This article is published in response to the news that auDA has given 60 days notice to Robert Elz, who currently controls the and domains spaces, of its intention to redelegate those domains against his wishes.

Who controls Where domain name policy and law collide

By Jeremy Malcolm1


This article examines whether the operator of an Internet domain name registry who is delegated the control of a domain name at a certain level in the hierarchy of domains, thereby incidentally possesses the power to redelegate pre-existing sub-domains. The background of the article is the request for tender issued in October 2001 by the Australian Domain Name Authority (auDA) which administers the .au domain space, for the redelegation of the and subdomains, in opposition to the wishes of the existing delegate of those subdomains.


The administration of Australia's Internet domain name space - that is, all domain names ending in .au - has recently been transferred2 to auDA, the Australian Domain Name Authority Ltd. Until the transfer, Robert Elz, an academic from the University of Melbourne, was the delegate of authority to administer the .au name space. This original delegation had been made in 1986 by IANA, the Internet Assigned Numbers Authority, which was then the administrator of the global root domain space. IANA has since been subsumed into ICANN, the Internet Corporation for Assigned Names and Numbers, an organisation formed by the United States Government to take over the role of Internet domain name administration.3 It was pursuant to an agreement with ICANN, not with Elz, that auDA assumed control over the .au name space.

At the time Robert Elz was delegated control of the .au name space, it was a flat hierarchy empty of subdomains at the second or third level (such as, or respectively). The second-level subdomains that Robert Elz created were broadly based on those existing underneath the root hierarchy, including .com, .org and .edu, along with some additions of his own including, and Elz himself sub-delegated each of the second-level domain spaces that he had created to Australian applicants according to the policies that he had devised. For example, businesses were permitted to apply for the registration of domain names in the space, and in the case of, educational institutions were permitted to do so.

Soon, Elz found that requests for delegation of third-level domain names within the second-level domain spaces were being made in such volume that he was unable to attend to all the requests personally in a timely manner. Accordingly he delegated control of most of the second-level domains to other parties, who took over the registration of domain names at the third level. For example, in October 1996 Melbourne University became the administrator (or "registrar") of the domain space, a responsibility which has since passed to Melbourne IT Ltd, a company spun off from the University.

At the date of the transfer of control of the .au domain from Mr Elz to auDA, Mr Elz remained as the registrar of two of the second level domains that he had created. These were, which is a space within which for most non-profit organisations to register domain names, and, under which individuals can register domain names for personal purposes.

On 22 October 2001, auDA opened tenders for the operation of a registry or registries to operate seven of the second-level domains originally created by Robert Elz. In doing so it sought the concurrence of each of the incumbent registrars. It obtained the agreement of all of the registrars bar one: Elz himself. Mr Elz has taken the view that, notwithstanding that auDA may possess authority over the .au domain as a whole, this does not also give it the right to redelegate or to otherwise administer the second-level domains such as and that had been created by its predecessor, without obtaining the consent of the incumbent delegate of those second-level domains.4

auDA advises that it has obtained legal advice to the contrary, the effect of which is that "the existing delegation held by the delegates will have no further force or effect after ICANN redelegates the .au ccTLD to auDA"5. This article briefly investigates the position taken by each party, and attempts to draw a conclusion by the application of relevant principles of domain name law.

The domain name system

The domain name system is a hierarchical directory that translates Internet domain names into the IP addresses that Internet-connected computers use to direct Internet traffic from source to destination. There are a network of only 13 root name servers throughout the world. The root name servers are computers that maintain the authoritative list of top-level domain names (such as .com and .au) and which contain pointers to other computers containing directories of domains at the second, third and subsequent levels of the hierarchy.

Only one of the 13 root name servers is truly authoritative, and this name server, labelled "A", derives the content of its directory of root domains from the United States Department of Commerce. Despite its contract with ICANN to administer the domain name system, the United States Department of Commerce even now retains policy control over the root domain.6 Since the domain name system is structured as a hierarchy, every Internet domain name depends upon this authority that the Department of Commerce exercises over the root domain. For example, it the Department of Commerce decided to delete the .com domain from its root name server, all domain names ending in .com would cease to be visible within the ICANN-administered domain name hierarchy.

