All this week, EFF is at the annual general meeting of ICANN, the global multi-stakeholder regulatory authority for Internet domain names and IP addresses. Our focus during this meeting is on speaking out against the increasing use of the domain name system as a mechanism for content censorship. During two presentations on Tuesday, we presented this in the form of a short and simple message to ICANN, to the registries who operate its top-level domains, and the registrars who offer domains to the public: don't pick up the censor's pen.
Back in August, you may recall that domain name registrars GoDaddy and Google both terminated service to the publisher of the odious Nazi website Daily Stormer, in a move that, while popular, set a dangerous precedent. Since then, other domain registrars regrettably followed suit when the Daily Stormer tried to register new domains with them. These included Namecheap, whose CEO Richard Kirkendall explained his decision by saying:
The fact is, this should have never had to be our decision. Yes the domain fits into our description of what constitutes incitement of violence and I believe that their violation of our ToS would hold up in a court of law. … But is this the right thing for freedom of speech and should a registrar be the one making this decision? I don’t think so. In a perfect world, a registrar should be able to remain neutral in these situations regardless of public opinion but the fact of the matter is that this cannot happen in reality.
Not all domain registrars are created equal when it comes to what content they allow to be associated with their customers' domains. GoDaddy has often failed to protect the speech rights of its customers, having suspended protest websites without receiving any court order or following the kind of accountable process that we recommend. We're hopeful that new leadership at GoDaddy will reverse this trend. But in many ways what Google did was more dangerous; it not only cancelled Daily Stormer's domain, but also placed it into an unusual "ClientHold" status which prevented it from being moved to any other registrar. Google effectively took that domain name, driving Daily Stormer to a Tor hidden service and setting the precedent that a domain name can be taken from a customer by any registrar who happens to manage it.
The Internet Governance Project has looked into the different practices of registrars in this regard, in a research paper titled In Search of Amoral Registrars: Content Regulation and Domain Name Policy [PDF], which it released this week at the ICANN meeting in Abu Dhabi. The paper's authors examined the Terms of Service (ToS) that apply to more than 2,300 domain name registrars, to find out how many have clauses of the kind used to justify the cancellation of Daily Stormer's domain, such as a term that prohibits the domain being used for "morally objectionable activities".
They found that registrars with such "morality clauses" in their ToS, or an operational equivalent, comprise around 59% of registrars, covering approximately 62% of the domain name market. Importantly, they also found that the inclusion of such discretionary policies was concentrated in particular regions; for example only three of the top registrars in Asia and Australia would require a court order before removing a domain. This means that if a registrant wishes to register a domain using a local currency from a website in their local language, they may be at higher risk of seeing that website disappear if a third party requests their registrar to take it down.
Exacerbating this is a provision in ICANN's 2013 Registrar Accreditation Agreement (RAA) that allows ICANN to take action against registrars who fail to respond appropriately to reports of domain name "abuse" (an ill-defined term, as we will discuss in another post in this series). The authors conclude:
Robust competition amongst registrars is likely to mitigate arbitrary and harmful use of their discretion regardless of what’s in their ToS. But the merits of competition disappear if ICANN imposes uniform requirements on registrars to take down domains for content related reasons, for instance through Section 3.18 of the RAA. ICANN policy should make a clear distinction between illegal content and abusive domains; in the latter case the domain itself is causing the problem, e.g. through deception, trademark infringement, support for botnet operations, etc. These problems fall within the remit of domain name regulation. But illegal content is not. The ICANN RAA should be amended to protect registrants against arbitrary or discretionary take downs of their domains based on the content of their site.
We agree. Domain name registrars are part of the technical infrastructure of the Internet on which we all depend. Just as net neutrality demands that our Internet Service Providers not discriminate between the types of content that they serve up to us over our home or mobile Internet connections, so domain registrars should hold a similar position of neutrality about the Internet content associated with the domains registered by their customers. If domain names can be taken away at the whim of a registrar, perhaps under pressure from a vocal public, a powerful industry group, or a government seeking to censor critics, then any website or app is at risk of censorship, without accountability. This doesn't mean that nothing can be done about illegal or undesirable content hosted at a domain—rather just that registrars aren't the right party to wield the censor's pen.