Who controls .org.au? Where domain name policy and law collide*
by Jeremy Malcolm
Jeremy Malcolm discusses the administration of Australia's internet domain name space (ie all domain names ending in .au). His topical article outlines developments subsequent to the transfer of control of the .au domain to the Australian Domain Name Authority Ltd from Mr Robert Elz, the previous administrator. Jeremy also explains the basis of the very public stoush that has ensued between Mr Elz as registrar of the two second level domains that he created (.org.au and .id.au) and Australian Domain Name Authority Ltd.
Jeremy Malcolm is a Perth lawyer and a technology consultant, whose legal practice emphasises IT and communications law, commercial litigation, intellectual property and Trade Practices law. He is the President of the Western Australian Society for Computers and the Law Inc, an Executive Committee member of the Western Australian Internet Association, the Regional Coordinator of the Australian Public Access Networks Association, a Director of the Internet Society of Australia and a past board member of Electronic Frontiers Australia.
Introduction
The administration of Australia's Internet domain name space - that is, all domain names ending in ".au" - has recently been transferred[1] to the Australian Domain Name Authority Ltd ('auDA'). At the date of the transfer of control of the .au domain from its previous administrator Robert Elz to auDA, Mr Elz remained as the registrar of two of the second level domains that he had created. These were .org.au, which is a space for most non-profit organisations to register domain names, and .id.au, under which individuals can register domain names for personal purposes.
On 22 October 2001, auDA opened tenders for the operation of a registry or registries to operate seven of the second-level domains[2] originally created by Robert Elz. In doing so it sought the concurrence of each of the incumbent registrars. It obtained the agreement of all of the registrars bar one: Elz himself. Mr Elz has taken the view that, notwithstanding that auDA may possess authority over the .au domain as a whole, this does not also give it the right to redelegate or to otherwise administer the second-level domains such as .org.au and .id.au that had been created by its predecessor, without obtaining the consent of the incumbent delegate of those second-level domains.[3]
auDA obtained legal advice to the contrary, to the effect that, "the existing delegation held by the delegates will have no further force or effect after ICANN redelegates the .au Country Code Top Level Domains (ccTLDs) to auDA".[4] In reliance on this advice, auDA awarded the tender for operation of a registry to control those domains to AusRegistry Pty Ltd on 12 December 2001, and has since withdrawn Mr Elz's ability even to continue to manage the disputed domains during the interim period before AusRegistry commences its operations. On 29 January 2002, auDa announced it has assumed technical and administrative responsibility for the org.au and id.au - the second level domains. [5]
This article briefly investigates the position taken by each party, and attempts to draw a conclusion by the application of relevant principles of domain name law.
Domain name management
The authoritative global root name server continues to derive the content of its directory of root domains from the United States Department of Commerce ('USDC'). Despite its contract with the Internet Corporation for Assigned Names and Numbers ('ICANN')[6] to administer the domain name system, the USDC, even now, retains policy control over the root domain.[7] Since the domain name system is structured as a hierarchy, every Internet domain name depends upon this authority that the USDC exercises over the root domain.
New top-level domains (whether these be generic or country code domains) may be created only with the sanction of the USDC,[8] and will be administered in the first instance by its delegate, ICANN. ICANN, however, sub-delegates the control of all top-level domains to independent registry operators; in the case of .au , Robert Elz and subsequently auDA.
Once delegation of control of a top-level domain has occurred, there are certain procedures that ICANN follows in revoking that delegation or in redelegating the administration of the domain. At the time the .au top level domain was created by InterNet Assigned Numbers Authority ('IANA')[9], which is now an arm of ICANN, the applicable procedures were undocumented, but by March 1994 the procedures had been settled by consensus of Internet stakeholders and had become a set of principles published in the form of a document entitled RFC 1591. RFC 1591 relevantly states:
For any transfer of the designated manager trusteeship from one organization to another, the higher-level domain manager (the IANA in the case of top-level domains) must receive communications from both the old organization and the new organization that assure the IANA that the transfer is mutually agreed, and that the new organization understands its responsibilities.[10]
An exception is made "in cases where the designated manager has substantially mis-behaved" or "[i]n cases when there are persistent problems with the proper operation of a domain, [whereupon] the delegation may be revoked, and possibly delegated to another designated manager".[11]
The manner in which RFC 1591 is currently administered by ICANN is documented in a policy issued by it in May 1999 entitled ICP-1[12], which is in effect, similar to RFC 1591. It goes without saying that neither RFC 1591 nor ICP-1 possess any force of law. They are merely policy documents which describe the manner in which ICANN exercises the delegated authority of the USDC over the root domain, in the processes of delegation, redelegation and revocation of top level domain names.