There is no technical reason why an alternative hierarchy of domains could not be used on the Internet. In fact, such alternative hierarchies have been set up.7 However those who utilise the root domain name system administered by ICANN, in preference to the alternative domain name hierarchies, do so for pragmatic reasons. A domain name that is registered in a particular hierarchy can only be accessed by Internet users who configure their computers (or whose Internet Service Providers configure their servers) to utilise that hierarchy. As the vast majority of Internet providers and users use the hierarchy administered by ICANN, registration of a domain in an alternative hierarchy leaves that domain stranded from the majority of the Internet.

The root of the domain name system contains a number of generic domain names such as ".com" and ".org", along with numerous "country code top level domains" (or ccTLDs), such as Australia's .au, the United Kingdom's .uk and so on. New top-level domains (whether these be generic or country code domains) may be created only with the sanction of the Department of Commerce,8 and will be administered in the first instance by its delegate, ICANN. ICANN, however, will sub-delegate the control of all top-level domains to an independent registry operator; in .au's case, Robert Elz and subsequently auDA.

Transfer of domain management

Once a delegation of a top-level domain has been made by ICANN, there are certain procedures that it follows in revoking that delegation or in redelegating the administration of the domain. At the time the .au top level domain was created by IANA, the applicable procedures were undocumented, but by March 1994 the procedures had settled by consensus of Internet stakeholders into a set of principles published in the form of a document titled RFC 1591. RFC 1591 relevantly states:

For any transfer of the designated manager trusteeship from one organization to another, the higher-level domain manager (the IANA in the case of top-level domains) must receive communications from both the old organization and the new organization that assure the IANA that the transfer is mutually agreed, and that the new organization understands its responsibilities.9

An exception is made "in cases where the designated manager has substantially mis-behaved" or "[i]n cases when there are persistent problems with the proper operation of a domain, [whereupon] the delegation may be revoked, and possibly delegated to another designated manager".

The manner in which RFC 1591 is currently administered by ICANN is documented in a policy issued by it in May 1999 titled ICP-110, which provides in part:

For transfer of TLD management from one organization to another, the higher-level domain manager (the IANA in the case of TLDs), must receive communications from both the old organization and the new organization that assure the IANA that the transfer is mutually agreed, and that the proposed new manager understands its responsibilities. ... On a few occasions, the parties involved in proposed delegations or transfers have not been able to reach an agreement and the IANA has been required to resolve the matter. This is usually a long drawn out process, leaving at least one party unhappy, so it is far better when the parties can reach an agreement among themselves. It is appropriate for interested parties to have a voice in the selection of the designated manager.

It goes without saying that neither RFC 1591nor ICP-1 possess any force of law. They are merely policy documents which describe the manner in which ICANN exercises the delegated authority of the Department of Commerce over the root domain, in the processes of delegation, redelegation and revocation of top level domain names.

Two further provisions of RFC 1591 and ICP-1 are of relevance to the positions taken by auDA and Robert Elz the subject of this article. These are, from RFC 1591, the statement that:

Most of these same concerns are relevant when a sub-domain is delegated and in general the principles described here apply recursively to all delegations of the Internet DNS name space.

The commentary of ICP-1 on this issue is as follows:

There are no requirements for management of subdomains of TLDs, including subdelegations, beyond the requirements for TLDs stated in this document and RFC 1591. In particular, all subdomains shall be allowed to operate their own domain nameservers, providing in them whatever information the subdomain manager sees fit, as long as it is true and correct.

From these documents it appears that the policy of the root domain administrator as applied by ICANN is that the delegation, redelegation and revocation of domain names at the second and lower levels should be conducted pursuant to the same policies that govern those activities at the top level; in other words, that redelegations should only be undertaken with the agreement of both parties, except in the case of malfeasance or incompetence.

Transfer of and domains

It appears to be common ground between Mr Elz and auDA that the ccTLD has been validly redelegated by ICANN from Mr Elz to auDA.11 The process by which the and domains are being dealt with by auDA appears however not to comply with the procedures laid down in RFC 1591 nor ICP-1, which as we have seen are said to apply "recursively" to all delegations below the root.

