Electronic Frontier Foundation 1550 Bryant Street, Suite 725 San Francisco, CA 94103 March 23, 1998 Karen Rose Office of International Affairs National Telecommunications and Information Administration (NTIA) Room 4701 U.S. Department of Commerce 14th Street and Constitution Avenue, NW Washington, DC 20230 Sent via e-mail (firstname.lastname@example.org) and Federal Express.Dear Ms. Rose,
The Electronic Frontier Foundation (EFF) thanks you for this opportunity to comment on the Department of Commerce (DoC)ís attempts to find consensus on Internet domain name policy. EFF is a nonprofit, public-interest organization working to protect rights and promote responsibility in the electronic world. We have read with interest your proposal for "Improvement of Technical Management of Internet Names and Addresses," and our comments are below.
Protection of Human Rights and Free Expression Should Be Overriding Principle
EFF believes in the basic principle that any foundation for governance of a communications system, such as the Internet, should stand on the fundamental human right of free expression. The strongest guarantees of free expression, free association, due process, and nondiscriminatory administration should be written into the charter of any organization empowered with Internet oversight. The Internet should be administered on principles compatible with, but stronger than, the United Nations Universal Declaration of Human Rights. These guarantees regarding Internet governance should not permit any party to limit human rights on the Internet. This guards against a repetition of the practice of some national governments, which undermine the UN Declaration under the pretext of "morality, public order and the general welfare" (Article 29 and 30). They should only be amendable by an extraordinary supermajority procedure, similar to a U.S. Constitutional amendment.
The IANA Is the Best Choice for Overseeing the DNS System
The DoC proposal states as a goal that the U.S. government should end its role in the Internet domain naming system (DNS) as soon as possible. EFF could not agree more. We believe that the Internet Assigned Numbers Authority (IANA), which currently administers the DNS and has been doing this well for the past 20 years, is the proper organization to continue administration of the DNS. IANA is a private organization whose only connection to any government or collection of governments is its history of U.S. government research funding. The authority of any new structure designed to continue IANA's job of administrative maintenance of the Internet should be clearly defined as independent of any and all governments. The U.S. government should not attempt to exercise oversight or a veto over a transition of the IANA to a new corporation; such oversight will be carried out by Internet users. The Internet community is much more likely to trust a new corporation to manage Internet administration if it is clearly derived from the IANA and continues the same personnel and general policies.
Any organization selected to administer the DNS must remain private, whether in the legal form of a corporation or otherwise, and should be not-for-profit, operating in the public interest for the benefit of the Internet. This administering organization should be governed by democratic procedures which give suffrage to all stakeholders on the Internet. To the extent that any individuals wield power within the organization, they must be charged to wield that power for the long-term benefit of the public, the Internet users, and the entire human race, especially since all three of these are synonymous in the long term.
It is of critical importance that any administering organization not simply apply U.S. law, and that any new Internet domain naming system not rely on U.S. jurisdiction over trademark issues and dispute resolution processes. The Internet is international in scope, and its administering body must be truly international in scope.
Network Solutions Cannot Be Trusted With Any Public Resource
EFF is very concerned that Network Solutions is attempting to convert its five-year contract into a permanent monopoly. EFF believes that the National Science Foundation (NSF) made a mistake by failing to control this for-profit company to protect the public interest. Though the fundamental mistake was made by NSF, it was compounded many times by the arrogance of Network Solutions' management. Yet, the DoC proposal gives Network Solutions continued control of the .com, .net and .org domains.
EFF believes that the current management of Network Solutions has shown a profound disregard for the public interest, which should disqualify it and its parent company, Science Applications International Corporation (SAIC), from having any benefit or privilege extended to them in the future management of the domain name system. They made a deliberate, intentional and ongoing attempt to steal from the public the resource they had a five-year stewardship contract to manage and protect. It is as if they got a contract to repair the stonework at Mount Rushmore and ended up trying to own the national park.
As a result, they should not be trusted with even temporary control of any valuable public resource. If Network Solutions or SAIC continue in the domain name business, they must operate only in highly competitive parts of the business. In particular, neither Network Solutions, SAIC, nor any "nonprofit organization" started by them, or with overlapping directorship, influence, or control by them, should manage the root or any global top level domain (gTLD). Any changes to the DNS must ensure that people will continue to be able to register in the .com, .net, ..org and .edu top level domains without any involvement of Network Solutions.
We were happy to see that the DoC proposal requires Network Solutions to give the U.S. government copies and documentation of all data, software and licenses to other intellectual property generated under the Cooperative Agreement and to turn over control and management of the main root server to the U.S. government. We are concerned, however, that the current wording leaves significant loopholes that should be patched up.
