Governments have long sought ways to regulate Internet activity, whether for the purposes of taxation, content regulation, or the application of national laws. Effective regulatory measures have often proven elusive, however, since, unlike the Internet, national laws typically end at the border. Earlier this month, the United States began to move aggressively toward a new way of confronting the Internet’s jurisdictional limitations – the domain name system.
Domain names are widely used to ensure that email is delivered to the right inbox or to allow users to access a particular website. The system includes a large database that matches the domain name (e.g. michaelgeist.ca) to a specific IP address (i.e. the location of the computer server). The system is used billions of times every day to route Internet traffic to its intended destination.
As every Internet user knows, inadvertently entering the wrong email or web address typically means that the email bounces back or takes the user to an unexpected destination. As my weekly technology law column notes (Toronto Star version, homepage version), legislators have now begun to consider the possibility of intentionally stopping access to certain sites by ordering Internet providers to block access to their domain names.
The Combating Online Infringement and Counterfeits Act, recently introduced in the U.S. Senate, would potentially force Internet providers, domain name registrars (companies that register domain names) and domain name registries (organizations that maintain the domain name database) to block access to specified domain names.
This domain name block list – already being dubbed the Great Firewall of America – would be created through a censorship court order obtained by the U.S. Attorney General. The court order could be used to shut down a site located within the U.S. or to order Internet providers to block access to the domain name if the site resides outside the country.
Moreover, the Department of Justice could identify additional domain names that are “dedicated to infringing activities.” Despite the absence of any court oversight, this second list would also likely involve blocked domains since Internet providers would be immune from liability provided they curtail access to them.
This notably targets websites located anywhere in the world, since any domain – wherever located – may placed on the list. In fact, since the core of the domain name system resides in the U.S., it is possible that the site could be blocked at a global level if it was removed or rendered inaccessible from the “master” domain name database.
This is not the first time the U.S. has used its control over the domain name system to establish a home field regulatory advantage. In 1999, it enacted the Anticybersquatting Consumer Protection Act to deal with cases of domain name cybersquatting.
The drafters of that law recognized the jurisdictional challenges inherent in resolving domain name disputes by granting trademark holders the right to file a lawsuit against the domain name itself, rather than against the domain name registrant. That approach, known as in rem jurisdiction, treats the domain name as property that can be sued. This led to cases where U.S. courts ruled that they are entitled to order the transfer of a domain name even where a foreign court has issued an order barring the transfer.
The net effect of these laws is to create a two-tier regulatory structure for the Internet. Domain names may be global – more than 200 million have been registered worldwide – yet the U.S. continues to retain effective control over much of the system. As the recent moves to use the domain name system to address online concerns demonstrates, that control raises serious concerns about its jurisdictional reach and the misuse of a system intended to route Internet traffic without regard for its content or destination.