Wendy: ICANN isn't imposing the liability. The relevant provision goes to the circumstance under which the RNH accepts liability for the acts of its licensee. Whether there is any liability in the first instance is independent of this provision and not part of the RAA. 3.7.7.3 of the RAA reads (and has since the original iteration), in part: A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm. Beau: FWIW, the few US courts that have looked at this issue have taken the position that subdomains are beyond the scope of the AntiCybersquatting Consumer Protection Act. It seems to me 3.7.7.3 would apply (if at all and all other conditions satisfied) to the registrant of the second-level name. K -----Original Message----- From: na-discuss-bounces@atlarge-lists.icann.org [mailto:na-discuss-bounces@atlarge-lists.icann.org] On Behalf Of Wendy Seltzer Sent: Thursday, June 10, 2010 3:43 PM To: Beau Brendler Cc: icann-ccg-ca@n4c.eu; ALAC Internal List; na-discuss@atlarge-lists.icann.org Subject: Re: [NA-Discuss] RAA subsection 3.7.7.3, fraud and liability I'd say this is an overextension of ICANN's mandate. Who is ICANN to impose legal liability on registrants for uses of their domains (as opposed to for breaches of the contract with the registrar/registry)? --Wendy Beau Brendler wrote:

Regarding the draft advisory on RAA subsection 3.7.7.3 [http://www.icann.org/en/compliance/reports/draft-advisory-raa-3773-14ma y10-en.pdf], which is on the at-large agenda for discussion in Brussels, specifically the statement:

"the Registered Name Holder shall accept liability for harm caused by the wrongful use of the registered name unless the Registered Name Holder promptly identifies the licensee to a party that has provided the Registered Name Holder with reasonable evidence of actionable harm."

Does this apply to subdomains? For instance, in http://www.walletpop.com/blog/2010/06/02/three-charged-in-xp-antispywa re-2010-fraud-fbi-says-100m-lost/

it's noted that bsa.safetydownload.com was a vector for serious malware downloads that cost consumers around the world more than $100 million. The domain is still up and functioning, though you will probably have to turn off firewalls to access it, which I wouldn't recommend.

What is the chain of liability now and under 3.7.7.3? The registrant, OS Portfolio Holdings, a domainer? The registrar, Bear Trap Domains (which is/was ICANN accredited, but now appears to be taken over by Oversee.net [http://www.oversee.net/] which also now happens to own OS Portfolio? Is this a hijacked subdomain with no trail?

------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lis ts.icann.org

Visit the NARALO online at http://www.naralo.org ------

-- Wendy Seltzer -- wendy@seltzer.org phone: +1.914.374.0613 Fellow, Silicon Flatirons Center at University of Colorado Law School Fellow, Berkman Center for Internet & Society at Harvard University http://cyber.law.harvard.edu/seltzer.html http://www.chillingeffects.org/ https://www.torproject.org/ ------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists .icann.org Visit the NARALO online at http://www.naralo.org ------