Network Solutions should be required to turn over all root servers that it operates, not simply the "A" root server, and any separate servers it uses for the .com, .org, .net and .edu domains. Due to the difficulty of changing the set of globally known root server addresses, Network Solutions must relinquish the entire set of IP addresses delegated to the InterNIC, specifically 188.8.131.52/22, which contains both the "A" and "J" root servers. This should happen not "when the government directs," as indicated in the DoC proposal, but rather when IANA or the new corporation directs. Network Solutions should begin immediately preparing for this by moving other hosts off that network number, and doing anything else necessary to ready itself for the transfer.
Furthermore, the requirement that Network Solutions turn over "appropriate licenses to other intellectual property" is far too vague. All intellectual property generated under the Cooperative Agreement is work-for-hire, and the government owns it in trust for the public. Network Solutions has no ownership rights to any of the work it created under that stewardship contract, so how could it issue licenses? The government should explicitly put ownership of all such results into the public domain, so they can be used by the public that paid for them. It should then make the results accessible via an NSF web site and via Freedom of Information Act requests. Please ensure that Network Solutions retains no credible claim to any of the public's intellectual property.
No For-Profit Corporations or Governments Should Control the Root or gTLDs
Domain name registration and the generic top level domains themselves must not be monopolized by a single for-profit registry, treated as any for-profit entity's intellectual property, or controlled by or from within any single governmental jurisdiction. These domains have become international and should not remain a U.S. monopoly. They are a global public trust and should not be exploited by profit-seeking companies or for regional advantage.
IANA Should Have Supervisory Control of All gTLD Registration Databases
IANA, acting on behalf of the public, should have supervisory control of the databases containing the registration data of each global top level domain in the DNS, including the .com, .net, .org and .edu domains. IANA should determine when and whether to create new gTLDs, including specification of the alphanumeric strings, the timing of introduction of new gTLDs and the number of gTLDS. IANA should ensure that the data in each database is freely available to the public, subject only to international legal restrictions relating to privacy.
Each database should operate in the public interest on a cost recovery basis and not for profit, under the overall supervision of IANA. Access for registration of second level domains in all databases should be equally available to all registrars (except in exceptional circumstances determined by IANA) on a non-discriminatory basis. The administration of the domain name system and generic top level domain registries must provide for domain name portability rather than making it difficult or impossible for a customer to switch registries.
If a de-centralized technical method, which would allow several different registries to accept names in the same gTLD, can be made to work, it should be adopted. This would provide a very strong level of domain name portability, in which a user could change not only the registrar (retailer) but also the registry (wholesaler) that controls the pricing and policies for the user's established domain name. This would provide a much more competitive market, avoiding lock-in at both levels, and would also permit registries to be operated for profit, since registries that misserved their customers would be unable to prevent users from switching to another registry for the same TLD. A prototype implementation has been suggested to IANA; it involves having the name servers for a given gTLD independently retrieve the pieces of the database from the various registries. Each server would merge the database pieces using freely available software, which would resolve conflicting registrations since the last merge, before publishing the new zone database. The prototype would work for small numbers of registries sharing a zone -- perhaps a dozen -- and could be extended to larger numbers after gaining experience and evolving the tools. This proposed method would require oversight by IANA (under threat of removal from the gTLD delegation) to prevent disruptive or negligent practices by the registries.
Internet Technical Standards and Administrative Processes Should Not Be Impeded by Lack of Consensus on Separate Issues Such as International Trademarks
The current policy of providing ownership rights in Internet domain names based on trademark registration is flawed and should be abandoned. No one group of intellectual property holders' interests should outweigh any other group's, or outweigh any other rights held by individuals and the public. The current policy with respect to trademarks and domain names does not even correctly reflect U.S. trademark law, let alone the laws of other countries or any emerging international law of trademarks. The policy appears to have been adopted to benefit Network Solutions (reducing the number of lawsuits against it by large corporations) rather than to define a balanced public policy. Yet the current proposal seems to perpetuate this horrible policy.
Under U.S. law, the First Amendment to the Constitution carries considerably more weight than the Lanham Act. Under the current DNS administration, trademark holders are given greater rights to domain names than others with legally recognized interests in specific domains. This is not a reasonable application of the law, and it is not sound public policy.
Even the United States Patents and Trademarks Office (PTO) recognizes that more than one entity can hold a trademark on the same word, name, or symbol provided that it is used in completely different business categories. Failure to provide for multiple uses of the same trademarked character string in a domain name has resulted in big companies beating up on small companies and individuals using the same or similar names.
Furthermore, the PTO recognizes that registration of a trademark creates a right in the mark while the trademark is still pending. The Internet policy does not recognize registered but still pending trademarks, and small companies with pending applications have been bullied into giving up their domain names by larger companies with similar trademarks.
