One of the outstanding accountability issues at ICANN after the IANA transition is the jurisdiction of ICANN and how that affects its ability to execute its mission. As part of Work Stream 2 of the accountability reforms, an ICANN working group focuses on the issue of jurisdiction. While the accountability reforms firmly situate ICANN’s corporate governance in California law, the group is compiling examples of challenges that are raised by ICANN’s jurisdiction. While no one is proposing to move ICANN’s headquarters, this blog post intends to shed light on some of the problems that ICANN’s jurisdiction raises for domain name registrants and applicants for registrar accreditation.
Domain name registrants in countries subject to U.S. sanctions have been struggling with the arbitrary cancellation of their domain names by some registrars. Some registrars (both American and non-American) might stop providing services to countries sanctioned under the Office of Foreign Affairs Control (OFAC) regime. Sometimes they do this without prior notice.
When ResellerClub moved its main place of activity to the U.S., for example, it decided to cancel all domain name registrations that were held by people residing in countries under sanctions. In an announcement about the move, ResellerClub announced that:
At the end of October 2013, ResellerClub became a US based entity and this move resulted in a change in the legal jurisdiction applicable to us. As a result of this change, we are no longer able to support partners and clients from Cuba, Iran, North Korea, Sudan and Syria. These include Resellers, Sub Resellers and Customers. If any of the following actions are performed by users from OFAC Countries, the respective domain/hosting package will be suspended. Funds that are received from customers in OFAC Countries will not be refunded as per US Regulations.
This announcement did not refer customers to any kind of formal notice from OFAC or any specific OFAC rule. It appears ResellerClub has not investigated whether it might be able to receive a license to provide services to those affected customers. This could be due to the costs that the registrar incurs to receive a license, which may outweigh the benefit of serving registrants in countries under sanctions.
It is true that the U.S. Commerce Department has issued a General License authorizing the export or re-export of certain services and software. However this general license has restrictions. For example, under the Iranian Transactions Regulations, 31 CFR 560.540 – Exportation of certain services and software incident to Internet-based communications, Section b. (4) does not authorize “The direct or indirect exportation of web-hosting services that are for purposes other than personal communications (e.g., web-hosting services for commercial endeavors) or of domain name registration services.”  Hence, the export of commercial webhosting services and domain name registration services are explicitly excluded from the general license. This is not only an Iranian issue. Other countries and regions, such as the Crimea, are under a similar sanctions regime. The general license that authorizes export of certain services and software Incident to Internet-Based communications excludes domain name registration services.
How does this issue relate to ICANN’s jurisdiction? As a California based corporation, ICANN is subject to U.S. laws and the OFAC regulations. At first glance, this might not appear to be a major problem. Domain name registrants usually have the ability to move to another registrar, and the problem only exists for American registrars. The interesting question, however, is whether registrars that are based in another country are also subject to OFAC because of their contractual relationship with ICANN.
Foreign registrars and ICANN’s jurisdiction
Sometimes the registrars seem to follow OFAC sanctions even when it appears that they are not based in the U.S. For example Gesloten.cw, a registrar based in Curacao (Netherlands Antilles) follows OFAC regulations in its legal agreement with the registrants. Another example is Olipso, an ICANN accredited registrar based in Turkey (Atak Domain Hosting). Olipso also prohibits persons located in sanctioned countries from using its services due to OFAC.
The uncertainty regarding the application of OFAC to non US-based registrars is the kind of jurisdiction issue that ICANN’s workstream 2 process should explore. Some registrars not based in the US might want to avoid risk and not provide services for sanctioned countries because of their contract with ICANN.
The fact that a registrar not based in the U.S. prohibits registrants in sanctioned countries to use its services is very concerning. If the registrars not based in the U.S. have to comply with US laws because of their contractual relation with ICANN, then ICANN’s jurisdiction could be interfering with ICANN’s mission, commitments and core values, which commits it to the global interoperability and openness of the Domain Name System.
Can Registrars be based in sanctioned countries?
A related question is whether ICANN can accredit registrars based in sanctioned countries. The answer to this question is clear: not until ICANN applies for an OFAC license for these registrars. However, ICANN expressly states in its Registrar’s accreditation terms and conditions that it is under no obligation to apply for an OFAC license:
Applicant acknowledges that ICANN must comply with all U.S. laws, rules, and regulations. One such set of regulations is the economic and trade sanctions program administered by the Office of Foreign Assets Control (“OFAC”) of the U.S. Department of the Treasury. These sanctions have been imposed on certain countries, as well as individuals and entities that appear on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”). ICANN is prohibited from providing most goods or services to residents of sanctioned countries or their governmental entities or to SDNs without an applicable U.S. government authorization or exemption. ICANN generally will not seek a license to provide goods or services to an individual or entity on the SDN List. In the past, when ICANN has been requested to provide services to individuals or entities that are not SDNs, but are residents of sanctioned countries, ICANN has sought and been granted licenses as required. However, Applicant acknowledges that ICANN is under no obligations to seek such licenses and, in any given case, OFAC could decide not to issue a requested license.
