NABP to Registrars: You Must Takedown and Seize Any Domain We Tell You To

pharmalobbyIt’s almost surreal to be getting this letter from the National Association of Boards of Pharmacy (NABP) addressed to ICANN Registrars requesting that “you adopt and implement policies and procedures, consistent with this letter,”, given the timing of what we just went through with the City of London Police takedown requests.

What are those policies and procedures the NAPB wants all ICANN Registrars to adopt? Glad you asked:

#1 Registrars must investigate and action reports of illegal activity in any jurisdiction anywhere in the world.

They draw from language in the 2013 RAA (which we haven’t executed yet) that Registrars “investigate reports of “Illegal Activity,” including alleged violations of applicable laws (Section 3.18.1) and to take action”. By this they mean:

“we wish to formally advise you that the “applicable laws” pertaining to any sale, marketing, prescribing or dispensing of prescription drugs include the laws and regulations of any jurisdictions (country, state, province, prefecture, et cetera) of a Web site’s intended customers (where the Web site offers to ship drugs to), not merely the laws and regulations where the Web site operator resides, the drugs are shipped from, or where the domain name Registrar is located.”

(emphasis in original)

So in other words, it’s now on domain registrars to investigate and action reports of illegal activity anywhere in the world. I can’t wait to start waving my global supercop badge around at parties.

#2 Registrars must take down any website the NAPB directs them to and may not require a court order to do so

“Upon receipt of an abuse notification, some Registrars claim that a court order is required or that they are not violating the laws of the Registrar’s country. Both assertions are wrong.”

Yes, we’re “one of those registrars”, as we’ve just demonstrated through that whole London Police IPCU takedown thing. It is just mind-boggling how all these groups are coming out of the woodwork and making a straight faced assertions that the law doesn’t matter, only what we tell you to do matters.

#3 Registrars must not allow domains taken down at the behest of NAPB to transfer-out to another registrar:

You should not allow domain names engaged in the illegal sale or distribution to transfer to another Registrar: the question of legality does not relate to where the Registrar is located, but rather to the activity of the Web site.

This is absolutely and utterly wrong as was demonstrated by the National Arbitration Forum decision handed down yesterday. We’ll repeat the key findings here:

“To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the

intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police. Presumably, the provision in the Transfer Policy requiring a court order is based on the reasonable assumption that the intervention of a court and judicial decree ensures that the restriction on the transfer of a domain name has some basis of “due process” associated with it.”

NABP then claims that because the sites they go after are (ostensibly) fraudulent, it can be prevented from transferring away under the TDRP:

Prohibiting transfer is consistent with ICANN’s Inter-Registrar Domain Name Transfer policy, which permits “fraud” as a basis for denying transfer.

Which was also specifically addressed in yesterday’s ruling and determined to be absolutely and totally wrong:

“the reference to “evidence of fraud” in the Transfer Policy does not refer to fraudulent conduct by the holder of the domain name, but evidence of fraud with respect to the transfer of that domain name. See GNSO Issues Report, Inter-Registrar Transfer Policy Part B at 14-15 (May 15, 2009).”

And finally:

#4 There is an appeal process to this, but you will lose.

If you or the registrant believe that they should be entitled to transfer the domain name, or simply wish to challenge the suspension, LegitScript, with NABP’s support, maintains an appeals process for rogue Internet pharmacy domain names. More information is available by contacting

Note, however, that due to the high level of accuracy involved in the abuse notification process, there has never been a successful appeal, even past Stage 1.

This is the second instance of non-governmental or quasi-governmental agencies reaching into the language in the 2013 ICANN RAA and trying to use it to compel registrars to takedown and seize domains without due process.
We have never received a takedown request from LegitScript, I don’t know if NABP has sent this letter to all Registrars or maybe just the ones who are in the habit of asking troublesome questions (i.e. “please show us the legal finding that makes X illegal”).
I’ve replied back to them outlining my concerns and I’ve also reached out to our ICANN liaison for some guidance on the language in the 2013 RAA, particularly Sections 3.18.1 and 3.18.2 (the parts that turn us all into global supercops).

It really is getting creepy out there.

We now know that we live in a total surveillance society, governments are printing money, going broke, manufacturing consent and lying about nearly everything; while quasi-governmental agencies all over the world are now asserting they have the authority to overturn legal process and basically dictate everybody else’s business.

This script is playing out almost verbatim what we wrote only three years ago in “First They Came For The File Sharing Domains”.

Who will be the next batch of clowns who tell us they can use liberally interpreted language in a couple of agreements that they aren’t even party to to compel us to takedown your website? Let’s start a betting pool.

 Further Reading