WHOIS Privacy Considered “Material Falsification” A recent decision by the Court of Appeals for the 9th Circuit By Ryan Sadler, Legal Team

A recent decision by the Court of Appeals for the 9th Circuit has determined that using WHOIS privacy on domains may be considered “material falsification” under federal law. The defendants in US v. Kilbride (9th Cir., 2009) were convicted under the CAN-SPAM Act in a case that involved criminal charges of intentional email spamming. Enacted by the US Congress in 2003, the CAN-SPAM Act prohibits false or misleading transmission information, deceptive headers, and requires email solicitations to give an easy opt-out method and be labeled as an advertisement, including the senders physical post address. Commercial emails that use false or misleading headers, or violate other CAN-SPAM provisions, such as falsified registration information, are subject to fines of up to $11,000 for each unsolicited email sent.

The CAN-SPAM act states that “registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message…to identify, locate, or respond to a person who initiated the electronic mail message…” The defendants argued that since the terms “impair”, “materially falsify” and “conceal” are not defined in the statute they should be considered unconstitutionally vague. The court responded to the defendants’ assertion by clarifying that “when Congress does not define a term in a statute, we construe that term according to its ordinary, contemporary, common meaning.” The court then made it clear in their ruling that the defendants’ use of private WHOIS information in this case materially falsified the registration information. The court declared that “It should have been clear to the defendants that intentionally falsifying the identity of the contact person and phone number [through WHOIS privacy] for the actual registrant information constitutes intentionally decreasing the ability of a recipient to locate and contact the actual registrant, regardless of whether a recipient may still be left some avenue to do so. We therefore conclude defendants had notice that their conduct violated the CAN-SPAM act.”

Although the ruling does not make use of WHOIS privacy illegal, it does serve as a clear message from the court that coupling the use of privacy services with intentional spamming will likely result in a violation of the CAN-SPAM act. This is an important decision that members of the domain community should refer to prior to utilizing a privacy shield.