[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Privacy Problems with the IAHC New TLD Report SLD Policies



The International Internet Ad-Hoc Committee released its report
on new Top Level Domains for the Internet.  It's interesting,
and resulted from much political wrangling and religious conflict,
and for the most part I think it's taking a reasonable approach
to the problems, and I'm certainly not going to go postal like
Postmaster Karl Denninger :-)  A few particularly nice features:
	- .nom TLD, for name-based domains
	- Multiple registrars per name space, reducing the monopoly problem
	- trying to keep governments or PTTs from controlling it,
		though it's a bit big-business oriented for stability reasons.
Mostly I wasn't worried, because sensible people were going to make 
sure they didn't do anything totally disastrous.

Apparently I _should_ have been watching more closely, because the SLD
_Second_ Level Domain part has some policies that seriously interfere
with the privacy of potential domain name users.  
References and long quotes are below...

To a large extent, they've been trying to avoid getting stuck in
trademark problems by collecting lots of information and defining
jurisdiction.  
In the process, they're asking you to sign away your first-born child
in return for getting your name in the Yellow Pages(tm),
and they're requiring all the Registrars to reject your application
unless you do.  

The rules are especially inappropriate for the .nom domain,
which is for personal names and such, and don't need overkill.
There's a place for serious high-value commerce behaviour,
and much of this isn't too inappropriate for .firm - but even that
ignores the radical communication-pushed changes in the economy 
that make everybody able to run a worldwide business. 

It's not just that they want your email address (highly reasonable)
or your phone and physical address (ought to be optional) or your 
IP address (they don't ask) or domain name (ok) or digital or written
signature.
It's not even just obnoxious things like demanding that you 
swear (against _my_ religion...) to a bunch of things, like
"the reason for requesting this particular domain name"
or what you're planning to do with the domain name (perfectly reasonable
things to ask for as optional extras, and business may want to reveal these,
but "Decline to State" or "" or "MYOB" are perfectly reasonable responses.)

It's things like designating an agent for service of process, and
"submits to the personal and subject matter jurisdiction and venue of a 
competent tribunal in the country where the registrar resides".
Aside from believing that you ought to be able to choose what governments,
if any, you're going to subject yourself to, I'd also expect that this
would be
annoying to people who don't live in one of the <=28 countries that
get Registrars in them.  And certainly if you're going to designate
someone as an agent for service of process (you can use the Registrar)
there'd better be some contractual language available so you can tell
what you're swearing to.

Is it reasonable to have a policy that users need to indicate 
how they'd like to receive communications about name and trademark disputes?
Sure.  And that they hold the Registrar harmless in such disputes?  Probably.
And which dispute resolution organization they're willing to have
resolve disputes over names (a _much_ milder statement than
"submit to personal and subject matter jurisdiction"....)?  
Yeah, even if the default is "the Registrar can disconnect your name
if you don't respond to trademark complaints in N days."
Certainly the Registrar ought to have some options here.




======================== REFERENCES ===================================
The Final Report is at http://www.iahc.org/draft-iahc-recommend-00.html
	(nice name for a "final" report :-)
The Application Forms for SLDs aren't in the draft on the web page,
	so I'm assuming they're referring to something similar to the
	December draft's Appendix.
Mailing list archives are at http://www.iahc.org/iahc-discuss/

==========================================================================
	QUOTES FROM THE REPORT
==========================================================================
6.1.5 Second-Level Domains
SLD application 
Application for a second-level domain name must include: 
     Sufficient contact and intended use information
     Appointment of an agent for service of process
     Agreement to jurisdiction in the event of trademark litigation.
     Mediation and arbitration clause (discussed in a later section) 

A separate document entitled "SLD Applications" (see section 1.4) contains 
the information that must be included in a SLD application.
Applications submitted electronically must include state of the art 
electronic identification; written applications must be signed by the
applicant, if an individual, or by an officer or other legally authorized 
representative if the applicant is an entity. 

Renewal and non-use 

To promote accountability, discourage extortion and minimize obsolete
entries, 
SLD assignments must be renewed annually. 
Appendix B, attached, includes the information that must be included 
in a renewal application. Renewal applications submitted 
electronically must include state of the art electronic identification; 
written renewal applications must be signed by the applicant, 
if an individual, or by an officer or other legally authorized 
representative if the applicant is an entity. 

In addition to requiring annual renewal, CORE will develop policies 
to ensure the recovery of sub-domains which no longer have an
authoritative source (lame delegations). 

6.2 Discussion

In order to ensure consistency of basic service across registrars, 
certain information is required in all applications for SLDs under
gTLDs. It is desirable that a domain name application include 
sufficient information regarding the applicant and the applicant's intended
use of the domain name to ensure applicant accountability 
and to ensure that sufficient information is available to enable trademark
owners to assess the need for a challenge to the proposed SLD domain. 

================= [more stuff]
================================================
7.1.3 Publication

All applications for SLDs in the gTLDs will be published on a 
publicly available, publicized web site, immediately upon receipt 
by the registrar. Such publication entries will include: 
     Name of the SLD;
     Contact and use information contained in the application;
     A permanent tag or label (created by CORE) indicating whether 
       the applicant chose the option of waiting 60 days prior to
       assignment of the requested SLD or chose to forego the 60 day wait;
     Entry validation using accepted digital signature and timestamping
techniques. 
Those applicants choosing not to wait will not be in a position to claim 
the defensive benefit of the waiting period against a challenge,
at any time, by a trademark owner. 
===================================================


=======================================================================
	APPENDIX FROM DRAFT - SLD APPLICATION REQUIREMENTS
=======================================================================
11.1 Appendix A - SLD Application Requirements

Every application for assignment of a SLD must include the following elements 
(incomplete applications must be returned to the applicant for completion): 

   1.Applicant's name, business or residential address, email address, 
	fax and phone number(s). 
   2.The state or country of incorporation or partnership (if applicable). 
   3.The name and address of a designated agent for service of process 
	where the registrar is located, which may be the applicant
      in the case of an individual. (The applicant may designate the 
	registrar as the agent for service of process.) 
   4.A sworn statement by the individual applicant or by an officer or 
	general partner of a corporate or partnership applicant: 
        1.that there is a bona fide intent to use the domain name publicly 
		within 60 days of registration, and a bona fide intent to
		continue such use in the foreseeable future; 
        2.that the domain name will be used for [fill in the blank, e.g., 
		"for a web site to advertise applicant's candy 
		manufacturing business"]. This may be a broad statement and is 
		not intended in any way to restrict actual use. However,
		to the extent that a commercial use is intended, this statement 
		should identify the industry in which the use is intended to
		be made and should indicate which of the following uses will 
		be made: web site, email, bulletin board and/other describe); 
        3.that the applicant believes that the intended use of the 
		domain name will not infringe any rights of any other party; 
        4.that the reason for requesting this particular domain name is 
		that it conforms to [check one of the following]: 
	     ___ applicant's company name or variation thereof 
	     ___ applicant's trademark or variation thereof 
	     ___ individual applicant's name or variation thereof 
	     ___ other (provide full explanation) 

   1.that the applicant submits to the personal and subject matter
	jurisdiction and venue of a competent tribunal in the country 
	where the registrar resides for purposes of any action brought 
	under trademark law, unfair competition laws, or similar/related 
	laws arising out of actual or intended use of the domain name 
	applied for; and applicant waives all rights to challenge such personal
	jurisdiction, subject matter jurisdiction and/or venue. 

============================================================================
========





#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)