by Kevin Murphy
Domain name registrars cannot be held responsible for spammers who hide behind Whois privacy services, a California appeals court has ruled.
Plaintiff Daniel L Balsam had won a $1.125 million default judgment against a spammer after receiving over 1,000 pieces of pornographic spam.
Unable to recover the money, he found that the spammer had hidden his identity behind Tucows’ Whois privacy, so he sued the registrar for the cash instead.
He argued that he was a third party beneficiary of the ICANN Registrar Accreditation Agreement, the contract that Tucows and all other registrars must sign.
Part of the RAA, section 3.7.7.3, requires registrars to ensure registrants who license their domains to others are still liable for how they are used.
Balsam argued that this meant Tucows’ privacy service, under which its own contact details are entered in the Whois, was liable for the actions of the spammers who use it.
But in a ruling (pdf) handed down yesterday, Judge Margaret McKeown of the ninth circuit Court of Appeals opined that while Tucows the “registrar” is bound by the RAA, Tucows the “registrant” is not.
What’s more, she ruled that because the RAA has a specific “no third-party beneficiaries” clause, Balsam had no basis for his claim.
The ruling may actually go counter to ICANN’s interpretation of the RAA (pdf), which suggested that privacy services could be held liable if they did not hand over the registrants contact details.
As DNW reported last week, registrars including Tucows expressed anger that ICANN’s interpretation of the RAA could lead to “frivolous and vexatious lawsuits”.
Kevin Murphy is a freelance journalist covering domain names and author of Domain Incite.
Leave a Comment