@Dotword,
A web host has a much more direct connection to content than a registrar does. After all, they store and disseminate the actual files of the website. Regulators and the general public often confuse registrars with hosts. You'd be surprised how often Epik or any other registrar is asked to share the source files of some website that is hosted by a separate company. (Gab.com is an example of this.)
I often have to explain to attorneys or bureaucrats that a domain registrar – insofar as it is just acting as a registrar – basically has
no involvement with any website at all. Registrars keep a record of whois contact information for the name itself. Registrars collect payments and process renewals, transfers, etc. They provide an interface for defining the name servers, which indicate which company controls the DNS records. And that may or may not be the registrar. If there is a website or email, then that is manged by the web host not the registrar. (Most registrars offer hosting, but many registrar customers host with a separate company.)
Basically, registrars allow the public to own domain names – nothing more. Policies for who can register what names and also how the domains must or must not be used are defined by TLD registries. And policies for domain ownership and processes generally are defined by ICANN (for gTLDs) or by ccTLD registries.
After this long preamble, what am I getting at? This:
- Registrars have no access to content and no way to inspect content beyond what the general public has.
- Registrars have no control of content. Files are stored by the web host, which has control and access.
Registrars can only take action with respect to content in the crudest way possible: By yanking the plug. Whether that means confiscating a domain, suspending a domain, deleting a domain, or diverting the name servers, the end result is the same binary choice. The only options available to a registrar are:
(A) leave the cord plugged in (domain name still maps to web host);
(B) disconnect the cord (domain name cannot reach web host).
Yes, a registrar can use this OFF/ON power as an ultimatum, coercing a registrant to change the content they are hosting with a separate company. But is this the ideal way to for online content to be adjusted or policed?
Consider that many registrars are small companies. That means the person who is evaluating the content and deciding whether to unplug the metaphorical TV that someone else is watching is acting in a part-time capacity to police content, often in a rush, generally with no clear policy and zero training, and absolutely no relevant experience in determining what is or isn't legal. Do we want that person censoring the web?
It's also true that many registrars are spineless and will cave instantly to pressure. Some will say this is a good thing because they're envisioning public outrage over extremely offensive or dangerous content. But outraged crowds aren't always right. And the pressure isn't always coming from a crowd of representative normal people. Sometimes it comes from lobbyists. For example, there are certain groups that represent the interests of pharmaceutical trademarks. They bully registrars into suspending or deleting domains without due process for the registrant. And many registrars comply. Registrars that direct these lobbyists to the UDRP (which is what ICANN created to deal with TM disputes) are defamed in public as "bad actors" or "rogue registrars". Do we want registrars to pull the plug on websites – when, remember, the registrar isn't providing the website at all – just because someone threatens to say negative things about the registrar? Shouldn't there be a process to protect the registrant? Shouldn't someone independent make the judgment call?
It's crucial to understand that a registrar is an outsider looking at whatever content is publicly visible. Some other company hosts that content. Some other person created that content. A registrar may not have enough access to the content to see whether abuse has occurred or even what the content really is or was. For example, the content may exist behind a login. Or the content may have been interrupted by the web host or deleted by the webmaster. Often in abuse cases, a registrar is asked to evaluate content it can't even see – relying entirely on a complainant's description of the content.
Elsewhere, I described a case involving a website that endorsed rape. Epik deleted the domain right away. But we were never able to see ANY of the alleged content. Anyone seriously interested in how a registrar polices content can read my summary of that case:
https://www.namepros.com/threads/so...er-or-suspension.1107245/page-24#post-7170517
Web hosts have more access to and control over web content than anybody else except the webmaster. So it is logical to focus on web hosts when evaluating content, even if web hosts don't necessarily have the relevant expertise or authority for judging that content's legality.
