Domain names – like globalvoicesonline.org – are often tools of individual and group expression; not so much through expressive content of the strings themselves, but through the speech hosted at a domain, the conversations carried on through URLs and hyperlinks, and the use of domains to route email and other messaging. Domain names provide stable location pointers for individuals’ and groups’ online speech; as such, they also present possible chokepoints for censorship and suppression of speech. That is why the decisions made by the Internet Corporation for Assigned Names and Numbers (ICANN) matter for people around the world who use the Internet to speak out against repression.
Law enforcement demands to domain name registrars were a recurring theme of the 42nd ICANN public meeting, concluded last week in Dakar. The Governmental Advisory Committee (GAC), representatives of nation-states who hold an advisory role but no voting power in ICANN's policy-making process, met with the ICANN Board and Generic Names Supporting Organization (GNSO, one of ICANN's multi-stakeholder policymaking bodies through which domain policy is debated and recommendations are made). In these meetings and in their concluding Communique, the GAC representatives were quick to express dismay and disappointment, demanding urgent action to “reduce the risk of criminal abuse of the domain name system” According to the GAC, ICANN's domain registrars must do more to fight online crime.
This conversation about domain name abuse benefits from a multi-stakeholder environment, where it can include domain registrars, registrants, and Internet users, along with law enforcement representatives. Broad debate helps because the question is not just how to “mitigate criminal activity using the domain name system,” but how to recognize criminal activity at the DNS level, how to implement due process to protect legitimate online speakers from abusive or mistaken takedowns, and how to protect the privacy and security; of non-criminal users of the domain name system.
ICANN's processes, particularly the Generic Names Supporting Organization (GNSO) Policy Development Process, are designed to bring these viewpoints together and find consensus. The Generic Names Supporting Organization has representatives from domain registries, registrars, business, and non-commercial users. (I sit on the GNSO Council as a Non-Commercial Stakeholder Group representative.) Governments are invited to participate in these processes, as well as having a specially privileged role to give “Advice” to the ICANN Board, which the Board must explicitly consider. The rights of domain registrants and Internet users depend on the terms of the Registrar Accreditation Agreement between domain registrars and ICANN. Under all the acronyms lie important issues of free expression.
Yet the U.S., speaking through the GAC, demanded a bigger stick and a smaller discussion, asserting that domain registrars should have unilaterally acceded to the 12-point law enforcement demands instead of going through community comment, negotiation, and discussion. The U.S. cannot simultaneously seek public support for multistakeholder processes while attempting to circumvent those processes in action at ICANN. Thus I welcome the ICANN Board's resolution starting an Issue Report for the GNSO to consider issues for RAA amendment.
Now some of the law enforcement demands — publication of a contact address, identification of registrars’ principals — appear relatively innocuous, but even those could be the prelude to assessing intermediary liability and pressure on those who facilitate speech. More troubling, law enforcement wants to force registrars to do extensive verification of domain name registrants’ identities, and to constrain the privacy and proxy services that currently permit registrants to shield identities and addresses from public disclosure.
In responding to law enforcement requests for the publication of registrar contact information, the potential impact on free expression is indirect but not insubstantial. In response to law enforcement requests for “registrar cooperation in addressing online crime,” the resolution considers a requirement that registrars “must publish on their respective web sites e-mail and postal mail addresses to which law enforcement actions may be directed.”
If we could be sure that the requests would relate only to activity universally agreed to be criminal, from law enforcement agencies following due process of law and respecting human rights, the proposed requirement would be uncontroversial. As legal regimes and their approaches to human rights are not uniform, we cannot make that blanket assumption. Registrar contacts could be used to censor.
I don't want to interfere with legitimate law enforcement. I do want to specify explicit procedure and limitations so that these contact points do not become points of control through which registrars can be pressured into removing domains that provide access to critical or “inharmonious” speech. To that end, it's important that the discussion take place in the GNSO forum where civil society is represented to raise these concerns and develop procedural protections.