After Charlottesville: Registrars, content regulation and domain name policy

The Internet governance implications of Charlottesville are becoming clearer. When a white supremacist protest resulted in the murder of Helen Heyer, the Daily Stormer published repugnant, hate-filled content about her on its website. This provoked numerous Internet service providers (domain name registrars, DNS proxy services, a DDoS mitigation service and a hosting provider) to terminate Daily Stormer’s services for a variety of alleged Terms of Service (ToS) violation(s). Attempts to register new related domains in different TLDs (e.g., dailystormer.ru) or similar strings (e.g., dailystormertest.com) are being refused or similarly met with termination of service. Until recently, the Daily Stormer website was only accessible on the “dark web” via a .onion address.

Is this all to the good, an example of how the Internet’s private actor-driven governance model responds to abuse and problems on the web? Or is it a worrisome deviation from net neutrality that may come back to bite us? We’ve been following these developments, and in this post we look more closely at the role of domain name registrars and policies in regulating content and domain names.

First, a limited recap of the Daily Stormer domain name (dailystormer.com), according to other public accounts:

  • Daily Stormer’s domain name registrar, GoDaddy, gave 24 hours notice to the Registrant to transfer the domain name for violation of Terms of Service, otherwise the domain would be cancelled.
  • The Registrant transfered the domain name from GoDaddy to Google Domains service.
  • Google made a statement that the Registrant was in violation of Terms of Service.
  • The Registrant attempted to transfer the domain name from Google Domains to another registrar. However, a clientHold was placed on the domain name, as is visible in the DNS Whois:
    Domain Name: DAILYSTORMER.COM
     Registry Domain ID: 1787753602_DOMAIN_COM-VRSN
     Registrar WHOIS Server: whois.google.com
     Registrar URL: http://domains.google.com
     Updated Date: 2017-08-15T00:30:23Z
     Creation Date: 2013-03-20T22:43:18Z
     Registry Expiry Date: 2020-03-20T22:43:18Z
     Registrar: Google Inc.
     Registrar IANA ID: 895
     Registrar Abuse Contact Email: registrar-abuse@google.com
     Registrar Abuse Contact Phone: +1.8772376466
     Domain Status: clientHold https://icann.org/epp#clientHold
     Name Server: JEAN.NS.CLOUDFLARE.COM
     Name Server: KIRK.NS.CLOUDFLARE.COM
     DNSSEC: unsigned
     URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
     >>> Last update of whois database: 2017-08-26T13:01:24Z <<<

Now for some analysis of the above events. As one would expect, it’s complicated. It’s important to consider domain transfer and content regulation separately, and to keep in mind that the outcomes observed could depend on information we don’t necessarily have.

GoDaddy cites violation of its ToS

According to TechCrunch, a GoDaddy spokesman said, “We have informed The Daily Stormer that they have 24 hours to move the domain to another provider, as they have violated our terms of service. If no action is taken after 24 hours, we will cancel the service. Given this latest article comes on the immediate heels of a violent act, we believe this type of article could incite additional violence, which violates our terms of service.”

GoDaddy’s Domain Name Registration Agreement actually does not specifically restrict using a domain name to incite violence. Instead, GoDaddy does include a much more comprehensive statement, saying it may:

9. RESTRICTION OF SERVICES; RIGHT OF REFUSAL

cancel the registration of a domain name…if that name is being used, as determined by GoDaddy in its sole discretion, in association with…morally objectionable activities. Morally objectionable activities will include, but not be limited to:

Activities prohibited by the laws of the United States and/or foreign territories in which you conduct business;
Activities designed to encourage unlawful behavior by others, such as hate crimes, terrorism and child pornography; and
Activities designed to harm or use unethically minors in any way.

So GoDaddy had its bases covered, but the stunning breadth of its “morally objectionable” clause should give registrants engaged in legitimate online expression serious pause. Moreover, a quick review of the ToS of the world’s ten largest registrars (by name registrations in April 2017) indicates that half of them have morality clauses.

Google follows suit, but was it a violation of ToS?

A registrant using Google Domains as a registrar is bound by one primary ToS, but might be impacted by many other ToS’s and policies. The central document is the Google Domains Domain Name Registration Agreement. Regarding the use, suspension and cancellation of a Registered Name, the Registrant agrees to, among other things:

REPRESENTATIONS AND WARRANTIES.

4. registering or directly or indirectly using the Registered Name will not violate any applicable laws or regulations, legal rights of others, or Google’s rules or policies including:
engaging in spam, phishing, or other deceptive practices;
distributing malware or other items of a destructive or deceptive nature; or allowing child sexual abuse imagery or other exploitation of children.

SUSPENSION AND CANCELLATION. Google may in its sole discretion, suspend or cancel Registrant’s Registered Name registration (a) if Registrant breaches this Agreement (including a breach of any of the representations and warranties in Section 7); (b) to comply with a court order or other legal requirement; (c) as required by ICANN, a Registry Operator, or law enforcement; (d) to protect the integrity and stability of the Services; (e) if there was an error in the registration process for such Registered Name, or (f) if Registrant’s Account is disabled or terminated.

The conditions are much more circumscribed than GoDaddy’s, although perhaps there’s ambiguity around which “Google’s rules or policies” are applicable, and whether or not “legal rights of others” were implicated, e.g., does this mean individuals protected by hate speech laws in other countries? But the latter clause can be ignored in this case, because the Registered Name was not suspended or cancelled.

However, when using Google Domains service, other ToS are potentially implicated. E.g., one needs a Google Account in order to use the Google Domains service, which has its own ToS. Google’s other services (which the Registrant may or may not have been using, we don’t know) do have policies that restrict some content. E.g., Youtube’s ToS and by reference its Community Guidelines explicitly restrict hateful content, content which incites violence, etc. Whether or not there is a explicit link between use of Google services, i.e., if you use violate Youtube ToS does that impact your use of other services and/or your Google Account, is not entirely clear.

So it is not obvious that there any Google Domains policies that justified terminating the Daily Stormer domain. Nonetheless, there are apparent statements by Google saying they didn’t want their services used for inciting violence and were “cancelling Daily Stormer’s registration with Google Domains for violating our terms of service.”

Unintended consequence of ICANN policy?

If a specific policy wasn’t violated, by what means was the Registrant prevented from using the domain name? By reference, a domain name registered with Google Domain’s service (as well as other ICANN accredited registrars) is also governed by the ICANN Transfer Policy, including the Registrar Transfer Dispute Resolution Policy, and Uniform Domain Name Dispute Resolution Policy. One possibly relevant Inter Registrar Transfer Policy (IRTP) here is Section A.3.8:

The Registrar of Record may deny a transfer request…[if] A domain name is within 60 days (or a lesser period to be determined) after being transferred.

This ICANN consensus policy was designed in part to curb the practice of domain name hijacking. But in the event of multiple, legitimate transfers, it can also prevent the use of a domain name for some time. In this case, the Registrant transferred the Registered Name to Google Domains from GoDaddy, then shortly thereafter attempted to transfer it again away from Google Domains. As a result, Google (or more likely, its automated system) could have put a clientHold on the Registered Name. As ICANN explains, clientHold “tells your domain’s registry to not activate your domain in the DNS and as a consequence, it will not resolve. It is an uncommon status that is usually enacted during legal disputes, non-payment, or when your domain is subject to deletion.”

It also appears that, interestingly, the Registrant may have been able to keep the Registered Name at Google Domains, and simply change the resource records to point to different hosting and other services (if they could procure or provide them). Why the Registrant attempted the transfer away from Google Domains remains a critical question here. What will happen after 60 days, specifically how will Google respond, is another critical question.

Just today, we see that Daily Stormer can be found again in the DNS under the Albanian country code (.al) – using Google nameservers!

Some takeaways from the DailyStormer.com saga

Domain name registrars like GoDaddy and Google, and other other Internet service providers, are under enormous pressure to regulate content online. If it’s not longstanding calls from the left for tech companies to censor unpopular speech, it’s now the alt-right calling for government to regulate the very same companies. In Internet governance, it’s the Terms of Service that matters.

Some registrars seem to believe it is their right to police content associated with a domain name according to their own standards, while others are relying on rule of law. One could argue that there is sufficient competition in registrars and their policies so that unpopular sites can find a domain. However, our initial analysis (which we are developing further) indicates market concentration in registrars that have morality clauses. If these registrars are going to rely on legal concepts such as “incitement to violence” as justification, then the legal test for it should be applied by the courts and then enforced by registrars’ ToS.

Somewhat ironically, the inadvertent application of the ICANN-developed Inter-Registrar Transfer Policy may be providing registrars and registrants with an opportunity to examine more closely the issues raised by service to the Daily Stormer and other sites with controversial speech and find workable solutions. Regardless, the IRTP needs closer scrutiny and, if necessary, modification to protect online speech from being buried by multiple transfers.

Comments are closed.