Also, a web host has the ability to manipulate a website or email account in a more selective or surgical way. They can remove a single offending page without taking the whole website down. They can temporarily block a specific email address from sending without blocking other addresses from sending or annihilating all inboxes. Thus a web host is the most relevant partner for investigating abuse AND enforcing abuse. Yet that still doesn't mean the web host is qualified to judge abuse. They may do so, based on their own policies. But nothing guarantees that they will do so competently or fairly.
Let me add that a registrar and web host are not the only players in the domain supply chain that have this ON/OFF power to pull the plug on a website or email.
- ICANN itself is completely neutral, refusing to police domain usage directly. ICANN thereby fosters online free speech.
- UDRP forums, designated by ICANN, will adjudicate trademark disputes involving domains, . Unlike some arbitrary registrar employee, the panelists are experts who can devote their full attention to the evidence and (ideally) make an impartial decision. Though there are abuses that need reform, the UDRP does help eliminate trademark infringement, phishing, and other abuses.
- TLD registries and back-end operators can suspend any domain, without relying on any information or action from the registrar. They can do this because they are upstream of the registrar in the supply chain. The registry's cable connects to the registrar's cable, which plugs into the host. So the registry can unplug entirely on their own.
Registries suspend domains on their own all the time. ccTLD registries do this. Often they do it because of residency requirements in the country in question. But at Epik, I've also seen ccTLDs enforce their own policies about trademarks or abuse or whois formatting without any adjudication at all. And this has occurred in response to pressure from complainants.
gTLDs
and sTLDs often have special policies about who can register domains. So it's not uncommon for them to suspend domains based on the registrant's lack of qualifications, lack of response, or lack of demonstrated usage in the relevant field. Beyond that, some of these registries also have policies about abuse such as phishing and malware distribution. And a few of them police these problems actively, causing domains to be suspended in the background in bulk. Registrars get periodic summaries of domains that the registry has chosen to suspend or delete. In some cases, neither the registrar nor the registrant gets any notification; and we piece together the facts about a secret registry suspension only when the registrant asks, "Where did my domain / website go?"
It has always struck me as strange that – in the Gab.com scandal – people focused entirely on the registrars, GoDaddy and Epik. Nobody that I'm aware of mentioned Verisign. I gather that Verisign stayed out of the question of whether Gab.com should be suspended or censored. In doing so, Verisign took a stance of complete neutrality or agnosticism, which is basically supportive of free speech.
Yet nobody attacked Verisign for not pulling the plug on Gab.com. Their ability to review Gab's content is exactly the same as a domain registrar's ability to review Gab's content. Both would need to assign someone to spend time reading Gab member's posts. Also, Verisign's ability to pull the plug on the domain registration is basically just like a registrar's ability to do so. Either at the registry level or at the registrar level, the connection to the web host could be severed. But the important difference is that a registry decision would be absolutely conclusive. When a registry suspends a domain, no registrar can offer it.
The general public has no understanding of what a TLD registry is. Because registrars interact with customers, and GoDaddy runs Super Bowl commercials, the general public became fixated on the registrar as the entity that MUST pull the plug on the racist TV that the racists were watching. But anybody with an ounce of experience knows that a domain that is suspended at 1 registrar will simply be transferred to another registrar.
It surprises me that the domain industry went along with this view that the registrar is primarily responsible for policing and censoring content. Domainers should know that a web host is more directly involved in content than a registrar is. Furthermore, domainers should recognize that Verisign could have suspended Gab.com totally.
Who has the responsibility to police content? I've written earlier that I think responsibility should fall (whenever possible) on the stakeholders in the content: the site owner, the managers, the board of directors, the webmaster, the moderators, the writers or editors, the forum members, etc. At the same time, monitoring for illegal activity is mostly crowdsourced. Just like law enforcement agencies, registrars, registries, and web hosts rely on someone to report abuse. The questions then become:
- Who is competent to review the content?
- Who can adjudicate impartially?
- Who has authority, based on TOS or the law, to take action?
- What action should be taken?
In some cases, a registrar or a web host can make a quick judgment call on abuse and take action themselves. Examples include phishing, spam, malware distribution, child pornography. Provided there is sufficient evidence to see what is going on, with egregious cases in those areas, nobody needs to wait for a court order to decide if such things are legal.
