Tell Congress to Protect Our Personal InformationLearn More About Unauthorized Access to Data
Try entering “CHEAPNORTHFACECLOTHING.COM” into your browser and see what pops up. Should be nothing. The domain was one of many to be permanently shut down, due to an injunction granted by Judge Alvin K. Hellerstein in the Southern District of New York. The domain, if you didn’t guess by the name, led to a site that sold cheap clothes claiming to be North Face, and was part of a network of counterfeit clothing websites mimicking everything from Polo Ralph Lauren to Nike. In all, the list of literally thousands of seized domains represented the largest counterfeiting ring ever discovered in internet history. OK, now try typing in “CHEAPNORTHFACE.ORG.” As of time of writing, that address leads to an active site. (Don’t buy anything through them, though!) You might reasonably guess that the Defendants responsible for the counterfeit ring should be getting in trouble for keeping their website up after the court shut them down, right? Well, someone is getting in trouble, but it’s not who you might have guessed.
Above: One of the counterfeit websites in question
As part of the injunction granted by the court in a lawsuit between the North Face Apparel Corporation and the alleged counterfeiters, the district court ordered, among other things, that the domain name registries responsible for resolving the counterfeit sites must:
"[D]isable Defendants' Domain Names and make them inactive and untransferable, unless and until Plaintiffs request that any given domain name be re-activated."
This past Tuesday, the Public Interest Registry (“PIR”) was brought before the Southern District of New York and found to be in contempt of court because it didn’t remove the offending domains. (See the contempt order here.) The PIR was not a party in the North Face suit, nor does it have any direct affiliation with the counterfeiting ring. Yet as of time of writing, the PIR is facing serious consequences for violating the court order.
Is that OK? And if the courts can do this sort of thing, what does that mean for the role of domain registries in policing the internet, and for the flow of free speech on the internet as a whole?
Before we can answer that question, we should probably answer this one:
Q: What does the Public Interest Registry actually, you know, do?
The best way to picture a domain name registry is a giant internet phonebook. Each website on the internet has a unique IP address: Public Knowledge’s, for instance, is 188.8.131.52. But that’s not particularly catchy, is it? In order to make it easier to navigate the internet (and to keep us from having to remember all of those numbers each time we want to go to a website), Domain name registries associate an IP address with a name, say “Publicknowledge.org.” (The PIR in particular handles URLs ending in “.ORG,” whereas a company like Verisign would handle “.COM” or “.NET.”) Type in that domain name, and you get routed through to our IP address, which holds all our stuff. The registration process also involves intermediaries called “registrars”: if you wanted to buy a domain name to associate with your website, you would typically pay a registrar (think someone like GoDaddy.com), whose job is to make sure the domain name isn’t taken already, then add your domain name and info to the registry.
Domain name registries such as the PIR and intermediary registrars play an invaluable role in associating a word (or in this case, a brand name) with a website. You might see the argument now why the PIR might be seen as aiding the counterfeiters: registering a domain name that sounds like the “official” company’s domain, like “NORTHFACE-ONLINE.COM” is a key piece of the counterfeiter’s disguise. Furthermore, if it weren’t for the PIR, the counterfeiters wouldn’t be able to give their websites deceptive URLs. But does that really mean that Public Interest Registry is responsible for the counterfeiting?
We don’t think so, and here’s PIR and our own reasons why.
The PIR’s job is to maintain its database of domains and registrars. It acts independently from the sites whose domains it registers and doesn’t have an interest in censoring websites for any reason. The PIR has been required by the New York district court to take affirmative actions in changing how it runs its organization and ultimately punished for its user’s actions. That’s fundamentally not right, and it’s also not legal.
Our legal system is based on the principle that only the people who submit their pleas to a court will be bound by the court’s decision. Unless you were served with process and given a chance to argue your case, you can’t be forced by a court to do (or NOT do) anything. Of course, there’s more to the system than that – for instance, if you could get out of obeying a court order telling you not to throw eggs at your neighbor by getting a friend to do it for you, our legal system would be useless. In order to be bound by an injunction (and liable for contempt if the injunction is disobeyed), a nonparty must
1) Get notice of the injunction, and
2) Be “in active concert or participation” with someone who is bound after the injunction is filed.
(The PIR was served with notice of the court order a while back, so scratch that first requirement off.) Central to this controversy then will be the nature of the relationship between the offending websites and the Registry. Was the PIR in “active concert or participation” with the counterfeit websites when it resolved their domains? We don’t think so.
The phrase “in active concert or participation” is typically interpreted to mean “aid[ing] and abet[ting] the defendant,” or being “legally identified with it.” The term “aiding and abetting” is primarily used in criminal law, similar to the charge of conspiracy. Simply put: in criminal law, a supplier of goods used in a crime is a conspirator if she knows her buyer is going to commit a crime with the goods, and she chooses to sell anyway. There is certainly no evidence that the PIR negotiated with the counterfeiters to provide them with domain names that it knew would be associated with counterfeit websites. In fact, the PIR has not done business with the counterfeiters at all. The PIR alleges that it “had no contact with the Defendants before the injunction was issued,” and “has not had any contact with the Defendants since the injunction was issued.”
But hey, it’s certainly possible that the PIR and GoDaddy are conducting shady deals with counterfeiters in back alleys to sell infringing domain names off the books – still, don’t you think it’d be nice to see a bit of evidence of those communications before we put the PIR and its peers through the wringer?
What bugs me in particular is how easy it would be to take down the offending websites without getting the domain registries involved at all – all the counterfeiters would have to do would be to remove their data from their hosting servers. And wouldn’t this be fair, considering the counterfeiters are the ones who caused this whole mess in the first place? No need to attack the registries, who are merely the curators of routing information. It’s kind of like getting mad at the phonebook when someone prank calls you. Wouldn’t your anger be better placed at the person who actually harassed you?
It looks like at this point, we’ll have to see what happens next with this contempt order. The PIR has been given 10 days to take down the infringing websites before the contempt order kicks in. At this point, the PIR has the choice to fight the order or take down the infringing sites. Here’s the wrinkle: thing is, taking down the sites actually wouldn’t cost it a cent. Therein lies the problem. There isn’t necessarily enough incentive to fight this fight.
If domain name registries can be threatened with contempt of court and bullied by copyright holders into shutting down offensive websites, it could lead to serious abuse (not to mention making the PROTECT IP Act obsolete, but that’s a story for another time). Let’s say I register the website “attsucks.org.” It’s all critical commentary, all fair use, all totally legal speech. AT&T calls up the PIR and says “Hey, we don’t like this blogger saying bad stuff about our company, so either disable his domain name or we’ll sue him for copyright/trademark infringement and you’ll get held in contempt for not shutting him down, regardless of whether or not you choose to intervene in the case.” Is the PIR going to bother fighting on my side (and risk being held in contempt itself if it turns out I am infringing), or is it going to take attsucks.org off the registry?
Well, I certainly hope they fight. Wouldn’t you?