Written by: Libby Baney and Matthew Rubin, Faegre Drinker Consulting

Consistent with nearly every public health crisis in recent times, illegal actors have leveraged consumer fear and confusion to make short-term profits without significant risk of enforcement. It is happening again now.

Since World Health Organization declared the coronavirus disease 2019  (COVID-19) a pandemic on March 11, 2020, more than 100,000 domain names have been registered or launched referencing global health crisis. These web URLs contain key buzzwords such as “covid,” “corona,” and “virus,” and have been found to espouse misinformation; peddle counterfeit, substandard, or otherwise unapproved medical interventions; or spread malicious phishing and malware schemes. Unfortunately, hundreds, if not thousands, of new COVID-19-related sites launch each day.

The United States Department of Justice (DOJ), state attorneys general, US Food and Drug Administration (FDA), Federal Trade Commission (FTC), and other state and federal partners have taken substantial action against websites for the advertisement and sale of false hopes and cures for COVID-19. The domain name industry can play a critical role in tamping down on the prevalence and availability of fraudulent websites and scams online.

Even so, state and federal officials alone cannot enforce their way out of global online frauds and scams; the problem is simply too large, and the crimes are too easy to pull off. In addition to continued government enforcement, we need new policy solutions aimed at preventing online harm to public health and frauds at the outset.

As discussed in a letter to Vice President Mike Pence in his capacity as chair of the White House Coronavirus Task Force and signed by 42 national organizations, two policy solutions could dramatically impact the problem of illegal online drug sales and COVID-19 scams online:

  • Require transparency to stop internet fraud at scale. As Representative Bob Latta (R-OH) called for in a February 2020 House Resolution, Congress should require registrars to validate domain name registration information and make registration data accessible. The DOJ, FTC, FDA, US Department of Commerce, European Union Agency for Law Enforcement Cooperation, cybersecurity experts, public health leaders, and others agree that access to domain registration information is the essential for “tracking down cybercrooks and/or for disrupting their operations.”
  • Stop companies from profiting from domains used for public health scams. While leaders at DOJ, FTC, FDA, and in state governments take action to monitor and stop COVID-19 scams, Congress could strengthen these efforts by requiring US-based domain name registrars to immediately lock and suspend any domain name used to facilitate COVID-19 and other public health scams. Especially during a global pandemic, there is simply no reason that domain name registrars should be able to profit from the sale of domains used for COVID-19-related frauds and phishing attacks.

Recognizing the need for domain name system accountability in response to COVID-19 frauds and scams online, on April 13, 2020, three US Senators – Mazie Hirono (D-HI), Cory Booker (D-NJ), and Maggie Hassan (D-NH) – delivered letters to eight registrars and hosting sites, including GoDaddy and Namecheap. Within the letter, which requested a response by April 20, 2020, the senators note, “As people the world over turn increasingly to the internet for information about the coronavirus and use online applications to work, learn, and keep in contact with friends and family, it is imperative that domain name registrars not turn a blind eye to such illicit activity but, rather, act to protect the internet-using public.” An update on these developments will be provided in a future issue of this newsletter.

Ultimately, websites that achieve the .pharmacy domain have demonstrated commitment to public health and safety and can be beacons of legitimate, evidence-based information at a time when the alternative could prove deadly.