Testimony of
Theodore W. Kassinger, General Counsel
United States Department of Commerce
Before the
Subcommittee on Courts, the Internet and Intellectual Property
Committee on the Judiciary
House of Representatives
On the Internet and the WHOIS Database
September 4, 2003
Mr. Chairman,
Thank you and the members of the Subcommittee on Courts, the Internet and Intellectual Property for this opportunity to testify on developments that affect the operation of the Internet domain name system and the enforcement of intellectual property rights in the digital environment. The Department of Commerce believes that the public domain name registrant database known as the “WHOIS” is a particularly valuable tool in enforcing intellectual property rights.
The Department continues to serve as the steward of critical elements of the domain name and number system (DNS), while pursuing the policy goal of privatizing technical management of the DNS. The vehicle for achieving this goal is the Memorandum of Understanding (MOU) between the Department and the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is the private sector entity responsible for day-to-day management of Internet names and numbers.
The Department continues to believe that the stability and security of the DNS can best be achieved through privatization of and global participation in technical management of the system. The Department supports the ongoing work of ICANN and its efforts to engage stakeholders in its decision-making processes. The Department especially desires to see ICANN evolve into an independent, stable, and sustainable organization that is well-equipped to weather a future crisis. We are encouraged that ICANN has been making progress toward this end.
Last year, the Department and ICANN agreed to renew the MOU for a period of one year with a focus on improving stability and sustainability. These improvements required ICANN to clarify its mission and responsibilities; to ensure transparency and accountability in its processes and decision making; to increase its responsiveness to Internet stakeholders; to develop an effective advisory role for governments; and to ensure adequate and stable financial and personnel resources to carry out its mission and responsibilities.
ICANN made strides during the past year towards developing into a more stable, transparent, and responsive organization. It completed a reform effort that resulted in structural adjustments and refinements to its decision-making processes designed to allow for greater transparency and responsiveness to all critical Internet stakeholders. In addition, the corporation hired a new Chief Executive Officer with both management expertise and experience in dealing with this unique organization. ICANN collaborated with governments to improve communication on public policy issues by establishing liaisons between its Governmental Advisory Committee and each of the ICANN supporting organizations.
While ICANN made progress, both the Department and ICANN recognize that there remains much to be accomplished in order for ICANN to evolve into the stable and sustainable management organization that it must be. The Department believes that the MOU, therefore, should be extended and amended to include milestones to ensure ICANN’s steady progress towards that end.
These milestones would encompass the following areas of ICANN’s development: (1) a strategic plan with goals for securing long-term sustainability of its critical domain name and numbering system management responsibilities; (2) a contingency plan to ensure continuity of essential domain name system operations in the event of the corporation’s bankruptcy, dissolution, or any other catastrophic failure or natural disaster; (3) ICANN’s relationship with the root server system operators to enhance the security of the root server system; (4) agreements with and more involvement from Regional Internet Registries, which are responsible for allocating numbering resources within their respective geographic regions; (5) accountability mechanisms such as arbitration procedures and selection of an ombudsman; (6) agreements with and more involvement from country code top level domain operators; and (7) an appropriate long-term strategy for selecting new top level domains.
If the MOU is amended in this manner, then ICANN should be afforded sufficient time to complete the agreed tasks. Thus, the Department intends to negotiate an extension of the MOU that is likely to exceed one year, while ensuring timely and steady progress is achieved. An extension of more than one year would allow for the completion and realization of structural and organizational changes that ICANN has initiated in the past year. It would also give ICANN sufficient time to seek and to provide opportunities for enhanced cooperation by all participants necessary to complete the tasks remaining under the MOU. The Department further is sympathetic to the view that a longer term for the MOU would permit ICANN to attract and to retain staff with the expertise critical to the success of this continued effort.
Protection of Intellectual Property Rights
The Department has long been concerned about the protection of intellectual property rights on the Internet. In order for the Internet to be a secure and stable network for electronic commerce, businesses must have confidence that their intellectual property can be protected in the online environment. The Department has worked for many years, domestically and internationally, to provide appropriate enforcement tools for U.S. intellectual property rights holders and to urge our trading partners to do the same.
In 1998, when the Department first set forth its statement of principles for private sector management of the Internet name and numbering system, it highlighted the importance of intellectual property issues. In particular, the Department’s Statement of Policy on the Privatization of the Internet Domain Name System on the Management of Internet Names and Addresses called for a dispute resolution policy to address cybersquatting as well as a “searchable database of registered domain names that provide information necessary to contact a domain name registrant when a conflict arises between a trademark holder and a domain name holder.”
