Nominet have published an interesting analysis of the legal issues around any possible process for suspending domains associated with criminal activity. This raises the rather worrying issue that the legal position is not clear if a registry is informed of unlawful conduct somewhere in their domain and decides that the evidence is not strong enough to justify them acting. For networks, hosts and caches the liability position is clear, thanks to the eCommerce Directive, but the law appears to be silent on the position of a DNS registry if it is informed of either criminal activity or a civil wrong. Neither issue appears to have arisen in court, so there is no precedent either. In these situations it is possible that action by the registry might disrupt the unlawful activity but, as discussed in my previous post, there could also be a high likelihood of extensive harm to innocent users of the same domain. This feels a little like closing a road bridge because there has been a bank robbery on the other side of it – it might hinder the bank robbers, but will have a massive collateral impact on everyone else.
My response therefore points out that although a registry may have the possibility of acting to disrupt unlawful action, the likely extent of collateral damage and resulting disproportionality means it is probably the last place that action should be considered. However there may be a few situations where the registry is, indeed, the only place that effective action can be taken, so a process for handling these situations is required. But that process must ensure (if necessary by providing legal protection) that the registry is not compelled to take action that may turn out to be disproportionate.