[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ICANN Draft Accreditation Guidelines: Comments

ICANN Draft Accreditation Guidelines: Comments

Ed Gerck*


proposed Guidelines for Accreditation of Internet Domain Name Registrars
and for the Selection of Registrars for the Shared Registry System
Testbed for .com., .net, and .org Domains [ICANN]. These Guidelines will
be used in competitive registration services for DNS designations
worldwide, and thereby will impose rules upon anyone that will need to
register a DNS -- also private users, not only companies. The question
asked by ICANN for public comments is whether the proposed regulation in
[ICANN] is adequate and  fair for its intended purpose.

Bell Atlantic issued comments [Bel99] to [ICANN], with a partially
negative answer --  "... the current proposal needs to be amended to
provide additional appropriate protections for intellectual property
rights, and additional requirements for the protection of the
intellectual and physical security of the databases." -- while calling 
for less privacy measures in domain name registration.

This essay verifies that this call is neither justified nor needed. In
fact, there is no reason not to support and deal with anonymity,
wherever legally allowed. The essay also deals with a possible
commercial solution for the Internet anonymity and accountability
problems in relationship to business, which can be commercially deployed
by Bell Atlantic and other phone operating companies. But, which has
nothing to do with ICANN's jurisdiction nor with the [ICANN] Guidelines,
nor with Internet Domain Names per se.

Finally, this essay supports some other views of Bell Atlantic, but
specifically in the suggestion that domain names not be squandered or


Based on eight basic features, I show in [Ger99] that Internet Domain
Names are simply ... names or, bags of bytes. In order to be valid as a
trademark they would have to be stable in time, objective and purposeful
-- which they are not and were never designed to be [Rut99]. Internet
Domain Names are a convenient mirage on the Internet. They cannot be
used to associate a business with a product; they are not even reliable
as Internet addresses. Any trademark extent added to them is not
warranted by the supporting Internet infrastructure and protocols -- and
would actually hurt security since negated Internet assumptions would be
raised to the level of WIPO facts. So, their use as a mark would deny
the minimal properties that WIPO member States have agreed upon to
define what a mark is -- as a mark is not simply a name. And, WIPO would
need to affirm what Internet security protocols need to deny.

Thus, the arguments in [Ger99] indicate that DNS references cannot be
meaningful in a trademark system -- which would be essential to support
the trademark issues raised by Bell Atlantic in [Bel99].

However and according to a suggestion in the conclusions of [Ger99],
which  was published after [Bel99], let us suppose however, for the sake
of the argument here, that indeed Internet Domain Names may be provided
with an additional and optional secure challenge response certification
system that could allow their justified extension into the trademark

Thus, in an ad hoc basis the next item will investigate what we could
expect in regard to trademark abuse derived from such extended
certification of DNS references, based on current data. Note, however,
that this has nothing to do with ICANN's propositions in [ICANN], that
only deal with DNS references (names).


Bell Atlantic contends that we are witnessing widespread trademark abuse
in DNS references, as provided in several DNS registrars worldwide,
which have gone out of current controls and seriously menace previous
rights by trademark owners -- specially famous marks like "BELL".

However, this conclusion is not supported by the arguments that Bell
Atlantic themselves present in [Bel99], even under the extensions of
item (I) above and if any name is considered to be a mark (to which WIPO
would surely object).

To wit, I analyze the main paragraph of [Bel99] on this topic:

II.1. "The scope of infringing activities is staggering. As Bell
Atlantic testified before the WIPO Panel of Experts, over a nine month
period we logged nearly 600 separate instances of infringement for our
famous BELL
mark in the existing gTLDs -- .com, .net and .org alone. "

As usual, data without a verifiable context has no meaning -- but may
impress a casual reader, so it is a usual market technique for a hidden
persuader factoid. 

