• chevron_right

      ICANN Simplifies Requests For Hidden Domain Name Registration Data

      news.movim.eu / TorrentFreak · Thursday, 30 November - 08:01 · 3 minutes

    ICANN Much like regular websites operated by governments, companies, organizations, and the general public, most internet-based piracy services can be accessed using a domain name.

    From a user’s perspective, domain names are more easily remembered than IP addresses and remain the same despite IP address changes behind the scenes.

    Domain names also play an important role in conveying branding and as a result can be worth considerable sums of money. For companies enforcing their intellectual property rights, determining who owns a domain can prove invaluable as part of a wider investigation.

    When the General Data Protection Regulation ( GDPR ) came into effect in May 2018, it aimed to protect the personal data of EU citizens. That included those whose names appeared in public WHOIS databases as registrants or owners of domains.

    ICANN, the Internet Corporation for Assigned Names and Numbers, responded with restrictions that on one hand protected registrants’ privacy , but on the other came at the expense of rightsholders’ being able to conduct meaningful WHOIS-based investigations.

    ICANN Accused of Hindering Rightsholders

    Potential problems had been flagged way ahead but workable solutions remained elusive. Increasingly vocal rightsholders including the RIAA and MPA criticized WHOIS restrictions and piled on with other shortcomings; WHOIS proxy/shielding services that hide registrant information, for example, and the lack of an effective system to ensure the accuracy of collected data.

    In an August 2023 joint submission to the United States Patent and Trademark Office (USPTO), Hollywood, the recording industry, TV companies, the gaming industry and publishers left little doubt that patience had run out.

    RDRS: Registration Data Request Service

    With WHOIS protocols set to be replaced by RDAP (Registration Data Access Protocol), a technology designed to improve Registration Data Directory Services (RDDS), this week ICANN launched RDRS , an all new service to simplify access to non-public domain registration data.

    “Due to personal data protection laws, many ICANN-accredited registrars are now required to redact personal data from public records, which was previously available in ‘WHOIS’ databases,” ICANN explained.

    “With no one way to request or access such data, it can be difficult for interested parties to get the information they need. The RDRS helps by providing a simple and standardized process to make these types of requests.

    “The RDRS can be an important resource for ICANN-accredited registrars and those who have a legitimate interest in nonpublic data like law enforcement, intellectual property professionals, consumer protection advocates, cybersecurity professionals, and government officials,” ICANN added.

    Probably Not What Rightsholders Are Pleading For

    There appears to be little restriction on who can sign up for RDRS, something that already has some worried about what that could mean for their privacy. ComLaude confirms anyone can file a request but it doesn’t necessarily follow that information will be provided.

    RDRS is effectively a case management system for handling WHOIS data disclosure requests, rather than a database which can be interrogated, as WHOIS has been. Anyone can make a request, via the system, for certain non-public domain registration data. RDRS identifies the sponsoring registrar for the domain name and routes the request to them, subject to the registrar having signed up to be part of the system. Then, subject to applicable law, the registrar will make a determination on what, if any, requested data will be disclosed.

    Some rightsholders may be disappointed that the system only covers gTLDs such as .com, .net, and .org, plus new gTLDs including .xyz, .online and .horse. Common ccTLDs deployed at pirate sites, including .ag, .am, .cc, .me, .pw, .re, .sx, and .to, are excluded from the system.

    Hands-On Test

    Kevin Murphy at Domain Incite took RDRS for a spin and posted his first impressions of the service.

    “The system is defined largely by what it isn’t. It isn’t an automated way to get access to private data. It isn’t guaranteed to result in private data being released. It isn’t an easy workaround to post-GDPR privacy restrictions,” Murphy explains.

    “It is a way to request an unredacted Whois record knowing only the domain and not having to faff around figuring out who the registrar is and what their mechanisms and policies are for requesting the data.”

    Murphy also got the impression from interface settings that simply walking in off the street and requesting domain registration data might not be what ICANN has in mind. As a tool for rightsholders demanding so much more, it’s certainly nothing like what they have in mind.

    “The RDRS merely connects Whois data requestors — the default settings in the interface suggest that ICANN thinks they’ll mostly be people with court orders — with the registrars in charge of the domains they are interested in,” Murphy concludes.

    From: TF , for the latest news on copyright battles, piracy and more.

    • chevron_right

      Govts. Must ‘Encourage or Compel’ Internet Companies to Fight Piracy

      news.movim.eu / TorrentFreak · Thursday, 31 August, 2023 - 17:46 · 6 minutes

    uspto To address counterfeiting and piracy, the United States Patent and Trademark Office (USPTO) invited submissions from the private sector detailing effective anti-piracy strategies and those envisioned for the future.

    In advance of a roundtable scheduled for October 3, submissions from rightsholders and their representatives have called for pirate site blocking in the United States and amendments to the DMCA that would allow for instant blocking of pirate streams .

    Big Coalition

    The International Intellectual Property Alliance is a coalition of already powerful trade associations, including the Motion Picture Association, Recording Industry Association of America, Entertainment Software Association, Independent Film & Television Alliance, and the Association of American Publishers. IIPA aims to improve copyright protection and enforcement in overseas markets with high levels of piracy.

    The IIPA’s submission begins by painting a picture of creativity and productivity in the United States versus an “entrenchment of infringing services” in foreign markets. IIPA says that online piracy harms the creative industries in the United States, causes hardships for U.S. creators, undermines exports of legal content, which in turn impacts returning revenue.

