and provides a less costly way to achieve those goals.

“As a practical matter, interest groups that are well-funded and well-organized, including trade associations representing corporate intellectual property right holders, have resources and capacity to participate that most individuals and public interest groups lack. ... The less sophisticated and economically powerful stakeholders within ICANN enjoy comparatively less access and influence.”

I think this is demonstrated to be false by the existence of the new gTLD program, which no Internet end-user asked for, and which proceeded from inception to implementation with no commercial support outside of the commercial registrars and registries. The most powerful force in the ICANN sphere is hardly the intellectual property community; one also wonders how WHOIS privacy could ever have existed in any form had the intellectual property constituency been as powerful as Bridy describes here.

Of special note, to qualify a reference is to highlight it: a statement regarding corporate intellectual property rights holders is to implicitly question the validity of such holders compared to individual (non-corporate) rights holders. I disagree with this implication, both since corporations are made up of individuals whose rights deserve protection, and because corporations of this kind often represent individual rights holders on a limited-partnership basis. There are many legitimate complaints to be lodged against corporatism, but, Bridy has not provided an example here.

“Starting with the launch of the new gTLDs, copyright holders appear to be laying the groundwork for a broad program of DNS-based enforcement, with the long-term goal of implementing a UDRP-like procedure for claims of piracy and counterfeiting that are wholly unrelated to any bad-faith or confusing use of domain names.”

Since Bridy later on explains the differences between the Trusted Notifier Program and the UDRP, it’s a mystery that copyright holders are here accused of trying to conflate them. However, the key phrase here is “appear to be”, because only this subjective declamation is provided—no evidence to support an objective basis for conclusion or even for a shared perspective. It’s as though Bridy had written that “people are saying” that the described groundwork was being laid. And if there is any indication anywhere in this or any record that copyright holders are seeking recourse against good-faith (or at any rate, non-bad-faith) actors, I would like to have it spotlighted so that we can all consider and discuss it.

“For ICANN, describing the trusted notifier program as a form of voluntary ‘self-governance’ for registries diverts attention from the uncomfortable fact that the program is, in fact, a new form of DNS governance that draws its legal force from ICANN’s web of contracts with DNS intermediaries.”

The thing I find uncomfortable is the implication that ICANN might be actively trying to divert attention. I don’t think that’s so. ICANN is correct to call the Trusted Notifier Program a form of voluntary self-governance, because ICANN is not a party to the MoU agreements which underlie that Program, and because there is no evidence that ICANN’s web of contracts was crafted to support this Program in particular. In fairness, the Trusted Notifier Program really is a new form of DNS governance, because it draws upon and highlights the alignment of interests between registries and registrars on the one hand who want and need a better and cheaper way to enforce their contracts, and rights holders on the other hand, who want and need exactly the same thing.

“Because the program does not require the registry to actually investigate the complaint or to solicit a response from the registrant, there is a high risk that participating registries will default to a rubber stamp approach.”

I don’t think it’s up to ICANN, or rights holders, to manage such a “high risk”, if there is one. Rather, a registry or registrar should be concerned that in today’s highly transparent “fish bowl” culture, a rubber stamp approach will reliably create the wrong kind of headlines. Prudence and care are certainly warranted, but must not outweigh respect for the rights of those who may be injured even more by inaction or slower or overly cautious action.

“From the perspective of right holders, the DNS is a much more efficient field for copyright enforcement than courts are.”

I think this is both obvious and misleading. The courts have borders, where the DNS does not. The burden of establishing standing and jurisdiction within the judicial borders of each DNS industry participant whose participation is required for effective takedown, is so unimaginably high as to be effectively infinite. The Internet’s technical and contractual structure has helped millions of criminals effectively bypass the system of laws and treaties by which the world’s economies capped their losses in the pre-online era. Adjustment and redress of this imbalance is as inevitable as it is necessary. If the DNS industry did not want to see these problems on its doorstep, then it ought to have practiced better self-governance. Note: that option remains open to us.

“From the perspective of registrants and website users, however, privately administered blocking of entire Internet domains raises serious issues relating to transparency, fair process, and freedom of expression.”

This, again, is both obvious and misleading. The standard for action here is “dedicated to abuse or infringement”. The number of times that a critic or someone else acting in good faith (or at least, not in bad faith) will face overzealous takedown under that standard can be expected to be low, and easily dwarfed by the number of intellectual privacy thieves (who would in these terms be considered to act in “bad faith”) who will continue to succeed. I was no fan of the MOOO.COM takedown but because of the “fish bowl” level of transparency and accountability that all takedown actions will be subjected to, I don’t expect a reprise. Past mistakes must wizen us, not paralyze us.

