Privacy and .ca

By: Pulat Yunusov · October 24, 2009 · Filed Under Intellectual Property, Technology · Add Comment 

For years, if you registered a .ca domain, anyone could see your name, address and email in online “whois” databases. In 2008, the Canadian Internet Registration Authority (CIRA) restricted access to this information. Internet law guru Michael Geist hailed early drafts of the CIRA’s new whois policy as “a model for domain name registries around the world”. Still, in a last-minute change, CIRA allowed access to a domain owner’s identity for parties claiming IP infringement by the domain name. In response to Professor Geist’s accusation of a “stunning setback for privacy”, CIRA’s President and CEO Byron Holland called the new policy “thoughtful” and “effective” with the “best privacy protection in the world”.

Does CIRA’s whois policy strike the right balance between registrants’ privacy and IP owners’ rights?

Yes, CIRA cites the need to fight cybersquatting in defense of its disclosure policy. Registering domains for the sole purpose of reselling at a premium is a common problem on the internet. Few short domain names are now openly available for legitimate purposes. A more sinister extension of cybersquatting is phishing – posing as a third party to obtain confidential information such as passwords.

Yes, CIRA’s disclosure policy also protects IP rights. It simplifies contacting alleged infringers and helps resolve IP disputes outside of court. The opportunities for IP infringement in domain names alone are huge due to the nature of the internet. Any alternative dispute resolution can help relieve a potentially large burden on the justice system.

But there are flaws in CIRA’s whois policy.

Disclosure without consent impairs registrants’ privacy. It is also probably unlawful. CIRA’s disclosure policy does not meet the conditions in s. 7(3) of the Personal Information Protection and Electronic Documents Act, which contains the exhaustive list of circumstances when disclosure without consent is allowed in the private sector.

CIRA’s policy also undermines the freedom of speech. Whistleblowers or political activists will lose their anonymity unduly if they register a domain name referring to the organization they criticize. Instead of having to go through court, claimants need only show CIRA reasonable belief of IP infringement to obtain the registrant’s identity.

Registrants’ privacy and freedom of speech suffer irrevocably, while IP owners retain their rights and avenues for pursuing infringers regardless of CIRA’s cooperation. The barrier to obtain personal information is low. CIRA does not specify how or whether it considers merits of infringement claims. Frivolous claims that wouldn’t make it to courtroom can survive under CIRA’s laxer procedures. Citing the need to contact registrants is unreasonable because CIRA already passes electronic messages to registrants via its website. It should also be able to send regular mail on behalf and at the expense of any IP claimants.

CIRA owes a statutory duty to registrants who entrust it with their personal information. Among all the options to facilitate resolution of IP disputes, CIRA chose one that seems unbalanced and not in accord with the privacy legislation.

AdviceScene

Post tags: , , , , ,

Don’t Let Cybersquatters Steal Your Name

By: Ryan MacIsaac · March 7, 2009 · Filed Under Intellectual Property, Media Law, Regulatory Law, Technology · Add Comment 

personal_computer_pentium_i_586It would be an embarrassing surprise if you woke up one day to find that your personal website was now a dating service, or worse, selling porn or prescription drugs. Well that’s precisely what has happened to two Canadian MPs, and it highlights the importance of preemptively guarding your online identity in a situation where legal recourse will prove difficult if not futile.

As reported by the blogs Michael Geist and Canadian Trademark Blog, and now even The Sun, the domain names of two MPs have been snatched up by cybersquatters after the politicians failed to re-register them. Liberal whip Rodger Cuzner, Member of Parliament for Cape Breton-Canso, had his domain www.rodgercuzner.ca taken over by a bizarre dating-based entity. And at www.keithashfield.ca – former web home of Keith Ashfield, Conservative MP for Fredericton – one can order drugs such as the highly addictive oxycontin.

Cybersquatting, also known as domain squatting, refers to “bad faith registration of a domain name containing another person’s brand or trademark in a domain name.” Benefits for the cybersquatter come in the form of per-click revenue from ads on the repossessed site. Since 25% of all Internet traffic comes from direct navigation – i.e. people directly typing the domain name into the browser – cybersquatting can seriously damage the business and/or reputation of companies and individuals.

So what do you do when someone snags your domain? In Canada, notes Canadian Trademark Blog, one possible recourse is to try to take the name back through the Canadian Internet Registration Authority Dispute Resolution Policy. The problem for Mr. Ashfield and Mr. Cuzner, however, is that the complainant in this case must prove that his/her name qualifies as a “Mark,” and the definitions of “Mark” generally pertain to businesses and institutions, not individuals.