    The coalition cites numerous studies dating back to 2013 that have concluded, to a greater or lesser extent, that piracy reduces legitimate sales. The numbers are huge; over $29 billion in lost revenue for movies and TV shows alone each year, plus the loss of up to 560,000 jobs.

    While the first figure is straight from a Hollywood study and the second could also be ‘just’ half of that, the numbers are still big. The main point is that IIPA members are huge contributors to the United States and in order for that to continue and grow, significant changes are required at the international level.

    ‘Notorious Markets’ Should Be Dismantled

    Each year the United States Trade Representative receives submissions from rightsholders that detail overseas sites and services causing significant problems for rightsholders. After consideration, the USTR produces a ‘notorious markets’ report which lists the piracy platforms and attributes them to specific countries.

    The general idea is for those countries to recognize how relations with the United States might improve if those platforms were no longer in business, and then act accordingly. ‘Notorious markets’ have been taken down over the years but the IIPA sounds keen to see additional positive action, especially when criminal syndicates are involved.

    “There have been many successes with the closure of Internet sites and services identified as notorious markets by USTR. IIPA’s long-standing recommendation is that USTR should urge trading partners either to convert sites and services to licensed disseminators of works and recordings, or these notorious markets should be taken down followed by, where appropriate, criminal enforcement actions,” IIPA writes.

    Create an Effective Legal Framework

    This request is supported by significant detail on what the IIPA would like to see changed, but isn’t explicit on the problem it needs to mitigate or why it can’t be handled under existing law. Where the issue is being encountered is loosely linked to cyberlocker-type sites based in Russia, but the problem is clearly more widespread.

    Taking the section as a whole, it appears that copyright enforcement measures are frustrated when pirate sites and/or their service providers present as being in compliance with the law and keep up the charade to stay in business.

    “Some services, including some clearly pirate services, attempt to rely on notice and takedown procedures to avoid proper copyright licensing,” IIPA notes. “Clear primary and secondary liability rules are necessary to discourage abuses and to avoid inaction or license evasion.”

    What the IIPA seems to want are acknowledged bright lines on conduct that remove any ability to claim compliance when services are obviously infringing, sometimes criminally so. In turn, this would allow rightsholders to lean on intermediaries with a credible discussion on secondary liability, thus gaining their voluntary cooperation – or else.

    The goal is a legal framework that: (i) prevents the operation of services that promote or otherwise induce infringement; (ii) criminalizes online infringement (particularly all ‘commercial scale’ piracy, in line with best practices); and (iii) provides strong incentives for neutral intermediaries to work with rights holders to curb the use of their proprietary networks and services for infringing purposes

    Within the framework, IIPA’s members would have their exclusive rights respected, including those that relate to technical protection measures. As for internet service providers, bright lines should govern their behavior too.

    ISP Liability Limitations….Should Be Limited

    According to the submission, the proposed legal framework should ensure that ISP liability limitations (if there are any at all) should not “reduce the scope of substantive copyright protections” and should only be available to ISPs that meet eligibility criteria.

    For example, upon an ISP “obtaining knowledge or awareness” of infringing activity, the allegedly-infringing content should be removed “expeditiously” before the ISP takes further action using “measures demonstrated effective” to prevent or restrain further infringement. That sounds not dissimilar to current understanding of the law in many developed countries, with the filtering requirements of the EU’s Article 17 bolted on top.

    Within the framework, IIPA says that governments should recognize online piracy as a form of cybercrime, foster cooperation among all industry stakeholders (including ISPs) in the online supply chain, and if there are any impediments to collaboration, remove them.

    “[G]overnments should encourage private sector agreements, especially those that provide enforcement rights, to properly reflect the needs of industry stakeholders, and that any remedies outside of a legal framework are available to all copyright owners,” the submission reads.

    “In addition, governments should require marketplaces and encourage all relevant intermediaries to implement ‘know your business customers’ (KYBC) policies to ensure they keep up to date and accurate information about their customers and to allow rights holders to obtain accurate information to protect their rights against direct infringers.”

    ICANN and Cloudflare (probably)

    Difficulties linking domain names to individuals have persisted for several years. The IIPA’s submission places the blame at the feet of the Internet Corporation for Assigned Names and Numbers (ICANN). The coalition makes no suggestions on what should be done but its statements leave no real doubt.

    The lack of meaningful access to accurate domain registrant data occurs because of ICANN’s “failure to meaningfully enforce a requirement for accurate registrant data collection, (ii) ICANN’s failure to implement approved policies concerning privacy/proxy services, and (iii) ICANN’s overinterpretation of the EU’s General Data Protection Regulation (GDPR), which has almost entirely shut down access to registrant WHOIS data.”

    Despite being a coalition interested in reducing infringement overseas, IIPA’s submission finds itself referencing a problem that is overwhelmingly seen in the United States and has already been mentioned in several anti-piracy reports; reverse proxy services and the layer of anonymity they provide.

    IIPA doesn’t mention Cloudflare by name but on the basis that most significant pirate sites do indeed use Cloudflare, it’s safe to assume we’re talking about the American company with the same name. In any event, IIPA is calling for the U.S. government to get involved.

    “While reverse proxy services serve a legitimate purpose, many pirate sites utilize reverse proxy services to hide true hosting information and to transmit large files faster. Such uses make enforcement against these sites extremely challenging. IIPA requests that the U.S. government include reverse proxy services in its efforts to address this widespread, systemic problem and to stop the misuse of such services.”

    The IIPA’s submission is available here (pdf)

    From: TF , for the latest news on copyright battles, piracy and more.