Privacy Problems with the IAHC New TLD Report SLD Policies
Bill Stewart
stewarts at ix.netcom.com
Sat Feb 8 07:25:51 PST 1997
The International Internet Ad-Hoc Committee released its report
on new Top Level Domains for the Internet. It's interesting,
and resulted from much political wrangling and religious conflict,
and for the most part I think it's taking a reasonable approach
to the problems, and I'm certainly not going to go postal like
Postmaster Karl Denninger :-) A few particularly nice features:
- .nom TLD, for name-based domains
- Multiple registrars per name space, reducing the monopoly problem
- trying to keep governments or PTTs from controlling it,
though it's a bit big-business oriented for stability reasons.
Mostly I wasn't worried, because sensible people were going to make
sure they didn't do anything totally disastrous.
Apparently I _should_ have been watching more closely, because the SLD
_Second_ Level Domain part has some policies that seriously interfere
with the privacy of potential domain name users.
References and long quotes are below...
To a large extent, they've been trying to avoid getting stuck in
trademark problems by collecting lots of information and defining
jurisdiction.
In the process, they're asking you to sign away your first-born child
in return for getting your name in the Yellow Pages(tm),
and they're requiring all the Registrars to reject your application
unless you do.
The rules are especially inappropriate for the .nom domain,
which is for personal names and such, and don't need overkill.
There's a place for serious high-value commerce behaviour,
and much of this isn't too inappropriate for .firm - but even that
ignores the radical communication-pushed changes in the economy
that make everybody able to run a worldwide business.
It's not just that they want your email address (highly reasonable)
or your phone and physical address (ought to be optional) or your
IP address (they don't ask) or domain name (ok) or digital or written
signature.
It's not even just obnoxious things like demanding that you
swear (against _my_ religion...) to a bunch of things, like
"the reason for requesting this particular domain name"
or what you're planning to do with the domain name (perfectly reasonable
things to ask for as optional extras, and business may want to reveal these,
but "Decline to State" or "" or "MYOB" are perfectly reasonable responses.)
It's things like designating an agent for service of process, and
"submits to the personal and subject matter jurisdiction and venue of a
competent tribunal in the country where the registrar resides".
Aside from believing that you ought to be able to choose what governments,
if any, you're going to subject yourself to, I'd also expect that this
would be
annoying to people who don't live in one of the <=28 countries that
get Registrars in them. And certainly if you're going to designate
someone as an agent for service of process (you can use the Registrar)
there'd better be some contractual language available so you can tell
what you're swearing to.
Is it reasonable to have a policy that users need to indicate
how they'd like to receive communications about name and trademark disputes?
Sure. And that they hold the Registrar harmless in such disputes? Probably.
And which dispute resolution organization they're willing to have
resolve disputes over names (a _much_ milder statement than
"submit to personal and subject matter jurisdiction"....)?
Yeah, even if the default is "the Registrar can disconnect your name
if you don't respond to trademark complaints in N days."
Certainly the Registrar ought to have some options here.
======================== REFERENCES ===================================
The Final Report is at http://www.iahc.org/draft-iahc-recommend-00.html
(nice name for a "final" report :-)
The Application Forms for SLDs aren't in the draft on the web page,
so I'm assuming they're referring to something similar to the
December draft's Appendix.
Mailing list archives are at http://www.iahc.org/iahc-discuss/
==========================================================================
QUOTES FROM THE REPORT
==========================================================================
6.1.5 Second-Level Domains
SLD application
Application for a second-level domain name must include:
Sufficient contact and intended use information
Appointment of an agent for service of process
Agreement to jurisdiction in the event of trademark litigation.
Mediation and arbitration clause (discussed in a later section)
A separate document entitled "SLD Applications" (see section 1.4) contains
the information that must be included in a SLD application.
Applications submitted electronically must include state of the art
electronic identification; written applications must be signed by the
applicant, if an individual, or by an officer or other legally authorized
representative if the applicant is an entity.
Renewal and non-use
To promote accountability, discourage extortion and minimize obsolete
entries,
SLD assignments must be renewed annually.
Appendix B, attached, includes the information that must be included
in a renewal application. Renewal applications submitted
electronically must include state of the art electronic identification;
written renewal applications must be signed by the applicant,
if an individual, or by an officer or other legally authorized
representative if the applicant is an entity.
In addition to requiring annual renewal, CORE will develop policies
to ensure the recovery of sub-domains which no longer have an
authoritative source (lame delegations).
6.2 Discussion
In order to ensure consistency of basic service across registrars,
certain information is required in all applications for SLDs under
gTLDs. It is desirable that a domain name application include
sufficient information regarding the applicant and the applicant's intended
use of the domain name to ensure applicant accountability
and to ensure that sufficient information is available to enable trademark
owners to assess the need for a challenge to the proposed SLD domain.
================= [more stuff]
================================================
7.1.3 Publication
All applications for SLDs in the gTLDs will be published on a
publicly available, publicized web site, immediately upon receipt
by the registrar. Such publication entries will include:
Name of the SLD;
Contact and use information contained in the application;
A permanent tag or label (created by CORE) indicating whether
the applicant chose the option of waiting 60 days prior to
assignment of the requested SLD or chose to forego the 60 day wait;
Entry validation using accepted digital signature and timestamping
techniques.
Those applicants choosing not to wait will not be in a position to claim
the defensive benefit of the waiting period against a challenge,
at any time, by a trademark owner.
===================================================
=======================================================================
APPENDIX FROM DRAFT - SLD APPLICATION REQUIREMENTS
=======================================================================
11.1 Appendix A - SLD Application Requirements
Every application for assignment of a SLD must include the following elements
(incomplete applications must be returned to the applicant for completion):
1.Applicant's name, business or residential address, email address,
fax and phone number(s).
2.The state or country of incorporation or partnership (if applicable).
3.The name and address of a designated agent for service of process
where the registrar is located, which may be the applicant
in the case of an individual. (The applicant may designate the
registrar as the agent for service of process.)
4.A sworn statement by the individual applicant or by an officer or
general partner of a corporate or partnership applicant:
1.that there is a bona fide intent to use the domain name publicly
within 60 days of registration, and a bona fide intent to
continue such use in the foreseeable future;
2.that the domain name will be used for [fill in the blank, e.g.,
"for a web site to advertise applicant's candy
manufacturing business"]. This may be a broad statement and is
not intended in any way to restrict actual use. However,
to the extent that a commercial use is intended, this statement
should identify the industry in which the use is intended to
be made and should indicate which of the following uses will
be made: web site, email, bulletin board and/other describe);
3.that the applicant believes that the intended use of the
domain name will not infringe any rights of any other party;
4.that the reason for requesting this particular domain name is
that it conforms to [check one of the following]:
___ applicant's company name or variation thereof
___ applicant's trademark or variation thereof
___ individual applicant's name or variation thereof
___ other (provide full explanation)
1.that the applicant submits to the personal and subject matter
jurisdiction and venue of a competent tribunal in the country
where the registrar resides for purposes of any action brought
under trademark law, unfair competition laws, or similar/related
laws arising out of actual or intended use of the domain name
applied for; and applicant waives all rights to challenge such personal
jurisdiction, subject matter jurisdiction and/or venue.
============================================================================
========
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
More information about the cypherpunks-legacy
mailing list