Another avenue of action is to go to the Uniform Domain Name Resolution Policy (UDRP) process administered by the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit organization that oversees domain name registration. This process is cheaper than legal action against the cybersquatter, but unlike legal action it cannot grant recovery of damages to the complainant. And there is the chance that the domain name in question will not be within the category of UDRP-affected top-level domain names (such as .com, .org, and some country codes).

The obvious solution to cybersquatting is to not let it happen in the first place. The plight of Mr. Ashfield and Mr. Cuzner is a reminder to regularly re-register your domain name before it’s seized by Cialis-peddling opportunists.

Post tags: , , , , , , , , , ,

CIRA, whois and IP Osgoode

By: Pulat Yunusov · November 4, 2008 · Filed Under Intellectual Property, Law School, Privacy, Privacy Law, Technology · Add Comment 

Check out my post about CIRA’swhois’ policy on the recently launched IP Osgoode wesbite. I wrote it as an assignment for my IP law class with professor D’Agostino.

Post tags: , , , , ,

CIRA Policy is Not the End of Web Annonymity

By: Law is Cool · June 30, 2008 · Filed Under Civil Rights, Media Law · 2 Comments 

Michael Geist of the University of Ottawa law commented today on the new policies by the Canadian Internet Registration Authority (CIRA) regarding individual internet registrants.

He had previously come out in support of their position, but it appears as if CIRA is backtracking on some of their changes.

CIRA is attempting to create a balance between privacy concerns of members of the public registering domain names, and access by those requiring legitimate access to their identity.

As before, information can be provided to law enforcement, and with the spread of hate crimes, threats, fraud, and other abuse on the Internet, this access will likely be increasingly utilized.

But access is also provided to trademark, copyright and patent interests that believe their intellectual property rights have been infringed.

Geist argues that the trademark changes violate Canadian privacy law, and whistblowers setting up a site against their company would be unnecessarily exposed,

Under the new CIRA policy, if they use fake registrant information, they risk losing the domain. On the other hand, the back-door exception means that the trademark holder can easily uncover the identity of the registrant since CIRA will simply hand over this information.

It’s actually not that easy.

The only disputes that CIRA states they will even contemplate a disclosure are when the use:

  • infringes Requestor’s Canadian: (i) registered trademark, (ii) registered copyright,
    or (iii) issued patent;
  • infringes Requestor’s Canadian registered (Federal or Provincial) corporate,
    business or trade name; or
  • is making use of the Requester’s personal information without their knowledge or
    consent to commit a crime (such as fraud, theft or forgery), to procure money,
    credit, loans, goods or services without authorization. (Identity Theft)

Maureen Cubberley, former chair of the CIRA board of directors, has explained that it’s intended for cybersquatting, resale of domain names for profit, and malicious registrations towards competitors,

It’s limited to ‘bad faith’ registrations…

What we’ve done is make an exhaustive list of where the policy would apply in these situations.

Even then, such disclosures would only be made after attempts to contact the individual and resolve the dispute in other ways has been ineffective. There is even a 60-day period where parties can challenge a ruling, and take it to the courts beyond that.

A more valid concern would be social justice advocates attacked for their work by the larger public or major corporations. But as long as a person does not misappropriate a trademark or name or misuse personal information, it’s unlikely that any form of widespread abuse would occur by CIRA.

One of Geist’s more credible issues would be the arbitration process, because panels with a single arbitrator chosen by the arbitrator are more likely to favour with the complainant – in 83% of the cases. A panel with several individuals chosen by both parties is more likely to have a balanced decision.

But that’s exactly the process that CIRA is adopting.

Although complete annonymity and the ability to whine on nearly any subject imaginable might be slightly curtailed, especially when posing as a corporate entity, web hosters would also have a greater sense of responsiblity more akin to the printed press.

They now know that if they abuse their priviledges they will eventually be called to task.

And we’re forgetting one thing.

The new policy would only apply to “.ca” domains, which are still barely used even among the Canadian public.

Geist did predict that if these trademark changes were not made they would,

…instantly catapult the dot-ca into a global leadership position. With more than a million Canadian domain name registrations, the resolution of the WHOIS issue ensures that the Canadian domain name space is set for continued growth as it now features a “privacy advantage” over other domains struggling to strike a similar compromise.

Tightening privacy issues may have promoted the use “.ca” on the Internet, but for now we’re in just about the same place as everyone else, which is probably exactly where we should be.

Post tags: , , , , , ,