Registries Aren’t Content Police, But Keeping Trust Is Reputationally Important: Domain Pulse

By February 26, 2018 Opinion No Comments

Registries universally said they’re not content police in a discussion on domain name take down processes involving legal counsels from the operators of 6 European registries, both generic and country code TLDs. However processes vary among the registries.

The discussion involved representatives from dotSaarland, DENIC (.de), SWITCH (.ch), SIDN (.nl), DNS Belgium (.be) and Nominet (.uk) at the Domain Pulse conference in Munich Friday, the annual event that rotates between Germany, Switzerland and Austria.

One registry that does make decisions on takedowns, or suspensions as they’re often called, and the content on the sites using the domain names, is SWITCH. Anna Kuhn explained how SWITCH was rather unusual in that they were both a registry and operated a national Computer Emergency Response Team (CERT), which gave them some additional expertise. However SWITCH still doesn’t make decisions on content, only on domain names involved in the hosting malware and phishing Combatting cybercrime, Kuhn explained, is one of the roles of the registry operator.

Volker Greimann from dotSaarland, the only new gTLD operator in the panel discussion, said .saarland is in a different position to the country code top level domain (ccTLD) registries as they have a direct contract with ICANN. Additionally, the Saarland regional government said they don’t want their new generic top level domain (new gTLD) to be a haven for crime. The gTLD for the German state has an anti-abuse rule in their terms and conditions that requires domain names to not ruin the reputation of the Saar region.

Horst explained the German registry’s position of the German registry in this respect: “DENIC is not the right point of contact to which to turn when it comes to content. If DENIC were to evaluate content and delete, at its own discretion, domains through which websites with questionable content can be accessed, this would be equivalent to censorship. In a democracy based on the separation of powers, no one can seriously support law enforcement by the private sector. This philosophy of DENIC’s is, by the way, also reflected by the unanimous opinion of the German courts.”

The courts, Horst explained, have always sided with DENIC’s view that they also aren’t in a position to judge on what is illegal content and that complaints should always go to the registrant if they can be contacted.

SIDN’s Maarten Simon said SIDN will never just take down a domain name and that contacting the registry should be a last resort. However Simon also noted .nl domain names are much more trusted by Dutch people than any other TLD. And that this trust is both in SIDN’s interest to protect so that internet users continue to want to visit sites using the Dutch ccTLD and businesses want to register .nl domain names. Building trust benefits SIDN’s bottom line as more .nl domain names are registered. For complaints regarding .nl domain names, there is an independent appeals board with a number of judges and professors with the expertise to deal with complaints.

Peter Vergote from DNS Belgium also noted how .be has nothing to do with judging content hosted using a .be domain name, so to get a domain name suspended a complaint has to give necessary evidence such as a court order to have a domain name taken down.

Vergote echoed Simon’s views on .nl in that DNS Belgium deeply cares about the quality of the .be zone and it’s their sincere duty to do what they can without taking unnecessary risks. While they are more active than in the past on dealing with complaints, they will never evaluate content on a website. This position has been backed by a court order from a Belgian court that states deciding illegal content is up to the courts and can’t be done by DNS Belgium. When it comes to phishing though, DNS Belgium treats this differently and will take action without a court order if they are advised from a competent body that a domain name is used for phishing.

But DNS Belgium will never take it upon themselves to suspend a domain name that’s suspected of being used for phishing because that’s a content evaluation. Additionally Vergote said a phisher is unlikely to put their correct identity in Whois. DNS Belgium suspends around a dozen domain names per month with complaints largely driven by government agencies and rarely from private individuals or organisations.

So what about the domain names that are required to be taken down, or suspended? For SIDN, Simon explained the procedure starts with a form to be completed on the SIDN website where the complainant explains why the domain name should be taken and what they’ve done to date to complain. If the complaint is clear cut SIDN will go to the registrar and get the domain name taken down. SIDN receives about 20 requests per year and take down one, maybe 2, each year out of the 5.8 million .nl registrations.

Nominet’s Wenban-Smith commented on the futility of removing or suspending a domain name because even if they do, the content still exists. Nominet doesn’t allow child abuse or content that promotes criminal activity on .uk domain names. But Nominet doesn’t make decisions on what is illegal content but does cooperate with those who can such as law enforcement. For those wishing to make complaints, Nominet doesn’t take requests from those outside the UK. In 2017 Wenban-Smith said Nominet suspended 16,000 .uk domain names in 2017.