
New Zealand’s Domain Name Commission (DNC) had their third victory in three appearances in their ongoing court battle with DomainTools, the latest being in March. DomainTools had appealed three claims, following losing their first appeal, but won only one, while the DNC won the remaining two, with consideration being given by the DNC to appeal the remaining claim. It is a battle over whether a top-level domain registry protect the privacy of their registrants. As Jordan Carter, InternetNZ’s CEO, told the Goldstein Report back in March 2019, “this test case will be significant for protecting the privacy rights of .nz registrants in the .nz domain name space and it is likely to have an impact on other ccTLDs and the wider industry.” It seems that the privacy rights of .nz registrants has been protected.
The case has revolved around whether it was permissible for DomainTools to scrape registrant data from .nz domain names, and which they do for many top-level domains around the world. The DNC claimed it wasn’t permissible, but DomainTools believed it was, and a large part of their business model revolves around them being able to do so.
In the Order by the United States Federal Court on 29 March 2020, the court explains how the DNC had issues with the way DomainTools collected domain name registrant data “from around the world, stores the information, and uses its current and historic databases to sell monitoring and investigative services and products to the public.” The order goes on to outline the DNC “alleges the way the defendant accessed .nz domain and registrant information before June 6, 2018, any and all access after that date, and its continuing storage and use of the domain and registrant information violates the Computer Fraud and Abuse Act (CFAA) and the Washington Consumer Protection Act (CPA). Defendant seeks dismissal of the statutory.”

In the one claim that the DNC lost, the court found that DomainTools’ conduct after the second cease-and-desist letter on 6 June 2018 constituted access to the DNC’s computers without authorisation under the CFAA. The judge nonetheless dismissed the CFAA claim in its entirety because the allegations of damage and loss were not specific enough to plausibly infer that the DNC incurred $5,000 in losses after 6 June. This leaves the DNC the ability to seek leave to file an amended complaint if they can allege enough losses after that date.
Setting aside whether the DNC can refile the CFAA claim, this decision should be seen as a win on the CFAA front. It empowers the DNC to issue cease and desist letters to data scrapers and aggregators like DomainTools, revoking their access. If they continue access after the DNC revokes authorisation, the DNC can sue under the CFAA. So, regardless of whether the DNC repleads the CFAA claim, the decision makes the CFAA a strong defence for the DNC going forward. There is also the breach of contract and CPA claim that remains, and the DNC remains in the Federal Court before a judge who has now issued two favourable decisions for DNCL.

“We have to be able to control the personal information individuals have trusted us with and be able to enforce our terms of use,” NZ’s Domain Name Commissioner Brent Carey told Goldstein Report in July 2019 after they had won the first appeal. “The local internet community through our WHOIS review requested a privacy option and we gave it to them in March 2018.”
So another good day for the DNC in their battle with DomainTools.
Previous articles on the Domain Name Commission’s battle with DomainTools are:
- DomainTools Continues To Systematically Violate .NZ’s ToU Harvesting WHOIS Data, Despite Preliminary Injunction – July 2019
- DomainTools Appeals To Seek To Continue Flouting .NZ Whois Terms of Use – June 2019
- DomainTools Continues To Systematically Violate .NZ’s ToU Harvesting WHOIS Data, Despite Preliminary Injunction – February 2019