Domain name contact information and the right to anonymity
by Andy Oram
The conflict between the open Internet--the one we all love for its
small users and free speech--and the commercial Internet--with high
barriers to entry--continues. The conflict's back this week in
which came into being in the midst of the conflict and has been
subject to its vicissitudes for over seven years.
A long-standing debate over the use of WHOIS data is coming to a
head. It seems like a small, fussy issue, but it's significant. If
you want your own domain name, you have to provide contact
information. This information, called the WHOIS database, is currently
open to the whole world. ICANN realizes it has to be more private, but
has been struggling with how many safeguards to put around it.
As an open medium, the Internet offers free expression to
everyone--and everyone includes those who must remain anonymous for
any reason. We're getting used to thinking of the Internet as a medium
that gives users unprecedented opportunities to spill the beans about
themselves: the results can be seen all over the popular social
networking and photo sites.
And the maturing Internet puts more and more pressure to attach
identifying information to participants. Commercially, of course,
tracking users offers a lot to vendors and makes it possible to trust
whom you're dealing with. Even the free-wheeling world of commentary
is creating its own reputation systems. If people know who you are,
you can start to rate the things you like; you can start to be taken
seriously and to have others take seriously the things you care
about. This can be empowering.
But just as important, the Internet also offers the crucial
opportunity to remain hidden, while revealing information for which
governments or other powerful actors could desire retribution. So far
as WHOIS goes, publicizing contact information has risks ranging from
unsolicited commercial email to harrassment to government persecution.
Do you need a domain name to express yourself? Why not just get a
blog? Some initiatives call for more than a URL hanging off of
somebody's else's server; a site may deserve its own domain name. You
can get a telephone number without revealing your personal information
to the public; domain names should be the same. This is part of the
right to communicate on the Internet.
The debate at ICANN seems almost absurdly narrow. On the one side are
defenders of noncommercial interests, along with the people
responsible for actually running the system (the domain name
registrars and registries). They want contact information released
only for narrow reasons required for maintaining domain name service.
On the other side are large trademark holders and their
representatives, who would like information released for "technical,
legal or other issues related to the registration or use of a domain
The trademark holders are placing people at risk just to save
themselves a couple steps when they have a legal problem. There are
plenty of laws and mechanisms to facilitate the take-down of
information that is displayed illegally (because of trademark
violations or other infractions) and for discovery and legal action
against perpetrators. The registry can simply move a domain name entry
and stop pointing queries to the associated systems.
Therefore, it is a dangerous and gross overextension of WHOIS to allow
it to be used for nontechnical disputes The argument used by the
trademark holders is cynical: they base it on the excuse that these
risks were not recognized several decades ago when WHOIS began, in a
age when the numbers and types of Internet users were radically
different from today.
It's also ironic that ICANN (at the behest of the U.S. Commerce
Department, in the memorandum bringing it to life) created the system
of domain name registrars, an unnecessary extra layer between the
holder of the domain name and the registry maintaining the
information. The registrars present a natural bulwark against the
release of information; a built-in buffer between vulnerable users and
those who want to harrass them. And now ICANN may breech this
Let's enjoy our growing public information resources on the Internet,
but keep it safe for people who want to stay in the shadows as well.
whois information also empowers the consumer in that it allows him to check out a potential supplier to see if it is a respectable company rather than a scam operation.
If the contact information is incomplete or clearly faked (as happens a lot, apparently more than a few registrars are less than dilligent about it as long as they get paid) that's a clear warning that there's something fishy going on with the domain.
With telephone information it's disclosed for all to see (name, address, everything) in the phone directory unless you make it known you don't want that (and even then the telco often reserves the right to sell the information anyway). Something similar could maybe be applied here as well, but the above reasoning would still apply. If a company wants to sell me something but they don't want me to know who they are, I won't trust them and go elsewhere.
Here in the UK we have stronger privacy laws and more protection over what businesses can do with personal data. This has meant that the .uk registry allows individuals to opt-out of having their details shown (see here: http://www.nominet.org.uk/other/whois/faq/#choose). I think this is a good compromise.
jwenting shows an interesting aspect of WHOIS (and other repositories
of information): enterprising users often find ancillary or "folk"
uses for them. I don't underestimate the value (although it's often
rough) of these informal uses, but I don't believe they should
override privacy concerns.
|Backgammon on line
|Backgammon on line Super :)|
|Backgammon instructions Super :)|
I created a dot com a handful of years ago, forgetting entirely about the WHOIS because I was so proud of myself. I inserted my real information.