Are Domain Name Registrars Liable for Wikileaks’ Criminal Conduct?
The Swiss domain name registrar Switch announced today that it will not shut down Wikileaks.ch as a result of Wikileaks’ criminal activity. It does so at its peril.
The pharmaceutical industry has long faced the question of registrar liability for hosting illegal pharmaceutical drug websites. Legitscript.com, a pharmaceutical watchdog, has summarized the obligations of domain name registrars in this report.
As the report outlines, every domain name registrar is required in its agreement with ICANN to abide by the UDRP, which requires registrars (such as Switch) to prohibit their customers (such as Wikileaks) from using websites for unlawful purposes. Article 2 of the UDRP provides:
By applying to register a domain name, or by asking us to maintain or renew a domain name registration, you hereby represent and warrant to us that … (c) you are not registering the domain name for an unlawful purpose; and (d) you will not knowingly use the domain name in violation of any applicable laws or regulations.
Under the UDRP, each registrar must include a provision in the registration agreement prohibiting use of the website for unlawful activity. When a website engages in unlawful activity, the registrar has a contractual right to shut the website down.
What if it fails to do so? Registrars are generally immune from liability under the Communications Decency Act. But under 47 U.S.C. 230, this is not the case if the registrar knowingly facilitates a third-party’s criminal activity or knowingly profits from that criminal activity. 47 U.S.C. 230(c) provides that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” However, 47 U.S.C. 230(e) adds that “Nothing in this section shall be construed to impair the enforcement of … any … Federal criminal statute.”
Thus, as the Legitscript report put its,
Registrars cannot be held accountable for the information if they do not know about it, but once put on notice about criminal activity, a compelling argument exists that they no longer enjoy the protections of the federal Communications Decency Act, if they knowingly continue to allow their domain name registration services to be used in the furtherance of criminal activity.
The report outlines the experience of pursuing registrars for hosting websites that they knew were selling fake prescription drugs. Eleven registrars, including GoDaddy in the United States, and ten others in Canada, China, Germany, India, Poland, and the United Kingdom, shut the illegal websites down. But five registrars refused to do so. One of these registrars, eNom, hosts 4,000 illegal Internet pharmacies, and through registration fees, is profiting from the criminal activities of its hosted websites. It is now in litigation for hosting and advertising illegal websites.
Likewise, under the EU law, registrars are immune unless they know a website they are hosting is engaged in unlawful activities. Article 14 of Directive 2000/31/EC provides that:
Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that: (a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or (b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.
Applied to Wikileaks, every domain name registrar has a contractual right in the registration agreement to shut down a website such as Wikileaks that engages in criminal activity. Moreover, if a registrar knows that a website it is hosting is engaged in criminal activity–such as disclosing company trade secrets or publishing classified government documents–it is not immune from prosecution under US or EU law.