News

Domain Registration Privacy Moves Forward

• By The Associated Press
• March 20, 2007

Help may be on the way as a key task force last week endorsed a proposal that would give more privacy options to small businesses, individuals with personal Web sites and other domain name owners.

"At the end of the day, they are not going to have personal contact information on public display," said Ross Rader, a task force member and director of retail services for registration company Tucows Inc. "That's the big change for domain name owners."

At issue is a publicly available database known as Whois. With it, anyone can find out the full names, organizations, postal and e-mail addresses and phone numbers behind domain names.

Hearings on the changes are expected next week in Lisbon, Portugal, before the Internet Corporation for Assigned Names and Numbers, or ICANN, the main oversight agency for Internet addresses.

Resolution, however, could take several more months or even years, with crucial details on implementation still unsettled and a vocal minority backing an alternative.

Under the endorsed proposal _ some six years in the making _ domain name registrants would be able to list third-party contact information in place of their own _ to the chagrin of businesses and intellectual-property lawyers worried that cybersquatters and scam artists could more easily hide their identities.

"It would just make it that much more difficult and costly to find out who's behind a name," said Miriam Karlin, manager of legal affairs for International Data Group Inc., publisher of PC World and other magazines. She said she looks up Whois data daily to pursue trademark and copyright violators.

Privacy wasn't a big consideration when the current addressing system started in the 1980s. Back then, government and university researchers who dominated the Internet knew one another and didn't mind sharing personal details to resolve technical problems.

Today, the Whois database is used for much more. Law-enforcement officials and Internet service providers use it to fight fraud and hacking. Lawyers depend on it to chase trademark and copyright violators. Journalists rely on it to reach Web site owners. And spammers mine it to send junk mailings for Web site hosting and other services.

And Internet users have come to expect more privacy and even anonymity. Small businesses work out of homes. Individuals use Web sites to criticize large corporations or government officials. The Whois database, for many, reveals too much.

The requirements for domain name owners to provide such details also contradict, in some cases, European privacy laws that are stricter than those in the United States.

Registration companies generally don't check contact information for accuracy, but submitting fake data could result in missing important service and renewal notices. It also could be grounds for terminating a domain name.

Over the past few years, some companies have been offering proxy services, for a fee, letting domain name owners list the proxy rather than themselves as the contact.

It's akin to an unlisted phone number, though with questionable legal status. The U.S. government has banned proxies entirely for addresses ending in ".us," even after many had already registered names behind them.

Critics also complain that such services can be too quick or too slow -- depending on whom you ask -- in revealing identities under legal pressure.

"Right now there's no regulation, no accreditation, no standards," said Margie Milam, general counsel for MarkMonitor, a brand-protection firm. "Some can take weeks, which can slow down investigations."

The task force proposal, known as operational point of contact, would make third-party contacts a standard offering. Domain name owners could list themselves, a lawyer, a service provider or just about anyone else; that contact would forward important communications back to the owner.

Details must still be worked out, but the domain name registrant rather than the proxy would likely be clearly identified as the legal owner, unlike the current, vague arrangement. ICANN's staff also pressed for more clarity on to whom and under what circumstances the outside contact would have to release data.

Although that proposal received a slight majority on the Whois task force, some stakeholders including businesses and lawyers have pushed an alternative known as special circumstances. Domain name holders would have to make personal contact details available, as they do today, unless they can justify a special circumstance, such as running a shelter for battered women.

"On the whole, society is much better off having this kind of transparency and accountability," said Steven Metalitz, an intellectual-property lawyer on the task force.

ICANN's Council of the Generic Names Supporting Organization plans public hearings in Lisbon, after which it could make a recommendation or convene another task force to tackle implementation details.

Supporters of the new proposal remain hopeful that resolution is near.

"A lot of public interest groups have been waiting a long time to see if this process actually works or if it's just a charade," said Wendy Seltzer, a non-voting task force member and fellow with Harvard University's Berkman Center for Internet and Society. "If this turns out to have been for naught, you will have a lot of frustrated people."