But most importantly, there are other legitimate uses of words, names and symbols that have nothing to do with trademarks that get and deserve legal protection yet are not recognized by the current policy. For example, Kayvan Sylvan, a man who runs his own computer consulting business, registered the domain name sylvan.com. Sylvan Learning Systems, which holds a trademark on Mr. Sylvanís last name, threatened to take that domain name under the current policy. Mr. Sylvan had to trademark his last name in a foreign country in order to keep his domain name! There are other examples of nontrademarked, yet legal, uses of terms. For example, the World Boxing Association might want to use the domain name knockout.com, even though Hasbro toys has trademarked the term knockout as the name of a game. This should be a legally protected use of a domain name.
Domain names cannot be equated to trademarks or brand names, since the sole domain name cannot be used by multiple participants to serve their various non-infringing functions. Instead, domain names should be distributed on a first-come, first-served basis, and only if the company that wants a domain name can prove that the current owner is confusing the customer (i.e., McDonald's Hardware decides to get into the fast-food business), could it then prove trademark infringement. And even then, it would not necessarily succeed in taking over the domain, just forcing the infringer to stop infringing on their trademark.
Trademark concerns cannot burden the free expression uses of domain names. Users of domain names cannot be required to identify themselves or provide an address for service of process or any other reason suggested in Appendix 2 of the DoC proposal in order to get a name, just as the U.S. government cannot compel speakers in the physical world to identify themselves. No period of suspension of a domain name registration, which serves the same function as censorship in this context, shall be imposed prior to an order by a court of competent jurisdiction, with the burden of proof being on the censor.
Many of these trademark disputes can be avoided with the creation of a multitude of additional top level domains. The current policy is flawed and must be repaired.
Domain Name Ownership Disputes Should Be Resolved by Contract Law
A uniform procedure should be established for resolving domain name ownership disputes by contract among registrars of second level domains in each of the gTLDs. This procedure must strike a proper balance, enforcing the law as interpreted by courts, between domain name holders and the owners of trademark rights. It should offer an efficient and inexpensive means of dispute resolution without supplanting or interfering with the jurisdiction of national courts or the rights of Internet users to have resort to the courts. Finally, domain name registries should be insulated from trademark claims. The process of domain name registration cannot become a proxy for trademark litigation.
Maintenance of the .edu Domain Should Not Be Given to Any Organization With Exclusionary Intent
The current administration of the .edu domain is exclusionary and geared to support American four-year universities at the expense of other educational institutions, including local community colleges. This gTLD should be run by the same international, non-profit organization maintaining the other top level domains and should be open to all educational institutions, as defined by the institutions themselves. A recent proposal being circulated by Educom is completely unacceptable, where a hand-picked panel of college presidents and chief information officers from four-year universities that are members of Educom will decide which institutions can get a .edu address. Faculty members, students and non-four year academic institutions should all be included in any decisions related to the .edu domain.
Payments to the Intellectual Infrastructure Fund Should Be Returned to Users
EFF was pleased to see that the DoC proposal terminates the Internet Intellectual Infrastructure Fund (IIIF) as of April 1, 1998. However, this does not remedy the current problem of the illegal overcharges that have already been made. The Intellectual Infrastructure Fund should be fully returned directly to the users who paid in. Such refunds should be returned to the users, so they can spend them on any domain name registrar or on other things, rather than being applied as credits for future domain name service from Network Solutions. Network Solutions (which instigated the policy of charging users for the IIIF) -- not the public or domain name users -- should bear the costs for defending against any lawsuits and administering the refunds.
No Transition Period Is Needed; Current IANA Can Make Decisions
The government's proposed transition plan is flawed in numerous ways. It should not be adopted. Instead, the current IANA should determine the short-term evolution of domain name administration, as it has determined the long-term evolution. As the new IANA corporation is set up, this function can be transferred to it by the old IANA.
The number of new domains should not be fixed by the U.S. government. The U.S. government should not define rules for qualifications of a registrar or a registry, or even define that the two must be separated. The role of the government should be to drive the process to consensus, not to dictate which consensus should be arrived at.
Furthermore, many of the requirements for registrars and registries are poorly thought-out. First, encryption, as opposed to authentication, should not be required for registrar/registry transactions. Such a requirement would put U.S. organizations at a disadvantage, since they cannot export their interface software (which is required by another part of the proposal, in Appendix 1.1.g).
In addition, registrars do not need multiple connections to the Internet. This requirement simply raises the base cost of providing service. Competition will let users pick a registrar that is responsive and available. Most of the specified criteria for registrars do nothing more than reduce competition by raising barriers to entry.
Thank you again for giving us the opportunity to comment as you work to formulate policy in this important area. We would be happy to meet with you and work to create a system that is in the public interest. Please contact me at 301/375-8856 if I can be of any further assistance.
-- Shari Steele, Staff Attorney email@example.com Electronic Frontier Foundation 301.375.8856 (v) P.O. Box 649 301.283.5337 (f) Bryans Road, MD 20616 http://www.eff.org/homes/steele.html