With ICANN stating that it is under no obligation to apply for OFAC license for applicants residing in sanctioned countries, ICANN provides a way for jurisdiction to interfere with providing domain name services. Why, given its commitment to global interoperability of the DNS, should it be discretionary for ICANN to apply for an OFAC license?
Hampering Access to DNS
The jurisdictional problems can lead to access problems for registrants. These could include sudden cancellation of domain names due to sanctions, the lack of any means of redress, and an increase in transaction costs for the registrants.
Applying sanctions to the registration of domain names could be interpreted as hampering Internet access. The Internet community should find a solutions for this problem. When sanctions affect domain names they create great uncertainty for businesses when they want to establish a presence on the Internet. They hamper the access of businesses and Internet users to websites and online resources. The problem would be less severe if registrars outside of the US did not refrain providing services to U.S. sanctioned countries. However, even some non-American registrars apply the OFAC restriction, because of presumably their agreement with ICANN.
U.S. sanctions are set not through an agreement between the international community, but through the unilateral decision of the U.S. to assert sanctions on certain countries, mainly due to mutual conflicts that do not affect the rest of the world. The U.S. has some of the harshest and limiting sanctions against some countries, due to its historical conflicts. If we consider the Internet as a global resource, then actions that hamper access to that resource should not be imposed by one country.
Even when moving from one registrar to another is a solution, the disruptions and transaction costs associated with a transfer can be significant. The registrar’s sudden change of policy under the sanction regime can affect the renewal of the domain name. Sometimes the website of the registrant can be down for a couple of days because of this. The domain name registrant who wants to extend the domain name before it expires faces difficulties because the renewal request will not be accepted. Sometimes the customer service is too slow, the renewal does not take place, the registrant cannot go to another registrar and domain name registration might expire.
Though many Americans and U.S.-based domain name businesses get nervous whenever problems of U.S. jurisdiction are raised, there are a number of viable solutions to these problems that could come from within ICANN and its existing contractual mechanisms. ICANN could, for example, try to receive a general OFAC waiver from the U.S. Commerce Department. Or ICANN could contractually oblige registrars to investigate the possibility of receiving an OFAC license for providing services to sanctioned countries. It could also prohibit registrars from arbitrarily cancelling domain names without notice. Moreover, it should be clarified whether registrars based in other countries need to comply with OFAC and US laws in general. As to the future of registrar applicants in sanctioned countries, ICANN should not declare that it is not obligated to apply for an OFAC license for the requesting entity; as an impartial administrator of the DNS infrastructure it should always prioritize global compatibility and interconnection.
 The regulation is available at: http://www.ecfr.gov/cgi-bin/text-idx?SID=34cb298bbeb9c92608485dd4bd5ead1a&mc=true&node=se31.3.560_1540&rgn=div8
OFFICE OF FOREIGN ASSETS CONTROL, Executive Order 13685 of December 19, 2014, Blocking Property of Certain Persons and Prohibiting Certain Transactions With Respect to the Crimea Region of Ukraine, Can be found at https://www.treasury.gov/resource-center/sanctions/Programs/Documents/ukraine_gl_9.pdf , ,
Clause D (4) The exportation or re-exportation, directly or indirectly, of web-hosting services that are for commercial endeavors or of domain name registration services.
 (17) “Prohibited Persons (Countries, Entities, and Individuals)” refers to certain sanctioned countries (each a “Sanctioned Country”) and certain individuals, organizations or entities, including without limitation, certain “Specially Designated Nationals” (“SDN”) as listed by the government of the United States of America through the Office of Foreign Assets Control (“OFAC”), with whom all or certain commercial activities are prohibited. If you are located in a Sanctioned Country or your details match with an SDN entry, you are prohibited from registering or signing up with, subscribing to, or using any service of Parent.”
 Emphasis by the author of this blog post.
 Registrar Accreditation: Application
https://www.icann.org/resources/pages/application-2012-02-25-en, Terms and Conditions, Paragraph 4 Application Process.
 NETmundial Multistakeholder document, April 24 2014, http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf