EFF is at ICANN's 60th meeting in Abu Dhabi this week. Along with other members of ICANN's Non-Commercial Users Constituency, we are here to stand up for the rights of ordinary Internet users in the development and implementation of ICANN policies over Internet domain names. In two previous posts, one focused on ICANN's registrars (those who sell domain names to users), and the other focused on its registries (those who administer an entire top-level domain such as .org, .trade, or .eu) we have highlighted how these parties can become free speech weak leaks for censorship of online speech.
In this the third installment in that series of posts, we turn our attention to ICANN itself. For years now, ICANN has been under pressure from its own powerful Intellectual Property Constituency (IPC) and from law enforcement agencies to take stronger action to eliminate objectionable content from the Internet by facilitating the cancellation of domain names. In June 2015, ICANN addressed these demands in a blog post with the self-explanatory title, ICANN Is Not the Internet Content Police.
But as you might have expected, that hasn't been the end of it. And ICANN largely has itself to blame, by including in its 2013 revision to its agreement with registrars a provision requiring registrars to "receive reports of abuse involving Registered Names" and to "take reasonable and prompt steps to investigate and respond appropriately." This leaves ICANN open to an argument that goes, "No of course we are not asking you to become the content police, we are simply asking you to enforce your own contracts with registrars, when they refuse to carry out their obligations to be content police."
ICANN appears to have voluntarily taken on further responsibility for addressing "abuse involving" domain names through its appointment this year of a Consumer Safeguards Director with a background in law enforcement. EFF attended and reported on the first webinar held by the new Director, in which he downplayed the significance of his role, stating that it does not carry any enforcement powers. Yet a draft report [PDF] of ICANN's Competition, Consumer Trust and Consumer Choice Review Team recommends that strict new enforcement and reporting obligations should be made compulsory for any new top-level domains that ICANN adopts in the future. ICANN's Non-Commercial Stakeholder Group (NCSG) has explained [PDF] why many of these recommendations would be unnecessary and harmful.
A subteam of this same Competition, Consumer Trust and Consumer Choice Review Team has also recently released a draft proposal [PDF] for the creation of a new DNS Abuse Dispute Resolution Procedure (DADRP) that would allow enforcement action to be taken by ICANN against an entire registry if that registry's top-level domain has too many "abusive" domain names in it. One of the top-level domains that has been highlighted as having a large number of "abusive" domain names is .trade, which EFF uses as the domain for its Open Digital Trade Network. If this proposed DADRP goes ahead, registries could come under pressure to go on a purge of domains if they wish to avoid being sanctioned by ICANN.
Many of the above ICANN initiatives turn upon the question of what activities constitute "abuse involving" a domain name. This week, the NCSG issued a statement, which EFF participated in developing, that adopts a clear position on this pivotal question:
Domain abuse involves cases in which the domain itself is causing problems, such as domains that facilitate fraud and exploit confusion, support phishing via confusing or deceptive strings, or domains that support botnet command and control operations.
We are concerned that the concept of “domain abuse” is being stretched to include various forms of allegedly “illegal” or “undesirable” content on webpages, listservs and email addresses associated with domain names. This includes the use of domain names for political speech, personal expression and competitive discussions. An overly-broad definition of “domain abuse” would require ICANN or contracted parties to become a decision-maker or judge on whether a webpage was a copyright-infringement or fair use, involved legal use of a trademark to criticize a company’s products or practices or trademark infringement, and whether hate speech, whose definition and legal status varies from country to country, was legitimate or not.
We believe that content that is allegedly illegal or objectionable is not “domain abuse” and is best addressed through other, well-established legal and regulatory methods, or through cooperative and self-regulatory action by Internet service providers. Neither ICANN nor its contracted parties should try to make DNS policy become the vehicle for global content regulation.
This statement draws a line in the sand. ICANN has an important role in helping to keep the DNS system itself secure against malicious actors. Going beyond this line would require ICANN to adjudicate claims about the legality or propriety of particular Internet content. ICANN is not equipped for this role, and lacks legitimacy as a content regulator. Claims about the legality of Internet content should be resolved by courts of law, not by a DNS administrator nor by its contracted parties. ICANN should retain its existing, limited role in the technical administration of a secure and stable domain name system—and should not pick up the censor's pen.