Two further provisions of RFC 1591 and ICP-1 are of relevance to the legal positions taken by auDA and Robert Elz. These are, from RFC 1591, the statement that:
Most of these same concerns are relevant when a sub-domain is delegated and in general the principles described here apply recursively to all delegations of the Internet DNS name space.[13]
The commentary of ICP-1 on this issue is as follows:
There are no requirements for management of subdomains of TLDs, including subdelegations, beyond the requirements for TLDs stated in this document and RFC 1591. In particular, all subdomains shall be allowed to operate their own domain name servers, providing in them whatever information the subdomain manager sees fit, as long as it is true and correct.[14]
From these documents it appears that the policy of the root domain administrator as applied by ICANN, is that the delegation, redelegation and revocation of domain names at the second level should be conducted pursuant to the same policies that govern those activities at the top level; in other words, that redelegations should only be undertaken with the agreement of both parties, except in the case of malfeasance or incompetence.
Transfer of .org.au and .id.au domainsThe process by which the .org.au and .id.au domains were dealt with by auDA does not appear to comply with the procedures laid down in RFC 1591 nor ICP-1, which, as we have seen, are said to apply "recursively" to delegations below the root. In fact, far from the transfer being "mutually agreed" as RFC 1591 specifies, Robert Elz has stated that the .org.au domain is "not going to be any part of auDA's [near] future", and described auDA's conduct in seeking to redelegate the domain as "inappropriate".[15]
The argument that Mr Elz makes, when analysed in legal terms, is that the terms of auDA's licence of the power to administer the .au ccTLD by ICANN do not incorporate an implicit grant of the same power over the subdomains .org.au and .id.au, notwithstanding the hierarchical arrangement of those domains. The contrary position taken by auDA is that the delegation of control over a domain does incorporate a delegation of control over all its subdomains, and that upon the redelegation of the head domain to auDA, the previous delegations of subdomains within the head domain will have no further force or effect and may be overridden by the new head delegate at will.
Whether Mr Elz's or auDA's analysis is correct depends on analysis of the terms upon which a delegation of authority over a ccTLD is made, and in particular, an interpretation of the original delegation of the .au ccTLD by IANA to Mr Elz in 1986. RFC 1591 makes no mention of what a country code administrator may or may not do with subdomains that have already been delegated by a previous appointee. The agreement between ICANN and auDA is little more instructive. Clause 4.1 of that agreement[16] states:
The Sponsoring Organization [auDA] shall cause the authoritative primary and secondary nameservers for the Delegated ccTLD to be operated and maintained in a stable and secure manner, adequate to resolve names within the Delegated ccTLD, and any sub-domains over which the Sponsoring Organization retains administrative authority, for users throughout the Internet.
Clause 4.5 of the agreement requires in effect that auDA "abide by all ICANN policies ... that concern ... the operational capabilities and performance of the ccTLD operator", which of course includes RFC 1591.[17] The final provision that is of relevance is clause 6.3 which sets out the consequences of a termination of the agreement by ICANN. It relevantly states:
In particular, the Sponsoring Organization shall ensure the transfer of all relevant Domain Name Service ("DNS") and registry data to the specified successor, subject only to the successor's commitment to use the data in a manner consistent with the Sponsoring Organization's prior written commitments made to data subjects regarding the use of their personal data.
This suggests that upon the transfer of the ccTLD from one registry operator to another, the newcomer is obliged to receive and maintain all data from the previous incumbent (subject only to appropriate privacy undertakings being made). Clause 4.1 further indicates that there might be expected to be some subdomains within the ccTLD over which the operator does not retain administrative authority.
Whilst these provisions offer some threads of support for Mr Elz's position, it is fair to say that the terms of the delegations of control over the .au ccTLD to Mr Elz and auDA are in themselves inconclusive. Perhaps greater assistance in assessing the correctness of Mr Elz's model of domain delegation - that is, that subdomain delegations are not subsumed within the delegation of a higher-level domain - may be obtained by reviewing prevalent industry norms. Mr Elz himself claims:
No-one seriously believes that [a change of control of a higher-level registry will effect an automatic revocation of domains registered at a lower level] - if they did it would mean that all the agreements that auDA is currently making with the other 2nd level domains [are] very suspect - after all, ICANN could next year, or something, simply take the AU domain from auDA and hand it to someone else (that part is certainly true I think) and by so doing, render all of the domains currently existing in AU void. Note the question isn't whether they would, or whether they could find ways to avoid that, but whether they could if they wanted to.[18]
This logic persuasively suggests that the authority granted to a ccTLD delegate does not incorporate the authority to cancel or redelegate pre-existing subdomains, or at least not except in accordance with the provisions of RFC 1591; in other words not unless those subdomains are surrendered, or lapse due to misconduct or incompetence or because the conditions of their delegation (for example, as to payment of registration fees, if applicable) are not satisfied.
On the other hand, if the authority of the .au domain delegate (in this case, auDA) does not incorporate rights over the existing delegated subdomains such as .org.au and .id.au, from what does the continuing force of those delegations derive? On auDA's argument, it cannot be derived from the authority of the previous .au domain delegate, Mr Elz. Mr Elz did not have power to delegate the control of .org.au and .id.au indefinitely, he only had the power to delegate them for so long as his own .au delegation subsisted.
