DomainTools Continues To Systematically Violate .NZ’s ToU Harvesting WHOIS Data, Despite Preliminary Injunction

In a reply brief filed in the Ninth Circuit Court of Appeals last week, New Zealand’s Domain Name Commission has accused DomainTools of continuing to harvest the personal data of .nz domain name registrants from WHOIS Records and offering this data to anyone with a credit card, thereby systematically violating the DNC’s terms of use. The reply notes how DomainTools has continually abused the ToU, despite repeated correspondence from the DNC advising them so and a preliminary injunction advising them to stop. DomainTools is now appealing the preliminary injunction.

Privacy in New Zealand, and around the world, has become a significant and important issue. Within .nz, individual domain name registrants have had the option of privacy protection where personal information is withheld if they didn’t conduct “significant trade” via their domain name. In under 6 months after its launch, 23,000 individual registrants had opted in to have their personal information withheld.

“DomainTools’ business model consists of obtaining bulk WHOIS information from registries around the world, storing that information in an ‘unparalleled repository of … Whois data’ consisting of ‘12 years [of] historical records,’ and selling it to interested individuals and business customers,” according to the DNC filing. “DomainTools boasts it has compiled and stored ‘the world’s largest database of Whois records,’ which allows its users to ‘uncover the real owner of a domain that is currently cloaked by privacy.’ In other words, DomainTools’ business model revolves around the creation of the kind of shadow database that DNCL’s TOU have always forbidden.”

DomainTools have harvested registrant information for 16 years from both country code top level domain (ccTLD) and generic top level domain (gTLD) registries around the world and harvested the .nz data via Port 43, which has always been prohibited. In the case of .nz, in spite of efforts to thwart the likes of DomainTools, they have “accessed the .nz Register using mass WHOIS queries ‘at least every day … using a distributed network of global IP addresses, to evade the technical protective measures that DNCL has established to prevent high volume queries and bulk harvesting of .nz WHOIS data.’” This “shadow register” is then made available to the world, for a price, which happens to start at US$49 for a subscription service that might give access to search more than one domain name. Despite the efforts of the DNC to thwart DomainTools, they have “circumvented those measures by, among other things, ‘using a distributed network of global IP addresses’ to mask its identity.”

The Domain Name Commission, whose role is to develop and monitor a competitive registrar market, as well as create a fair environment for the registration and management of .nz domain names, says in their filing that anyone accessing their “WHOIS service does so subject to a few easily understood restrictions embodied in the .nz WHOIS Terms of Use.” This ToU prohibits “both replicating the .nz WHOIS database by creating ‘a secondary register of information’ and publishing ‘historical or non-current versions of WHOIS data.’”

“These provisions combine to protect the privacy of tens of thousands of .nz registrants who have elected not to have their sensitive identity and location information exposed to the public in response to a .nz WHOIS query. Without these restrictions, commercial services like DomainTools would be free to collect and store historical .nz WHOIS information accumulated before personal information was subject to privacy restrictions and to share the sensitive personal information in those records with any internet user.”

The DNC notes that “DomainTools advertises that it violates DNCL’s restrictions. Far from denying that it compiled ‘a secondary register of information,’ it tells the world that it has ‘the world’s most comprehensive and accurate database of … historical domain Whois records.’”

The DomainTools’ database includes records for over 665,000 .nz domain names—approximately 94% of all .nz domain names. DomainTools then uses this “secondary register” to subvert the prohibition against publication of historical information and undermine user privacy.

15 months ago in November 2017 individual domain name registrants had the option of a privacy option for their WHOIS information. Concerns relating to DomainTools’ conduct that would undermine this privacy option led to the DNC writing to DomainTools asking them to stop their practices, however it refused stating it didn’t believe it violated the ToU.

“Faced with DomainTools’ contempt for DNCL’s modest restrictions on access to and use of WHOIS data, DNCL terminated DomainTools’ right to access the .nz WHOIS service, and it brought this action to compel compliance with the TOU.” The district court then properly entered a preliminary injunction. But this didn’t stop DomainTools. They continued unhindered and not bothered by the preliminary injunction.

With the introduction of the privacy option for individual registrants (IRPO), the DNC “became concerned that DomainTools’ practices would undermine the program. DNCL had assured .nz domain registrants who opted in to the IRPO that their domain registration information would remain private. DNCL could make this promise because, among other things, DNCL’s TOU prohibited Port 43 users from (a) downloading the .nz Register; (b) storing and compiling WHOIS data to build up a secondary register; and (c) publishing historical versions of WHOIS data. But DomainTools was doing all of these things. On November 2, 2017, weeks before announcing the IRPO, DNCL sent DomainTools a letter instructing it to ‘cease and desist accessing .nz WHOIS servers or using and publishing .nz WHOIS data except as permitted by the TOU.” The letter explained that DomainTools was “access[ing] and quer[ying] .nz WHOIS servers, download[ing] .nz WHOIS data, and republish[ing] that data” through its products, all in violation of the DNCL TOU. ER510. The letter specifically identified the TOU terms that DomainTools was violating. Id. DomainTools sought repeated extensions of the deadline for compliance, to which DNCL acquiesced in hopes of resolving the dispute. Eventually, however, DomainTools told DNCL it would not comply with the TOU.” Cease and desist letters were sent, but nothing changed. The DNC gained a preliminary injunction in June 2018, which DomainTools is now appealing.

In their filing in response to the DomainTools appeal, the DNC say they “will clearly succeed on its claim that DomainTools violated the TOU.” The DNC notes “DomainTools’ only argument on appeal is that law enforcement and cybersecurity organizations may be unable to use .nz WHOIS data to investigate potential threats and criminal activity. But DomainTools offers no evidence that .nz domain information, which makes up a minuscule portion of its “unparalleled” WHOIS database, has significance in any law enforcement investigation. Further, law enforcement and cybersecurity organizations can readily acquire WHOIS information directly from DNCL. DNCL has not offered comparable access to DomainTools because, unlike law enforcement and cybersecurity organizations, it sells historical data to anyone willing to pay. DomainTools cannot show the public interest will suffer because it will be deprived of revenue from reselling unlawfully acquired data.”

DomainTools has gone on to develop new arguments, “never presented to the district court—and not supported by any evidence.” This includes their chatacterisation of the “Port 43 service as a ‘computer-to-computer’ channel and argues (without record support) that any terms sent via that service are ‘not designed for human consumption.’”

Disclosure: InternetNZ is a client of the author.