The World Intellectual Property Organization (WIPO) responded to this call regarding cybersquatting by developing a Uniform Dispute Resolution Policy (UDRP) and recommending this policy to ICANN for consideration. The UDRP requires domain name registrants in all generic top level domains (such as .com, .org., .biz) to agree to an arbitration mechanism in the event that the domain name infringes a trademark holders rights. In 1999, ICANN adopted and implemented the UDRP as its first consensus policy. It is widely recognized as one of ICANN’s significant achievements.
The Department’s 1998 Statement of Policy also called for introduction of competition in the domain name registration market. In response, ICANN established a process in 1999 to accredit domain name retailers or registrars. This accreditation process for registrars was accepted by the Department and the U.S. intellectual property community as one avenue for addressing concerns regarding transparency and accountability in the domain name system. This process requires registrars to agree to collect and make available to the public contact information for domain name registrants.
This public domain name registrant database, known as the “WHOIS” database, serves many important public policy needs. For example, it allows intellectual property owners to determine the identity of those conducting piracy or trademark counterfeiting operations; Internet Service Providers, hosting companies, and network operators to maintain network security and investigate technical problems; law enforcement officials to investigate illegal activities online; and consumers to identify the commercial entity with whom they are dealing online. With regard to intellectual property owners, the WHOIS database provides a quick and effective way to reach a domain name registrant that might be engaged in intellectual property infringement.
Concern has been raised by privacy advocates and other national governments, however, about the administration of the WHOIS database, including the protection of the privacy of citizens who use the Internet; compliance with national laws that restrict the collection and availability of personal data; prevention of the use of WHOIS data for purposes of unsolicited commercial marketing; and prevention of personal contact information contained in the database from being used for purposes such as harassment or identity theft.
The Department of Commerce is working, along with the ICANN community, to explore the issues implicated by WHOIS and to find an appropriate balance among competing public policy interests to achieve a more accurate and available WHOIS database. A number of U.S. government agencies participate in a U.S. interagency working group that is examining what changes, if any, would improve the accuracy and availability of the WHOIS database. The Department’s National Telecommunications and Information Administration (NTIA) chairs that group, which also includes the U.S. Patent and Trademark Office (USPTO), the Federal Trade Commission, and the Department of Justice.
ICANN has provided a valuable international forum to seek consensus on WHOIS issues on a global scale. The Department participates in the ICANN discussions through its representation within the Governmental Advisory Committee. An NTIA representative sits on the Governmental Advisory Committee and works closely with the USPTO to ensure that the United States’ intellectual property interests are recognized and taken into account in ICANN’s policies.
Top Level Domain Registry Agreements
All ICANN agreements with generic top level domain registries include WHOIS database requirements. The newer registry agreements (e.g., .biz, .name, .pro) provide for more robust WHOIS data collection at the registry level. ICANN’s registrar accreditation agreements require registrars to collect, to maintain and to make publicly available, up-to-date WHOIS data for registrants in the generic top level domains. These agreements require registrars to have written agreements with each registrant to provide accurate registrant contact information, to update such data promptly, and to respond in a timely manner to a registrar’s request regarding the accuracy of such data. A registrant’s failure to meet these requirements constitutes a breach of this agreement that can result in the cancellation of that registrant’s domain name. In addition, ICANN adopted a new policy in June 2003, the WHOIS Data Reminder Policy (WDRP), which now requires all accredited registrars to contact each registrant, at least annually, to confirm the accuracy of their contact information or to make necessary corrections. Failure to do so can result in domain name cancellation. This new policy goes into effect as of October 31, 2003 for existing accredited registrars. All new accredited registrars must comply with this policy as of the date of their agreement with ICANN.
In addition, ICANN has established a central mechanism for receiving complaints about false WHOIS data. The “WHOIS Data Problem Reports” system has been operational for almost 12 months. During that time, ICANN has received 15,458 problem reports, concerning 10,271 unique domain names (some names were the subject of multiple reports). ICANN forwards complaints received to the relevant registrar for investigation and resolution under the terms of the registrar accreditation agreement. While most of the reports concerned inaccurate WHOIS data, some of the reports were general queries or misdirected attempts by registrants to update their contact information with their registrar. At present, the total number of all registrations in generic top level domains is a little over 30 million names (registrations in .com represent a little less than 25 million of that number). Thus, if all of the more than 10,000 reports received by ICANN over the course of the past year represent inaccurate data, these complaints would total only 0.03% of all registrations. ICANN is currently working to improve the functionality of this system, including making it easier for registrars to process and report on the status of individual investigations and making the operations more transparent for persons submitting problem reports.
