Just a day after a district court judge ruled that the FTC exceeded its authority when it set up a national do-not-call list both houses of Congress have voted to give the FTC authority to establish the do-not-call registry. This is how the system is supposed to work, but so rarely does.
I’ve read the judge’s decision in US Security v. FTC, and I think it was defensible. There are two key moves in the case, both arguable, but neither obviously wrong.
The first key move is to say that because regulatory authority was shared between two agencies, the FTC isn’t entitled to the Chevron deference an agency usually gets when interpreting a statute, and that when viewed in this cold light the FTC’s authority to ban “deceptive…and other abusive telemarketing acts or practices” wasn’t intended by Congress (in 1994) to mean banning telemarketing outright, especially as the do-not-call list is run by the FCC not the FTC.
The second move, more dubious in principle, but perhaps compelled by Supreme Court precedent, was that Congress’s authorization—in the Consolidated Appropriations Resolution passed last March—of expenditures by the FTC “to implement the do-not-call provisions of the Telemarketing Sales Rule” was insufficient evidence of Congressional ratification of the FTC’s plan. The district court relied on Ex parte Endo, a 1944 Supreme Court decision which (in the process of ruling that US citizens of Japanese origin held in detention camps must be released forthwith) held that if Congress is to be found to have ratified by appropriation any part of the program of an executive agency, the bill doing so must include a specific item referring to that portion of the program. And that, the judge in US Security v. FTC held reasonably, if perhaps debatably, was not the case.
Endo, incidentally, was recently discussed in a brilliant article by my colleague Patrick Gudridge called Remember Endo?, 116 Harv. L. Rev. 1933 (2003). The article is currently online, alas, only at Lexis and Westlaw .
In any event, if Congressional intent wasn’t clear last week, it is clear today. The House voted 412-8 to give the FTC the authority, and the Senate vote was 95-0. Works for me.
Update: Hours after I wrote this, along comes a second district court decision striking down the do-not-call list on First Amendment grounds. I have some preliminary thoughts about that one.
Perhaps after the recent wave of heat-related deaths in Paris it will be clear just how evil this alleged conduct at the Krome immigrant detention center is: Worker claims ‘day after day’ he was ordered to turn off AC. We’re not talking just making people sweat here:
‘I don’t know how someone didn’t die in there because of the heat,” Novoa said Wednesday in a telephone interview. ‘Imagine 110 people in a room. There are no windows, only a door, locked with no air conditioning. Those poor Haitians… . When they saw me, they said `Please don’t do that to us. You are killing us.’ You have no idea how it made me feel.”When he entered one of the buildings, Novoa said it had a stench of human feces and body odor.
Krome—perched on the very southern edge of settled greater Miami, nestled right up near the last of the open land and the Everglades—is a notorious facility in this community, one we like to pretend isn’t there. It is the site of repeated human rights violations (e.g. sexual abuse, attempts to deny detainees access to counsel, and general evil). It is amazing that in this community, more than most of America a cauldron of immigrants, we tolerate this. But of course, we’re mostly powerless, as Krome is not run by the locals but by the feds, and not just any feds but one of the two or three most loathsome bureaucracies in the US federal government, the Immigration and Naturalization Service (INS).
Stories like this—and even if this one turns out to be exaggerated or false, it’s only one of many—strain my general belief that evil institutions can turn good people bad. Perhaps a refinement is in order: could it be that one of the reasons that certain evil institutions are so evil is because they drive out the good people and attract those who either cannot find work elsewhere or who positively enjoy the evil?
Nor is this a story of a heroic whistle-blower: the matter is public only because a worker objected to being disciplined for failing to go along with it.
Last week, VeriSign, the people who run the .com registry (the big data file that has all the .com registration data in it), unilaterally decided to change the way the most-traveled portion of the Internet works for most people. Until then, if you typed in a .com domain name that didn’t exist, you would get an error message. Unless, of course, you were an MSN or AOL subscriber, in which case you would get a custom web page they each designed, and which included some ads from folks who thought that they might profit from common misspellings.