“The MPAA’s trusted notifier program is among a growing number of privately negotiated voluntary enforcement agreements between corporate copyright holders and Internet intermediaries.”

I hope so. Because during SOPA, this is what we (the Internet technical community) told the rights holders that they should do instead of SOPA. After SOPA died its well-deserved death, some of us “from the Internet” engaged with the rights holder communities, to learn what their problems were, and to help broaden their sense of possible solutions. The Trusted Notfier Program is one of the fruits of that engagement. It makes no new law; it is in no way sneaky; it merely makes more efficient a set of takedown-related activities which all parties to the MoU agreement are already committed to. In other words it is an example of exactly how the Internet was built, and how it grew, and why it has succeeded.

Perhaps if the real problem is the content of the ICANN Registry and Registrar agreements, then that’s where this complaint ought to be refocused. Asking interested parties not to cooperate on matters of their aligned interest will never be effective. Notice and takedown, at scale, without borders, requires mutual cooperation. And that’s what the Trusted Notifier Program is meant to effect.

By Paul Vixie, VP and Distinguished Engineer, AWS Security

Dr. Paul Vixie is the CEO of Farsight Security. He previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC).

Visit Page

Filed Under

Comments

A Response to Paul Vixie Annemarie Bridy  –  Mar 3, 2017 3:00 PM

I have posted a response to Vixie’s critique of my article on the Stanford CIS blog: https://cyberlaw.stanford.edu/blog/2017/03/response-paul-vixie’s-notice-takedown-borders-and-scale”.—Annemarie Bridy

prof. bridy, would you care to share Paul Vixie  –  Jan 24, 2020 8:39 AM

prof. bridy, would you care to share your opinion about this working paper: http://dnsabuseframework.org/media/files/2019-12-06_Abuse Framework.pdf which is described in this interview: https://www.dotmagazine.online/issues/trust-the-way-forward/take-down-illegal-content/cleaning-up-the-neighborhood this effort expands significantly on the Trusted Notifier Programme which was the subject of your original article which begat this thread. are you still following these developments and what is your view now, nearly three years later? best wishes as before!

A side point: private bilateral agreements vs the rule of law David C. Collier-Brown  –  Mar 6, 2017 2:06 PM

Professor Bridy speaks from the point of view of a law professor in her critique of the experimental Trusted Notifier programme, Mr Vixie as an internet governance expert. 

I’m neither, and more concerned that this is a private agreement, part of a contractual agreement between the registrars rather that something under the direct supervisions of the courts. Canada’s CRTC used to use that kind of contractual language to guide our monopoly/oligopoly telcos, but this year has started making it part of the legislation, as monopolies are notably reluctant to listen to their regulators (;-))

Generally, I’d be happier having a clear means of appealing to one’s local courts if one is acting to prevent illegality. The problem of which court remains open: this particular agreement probably falls easily within the purview of US courts, but not all will.

The example I find most compelling is NASDAQ, whose members can be fined by the organizatuion for improper behavior, backed up by NASDAQ going to court and laying charges or the member appealing to the courts.

I’m following the discussion with great interest!

—dave

Perspectives Annemarie Bridy  –  Mar 6, 2017 4:15 PM

In fairness, I think it should be pointed out, since Dave discusses the points of view from which Mr. Vixie and I speak, that Vixie also speaks as the CEO of a company whose clients are right holders and whose portfolio of services includes IP protection in the DNS. --Annemarie

fairness of perspectives Paul Vixie  –  Jan 24, 2020 8:42 AM

(sorry, didn't see this three years ago when it came in.) if we're going to be fair, then let's say i'm in the DNS-related defense business. we don't have any intellectual property specific products in-market, but we do support DNS RPZ with a feed of newly observed domains, for those network operators who choose for reasons of their own to block lookups to such names for the first minutes or hours. all companies are rights holders, but my customers are not predominantly intellectual property barons, and if they are, that's not what brings them to us. you can read more about us at www.farsightsecurity.com, and i thank you for this invitation to mention where i work and what we do, which was not directly relevant to your article, or mine.

Thanks --dave David C. Collier-Brown  –  Mar 6, 2017 5:44 PM

Thanks —dave

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix