Tackling online piracy is a complicated endeavor that often starts by identifying the operators of infringing sites and services. This is also where the first hurdles come into play.
Most pirate operations shroud themselves in secrecy and do all they can to remain anonymous. This starts with the domain name registration.
The owner of every domain name on the Internet is required to supply personal information when they buy a domain. This “Whois” information has to be accurate. However, it’s not necessarily available to the public at large.
There are several commercial Whois proxy or shielding services that hide registrant information. These have legitimate uses, to avoid abuse and harassment for example, but they also come in handy when a site’s business model is not entirely legal.
Copyright holders have complained about these privacy services for years. Domain registrar oversight body ICANN is aware of this and is considering whether to make ‘proxy’ registration data available for enforcement purposes. The plan has yet to be finalized.
To make matters worse for copyright holders, the EU’s GDPR privacy law only made it harder to identify domain owners. In response to the GDPR, ICANN implemented a temporary specification that led to further restrictions, shielding the personal data of site owners that would previously have been available through the Whois system.
RIAA Calls Out ICANN
These developments are a source of frustration for the RIAA. The music industry group submitted its notorious markets comments to the USTR last week. In addition to providing an updated list of piracy threats, these domain name troubles were highlighted.
“[I]t has become exceedingly difficult to track, enforce against, and accurately associate various notorious websites,” the RIAA writes. According to the group, ICANN’s policy that requires privacy and proxy services to disclose registrant data has been fully approved. However, the implementation is delayed.
“With estimates of over one third of all domain name registrations behind a privacy/proxy service, this failure of ICANN to implement disclosure policies for privacy/proxy services only serves to embolden online infringers and others that engage in malicious activity online with only minimal risks of identification and reprisal.
“In addition, ICANN has failed to adopt meaningful solutions to improve the accuracy of registrant information, despite discussions on this topic for the last several years,” the RIAA adds.
The RIAA isn’t happy about ICANN’s GDPR restrictions either. The domain name body added these to reduce liability under the EU’s privacy regulation. However, ICANN hasn’t come up with a solution for rightsholders who need this information.
“Despite promises to establish and implement a policy to provide uniform and consistent rules on how users can access such registration data, including for intellectual property protection and enforcement purposes, ICANN has yet to fully develop or implement such rules,” the RIAA notes.
“As previously noted, this continues to frustrate our ability to contact the registrant directly to address infringement issues, investigate relationships between infringing sites, and analyze our other enforcement options.”
By calling out these issues, the RIAA hopes to put them on the political agenda. And indeed, it appears that there is already some movement on this front.
EU to the Rescue?
Interestingly, it’s the EU that may come to the rescue of rightsholders. Europe’s privacy regulation previously resulted in Whois restrictions but the EU is now planning to turn things around.
In the draft of the ‘cybersecurity’ directive NIS 2, the registration of domain names will require complete and detailed data, including names, addresses, and phone numbers. This proposal is largely supported by ICANN, which stated that the information should be available to “legitimate access seekers.”
The legislation is still work-in-progress and the text may change along the way. In the most recent draft, the registration data is not meant to be posted publicly. Instead, it will be made available to public and competent authorities for enforcement purposes, among other things.
Based on the above, we can expect more clashes between privacy advocates and copyright enforcers in the near future. Whether with or without the involvement of the USTR.
A copy of RIAA’s submission to the US Trade Representative is available here (pdf). An overview of the nominations for the notorious markets report, which show a lot of overlap with previous years, is listed below.
– Flvto & 2Conv
Mp3 Search-and-Download Sites
BitTorrent Indexing Sites
– Filecrypt (link protector)
Piracy within Mobile Apps
– Ecatel/Quasi Networks
Nigerian-Operated Infringing Sites
– No sites mentioned
Reverse Proxy Services to Obfuscate Hosting ISP
– Njal.la Registrar.
– .to ccTLD Registry.