Well, VeriSign saw a profit opportunity, and it decided to eat AOL’s and MSN’s and everyone else’s lunch by introducing its “Sitefinder” service. In the new .com, every browser typo, every attempt to load up (the technical term is “resolve”) a domain that didn’t actually exist, leads you to special pages designed and owned by VeriSign…and on which we are all invited to buy tailored advertising. [Sitefinder, incidentally, has the most unintentionally hilarious terms of service I have ever seen : a web page you go to by accident, and only because VeriSign made you, links to the adhesive assertion that “By using the service(s) provided by VeriSign under these Terms of Use, you acknowledge that you have read and agree to be bound by all terms and conditions here in and documents incorporated by reference.” But I digress.]
Naturally, MSN and AOL are unhappy. But the technical community is furious. The web is not the whole Internet, and there are many other Internet tools that rely on getting the standard error message when a domain does not resolve properly. VeriSign’s change threatened to break all those applications. [There are a lot of ccTLDs (national top-level domains like .ph) and one gTLD (.museum) that already do the same thing. But they are almost all very low volume, and their users were—in the main—forewarned before they registered their domains.]
The technical community responded by coding up changes to BIND, the dominant software for translating domain names into the Internet Protocol numbers that actually do the real work of identifying where the content you want is to be found, and telling the computer that has it how to find you. These changes essentially overtrump the VeriSign change. But fixes like this take time to deploy and propagate. It would be much tidier if VeriSign could be persuaded to put the cat back in the bag.
Meanwhile, the more formal part of the technical community also swung into action. The relevant Internet standards are defined by the Internet Engineering Task Force (IETF). The closest thing the IETF has to a governing body is a committee called the Internet Architecture Board (IAB). The IAB quickly issued a very careful and useful report. In effect, the IAB said that the relevant standards (called “RFCs”) are vague at the critical points, so thatwhat VeriSign did was not in technical violation of them. It’s just in very, very bad taste. (Ironically, the IAB is chaired by a VeriSign employee who quite properly recused herself from the issue.)
Unlike most of the Internet, the domain name system has a global regulator. That job falls to the Internet Corporation for Assigned Names and Numbers (ICANN), the body chosen for that role by the U.S. Department of Commerce (for a long, technical description and critique of the relationship, see my Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution and Jonathan Weinberg’s ICANN and the Problem of Legitimacy). Many people have thus looked to ICANN to force VeriSign to undo its change. Others bemoaned the fact that whatever ICANN was doing, its new streamlined processes meant that the public was cut out of its deliberations. An eloquent example of this is Michael Geist’s lament that Regardless of the eventual outcome, Internet users will look back on the day that Internet governance mattered and remember that they didn’t.
So far, however, ICANN, hasn’t done much. It issued a preliminary statement, which prompted a very unenlightening reply from VeriSign .
Now ICANN’s Security and Stability Committee has announced that it plans a meeting in Washington on October 7 to get input. That probably takes the pressure off ICANN to act immediately.
My sense is that is just as well for two reasons. The first is ably explored by Jonathan Weinberg at ICANNWatch. It turns out that under the trilateral (ICANN-VeriSign-US government) contractual regime negotiated by the US Government, ICANN probably lacks the authority to make VeriSign retreat.
There’s a second reason. ICANN isn’t democratic or accountable. In fact, we’re in this pickle partly because of ICANN’s own mistakes. The .com domain retains its importance and dominance for many reasons, but one of them is ICANN’s total failure to permit much in the way of meaningful competition for it, something that is and would have been entirely in ICANN’s power. It would be ironic and unfortunate to reward ICANN for its past failings by giving it new powers.
Some people will say that ICANN’s impotence in the face of a serious technical hiccup is a problem. I think the signs are that the technical community is doing a fine job of working this one out in (excuse the ICANN-speak) a spontaneous, bottom-up, consensus-based manner that is technically sound and will contribute to the stability and security of the Internet.
Or, in other words, if you never heard about this crisis, odds are you may never need to.
Even a technical solution, however, doesn’t mean that the lawyers will stay away from this one. Already two lawsuits have been filed against VeriSign, one by GoDaddy and the other by Popular Enterprises . Those suits may be nothing, however, compared to a looming patent infringement claim against VeriSign, as it appears that Sitefinder may infringe U.S. Pat. No. 6,332,158.