In fact far from the transfer being "mutually agreed" as RFC 1591 specifies, Robert Elz has stated that the domain is "not going to be any part of auDA's [near] future", and described auDA's conduct in seeking to redelegate the domain as "inappropriate".12 No allegation has been raised by auDA that Elz has exercised his control of the or domains in an improper or incompetent manner. Despite these facts, auDA has reconfirmed its intention to redelegate the domains in question in the face of Robert Elz's objections.

If it is taken that auDA has failed to comply with RFC 1591 in its purported redelegation of the and subdomains by reason that it has not obtained Mr Elz's agreement, the question arises whether any legal consequences flow from this fact. It has already been noted that RFC 1591 possesses no legal force in the United States or in Australia. It might therefore be assumed that the only remedy for a breach of RFC 1591 lies at the prerogative of ICANN against auDA in terminating its delegation of authority, or of the United States Department of Justice in exercising the same right against ICANN.13

Before reaching this conclusion, it is worth considering Mr Elz's assertions more closely.14 Elz has explained his position as follows:

A delegated domain is more akin to a flat in a high rise building that is leased or sold to its occupants (which it is more similar to depends upon the way the sub-domains are handed out) - or even donated.

Someone still owns the building shell (and any unsold flats), and can sell that to someone else - but they can't sell the flats that have been sold, and any sale of the building is subject to existing leases.

That's always been the way the DNS has worked - once a domain name is allocated it is yours (or yours as long as you keep paying the renewal fee in some cases).15

This position is to be distinguished from the argument, previously made by the author,16 that the custodianship of a domain name is a sub-licence of the authority of the Department of Commerce over the root domain, the terms of which licence incorporate the provisions of RFC 1591. Were that the case, such a licence would be terminable by the licensor or sub-licensor (that is, the Department of Commerce, ICANN or auDA) in the case of a transgression of RFC 1591, but in the absence of such a remedy being exercised the delegation would remain in force and would be unassailable by third parties. Elz in fact specifically refutes this analysis:

The DNS wasn't created by lawyers, and the use of "delegated" in the DNS (for which there are actually two quite different meanings) isn't at all related to the use in legal circles. This may have been more just a misunderstanding as to what the term actually means (legally), or because it relates more to the technical parts of the way DNS queries are made, but there's no question really that any of the operators of any sub-domain is doing so as an agent of the operator of the parent.17

Was auDA granted power to redelegate subdomains?

The argument that Elz makes, when analysed in legal terms, is that the terms of auDA's licence of the power to administer ccTLD by ICANN do not incorporate an implicit grant of the same power over the subdomains and, notwithstanding the hierarchical arrangement of those domains. The contrary position taken by auDA is that the delegation of control over a domain does incorporate a delegation of control over all its subdomains, and that upon the redelegation of the head domain to auDA, the previous delegations of subdomains within the head domain are of no further force or effect and may be overridden by the new head delegate at will.

Whether Elz's or auDA's analysis is correct depends on analysis of the terms upon which a delegation of authority over a ccTLD is made, and in particular an interpretation of the original delegation of the .au ccTLD by IANA to Elz in 1986. To determine this question, we again come back to RFC 1591. That document states:

The country code domains (for example, FR, NL, KR, US) are each organized by an administrator for that country. These administrators may further delegate the management of portions of the naming tree. These administrators are performing a public service on behalf of the Internet community.


In the case of top-level domains that are country codes ... [there must be] a manager that supervises the domain names and operates the domain name system in that country.

No mention is made here of what a country code administrator may or may not not do with subdomains that have already been delegated by a previous appointee. The agreement between ICANN and auDA is little more instructive. Clause 4.1 of that agreement18 states:

The Sponsoring Organization [auDA] shall cause the authoritative primary and secondary nameservers for the Delegated ccTLD to be operated and maintained in a stable and secure manner, adequate to resolve names within the Delegated ccTLD, and any sub-domains over which the Sponsoring Organization retains administrative authority, for users throughout the Internet.