First, Bell Atlantic did not report how the "BELL" trademark was
identified in the DNS references. Perhaps, they mean any DNS
registration that uses the word "bell" within other letters, defining
the occurrence of trademark infringement regardless of use, likelihood
of confusion, commercial nature of the site, etc. [Mue99]. Given that
"BELL" is a pretty common English name and is also present in other
languages, also inside words, it is probably an overstatement to
consider  every occurrence of "bell" a trademark infringement on Bell
Atlantic's "BELL" trademark -- for example, is the site www.
belle-epoque.com a problem? Or, the threat of www.bellow.net? But,
perhaps, Bell Atlantic means only registrants attempting to use the word
"bell" which are actually connected to telephone products and services.
Thus, since Bell Atlantic does not report on these issues, I will
consider the best case for their analysis and total in all 600 cases --
also without taking into account rejoinders by the other side.

Second, NSI reports in http://www.netsol.com/nsi/facts.html that it
currently receives 500,000 applications/quarter -- so, approximately
1,500,000 in a nine month period. The Bell Atlantic's reported number of
DNS problems, in their terms (i.e., as above), is only 0.04% of all
cases of DNS registration. 

The third question is how much reported "BELL" possible copyright
infringements are reported on average for a nine month period from other
sources -- such as business names registrars, copyright registrars,
simple use, etc. Given the novelty of the Internet, even without
comparative data that would be necessary to access the relative
importance of that 0.04%,  I believe that 0.04% of all cases is not an
issue that justifies harassing 99.96% of all cases. 

II.2. "Lack of trademark protections and differences in national
trademark laws also creates legal uncertainty for U.S. trademark holders
who seek to protect their rights abroad. "

Not pertinent to the issue -- argument rejected.

II.3. "Based on the testimony of Bell Atlantic and many other brand
holders, the World Intellectual Property Organization will soon be
issuing final recommendations to ICANN. "

Testimony not included -- argument rejected.

Thus, this entire argument line of nearly 600 cases in a nine month
period seems to contradict itself. However, 0.04% of all cases is not an
issue that seem to justify harassing 99.96% of all cases -- and may just
be included in the usual cost of doing business and defending one's own
viewpoints in a competitive global society.


The paragraph analyzed in item (II), of empty content as given in
(II.1), (II.2) and (II.3) above, was however used in [Bel99] as the
logical support for the next paragraph in their text:

 "In view of this history of brand abuse under the current system that
Bell Atlantic and the other members of the Private Sector Working Group,
INTA (sic), AIPLA, ICC and other members of the business community have
well documented,... is a problem that should be among the top issues to
be considered and addressed directly in the goals and principles of
registrar accreditation. "

which is simply a non sequitur. The opening phrase "In view of this
history of brand abuse..." is floating in vacuum. Bell Atlantic has
provided no such history of brand abuse. Simply saying that they did is
not acceptable in a paper that relies on that hypothetical and
never-provided data to "prove" a point -- actually, the main point in
that paper ("is a problem ...").


Bell Atlantic can certainly find many telephone numbers in the world
which can be dialed as CALL-BELL ...which they then could choose to
designate as mark infringements by interpreting those numbers in the ABC
code. And, not only leading to many more than 600 cases (as they report
for the entire Internet) but all linked to telephone services -- the
actual application area of their mark "BELL". However, all legally
allowed uses -- since they are simply routing designations. Similarly,
on the Internet. Which seems to deny the reasoning of [Bel99], as
derived from a pre-existent and similar case.


The following section of [Bel99], right afterwards, affirms:

"We are, therefore, disturbed by the language in Guideline 4 that limits
a registrars information only the information required to make a
registration.  That phraseology suggests that there could be even less
information identifying domain name holders than is available today. 
For example, the language of the proposal suggests that perhaps not even
all the information currently available under NSIís WHOIS database would
remain available under a new system.  Without at least that much
information, a substantial question remains whether registrars would
even have the records needed to permit a trademark holder to find out
who an infringing domain name holder is."

