Lawyers for DomainTools and .NZ’s Domain Name Commission (DNCL) slugged it out for another round in the US courts recently as DomainTools appealed a preliminary injunction that prevented them from creating a shadow database of .nz registrant data. The case is likely to have wide ranging implications on registrant data collected by top-level domain registries and how that data can be used by third parties such as DomainTools. It’s believed the DNCL is the only TLD registry to initiate proceedings against a company like DomainTools since the introduction of the European Union’s General Data Protection Regulation (GDPR) in May 2018.
The case has revolved around whether DomainTools should be able to access .nz registrant data with the DNCL saying they are expressly prohibited from a mass harvest of registrant data, while DomainTools have claimed when they downloaded the registrant data there were no restrictions, and DNCL should not be able to retrospectively stop them.
DomainTools recently appealed the preliminary injunction awarded in February to the United States Court of Appeals for the Ninth Circuit. In the hearing last week, the DomainTools lawyer said that while DNCL “absolutely has the right to cut off prospective access as it has done and we have respected that, but what they cannot do is retrospectively apply that new concept they have of shuttering port 43 to information that they already sent us for over a decade in response to Whois queries.”
DomainTools have claimed the registrant data is a publicly available database, accessed via port 43, for free, and is necessarily so available for cybersecurity purposes. DomainTools in response to a question from Judge Marquez said there’s no evidence the Whois data has been abused through registrants receiving spam. They also noted the case revolves around harm to DNCL, not to registrants. Judge Nguyen said “it does affect the reputation of DNCL to the extent that they are not able to effectively enforce the terms of use, and that is the link to the customer complaints about privacy.” Judge Marquez was also concerned that once the registrant data is publicly available, there was no way of retrieving it. DomainTools also claimed that Whois data for all top-level domain registries is meant to be publicly available to everyone, no matter what the purpose of those who access the data.
In response the DNCL lawyer said that “DNCL sought an injunction in this case because DomainTools does exactly what DNCL terms of use prohibit. What the record shows is that DomainTools surreptitiously downloaded 94% of DNCL’s database. It created a shadow database in clear violation of the terms of use and then it used that database to do things that DNCL’s terms of use flatly prohibit and it’s here today because it wants to resume doing those things even though it knows the terms of use flatly prohibit it. So this raises a very fundamental question, which is who controls the use of the registrant data for .nz … is it DNCL … or is it DomainTools.”
In the original case heard by Judge Lasnik, Lasnik was concerned with the irreparable harm done to DNCL through the Whois data that had been downloaded by DomainTools, which is 94% of the .nz registrant database. Lasnik specifically found that DomainTools was sabotaging the efforts to implement a means for protection of privacy advertising registrant data, undermining one of DNCL’s central missions: to protect the security of the data in the register from unauthorised or abuse of use. Lasnik was also concerned with how DomainTools accessed the data – it didn’t ask for the registrant data as they knew their request would be refused. DomainTools therefore took steps to circumvent controls that DNCL put on Port 43 by creating a distributed network so DNCL wouldn’t recognise the repeated searches.
The 3 judges are currently considering the appeal with a decision expected anytime in the next few months.
To watch the appeal, published by the United States Court of Appeals for the Ninth Circuit, case 18-35850 Domain Name Commission Limited v. DomainTools, LLC, see https://www.youtube.com/watch?v=wXwmyWUmpGU