Clause 4.5 of the agreement requires in effect that auDA "abide by all ICANN policies ... that concern ... the operational capabilities and performance of the ccTLD operator", which of course includes RFC 1591.19 The final provision that is of relevance is clause 6.3 which sets out the consequences of a termination of the agreement by ICANN. It relevantly states:

In particular, the Sponsoring Organization shall ensure the transfer of all relevant DNS and registry data to the specified successor, subject only to the successor's commitment to use the data in a manner consistent with the Sponsoring Organization's prior written commitments made to data subjects regarding the use of their personal data.

This suggests that upon the transfer of the ccTLD from one registry operator to another, the newcomer is obliged to receive and maintain all data from the previous incumbent (subject only to appropriate privacy undertakings being made). Clause 4.1 further indicates that there might be expected to be some subdomains within the ccTLD over which the operator does not retain administrative authority.

Whilst these provisions offer some threads of support for Elz's position, it is fair to say that the terms of the delegations of control over the .au ccTLD to Elz and auDA are in themselves inconclusive. Perhaps greater assistance in assessing the correctness of Elz's model of domain delegation - that is, that subdomain delegations are not subsumed within the delegation of a higher-level domain - may be obtained by reviewing prevalent industry norms. Elz claims:

No-one seriously believes that [a change of control of a higher-level registry will effect an automatic revocation of domains registered at a lower level] - if they did it would mean that all the agreements that auDA is currently making with the other 2nd level domains very suspect - after all, ICANN could next year, or something, simply take the AU domain from auDA and hand it to someone else (that part is certainly true I think) and by so doing, render all of the domains currently existing in AU void. Note the question isn't whether they would, or whether they could find ways to avoid that, but whether they could if they wanted to.

If they can, then any assignment of a sub-domain (anywhere down the chain) would be close to meaningless - and in particular, the 2 year licences that auDA is proposing to apply to all sub-domains of AU would be folly, as there's no way they can actually guarantee being able to support them for that long - even if they (now) have a 2 year (or longer) agreement with ICANN, eventually there will be less than 2 years to run on that, yet they'd still be registering domains and promising they'd exist for 2 years.20

This logic persuasively suggests that the authority granted to a ccTLD delegate does not incorporate the authority to cancel or redelegate pre-existing subdomains, or at least not except in accordance with the provisions of RFC 1591; in other words not unless those subdomains are surrendered, or lapse due to misconduct or incompetence or because the conditions of their delegation (for example, as to payment of registration fees, if applicable) are not satisifed.

If the authority of the .au domain delegate (in the present case, auDA) does not incorporate rights over the existing delegated subdomains such as and, from what does the continuing force of those delegations derive? On auDA's argument, it cannot be derived from the authority of the previous .au domain delegate, Mr Elz. Elz did not have power to delegate the control of and indefinitely, he only had the power to delegate them for so long as his own .au delegation subsisted. Elz therefore could not delegate control of subdomains that would survive the expiry of his own authority; nemo dat quod non habet.

This, however, overlooks the fact that since Elz's pre-existing delegations do not form part of the grant of authority to auDA for reasons stated above, there is no inconsistency in those delegations remaining in force beyond Elz's tenure as .au domain administrator. The delegations made by Elz enjoy a separate legal force to the delegation of the balance of the .au ccTLD from ICANN, such that the former can survive the termination of E's authority over the latter, just as the authority of a domain registrant over its third-level domain will survive the transfer of authority over the parent second-level domain from Melbourne IT to its successor.

Property rights in domain names

Elz falls upon a difficulty, however, in the fact that the scope of authority granted by ICANN to auDA is a matter solely between ICANN and auDA. If it is accepted that auDA may override prior sub-delegations of the .au ccTLD either not at all, or alternatively only in compliance with RFC 1591, its failure to do so may be a matter which puts it in breach of its agreement with ICANN but does not provide a remedy to any affected sub-delegate save to prevail upon ICANN to cancel auDA's delegation.

At least, this is so unless domain names can be characterised as a property right. If they can, then although auDA may purport to redelegate a subdomain such as, and although ICANN may raise no quarrel with auDA doing so,21 a cause of action may lie against auDA in conversion22 at the suit of the party previously in possession of that domain, whose chain of title passes through Robert Elz to IANA to the United States Department of Commerce. Likewise, if domain names are proprietary in nature and a superior right of possession were claimed by an original delegate against a new registry operator, that registry operator might have a cause of action against auDA in breach of contract on the ground that auDA had purported to deal in property that it did not own.

