Oversee.net employee overlooks confidentiality rules

A recent confidentiality breach by an employee of the domain name registration company Moniker.com involving a Whois privacy-protected domain name has sent a ripple of comment through the domainer community.  
While some of the details remain unclear, according to the reports, upon becoming aware of the existence of a privacy protected ‘sucks.com’ domain name held with Moniker, a Moniker employee accessed confidential records in order to determine the registrant of the domain name. Armed with this information, he contacted the employer of the domain name registrant, a company stated to be a "major player in the industry", alerting it to the existence of the domain name, as well as being none-too-complimentary about the registrant.
Oversee.net (the owner of Moniker.com) eventually issued a statement sent by email to various parties, advising that “Moniker has learned that one of its employees violated company policy by distributing customer data for a single domain name registration” and stating that:
"unauthorised data access of any kind, no matter how large or small, is an issue taken very seriously by Moniker and by its parent company, Oversee.net, and is being addressed directly."
If the target company concerned had decided to file a complaint against the anonymous registrant under the Uniform Domain Name Dispute Resolution Policy (UDRP), in all likelihood Moniker.com would have chosen to disclose the underlying registrant's details anyway, given Section of the Internet Corporation for Assigned Names and Numbers Registrar Accreditation Agreement, which reads as follows:
"Any registered name holder that intends to license use of a domain name to a third party is nonetheless the registered name holder of record and is responsible for providing its own full contact information, and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the registered name. A registered name holder licensing use of a registered name according to this provision shall accept liability for harm caused by wrongful use of the registered name, unless it promptly discloses the identity of the licensee to a party providing the registered name holder reasonable evidence of actionable harm."
This provision places liability for domain name registrations on privacy protection service providers, unless they reveal the name of the true registrant - although the point at which they are obliged to do this remains unclear, given the uncertainty concerning what exactly may be termed "reasonable evidence of actionable harm". Some privacy protection providers will reveal a registrant's details when presented with reasonable evidence of infringement by trademark holders, whereas others will not do so unless a UDRP (or court action) is filed against them.
However, in this case the situation would have been further complicated by the fact that ‘sucks’ cases raise complex legal issues and often turn on their own facts, resulting in legitimate differences of opinion among UDRP panels. Whether or not there would actually have been any liability for the registration at all is thus debatable.
Certain commentators on this incident were of the opinion that it reflected a dubious morality within Oversee.net, and thus constituted a reason to avoid it for privacy-protected registrations. Others maintained that it was all a storm in a teacup and that Oversee.net could not be held responsible for the renegade action of one employee.
Domain name Whois privacy protection is certainly a hot topic at the moment, with the Generic Names Supporting Organisation currently proposing a study on Proxy and Privacy ‘Abuse’ to focus on revealing "the extent to which domain names used to conduct illegal or harmful internet activities are registered via privacy or proxy services to obscure the perpetrator's identity". This subject will undoubtedly continue to rouse the passions of those on both sides of the fence for some time to come.
David Taylor, Cindy Mikul and Jane Seager, Hogan Lovells, Paris

Get unlimited access to all WTR content