But policing individual posts by individual members in a forum that has its own staff? Is that a registrar's role? Should Dynadot be policing NamePros posts and delivering an ultimatum based on its crude ON/OFF power to pull the plug on NamePros.com entirely? Few of you would say yes. The position of Epik, as a domain registrar, to a website like Gab.com is precisely the same as Dynadot's obligation with respect to NamePros.
#1
I'm not a lawyer. When Epik receives abuse allegations, we investigate the evidence. Usually the nature of the abuse gives us a clear sense of the action Epik would take against the domain / customer. Since we would be taking action to stop the abuse, that's that. When in doubt about our responsibility to act, we investigate the legal requirements. It's impossible to give a general answer because the range of possible abuse (and the particular circumstances) is quite large.
But it's important to emphasize that registrars don't actively monitor or police web content. That isn't our role. And it would be infeasible, practically speaking. The ratio of domains to employees at a registrar would be something like 50,000 or 100,000. How is a registrar employee (who already has a full time job) supposed to monitor the online content for so many domains? The content might change day to day. Or it might be quite vast – as is the case with an online forum or a news site. Some content might be hidden behind logins or exchanged invisibly as email messages sent to others.
Actively monitoring online content would thus be impossible for a registrar or even a web host. Our responsibility to police usage depends, first and foremost, on allegations made by some external party. ICANN requires that registrars maintain a designated contact for reporting abuse. ICANN obligates all registrars to display that contact in particular ways and to respond. Aside from ICANN's requirements, each registrar exists asa corporation in its own jurisdiction, which has its own requirements. And overseas jurisdictions sometimes assert their own regulatory claims. The worldwide web has worldwide complications.
#2
You can read the case study I mentioned above to see how Epik policed domain usage in 1 case.
#3
I have no idea if Gab or any other website on the web contains illegal content. It has never been my role nor my hobby to go looking. In my whole life, I think I looked at the Gab.com website only once. What I happened to see there disgusted me, and I was not inspired to keep coming back.
If a law enforcement agency believes there is illegal content on a website, they can contact any domain registrar to indicate the action or information they would need. Registrars comply with such requests. Indeed, Epik received a subpoena related to Gab almost immediately after the domain transferred to Epik. As usual, the subpoena seemed to imagine that Epik was the web host. Since we were not, there was little information to give. But we gave it. I assume they sent a similar subpoena to GoDaddy, which had been the registrar for a much longer period, and to the web host. That was last Fall, and I've heard nothing since.
A registrar complies with official determinations. When a UDRP is filed, we supply the UDRP forum with unmasked whois contact details and other domain information, as required by ICANN. We also apply a mandatory lock on the domain that prevents whois updates or transfer. And once the UDRP case is decided in the complainant's favor, the domain is delivered to the complainant or (less commonly) deleted. That depends on their preference.
UDRP cases are only disputes about trademarks. They're generally not as gravely serious as phishing or child pornography or spam or any other kind of abuse or illegal activity. Since a registrar like Epik complies fully with a UDRP complaint, divulging information and ultimately reassigning the domain according to the received decision, you can imagine that Epik would comply every bit as much with investigators into more serious questions of illegality.
What is legal or not has always been a question for legislators (who write the laws), police (who enforce the laws), and courts (who adjudicate the laws). Let's not forget that. Registrars, like all other companies, comply with those laws. But registrars don't have any special responsibility – let alone expertise or authority – to decide what is legal. Registrars could act as judge / jury / executioner, and allow some part-time employee without training or full access to content to pull the plug on websites and email accounts. But should we expect registrars to do that?
Wouldn't the web be more reliable and more fair if registrars endeavored to remain as neutral as Verisign did or as ICANN did? Laws are still enforceable. Those neutral parties cooperate. But that doesn't mean they should be a substitute for legislators, police, and courts.[/USER]