Domain Name Regulation in ITA 2000..to be amended

This is a continuation of our discussions on proposed amendments to ITA 2000 presently under consideration by the T.K.Vishwanathan Committee. For further discussions henceforth we shall refer to the proposed amendments as ITAA2017(p) and the new Act as ITA2017(p).

The ITA 2000 pursued the objective of E Commerce promotion by providing legal recognition to Electronic Documents and the method of authentication through Digital Signatures. It also addressed some aspects of Cyber Crimes which were expanded in 2008 along with more on compliance requirements.

However both ITA 2000 and the 2008 amendments did not in any way looked at the regulation of “Domain Name” which is the key property of any  E-Business. Additionally, today we see a number of Cyber Crimes being committed under fraudulent websites whose domain names are registered so as to cheat public, registrant’s information hidden under the false pretense of “Privacy” and ownership often determined more on the basis of “Trade Mark registration” than any other logical consideration.

Naavi has been in the forefront of the debate for the concept of “Resolving Confusing Domain Names through a system of a trusted third party disclaimer” (Refer: lookalikes.in) . The idea here is that if two persons have legitimate interests in a particular domain name and there is neither an attempt to cheat public by “passing off” a service as similar to a more popular service or to cause confusion and obtain undue advantage there of, then we should allow the two otherwise similar domain names to co-exist with disclaimers on both sites preferably corroborated by a trusted third party.

What presently happens is that a genuine person who wants to start business under a domain name will never get a name which is free of disputes because every name will be similar to some name already registered elsewhere in the world. The very system of ICANN allowing multiple TLDs means that different entities may hold the same name in different TLDs if they have a reason. Today one company cannot register all domain names in all the 200 plus extensions that are available and therefore allow others to register the names and then hound them like a prey. The UDRP process and the INDRP process is heavily skewed towards the more wealthy disputant and holder of a trademark.

In US, the Anticybersquatting Consumer Protection Act (ACPA), provides some protection to domain name owners in addition to the remedies provided under the UDRP though even this law favours the US trademark owners. In India we donot have a similar law.

In many cases, the disputes are raised after a business builds up a brand value in a domain name since when the domain name is registered, no registrar alerts the registrant about the possibility of a challenge coming up later. Both the registrars and the ICANN make money by letting people register names which are patently undefendable if challenged by the earlier registrant of a similar name.

At the same time, those who want to register phishing domain names are not concerned with either the trademark law nor the Cyber squatting law and register domain names in patently confusing names.

Thus the current system does nothing to prevent fraudsters and only hurts genuine registrants who pick up an available name because it suits them for promoting their business without any intention of taking advantage of the existing brand name owned by some body else.

ITA 2000 as proposed for amendment should therefore try to provide a solution in this regard. The suggestions I have in this regard has been discussed in detail several years back in this site (see the old articles under the link “Old Posts“). It is time for others to add their views to the debate. In short, my suggestions are

a) Given the existence of a number of options for the TLDs in the generic and CcTLD type it is not possible to prevent registration of names which may be in conflict with others.

b) The use of “Internationalized domain names” in different languages such as Hindi or Chinese and the Phonetic similarities which are also a cause of action in trademark disputes make the current system of allowing registration of any domain name without the registrant being checked at the time of registration is a completely unacceptable system.

c) The system of “Registering a Lookalike Domain Name” with a disclaimer publication was suggested so that the affected domain name owner can object if there is a real need but genuine registrants would feel safe to develop their brand in an otherwise risky domain name.

d) The practice of hiding the name of the registrant of a domain name in the disguise of “Privacy” should be discouraged and eliminated since it puts a barrier on quick investigation of frauds.

e) The registrars should be considered liable (Even now they are liable under Section 79 of ITA 2000/8 as intermediaries but this is rarely recognized) for any frauds where the registration of a fraudulent domain name was used as a tool of cyber crime.

Incorporating the above requirements we need to develop a new system of domain name registration initially within the jurisdiction of India and provide protection to the Indian registrants with the concept of the “Regulatory Gateway” discussed in the earlier article.

In our first article on the modifications ,we suggested introduction of the following section in Chapter XI..

(..) Whoever, in bad faith and with the intention to cause disrepute, harm to another person or cause disruption of any legitimate business or cause confusion in the minds of the public, who having regard to the circumstances, are likely to be influenced registers a domain name shall be liable to pay damages to the person so affected not exceeding Rs 10 lakhs and for the purpose of this section, a person not being a resident of or a citizen of India shall also be liable even if no computer or computer system located in India is used for the contravention.
Explanation:
For the purpose of this section exercising of due diligence including appropriate disclosures shall be considered as indications of good faith.

This could be a starting point to develop the appropriate penalties either in the form of civil penalties only or with a criminal punishment also.

I leave it for further discussion by the T K Vishwanathan Committee.

Naavi

P.S: 27/10/2017: A case similar to the case of cgtmse.govt.in where a fraudulent website in the name of the Government was run to cheat public has been reported again in the name of nmcsm.in (See here ).

 Highlights the need for making domain name registrars liable for the irresponsible registration of domain names. Simultaneously it also highlights the need of Government websites like UIDAI to follow certain domain name registration policies which provide confidence to the public that the sites are genuine…as pointed out in an earlier article.

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.