Draft advisory is a stark reminder of the legal liabilities and limitations of domain proxy services.
I’ve argued before that providing whois proxy service (commonly referred to as whois privacy, although technically they are different) isn’t free. A big reason is legal repercussions of serving as a proxy.
Technically, a proxy service is the registrant of the domain name and the service merely “licenses” it to the person who actually wanted to register the domain name. This makes the proxy service potentially liable if the licensee does something inappropriate with the domain name.
ICANN’s draft advisory, open to comment through July 9, clarifies section 3.7.7.3 of the Registrar Accreditation Agreement (RAA). The advisory’s central point is:
One central clarification: if a Registered Name Holder licenses the use of a domain name to a third party, a licensee, the third party is not the Registered Name Holder of record (or “registrant”). This advisory also describes under what conditions that a Registered Name Holder is to identify the licensee and to whom.
The advisory explains possible circumstances in which a proxy service would be required to disclose the licensee to avoid facing legal liability, and a suggestion on a timeframe for disclosing the licensee. For example, if a company provides “reasonable evidence of actionable harm”, such as trademark infringement, ICANN suggests that five days might be a reasonable limit in which to disclose the identity of the licensee. But ICANN is careful to point out that these definitions and deadlines would be up to a court or arbitrator to decide.
What is the different between whois proxy service and whois privacy?
@ Kumala – a privacy service keeps you as the listed registrant but uses its own phone, email, and postal address for privacy purposes. A proxy service becomes the actual registrant of the domain name — including the registrant name.
“a proxy service would be required to disclose the licensee to avoid facing legal liability”
I’d be interested to know the theory of how this works. ICANN does not determine who may or may not be liable for a domain name registration. If, for example, a trademark claimant sues both the privacy service and the registrant, it is not as if the court says, “Well, gee, I guess we should go ask ICANN if the privacy service should be held liable.”
The practical effect here is simply to favor non-registrar privacy services, since ICANN regulates registrars, but has no regulation tool relative to non-registrar service providers. This is why, for example, Domains By Proxy is a separate entity from GoDaddy. If you are running “Andrew’s Privacy Service”, and are not a registrar, you won’t even receive the advisory in the first place.
There is a recipe here for some real fun and games. There are a lot of things which are unlawful. In Thailand, for example, it is illegal to criticize the king. Yes, there are websites which do criticize the king of Thailand. So that would be very clear evidence of illegal activity which would require disclosure of the privacy service customer. Or is a service provider supposed to pick and choose which laws and which jurisdictions “matter” in some sense?
More fun & games will follow…