Home / Blogs

CIRA Creates Backdoor WHOIS Exceptions for Police and IP Owners

Michael Geist

Earlier this year, I wrote glowingly about the new CIRA whois policy, which took effect today and which I described as striking the right balance between access and privacy. The policy was to have provided new privacy protection to individual registrants — hundreds of thousands of Canadians — by removing the public disclosure of their personal contact information (though the information is collected and stored by domain name registrars).

Apparently I spoke too soon. Faced with the prospect of a privacy balance, special interests representing law enforcement and trademark holders quietly pressured CIRA to create a backdoor that will enable these two groups (and these two groups alone) to have special access to registrant information. In the case of law enforcement, police can bring cases to CIRA involving immediate risk to children or the Internet (ie. denial-of-service attacks) and CIRA will hand over registrant information without court oversight. In the case of trademark holders (as well as copyright and patent owners), claims that a domain name infringes their rights will be enough to allow CIRA to again disclose registrant information.

This represents a stunning about-face after years of public consultation on the whois policy. While the law enforcement exception appears to be narrowly tailored, the exception for trademark, copyright, and patent interests undermines a crucial part of the whois policy, namely compliance with Canadian privacy law (the policy now arguably violates the law) and the appropriate balance between privacy and access. For example, consider a Canadian that registers companysucks.ca (name your company) as a whistleblower site about a particular company. They understandably wish to remain anonymous to the general public since disclosure of their personal information could lead to negative repercussions. Under the new CIRA policy, if they use fake registrant information, they risk losing the domain. On the other hand, the backdoor exception means that the trademark holder can easily smoke out the identity of the registrant as CIRA will simply hand over this information.

Just over six weeks ago, CIRA celebrated its one millionth domain name registration and claimed world class status. Today, the organization has betrayed the very principles of consultation upon which it was built and sent a discouraging message that special interests matter more its own members.

By Michael Geist, Chair of Internet and E-commerce Law. More blog posts from Michael Geist can also be read here.

Related topics: Domain Names, Intellectual Property, Privacy, Registry Services, Top-Level Domains, Whois


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


Good for CIRA - if done with adequate safeguards Suresh Ramasubramanian  –  Jun 11, 2008 2:02 AM PDT

A lot of spam and cybercrime abuses private or anonymous registration, far more than people legitimately use it - and not all registrars have the clue level CIRA has so that they'd be even more vulnerable. Treating what CIRA did earlier (blanket restriction) as a precedent would have been dangerous.

Privacy is a balance. Well, The Famous Brett Watson  –  Jun 11, 2008 9:10 AM PDT

Privacy is a balance. Well, actually it's an all out tug-o-war between conflicting interests. Unfortunately, it's usually the legitimate users who have the most to lose.

I suspect that the average cybercriminal only uses anonymous registration because it's checked by default. It's not like they provide anything remotely truthful to anyone, ever, so what does "anonymity" gain them? And giving law enforcement easy access to false data gains us what, exactly? The net benefit appears to be that it won't even take a court-signed warrant to obtain the personal details of those crooks who are stupid enough to provide them. I wonder whether the police, armed with easily-obtained and mostly-false data, are going to start knocking on the doors of identity theft victims. If not, then they're probably not catching the hypothetical genuinely idiotic criminals either. Bear in mind that victims of identity theft may be suspected of child pornography in this case: the exception is made only in cases of "immediate risk to children or the Internet".

You're a sensible guy, Suresh: cut it out with the alarm bells. Explicit anonymity has the superficial appearance of aiding crime, but none of the substance. This is classic security theatre, and I challenge you to provide a strong argument to the contrary if you're in earnest about the danger (although probably not in this comment thread, specifically — that would be getting off-topic).

I'd care less about the police angle, except for the fact that Trademark interests have come along for the ride. Damn typical, that. It's like the whole "think of the children" angle is the nose of the camel in the tent, and corporate interests are the head behind the nose wishing to gain access. Security theatre is bad enough in and of itself, but it looks like it's a pretext for preferential treatment of corporations in this case. Corporations have legitimate interests, of course, but I fail to see why they should be given preferential treatment with regards to access. In fact, given their track record of attempting censorship in the name of Trademark enforcement, such preferential treatment seems positively corrupt, and contrary to other legitimate public interests.

Ah, but lobbying is a very Western, Democratic form of corruption, isn't it?

Whois and anonymity - security theater? Suresh Ramasubramanian  –  Jun 11, 2008 10:22 PM PDT

Well, in my experience, even the fakery tends to follow a specific pattern, which helps tie various domains together to the same scam artist.

Please see this paper (submitted to GNSO during the whois consultation process) by OPTA, a dutch fair trade regulator that does a lot of excellent work on antispam issues (I've met them, they're brilliant)

The Importance of Whois Databases for Spam Enforcement

Canadian law enforcement seems to agree too Suresh Ramasubramanian  –  Jun 14, 2008 2:59 AM PDT


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Domain Registrations Reach 331.9 Million, 6.7 Million Growth Year over Year

.brands Spotlight: Banking and Finance Industries

Google Buys Business.Site Domain for 'Google My Business'

Radix Announces Global Web Design Contest, F3.space

Global Domain Name Registrations Reach 330.6 Million, 1.3 Million Growth in First Quarter of 2017

.TECH Gets Its Big Hollywood Break

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

UDRP: Better Late than Never - ICA Applauds WIPO for Removing Misguided 'Retroactive Bad Faith'

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Startup League Reports from WebSummit, Lisbon

2016 U.S. Election: An Internet Forecast

.SPACE Becomes the Choice of the First Ever Space Nation Asgardia