Home / Blogs

Domain Owners Lose Privacy

Bob Parsons

As facts unfold, and the NTIA's decision to take away our privacy comes to light, it is interesting to see the NTIA struggling to explain its decision. Keep in mind that an "as yet to be identified" bureaucrat made this decision to take away your privacy, did it without notice, and without holding hearings. Those affected were not given an opportunity to explain how the loss of privacy would negatively affect them. Quite simply, this is NOT how our government is supposed to work. We should be outraged.

In an attempt to explain its decision, the NTIA has shifted from providing nonsensical arguments to downright lying. In Wired News case, the NTIA did not even return the reporter's phone call. Here are some examples of the NTIA's waffling:

First, the NTIA is being disingenuous.

The NTIA told the reporter from Computer Business Review Online that they just became aware of the fact that registrars like GoDaddy.com were offering private registrations, and that this violates the original agreement. This is simply not true. We have a letter that dates back to when we first started selling .US domain names that talks about how we will provide the registry access to the registrant's private data so that it can be sure the nexus requirements — mandatory to a .US registration — are met. So the "we just found out about private .US registrations" argument is patently untrue.

Second, they've tried the "law enforcement needs access to this information" angle.

They also claimed that they want all .US Whois public database information to be available to law enforcement officials. Law enforcement officials already have access to private registration data, by the terms of the private registration agreement, anytime they are conducting an investigation. Law enforcement officials know that people who commit crimes don't purchase private registrations. The criminals simply provide false information when they register their domains. So in the case of law breakers, the Whois data related to their domain names is usually worthless. The truth is, law enforcement officials know that information related to private registrations is usually very accurate. Since companies like GoDaddy.com work very closely with law enforcement, they openly support private registrations. We have law enforcement officials who are willing to step up and attest to this fact.

Third, they've introduced the "we are concerned about the registrar going out of business" angle.

The NTIA has now claimed that private registrations should not be allowed because, if a registrar goes out of business, the information as to who actually owns the domain name will be lost. Quite frankly, this is one of its most pinheaded arguments; we've offered to put the information for private registrants into escrow to alleviate this concern. Companies like GoDaddy.com, Network Solutions and eNom are all very solid financially, and are not going to go out of business.

Finally, they are also using the "this only affects .US registrations" angle.

They are now saying that this will only affect .US registrations and that for now, registrars can continue to offer private registrations for other top level domain names like .COM, .NET, etc. While this is immediately true, I personally believe that this is just the first battlefield. If we lose our right to .US privacy, there will eventually be an attempt to take away our privacy on other domain names. If you care at all about your right to privacy, this is where you need to take a stand — even if you don't own a private domain registration. If we can restore our privacy on .US registrations, we will not lose our right to privacy with respect to other domain names, and in other areas.

The benefits of private domain name registrations are not trivial.

Here is what you lose when your right to private registrations is taken away, and your personal information is made public:

1. YOU LOSE protection from stalkers and harassers.
2. If you have a home business (particularly on eBay) YOU LOSE protection against someone just showing up at your front door.
3. If you have a family domain name, with a family website, YOU LOSE protection against someone who finds your family interesting and simply decides to pay you a visit.
4. YOU LOSE protection against visits from unstable personalities (about 5% of our adult population is seriously mentally ill).
5. YOU LOSE protection against SPAM and phishing.
6. YOU LOSE protection against social engineering attempts to steal your identity and/or money.
7. YOU LOSE protection against general solicitations via phone and/or fax.
8. YOU LOSE the right to operate a website anonymously. This right is particularly coveted by moonlighters.
9. YOU LOSE the ability to speak anonymously (a right confirmed by the Supreme Court). Loss of this right has First Amendment advocates very concerned.

I urge you to take this seriously and take action.

Finally, if you care at all about your personal privacy, I urge you to take action. This is no time for apathy or for relying on your fellow citizens to act on your behalf. I recommend that you send emails to your Congressperson and Senators, whether or not you own a private registration. If we win the battle to retain our privacy here, it is less likely that it will be taken away someplace else — someplace else that is important to you.