There is mixed authority - none of it Australian - on whether domain names are a form of property or not. Those courts which have decided that domain names are not a form of property have typically made reference to the provisions of the registrar's agreement with the registrant, which are drafted in the nature of a contract for service and in some cases restrict the exercise of what would otherwise be the normal incidents of proprietary rights in a domain name such as the ability to freely assign that name.23

An example of such a case is Zurakov v Register.com24 in which the court found on a summary judgment application that:

The question of whether a domain name is a "property right" has not been considered by the courts of this state. Accordingly, this court looks to courts in other jurisdictions that have opined on this issue. In Network Solutions, Inc v Umbro International Inc, 529 S E 2d 80 (2000) the Supreme Court of Virginia stated that, "a domain name registrant acquires the contractual right to use a unique domain name for a specified period of time." The Network Court relied on Dorer v Arel, 60 F Supp 2d 558, 561 (ED Va 1999). In that case, the court stated that "[A] domain name that is not a trademark arguably entails only contract, not property rights. Thus, a domain name registration is the product of a contract for services between the registrar and registrant."25

The case of Lockheed Martin Corp v Network Solutions, Inc26 is to similar effect.

On the other hand, authority to the contrary also exists. In Kremen v Stephen Michael Cohen27 it was determined that a domain name (in that case,, whilst not tangible property under United States law and therefore not capable of supporting an action for conversion, was a form of intangible property. The decision of Network Solutions, Inc. v. Umbro Int'l, Inc28 is to similar effect. The former case is subject to appeal.29

In both Clue Computing v Hasbro, Inc and NSI 30 and Porsche Cars North America, Inc v,31 a claim in rem - that is, a claim against property - was brought against a domain name. The Anticybersquatting Consumer Protection Act has since expressly provided for such actions in rem to be instituted.32 As this does not sit squarely with the decisions that a domain name is not tangible property, it does seem to indicate an intent of Congress to affirm that domain names are indeed property at least for procedural and execution purposes. The constitutionality of this legislation has been upheld.33

All of the above authorities are concerned with second-level domains in the generic TLDs, rather than with first or second-level domains in a ccTLD, and perhaps this is a relevant ground of distinction between them and the case of present concern. RFC 1591 tells us that:

The designated manager is the trustee of the top-level domain for both the nation, in the case of a country code, and the global Internet community.

Concerns about "rights" and "ownership" of domains are inappropriate. It is appropriate to be concerned about "responsibilities" and "service" to the community.

The kind of obligations described here in RFC 1591 do not apply to the holder of a second-level domain in a generic TLD, such as Yet at the same time, there is no technical distinction between and, and it seems difficult to argue that the one should be property and the other not, simply because of the further obligations to the community that the custodian of the latter undertakes.

Further support for the argument that root domains such as ccTLDs are a form of property comes from the United States government itself, which raised the issue in a letter from the United States General Accounting Office querying whether the transfer of control of the root domains to ICANN would "involve a transfer of government property to a private entity. If so, the transfer would have to be consistent with federal property laws".34

Whilst the status of domain names as property is undeniably speculative, particularly in Australia where no relevant authority exists, the least that can be said is that auDA should be very certain of its entitlement to vest those rights in third parties before proceeding to do so by tender. If an unbroken chain of title does not exist and auDA never came into possession of the property with which it is purporting to deal, its liability both to the old and new delegates could come as an unsettling surprise to the fledgling organisation.


auDA's assumption of control over the and subdomains, and its assertion that it is entitled to redelegate those subdomains against the wishes of the manager to whom they were previously delegated, is a bold assertion indeed. Whilst it may be in the end that auDA is entitled to do as it claims, it is the writer's view that auDA places a great stake on very uncertain odds.

The implications of auDA's actions flow much further than the concerns expressed by Robert Elz in relation to the administration of and, since all domain name holders in the .au ccTLD are in theory liable to exactly the same treatment from the domain name managers above them. It is timely the rights of such registrants to their domain names be resolved in order that the administration of the .au domain space may remain a solid foundation for the development of electronic commerce and communication in Australia.