Thus, in order to substantiate its call for less privacy, this section
is  essentially confusing "who" or "reaching the culprit" (which may
never be possible, and was so even before the Internet [Boh97]) with
"reaching the culprit's address" or "where"  -- which is much more
simplified by today's public and open lines with automatic billing and
detailed traffic-signal recording for worldwide billing purposes under
strict non-repudiation limits (as phone companies must have). As Bell
Atlantic must know, with all tracing possibilities for SMTP, HTTP, ping,
traceroute, phone ID, phone call routing, postal mail, bank cash-order
tracing, etc. 

So, while it is true that anonymous remailers may not be traceable for
their users --  their physical access lines can be traced and cut off as
they have been, by court decisions. Effectively providing means for
stopping the harmful activity.


In the paper, Bell Atlantic asks for less privacy for DNS registrants,
in the name of more security for trademark owners. 

This seems to parallel a recurring theme that I call the "privacy versus
security paradox" [Ger98a] and I find exemplified in several cases where
networks of networks are involved, as in the Internet -- when no one
controls both sides and multiple subjective-logic issues have to be
addressed in a peer-to-peer objective approach. But, of course, privacy
cannot be properly traded off for security. Once lost, privacy is lost
for life -- while security is a short-time asset.

However, I find that the Bell Atlantic paper [Bel99] is not a
consequence of such unavoidable paradox, as the type of security they
need would not be enhanced by what they propose, nor needs it  -- see
item (V).

As it stands and as analyzed in item (II), [Bel99] base their call to
reduce user privacy mostly on a sequence of unsubstantiated factoids,
which are raised to the level of "evidence" a while later -- but which,
even if correct, actually undermine their call into less privacy and
more regulation. Thus, following [Bel99] would imply harassing and
encroaching into the privacy of 99.96% of all users.


The Bell Atlantic paper stands for the understanding that names are
trademarks per se, which principle is negated by WIPO worldwide -- even
though WIPO itself is attempting to deny this principle to Internet
Domain Names, which is being questioned by Michael Froomkin [Fro99] in
some of its legal aspects and myself [Ger99] in some of its technical

But, [Bel99] attempts to deny other legal principles, as indicated in
item (IV) by a parallel with telephony. 

Also, we must protect responsible use of anonymous speech. Anonymity has
been useful very often in history and, I remind, is allowed in the
United States and in several countries. US President Nixon was accused 
of criminal acts and faced an impeachment motion which led to his 
resignation, based on data from the anonymous speaker "Deep Throat" -- 
whose identity was protected.

However, following the call for less privacy in [Bel99] would go against
these previous legal principles and rights -- specially the right for
anonymous speech -- and their usefulness, with practically no security
gain as discussed in other items. Further, next item discusses a
possible solution to the security issues even when anonymity is
considered, which makes its denial even more quiestionable.


Useful as it is for one-way speech, anonymity poses -- by definition --
several difficulties for two-way communication and even for the flow of
monies and goods in a public environment since the anonymous party
cannot be reached by the public. Even if untraceable electronic cash or
cryptographic cash tokens would be used, the recipient of these monies
would be strongly restricted by money-laundering bars being enacted
throughout the world.

Further, anonymity does not preclude an ISP call or an Internet link to
be correctly traced -- as any phone system operator must know and use
when they want to charge for the call even across different systems,
satellites and countries. 

Which is Bell Atlantic's field of expertise. And, perhaps, a business
opportunity -- Bell Atlantic and other phone companies can provide that
service to customers that want to find the physical whereabouts of
potential intellectual property offenders. Possibly, I argue technically
in item (V),, with even less privacy information than required today. Of
course, this should need a court order in most countries. But, the
isssue here is that it is possible and does not need to potentially
jeopardize the privacy information from +99,96% of all users -- further
denying the call for less privacy in DNS registry in the name of more
security for trademark owners.


This essay is not a dismissive appraisal of all of [Bel99]. Some of its
other suggestions may be useful to decrease what is usually called the
"tragedy of the commons" -- arising when a  public resource is degraded
by over-use from a group of "commons". As I argue in [Ger98b], the onset
of degradation can however regulate the over-use by calling attention to
the fact. This is essentially what [Bel99] does, when it remarks:

"We would also suggest that domain names not be squandered or brokered. 
We recognize that domain names are not conceptually identical to
telephone numbers; in particular, unlike telephone numbers, they are not
a resource subject to exhaustion.  However, in an important regard, they
are not unlike telephone numbers in that they are a public resource
whose principal use is to identify a unique person or entity for the
purpose of enabling communications to take place efficaciously. 
Practices such as number hoarding are inconsistent with this purpose
and, therefore, are not permitted in the public telephone network.  We
believe that the practice of "cybersquatting" is equally inappropriate
in the context of the Internet and should be stopped."


In summary, on the subject of supporting privacy restriction measures,
the Bell Atlantic paper contains a sequence of unsubstantiated factoids,
which are raised to the level of "evidence" a while later -- but which,
even if correct, may actually undermine their call into less privacy and
more regulation, as the essay shows in item (II). Harassing 99.96% and
encroaching into their privacy is hardly justifiable.

In particular, Bell Atlantic asks in [Bel99] for less privacy for DNS
registrants, in the name of more security for trademark owners. This is
however not needed in order to further protect what trademark law
already grants. 

In fact, this essay argues that [ICANN] should indeed allow for more
privacy and anonymous entries where legally alowed, since miscreants can
be technically localized even if perhaps not identified -- which problem
is not unique to Internet communication [Boh97].

Further, it is argued that a possible commercial service that Bell
Atlantic and others might provide could be a much more effective way to
supply localized a posteriori accountability without an a priori and
general loss of privacy.

Another aspect is that an Internet site may have a perfectly
non-descriptive and non-trademarked name, such as www.123abc.com and
still infringe several trademarks by its contents and goods sold --
which means that the commercial solution mentioned above may even solve
real problems which were not mentioned by Bell Atlantic.

This essay supports however some other views of the Bell Atlantic paper,
but specifically in the suggestion that domain names not be squandered
or brokered.


[Fro99] Froomkin, M. "A critique of RFC3" in
http://www.law.miami.edu/~amf/critique.htm - 1999.

[Bel99] Bell Atlantic, "Comments of the Bell Atlantic Corporation on the
ICANN's Draft Registrar Accreditation Guidelines" in

[Boh97] Bohm, N. "Authentication, Reliability and Risks", in

[Ger98a] Gerck, E., "Dr. Faust's Internet Dilemma", in
http://www.mcg.org.br/faust.htm - 1998.

[Ger98b] Gerck, E., "Towards real-World Models of Trust: Reliance on
Received Information", in http://www.mcg.org.br/trustdef.htm - 1998.

[Ger99] Gerck, E., "Arguments for recalling WIPO RFC3", in
http://www.mcg.org.br/wiporfc3.txt - 1999.

[ICANN] "Guidelines for Accreditation of Internet Domain Name
Registrars", in http://www.icann.org

[Mue99] Mueller, Miltoin <mueller@syr.edu>, thanks for private comments.

[Rut99] Rutkowski, A.M.,"Internet Transitions: the assigning of names
and numbers," 3 IEEE Internet Computing  No. 1, Jan/Feb 1999, and
private comment:

'In a sense, all of this came about because the "mother of Internet
names," the former Peggy Karp (now Weir) in Sept 1971 proposed that
networked machines should have names.  See RFC206.  It was her rejoinder
to Jim White's suggestion a few weeks before that they should have "call
letters." Peggy wrote the implementing RFC and the first host table. The
DNS - and with it the notion of "domain names" - occurred simply to
distribute the growing maintenance problem of the table.  Domain names
are literally just maintenance zones for the construct of host names;
just pieces of a "name expression." '


* Copyright © 1999 by E. Gerck, e-mail: egerck@mcg.org.br. All rights
reserved, free copying and citation allowed with source and author