The last thing I ever want to see happen is for us to eventually lose our privacy on .COM and the rest of the top level domain names, and to have to say, "I told you this was going to happen." Please get involved and help us win this fight.

---
Copyright c 2005.  Bob Parsons.  Reprinted with permission.

By Bob Parsons, President & Founder
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: Domain Owners Lose Privacy Daniel R. Tobias  –  Mar 08, 2005 9:03 AM PDT

I'm not supporting the anti-privacy provisions in WHOIS policy, but they're hardly a new imposition; they've been part of the system since the ancient days of the Internet, when they weren't really controversial because mostly large institutions like universities had domain names, and you had to be a computer geek and have government-sponsored ARPAnet access to even be able to access the WHOIS database anyway.  This new policy decision to stop anonymous registration services is merely upholding the traditional and longstanding requirement of public WHOIS info.

It's also overly alarmist to say that this mandates that you disclose your home address for stalkers, as it's perfectly possible to use a post office box, maildrop, or work address for the purpose of domain registration.

Re: Domain Owners Lose Privacy Thomas Barrett  –  Mar 10, 2005 3:20 PM PDT

Bob,

Your letter is right on point about privacy issues in the Whois.  This fight is worth fighting, at a minimum, to force the NTIA to conduct an open debate about this issue and all future policy-related issues. 

Personally, I feel one of the biggest problems with the internet is that there is not enough companies and governments advocating for consumer rights.

But even if people disagree with us on the importance of the Whois privacy issue, I would hope that more people speak up regarding disappointment with how the decision was made by the NTIA.

There does exist a .us Policy Council that is supposed to deal with issues like this.  See
http://www.neustar.us/policycouncil/index.html

NTIA owes the public an explanation of how this group was consulted and why the hearings, if any, were not made public.  And if they were not consulted, why not?

In its role as a ICANN-type body for the .us domain, NTIA needs to follow its own proscribed processes for public debate for policy changes and not make arbitrary decisions without the consultation of all of the involved parties.

Best Regards,

Tom Barrett
EnCirca, Inc.

Re: Domain Owners Lose Privacy Andrew Moulden  –  Mar 11, 2005 12:51 AM PDT

That GoDaddy's President expresses so much concern about whois privacy is deeply ironic, given his organisation's "interpretation" of its agreement with ICANN - specifically section 3.3.1 of the Registrar Accreditation Agreement, which mandates what data fields should be included in registrar whois output.

Details:
http://www.jottings.com/2005/02/12/godaddy-selectively-rationing-whois-data/

Re: Domain Owners Lose Privacy Roger Williams  –  Mar 16, 2005 9:23 PM PDT

Daniel,

You have pointed out the major aspect of the whois system that has been so hotly debated on sites such as the one you are posting to.

Since the whois system went commercial and grew out of the 'geek' phase it has become very obvious that the privacy implications are its key weakness. While the internet offers the amazing aspect of limitless reach there are times when that is not the most desired effect. Just as having an unlisted phone number allows people to hide themselves from mass-marketing and hooligan activity, Domains By Proxy and other privacy services let personal users keep peice of mind.

While the mention of stalkers may seem a bit alarmist, I can asure you that victims of such offences would not agree with you…

Andrew,

Your attempt to drive traffic to your blog is commendable, but shortsided. Bob's point is that a government agency has made a major policy change without incorporating anything resembling a democratic/rational process in regards to how a consumer may elect to protect their privacy. (whew that was a mouthful).

You are discouraged by GoDaddy's policy towards unsavory types who like to use scripts to data-mine for emails and so forth. The sites that you mention on your blog allow for users to run such scripts. By forcing you to use GoDaddy's site to see the full whois info you have to go through a captcha, which, as I am sure you know, prevents consumers from being preyed upon.

The irony is that your post brings to light yet another way in which GoDaddy is interested in protecting its users Privacy.

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias