Home / Blogs

ICANN Should Curb Anonymous Domain Name Abuses

Daniel Castro

E-commerce has revolutionized how businesses sell to consumers — including those involved in illicit activities, such as websites peddling illegal narcotics, pirated movies and music, or counterfeit handbags. For example, 96 percent of Internet pharmacies do not comply with U.S. laws, and as they ship pills tainted with paint thinner, arsenic, and rat poison, they put the health and safety of consumers at risk. Why don't law enforcement officials do more to combat this problem? Partly because of the difficulty of identifying who is actually operating the illegal pharmacies. It is time to fix this, while allowing anonymity for those who deserve it.

One requirement for registering any website domain name is that the domain owner must provide its contact information. This information is placed into WHOIS, a public, online database. Some website owners choose to use a privacy and proxy service, which submits contact information for the service provider and is then responsible for relaying any inquiries to the actual registrant. Unfortunately, not all privacy and proxy services fulfill their duties, creating a serious problem for law enforcement agencies. For example, FTC Commissioner Julie Brill has noted "...even ICANN recognizes that the system is flawed, often allowing bad actors to hide behind incomplete, inaccurate, or proxy information."

Fortunately, many stakeholders have been working over the past few years to develop a proposal that would create more accountability for website owners. ICANN's Privacy and Proxy Services Accreditation Issues (PPSAI) Working Group, a group of volunteers committed to developing an accreditation process for service providers, released an initial report for public comment on May 5, 2015. The group sought feedback on when privacy and proxy services should be prohibited in domain name registrations, especially for e-commerce websites, and how to make it more difficult for actors engaged in illegal activity to hide behind them.

In response to the PPSAI's request for comment, the Electronic Frontier Foundation (EFF) launched a misleading campaign claiming that Internet users' privacy was under attack by law enforcement and "Big Hollywood." Specifically, Jeremy Malcolm at the EFF falsely claimed that the proposal would not allow commercial websites to use proxy services. But as the Motion Picture Association of America's Alex Deacon noted in a recent blog post, "This is misleading. In fact, the report explicitly states that 'the [working group] agreed that the mere fact that a domain name is registered by a commercial entity or by anyone conducting commercial activity should not preclude the use of [privacy and proxy] services.'"

While the PPSAI proposal does not call for restricting privacy and proxy services, that idea is worthy of additional discussion since there are clear precedents for establishing limitations on online anonymity. For example, the CAN-SPAM Act establishes requirements for sending commercial email messages, such as providing accurate and identifiable information about the sender and the sender's physical location. Limiting anonymity for commercial websites would actually increase the privacy of Internet users, since it would allow them to know who they are doing business with and avoid disreputable companies.

The PPSAI is still working out the methods by which it believes ICANN can achieve a more trustworthy Internet, but the working group's efforts are commendable. Its report does not advocate for either extreme position — total privacy or total transparency — but instead attempts to strike a balance between the two. The goal of the working group is not to take away privacy from political activists, domestic abuse victims, or others who may otherwise be exposed to harassment or threats from their online activities, but rather to fix a flawed domain registration system that criminals routinely exploit at the expense of their victims.

As this debate continues, the PPSAI should keep to the pragmatic center ground that it staked out in its initial report and not give in to extremists on either side. Balancing privacy and public safety is critical to create a more trustworthy Internet.

By Daniel Castro, VP at Information Technology and Innovation Foundation
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Where can I find a full disclosure Volker Greimann  –  Aug 13, 2015 1:41 AM PDT

Where can I find a full disclosure of who pays for your foundation?

Also, I find it funny that lobbying organizations should be held to a different standard as private citizens who happen to operate a little shop on their web pages:

Here is your org's whois:

Showing results for: ITIF.ORG
Original Query: itif.org

Contact Information
Registrant Contact
Name: Registration Private
Organization: Domains By Proxy, LLC
Mailing Address: DomainsByProxy.com, Scottsdale Arizona 85260 US
Phone: +1.4806242599
Fax: +1.4806242598
Email: ITIF.ORG@domainsbyproxy.com

Oops!

Any serious question? Daniel Castro  –  Aug 13, 2015 7:44 AM PDT

The point is that there is no transparency standard right now for commercial sites, but we should consider adopting one.

Frankly, the reason a lot of websites use proxy services is simply because domain name registrars try to unnecessarily "upsell" proxy services when customers go to register a domain name.

DanielDo you have any facts to backup Michele Neylon  –  Aug 13, 2015 7:45 AM PDT

Daniel

Do you have any facts to backup your generalisations, because some of us actually do.

Regards

Michele

Hi Michele, what statement are you referring Daniel Castro  –  Aug 13, 2015 7:56 AM PDT

Hi Michele, what statement are you referring to?

Daniel - the ones you just made Michele Neylon  –  Aug 13, 2015 8:08 AM PDT

Daniel - the ones you just made above as well as in your article.

Transparency standards should apply to lobbyists too Volker Greimann  –  Aug 13, 2015 7:58 AM PDT

As you represent a lobbyist organization, your motives are rather opaque, so you may want to clear whose interests you actually represent. Discussion with someone who is paid for his opinion by undisclosed backers is rather pointless.

When you refer to "sites" you mean websites, right? So why not demand transparency on those sites instead? In Europe, that is the legal standard. No one cares about whois here, since full disclosure on the site is standard. Maybe you should direct your paid-for time at Washington instead then.

And referring to proxy services as unnecessary upsell is misleading and insulting to the thousands of commenters that have expressed very clearly that they consider their privacy anything but unnecessary.

If full disclosure is already required in Daniel Castro  –  Aug 13, 2015 8:12 AM PDT

If full disclosure is already required in Europe, why should any European website operator mind disclosing on WHOIS?

If you look at the marketing materials, some domain registrars are clearing appealing to people's fear of hackers, identity theft, and spam to sell proxy services.

DanielAre you familiar with EU privacy law Michele Neylon  –  Aug 13, 2015 8:15 AM PDT

Daniel

Are you familiar with EU privacy law and how it applies to whois?

It sounds like you aren't

Regards

Michele

I already read coming answers Jean Guillon  –  Aug 13, 2015 2:34 AM PDT

- "but this is not the role of ICANN" or;
- "Stakeholders are the one to decide, not ICANN".

Ii the solution here for a better naming system?

There is a big difference between "website" Michele Neylon  –  Aug 13, 2015 5:42 AM PDT

There is a big difference between "website" and "domain name". A whois record is a record related to the domain name.
The assumption that a lot of critics of whois privacy make is that the whois record is the only way of getting the contact information associated with a website (assuming one even exists)
In many cases registrants choose to mask their contact details in the whois, but are happy to publish it on their websites.
Also, in many jurisdictions privacy is respected. And whois policy reflects this in how it is designed and implemented.
The current whois model for gTLD registrations is fundamentally flawed and should be replaced.

To post comments, please login or create an account.

Related

Topics

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Cybersecurity

Sponsored byVerisign