This, however, overlooks the fact that since Mr Elz's pre-existing delegations do not form part of the grant of authority to auDA for the reasons stated above, there is no inconsistency in those delegations remaining in force beyond Mr Elz's tenure as .au domain administrator. The delegations made by Mr Elz enjoy a separate legal force to the delegation of the balance of the .au ccTLD from ICANN, such that the former can survive the termination of Mr Elz's authority over the latter, just as the authority of a .com.au domain registrant over its third-level domain will survive the transfer of authority over .com.au.
ConclusionThere is good reason to take the view that in unilaterally transferring control over the .org.au and .id.au subdomains away from Robert Elz, auDA has acted beyond the scope of its power over the balance of the .au ccTLD.
This fact does not, however, necessarily have any immediate legal consequences. The scope of authority granted by ICANN to auDA is a matter solely between ICANN and auDA. If it is accepted that auDA may override prior sub-delegations of the .au ccTLD either not at all, or alternatively only in compliance with RFC 1591, then its failure to do so may be a matter which puts it in breach of its agreement with ICANN but does not provide a remedy to any affected sub-delegate save to prevail upon ICANN to cancel auDA's delegation.
At least, this is so unless domain names can be characterised as a property right. If they can, then although auDA may purport to redelegate a subdomain such as .org.au, and although ICANN may raise no quarrel with auDA doing that, there may be a cause of action against auDA in conversion at the suit of the party previously in possession of that domain, whose chain of title passes through Robert Elz to IANA to the United States Department of Commerce. Likewise, if domain names are proprietary in nature and a superior right of possession were claimed by an original delegate against a new registry operator, that registry operator might have a cause of action against auDA in breach of contract on the ground that auDA had purported to deal in property that it did not own.
The question of whether such proprietary rights in fact subsist in domain names - and more particularly whether they subsist in domain names at the top level (in respect of which RFC 1591 tells us that "[c]oncerns about 'rights' and 'ownership' of domains are inappropriate") or the second level - remains an open and contentious question, which will have to be the subject of another paper.
In any case, auDA's assumption of control over the .org.au and .id.au subdomains, and its assertion that it is entitled to redelegate those subdomains against the wishes of the manager to whom they were previously delegated, is a bold assertion indeed. Whilst it may be in the end that auDA is entitled to do as it claims, it is the writer's view that auDA places a great stake on very uncertain odds.
Footnotes
* This is an abridged and slightly updated version of an earlier paper of the same name published in full at http://dnsaction.terminus.net.au/dnsarticle.html.
1 See the ccTLD Sponsorship Agreement entered into between ICANN and auDA at http://www.auda.org.au/docs/au-agreement-31aug01fin1.pdf (accessed 18 February 2002).
2 Namely, com.au , net.au , asn.au , org.au , id.au , gov.au , edu.au.
3 Mackenzie, Kate. "auDA won't get .org.au: Elz", The Australian, 6 November 2001, see: http://australianit.news.com.au/articles/0,7204,3196733%5e15306%5e%5enbv%5e,00.html (accessed 18 February 2002).
4 Point 1.3 of part 2 of its Request for Tender, See: http://www.auda.org.au/rft (accessed 18 February 2002).
5 Press release, "auDA Assumes Responsibility for ORG.AU", see: http://www.auda.org.au/about/news/2002012901.html (accessed 18 February 2002).
6 http://www.icann.org/
7 Froomkin, A Michael. "Wrong Turn in Cyberspace: Using ICANN to Route Around the APA and the Constitution", (1999) 50 Duke L J 17, 106.
8 See clause 12.3 and 12.5 of ICANN's contract with the Department of Commerce at http://www.icann.org/general/iana-contract-09feb00.htm (accessed at 18 February 2002), which supersedes the Memorandum of Understanding cited above.
9 IANA is a central coordinator for the assignment of unique parameter values for Internet protocols, see: http://www.iana.org).
10 RFC 1591: Network Working Group Request for Comments: 1591, clause 3(6). See: http://www.isi.edu/in-notes/rfc1591.txt (accessed 18 February 2002).
11 RFC 1591, clause 3(4).
12 ICP-1: Internet Domain Name System Structure and Delegation (ccTLD Administration and Delegation). See: http://www.icann.org/icp/icp-1.htm (accessed 18 February 2002).
13 RFC 1591, clause 3.
14 ICP-1 at (g).
15 Mackenzie, Kate. "Domains move inappropriate: Elz". The Australian, 13 November 2001: http://australianit.news.com.au/articles/0,7204,3236063%5e16123%5e%5enbv%5e,00.html (accessed 18 February 2002).
16 The ccTLD Sponsorship Agreement, dated 9/3/2001. See http://www.auda.org.au/docs/au-agreement-31aug01fin1.pdf (accessed 18 February 2001).
17 See also Attachment F to the agreement which restates much of the effect of RFC 1591 and ICP-1.
18 Private correspondence, 6 November 2001 between Mr Elz and the writer.
March 2002 contents
|
