53414625.

doc Page 1 of 2

Feb. 29, 2008 – 8:01 p.m.

Critics Say Bill More Likely to Assist

Corporations Than Curb Online Fraud
By Kathryn A Wolfe, CQ Staff

Language included in a bill intended to curb fraudulent Internet practices has

sparked a fight over the Internet’s equivalent of real estate: domain names.
At issue are several provisions included as part of a bill (S 2661) introduced Feb.
25that seeks to curb identity theft known as “phishing,” in which Web sites or e-mail
messages pose as legitimate businesses as a way to trick people into giving out
personal information.
Critics say the bill contains several sections — some with broad privacy implications
— that are more related to helping large corporations win legal battles over domain
names than curbing online fraud.
“This is a trademark bill in anti-phishing clothing,” said Phil
Corwin, counsel for the Internet Commerce Association (ICA),
a trade group that represents domain name owners,
including those who speculate in domain names.
The limited nature of a domain name — there can only be
one computer.com, for instance — has attracted speculators
who buy generic domain names and resell them at a profit.
At issue are sections of the bill that, according to the ICA,
would extend “far beyond protecting trademarks to covering
brand names and business names that might otherwise not
be entitled to trademark protection.” ICA said it supports the
measure’s anti-phishing language to the extent that it fills 'Phishing' Efforts Tracked:
gaps in current law. Click here to view the chart

‘Cialis’ and ‘Cybersquatters’

Arrayed against the ICA are heavy-hitters such as Dell Inc., Eli Lilly and Co., Verizon
Inc. and others, which support the bill through a trade group known as the Coalition
Against Domain Name Abuse (CADNA).
Josh Bourne, a CADNA spokesman, acknowledged that a significant part of the
group’s interest in the bill is to protect its members against “cybersquatters,” who
register domain names similar to trademarks and then profit off Web traffic
associated with the names.
For example, Bourne said that about 44,000 domains contain the word “Cialis,” a
brand-name pharmaceutical that treats erectile dysfunction.
“It’s a billion-dollar problem,” Bourne said. The group’s members “are very
concerned that they can’t possibly keep up with it, to protect their brand and their
business and consumers and others who look to the Internet for information.”
Bourne said cybersquatting also is a consumer issue because people may visit a Web
site that seems official but ends up having faulty information.
53414625.doc Page 2 of 2

Domain name registrars — the companies that sell and facilitate domain name
registration services — also are skittish about the bill, particularly a section that
would require registrars to reveal the name, address and phone number of a
registrant. The bill would require registrars to furnish that information if someone
accused a Web site of engaging in phishing, but it does not require the accusation be
supported, according to ICA.
The provision is intended to make it easier for law enforcement officials to obtain
information about people who have registered Web sites used for fraudulent
purposes. A public Web database known as WHOIS can provide that information. But
some registrars allow people who purchase domain names to keep that information
private.
“Too often, law enforcement officials have been hindered in their pursuit of phishers
and other online scams because the person responsible is hiding behind the
anonymity of false registration information,” Sen. Olympia J. Snowe , R-Maine, said in
a statement. Snowe has sponsored the bill along with Ted Stevens , R-Alaska, and Bill
Nelson , D-Fla.
A Law Enforcement Tool?
But Christine Jones, general counsel for GoDaddy Inc., said many of their customers,
including those who run small Internet businesses, have legitimate reasons to keep
their personal information private, such as having been the victim of stalking or a
violent crime.
“Our main concern is that [the bill] takes away that protection from a class of people
who have legitimate privacy interests,” Jones said. “And we’re not OK with that.”
An aide to one of the measure’s sponsors said the legislation was intended to be a
tool for law enforcement and that bill backers will work to address legitimate privacy
concerns.
Jones said GoDaddy is also concerned about language included in the bill that would
make it easier for businesses to challenge domain names on the basis of trademark
infringement.
“It’s not necessary because there’s an anti-cybersquatting law that already exists,”
Jones said. “We don’t need additional legislation, that one’s working great. I see
cases filed every single day by trademark holders who cite that law, and it works
fine.”
Jones was referring to the 1999 Anti-cybersquatting Consumer Protection Act (PL
106-113), which outlines ways for trademark holders to take ownership of
trademarked domain names registered in bad faith.
John Berryhill, an intellectual property lawyer who frequently represents domain
name registrants, said some of the bill’s provisions seem motivated by corporations
unsatisfied with the anti-cybersquatting law.
“Tucked away among the other good anti-phishing provisions in this bill, I detect a
note of some folks coming back for a bite at the same apple,” Berryhill said. “Clearly
this was informed more by trademark interests than folks that have a deep technical
knowledge of various phishing techniques.”