Home / Blogs

ICANN Should Keep Content Regulation and Other Arbitrary Rules Out of Registry Contracts

The domain name system is not the place to police speech. ICANN is legally bound not to act as the Internet’s speech police, but its legal commitments are riddled with exceptions, and aspiring censors have already used those exceptions in harmful ways. This was one factor that made the failed takeover of the .ORG registry such a dangerous situation. But now, ICANN has an opportunity to curb this abuse and recommit to its narrow mission of keeping the DNS running, by placing firm limits on so-called “voluntary public interest commitments” (PICs, recently renamed Registry Voluntary Commitments, or RVCs).

For many years, ICANN and the domain name registries it oversees have given mixed messages about their commitments to free speech and to staying within their mission. ICANN’s bylaws declare that “ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide.” ICANN’s mission, according to its bylaws, “is to ensure the stable and secure operation of the Internet’s unique identifier systems.” And ICANN, by its own commitment, “shall not act outside its Mission.”

But… there’s always a but. The bylaws go on to say that ICANN’s agreements with registries and registrars automatically fall within ICANN’s legal authority, and are immune from challenge, if they were in place in 2016, or if they “do not vary materially” from the 2016 versions.

Therein lies the mischief. Since 2013, registries have been allowed to make any commitments they like and write them into their contracts with ICANN. Once they’re written into the contract, they become enforceable by ICANN. These “voluntary public interest commitments” have included many promises made to powerful business interests that work against the rights of domain name users. For example, one registry operator puts the interests of major brands over those of its actual customers by allowing trademark holders to stop anyone else from registering domains that contain common words they claim as brands.

Further, at least one registry has granted itself “sole discretion and at any time and without limitation, to deny, suspend, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status” for vague and undefined reasons, without notice to the registrant and without any opportunity to respond. This rule applies across potentially millions of domain names. How can anyone feel secure that the domain name they use for their website or app won’t suddenly be shut down? With such arbitrary policies in place, why would anyone trust the domain name system with their valued speech, expression, education, research, and commerce?

Voluntary PICs even played a role in the failed takeover of the .ORG registry earlier this year by the private equity firm Ethos Capital, which is run by former ICANN insiders. When EFF and thousands of other organizations sounded the alarm over private investors’ bid for control over the speech of nonprofit organizations, Ethos Capital proposed to write PICs that, according to them, would prevent censorship. Of course, because the clauses Ethos proposed to add to its contract were written by the firm alone, without any meaningful community input, they had more holes than Swiss cheese. If the sale had succeeded, ICANN would have been bound to enforce Ethos’s weak and self-serving version of anti-censorship.

A Fresh Look by the ICANN Board?

The issue of PICs is now up for review by an ICANN working group known as “Subsequent Procedures.” Last month, the ICANN Board wrote an open letter to that group expressing concern about PICs that might entangle ICANN in issues that fall “outside of ICANN’s technical mission.” It bears repeating that the one thing explicitly called out in ICANN’s bylaws as being outside of ICANN’s mission is to “regulate” Internet services “or the content that such services carry or provide.” The Board asked the working group [pdf] for “guidance on how to utilize PICs and RVCs without the need for ICANN to assess and pass judgment on content.”

A Solution: Three Guardrails on PICs/RVCs

There’s a simple, three-part solution that the Subsequent Procedures working group can propose:

  • PICs/RVCs can only address issues with domain names themselves—not the contents of websites or apps that use domain names;
  • PICs/RVCs should not give registries unbounded discretion to suspend domain names;
  • and PICs/RVCs should not be used to create new domain name policies that didn’t come through ICANN processes.

In short, while registries can run their businesses as they see fit, ICANN’s contracts and enforcement systems should have no role in content regulation, or any other rules and policies beyond the ones the ICANN Community has made together.

Guardrails on the PIC/RVC process will keep ICANN true to its promise not to regulate Internet services and content. It will help avoid another situation like the failed .ORG takeover, by sending a message that censorship-for-profit is against ICANN’s principles. It will also help registry operators to resist calls for censorship by governments (for example, calls to suppress truthful information about the importation of prescription medicines). This will preserve Internet users’ trust in the domain name system.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Mitch Stoltz, Senior Staff Attorney at the Electronic Frontier Foundation

Filed Under

Comments

Other considerations Mark Datysgeld  –  Nov 24, 2020 7:41 AM

Mr. Stoltz,

One thing that I did not see addressed in your article is what to do when a domain name is being used solely for the purpose of spreading or facilitating the action of malware, such as is the case of many botnets. This is a matter of content that, in my view, is within the Internet community’s interests to be taken down as fast as possible by contracted parties. While I do understand that you are making a point mostly about Intellectual Property conflicts, the fact remains that some domain names are used solely to harm users.

Regards,

Mark, I think malware distribution can be Mitch Stoltz  –  Nov 24, 2020 9:28 PM

Mark, I think malware distribution can be placed on the technical or infrastructure side of the line. A group of registries did a pretty good job of articulating the infrastructure/content distinction in their DNS Abuse Framework. But the broader point is that even though there are some things that should be "taken down as fast as possible," that's a matter of local law, and ICANN should not be involved. The DNS Abuse Framework and similar things shouldn't be subject to enforcement by ICANN. That's because ICANN is not well served by becoming another battleground of content moderation as if it were Facebook.

Public Interest is unlimited. Sivasubramanian M  –  Nov 25, 2020 11:58 AM

Congratulations on your excellent penmanship that argues that any aspiration for DNS abuse mitigation is in itself an “abuse”,  that ICANN’s “narrow” mission is to keep the DNS “running” (without any concern at all for what happens within the DNS),  and that it should limit the ability of Registries to offer Public Interest Commitments. Public Interest is unlimited, so should the commitments be.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global