These contractual obligations and reporting mechanisms are important tools for ensuring continued access to accurate WHOIS data. Concern has recently been raised by users of this WHOIS data that some ICANN accredited registrars may not be abiding by the terms of their agreements with ICANN. We share these concerns, and are thus gratified that ICANN’s new President and CEO, Dr. Paul Twomey, has demonstrated an understanding and commitment to resolving WHOIS issues, including enforcement of its registrar agreements. Enforcement should also improve as new staff is hired. Moreover, the new WHOIS complaint reporting system and newly adopted WDRP are important developments in improved WHOIS accuracy.
Lastly ICANN conducted an educational workshop at its June 2003 meeting to encourage dialogue within the ICANN community on WHOIS and to promote the development of consensus policies to address concerns. As a favorable response to this workshop, several stakeholder groups, including the intellectual property community, have begun additional work on the technical and policy aspects of collection and dissemination of WHOIS data.
Country Code Top Level Domains
Appropriate tools for intellectual property enforcement are equally vital in the context of country code top level domains. Sales of these country code top level domain names, such as those within .uk, are growing at a faster rate than sales of generic names, such as .com. Because it has very few agreements with operators of country code top level domains, ICANN can only attempt to influence best practices in these domains, including the development of accurate and available WHOIS databases. Moreover, registrar accreditation agreements currently apply only to registrations in generic top level domains. Through informational sessions and discussions on the many uses of the WHOIS database, such as the June 2003 workshop, the Department expects many country code top level domain operators to acquire a better appreciation for the expectations of other ICANN constituencies regarding the accuracy and availability of WHOIS data in those name spaces, and to adopt practices consistent with those expectations.
Achieving stable agreements with country code top level domain operators should be one of ICANN’s top priorities. While ICANN continues to make progress towards establishing such agreements, forward movement has been slow. ICANN must develop a framework agreement that not only appeals to the majority of country code top level domain operators, but also recognizes differences in national law and other national sovereignty concerns. In this regard, the Department is pleased that the ICANN Board recently adopted bylaws creating a new supporting organization representing country code top level domain name operators. This supporting organization will be an important forum for ICANN to address policies on cross-cutting issues such as WHOIS and in working towards a country code framework agreement.
In the ICANN forum, the Department has actively encouraged the adoption of a dispute resolution policy to address cybersquatting as well as the collection and public availability of registrant contact information in country code top level domains. The Department uses its own agreement with the operator of the United States country code top level domain, “.us,” as a model of the way that such a domain can be administered consistent with intellectual property protection. Provisions in the .us contract with NeuStar, Inc., include a sunrise period for pre-registration of trademarks when the expanded name space came online, a dispute resolution procedure to address cybersquatting, and a robust WHOIS database of domain name registrant contact information. Moreover, the .us WHOIS database is centralized at the registry level to permit any interested party to search all registered names in .us without having to conduct multiple searches of the data collected by individual .us registrars.
The Department’s efforts to protect intellectual property rights in the domain name system have not been limited to its relationship with ICANN. The Department, through the USPTO, participates in WIPO, an important global forum for the debate of intellectual property issues including those pertaining to the digital environment. At the request of the United States and other WIPO members, discussions on appropriate WHOIS policies for both generic and country code domain names have long been underway. In 2000, WIPO launched a program to assist country code top level domain managers in the design of appropriate domain name registration practices, including WHOIS database and dispute resolution procedures. In 2001, WIPO published Best Practice Guidelines for country code top level domain managers that set forth minimum standards for the protection of intellectual property in the country code top level domains. The WIPO guidelines will be an important resource for ICANN’s new country code supporting organization.
The Department is also addressing these issues in bilateral free trade agreements by advocating that these agreements include commitments by governments that their country code top level domain operators will provide WHOIS-type registrant information and a cybersquatting dispute resolution procedure. As a result of this advocacy, such provisions were included in the free trade agreements between the United States and Singapore and the United States and Chile.
Conclusion
The Department remains committed to enforcement of intellectual property rights in the digital environment. We recognize that accurate and available WHOIS data is also a useful tool for law enforcement officials, network operators, and consumers, among others. For these reasons, the Department will continue to advocate in ICANN fora and other appropriate venues for a more accurate and available WHOIS database and will work to ensure that U.S. intellectual property rights holders are provided appropriate enforcement tools in generic and country code top level domains.