Proposed Change to ICANN Domain Anonymity Rule Worries Privacy Advocates

A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services.

A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services.

The potential change comes in the form of a document from a working group of the Generic Names Supporting Organization at ICANN, the group that oversees Internet names and numbers. The working group is considering a number of changes to the way that privacy and proxy services operate, are accredited, and handle requests for registrant details from various organizations.

Proxy services are used by individuals and organizations to register domains without disclosing their personal contact details. The services allow registrants who operate sites with sensitive or controversial content, politically motivated content, or who don’t want their details published for various reasons to protect themselves. These services will disclose contact details under some circumstances, such as at the request of a law-enforcement agency. But the ICANN working group is looking at the question of whether commercial sites should be allowed to use these services.

The main driver for this is copyright infringement issues and the working group has put together a proposed framework to handle such requests, but the issue is a divisive one, both inside the working group itself and among outside observers.

“Although the WG reached preliminary agreement in respect of a proposed Disclosure Framework for handling requests from intellectual property (i.e. trademark and copyright) rights-holders, it has not developed a similar framework or template that would apply to other Requesters, such as LEA or anti- abuse and consumer protection groups. The WG is aware that certain concerns, such as the need for confidentiality in relation to an ongoing LEA investigation, may mean that different considerations would apply to any minimum requirements that might be developed for such a framework,” the group’s report says.

The crux of the disagreement appears to be what constitutes a commercial online entity. Obvious commercial sites, such as eBay or Amazon, aren’t in question. But smaller sites that may take ad revenue but aren’t necessarily operated as transactional sites are in a grey area. The working group is divided over whether such sites should be allowed to use proxy services.

“Although the WG agreed that the mere fact that a domain name is registered by a commercial entity or by anyone conducting commercial activity should not preclude the use of P/P services, there was disagreement over whether domain names that are actively used for commercial transactions (e.g. the sale or exchange of goods or services) should be prohibited from using P/P services. While most WG members did not believe such a prohibition is necessary or practical, some members believed that registrants of such domain names should not be able to use or continue using P/P services,” the report says.

Officials at the EFF are concerned that if smaller sites are prevented from using proxy services, domain owners may be exposed to harassment or other potential problems.

“This change is being pushed by US entertainment companies, who told Congress in March that privacy for domain registration should be allowed only in “limited circumstances.” These and other companies want new tools to discover the identities of website owners whom they want to accuse of copyright and trademark infringement, preferably without a court order. They don’t need a new mechanism for this—subpoenas for discovery of the identities of website owners do regularly issue,” Jeremy Malcolm and Mitch Stooltz of the EFF wrote in a post.  

“The limited value of this change is manifestly outweighed by the risks to website owners who will suffer a higher risk of harassment, intimidation and identity theft. The ability to speak anonymously protects people with unpopular or marginalized opinions, allowing them to speak and be heard without fear of harm. It also protects whistleblowers who expose crime, waste, and corruption.”

The GNSO Council’s report is open for comments for the next 60 days.

 

Suggested articles

Discussion

  • Frank Michlick on

    Here's an initiative from registrars (and supported by the EFF) gathering support against this change: http://www.savedomainprivacy.org/
  • Simon Theriault on

    Won't affect domainers, but will definitely ruffle some feathers with company owners.
  • Scott Bouchard on

    My little home-hosted website www.scottbouch.com is currently protected by WhoisGuard. I have one page where I've listed a few interesting items for sale (garage clearout) but it's not a commercial website by any means. I don't want my family home address made public for fear of burglary.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.