Court Rules That Using Domain Registration Privacy Services Represents 'Material Falsification'

from the that-doesn't-seem-right dept

Tue, Nov 3rd 2009 7:55pm — Mike Masnick

Lots of people use private registration services for domain names, that lets them register a domain name while keeping their own identities private. There are plenty of legitimate reasons to do so: they don't want spam or they want to keep the identity of the site owners anonymous. However, in a recent spam lawsuit, the Ninth Circuit court of appeals has said that using such a service is "material falsification" of information:

[P]rivate registration is a service that allows registration of a domain name in a manner that conceals the actual registrant's identity from the public absent a subpoena. We fail to perceive any vagueness on this point. Based on the plain meaning of the relevant terms discussed above, private registration for the purpose of concealing the actual registrant's identity would constitute "material falsification." Defendants assert that many innocent people who privately register without the requisite intent may be subject to investigation for violation of § 1037 until their intent can be determined, allowing for abuse by enforcement authorities. This may be so, but it does not make the statute unconstitutionally vague.

While CAN SPAM requires a combination of both material falsification and intent to send spam, it does open up some questions about potential legal problems for anyone who uses such a private registration service in a variety of lawsuits (if those lawsuits are in the Ninth Circuit, of course). The court does seem to admit that this could cause problems, but the job of the court isn't to stop those problems, just to interpret the law.

Separately, in the same lawsuit, the court ruled that the appropriate "community" for judging obscenity standards in email is the "national community" rather than the local community. I have enough problems with the whole "community standards" method of judging "obscenity" in the first place (well, I have trouble with "obscenity" laws entirely), but if you have to have them, it does seem that a national standard makes more sense than a local standard when it comes to email that could go to anyone in any community. As Thomas O'Toole notes in his writeup, the ruling is a bit of a mess, and should keep First Amendment lawyers busy (though, the same is true of any obscenity laws...).

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: domain names, email, material falsification, private registration

11 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Beta, 3 Nov 2009 @ 8:07pm

Night is day.
"Based on the plain meaning of the relevant terms discussed above, [privacy] would constitute "material falsification."

I... hate... lawyers.
[ link to this | view in chronology ]
- Anonymous Coward, 3 Nov 2009 @ 8:45pm
  
  Re: Night is day.
  lawyers, lobbyists, and politicians. also industry shills. And those in charge of them all, C_O's?
  [ link to this | view in chronology ]
Willton, 3 Nov 2009 @ 8:30pm

It's the 9th Circuit, not the 9th District
[ link to this | view in chronology ]
Willton, 3 Nov 2009 @ 8:40pm

It's a two prong test for a reason
The fact that the CAN SPAM law's test is a two-prong test would appear to account for private registration. Yes, common sense tells us that private registration, as you have defined it, is a material falsification of one's identity. But meeting one prong of the test does not trigger liability. If a private registrant has no intention of issuing spam, what's the problem?
[ link to this | view in chronology ]
- Anonymous Coward, 3 Nov 2009 @ 11:33pm
  
  Re: It's a two prong test for a reason
  This ruling frankly scares me... because determining intent to spam simply by the fact that nothing was done to prevent or stop it after a server is compromised (i.e. you did not even know it was happening yet) seems plausible. If you've got a compromised server you did not fix yet (afterall doing nothing to prevent inaccuracies in your taxes when you know they exist is definitely going to be considered intent when you get audited), and you also used private registration that puts you in a very bad place.
  [ link to this | view in chronology ]
  - Willton, 4 Nov 2009 @ 5:03am
    
    Re: Re: It's a two prong test for a reason
    This ruling frankly scares me... because determining intent to spam simply by the fact that nothing was done to prevent or stop it after a server is compromised (i.e. you did not even know it was happening yet) seems plausible.
    
    Then you clearly do not know what the word "intent" means. Intent requires purpose, not recklessness. If someone does not know something is happening, then there's no way he can intend on said something happening.
    [ link to this | view in chronology ]
Anonymous Coward, 3 Nov 2009 @ 9:33pm

It was just a matter of time...
The 9th Circuit is activist again!
[ link to this | view in chronology ]
Anonymous Coward, 3 Nov 2009 @ 10:46pm

We should use their stupidity against them. This would make it easier to expose whoever is behind astroturf or any other kind of deceptive lobbying website that pretends to speak for consumers/voters.
[ link to this | view in chronology ]
Paul Keating, 4 Nov 2009 @ 4:06am

WHOIS PRIVACY
FALSE ALARMS.............

The problem with the article is that it fails to clarify that the court was considering a constitutional challenge to the statute. The statute prohibits "material falsity" in headers, etc. Material falsity is defined in the statute as follows:

"header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation. "

The court properly found that AS DEFINED, the use of privacy in WHOIS met the definition that was stated in THIS statute. I know of no other statute that defines material falsity in such a broad context and in fact cases dealing with the ACPA have clearly stated that there is no material falsity in WHOIS if the WHOIS actually provides an effective means of contact. The ACPA does not use "impair".
[ link to this | view in chronology ]
PRMan, 4 Nov 2009 @ 7:28am

Not a problem...
The court is saying that if a spammer cannot be identified, then having a phony domain name shows intent that they were trying to hide their identities.

I'm really not seeing a problem here. I don't think they're going to go after people who sent 12 bad spams with a compromised server.
[ link to this | view in chronology ]
Rich Kulawiec, 4 Nov 2009 @ 7:46am

Beyond the legal ramifications...
1. It's been a best practice in anti-spam engineering for quite some time to refuse all mail from domains so registered, and multiple blacklists exist to facilitate that. Yes, this is arguably bad for people holding such domains who aren't spammers, but unfortunately, "privately-registered domain" is just about synonymous with "spammer/phisher/abuser domain". This is, of course, completely the fault of the registrars who are eager to profit by offering such services but completely unwilling to do anything meaningful (and therefore expensive) about controlling the resulting abuse.
2. I've long held to the principle that while anonymous use of the Internet is valuable and should be protected, anonymous operation of the Internet is intolerable and should be rejected outright. And certainly, domain ownership -- which implies control of the relevant DNS zone -- is operation, as much as control of (let's say) a router or a mail server or a network.

Note as well that there is absolutely no need of any kind for someone to take an operational role in order to merely use the Internet. It's a choice, and frankly, for people who actually want to remain anonymous, they're better off staying the heck away from operational roles, because those of course leave a trail that leads right back to them.
(In case that's not clear: some of these registrars are selling supposedly-private registration data, because it's quite profitable and nobody is likely to notice or complain. Some are leaking it due to poor security. Some -- probably more than we know -- are rolling over without a fight when the data's requested by a government entity. So anyone incredibly stupid enough to think that this private registration is actually private is well, incredibly stupid.)
[ link to this | view in chronology ]