1Jeremy Malcolm is a Perth lawyer and a technology consultant, whose legal practice emphasises IT and communications law, commercial litigation, intellectual property and Trade Practices law. He is the President of the Western Australian Society for Computers and the Law Inc, an Executive Committee member of the Western Australian Internet Association, the Regional Coordinator of the Australian Public Access Networks Association, a Director of the Internet Society of Australia and a past board member of Electronic Frontiers Australia. He is a mediator and arbitrator for eResolution, an online dispute resolution provider accredited by the Internet Corporation for Assigned Names and Numbers for the resolution of domain name disputes.

2See the agreement entered into between ICANN and auDA at

3See the Memorandum of Understanding entered into between the United States Department of Commerce and ICANN in November 1998 at

4Mackenzie, Kate. "auDA won't get Elz", The Australian, 6 November 2001,,7204,3196733%5e16123%5e%5enbv%5e,00.html.

5Point 1.3 of part 2 of its Request for Tender,

6Froomkin, A Michael. "Wrong Turn in Cyberspace: Using ICANN to Route Around the APA and the Constitution", (1999) 50 Duke L J 17, 106. Inc operates one such hierarchy ( as does the Australian Root Server Confederation (

8See clause 12.3 and 12.5 of ICANN's contract with the Department of Commerce at, which supersedes the Memorandum of Understanding cited above.



11This is not a proposition that is universally agreed, however. The transfer of control over ccTLD occurred in the face of Mr Elz's objections arising from concerns as to auDA's capacity to manage the Australian domain name space and the breadth of its representation (Mackenzie, Kate. "Redelegated: Elz loses .au". The Australian, 19 November 2001,,3811,2753987%5E442,00.html). One commentator described the process by stating, "In a watershed moment in Internet history, ICANN declared this week that the ICANN staff can re-assign the .au ccTLD at will, without a finding of misconduct, without a public comment process, and despite the opposition of the incumbent ccTLD manager" (Froomkin, Michael, "How ICANN Policy is Made (II)",

12Mackenzie, Kate. "Domains move inappropriate: Elz". The Australian, 13 November 2001,,7204,3236063%5e16123%5e%5enbv%5e,00.html.

13Or, as noted above, by the voluntary movement by injured parties from the ICANN-administered domain name hierarchy to an alternative hierarchy.

14Those of auDA cannot be examined in such detail, as auDA have declined to make public their legal advice to the effect that the redelegation of the .au ccTLD effects an automatic redelegation of its second-level subdomains.

15Private correspondence, 6 November 2001.


17Private correspondence, 6 November 2001.


19See also Attachment F to the agreement which restates much of the effect of RFC 1591 and ICP-1.

20Private correspondence, 6 November 2001.

21ICANN has expressed no support for Robert Elz' position on this issue and indeed redelegated the .au domain to auDA in spite of objections raised by Elz: this fact is recited in ICANN's agreement with auDA.

22auDA does have the technical capacity to redelegate and domains, as Robert Elz has acknowledged (Mackenzie, Kate. "Domains move inappropriate: Elz". Op. cit.).

23For example Network Solutions Inc briefly forbade its registrants from assigning their domain names to third parties. Due to widespread complaints, its current registration agreement reverses this policy (see in clause 23).

24Unreported, Supreme Court of New York, 25 July 2001, case no 600703/01.

25Ibid. 3.

26194 F 3d 980 (9th Cir 1999).

2799 F Supp 2d 1168 (2000).

28529 SE 2d 80, 86 (Va. Supr. Ct. 2000). The case reversed a lower court's decision that a domain name was tangible property subject to the process of garnishment.

29Noted in Soares, C. "Are Domain Names Property? The Controversy" (2001) Duke L & Tech Rev 40032.

30Civ Act No 97-10065-DPW (D Ma, Sept 2, 1999).

3151 F Supp 2d 707 (ED Va 1999).

3215 USC § 1125(d)(2)(C).

33Caesar's World Inc v, No. 99-550-A (ED Va Mar 3, 2000).

34, 26.