Domain name contact information and the right to anonymity

by Andy Oram

Related link: http://gnso.icann.org/issues/whois-privacy/prelim-tf-rpt-18jan06.htm



The conflict between the open Internet--the one we all love for its
small users and free speech--and the commercial Internet--with high
barriers to entry--continues. The conflict's back this week in
ICANN,
which came into being in the midst of the conflict and has been
subject to its vicissitudes for over seven years.



A long-standing debate over the use of WHOIS data is coming to a
head. It seems like a small, fussy issue, but it's significant. If
you want your own domain name, you have to provide contact
information. This information, called the WHOIS database, is currently
open to the whole world. ICANN realizes it has to be more private, but
has been struggling with how many safeguards to put around it.



As an open medium, the Internet offers free expression to
everyone--and everyone includes those who must remain anonymous for
any reason. We're getting used to thinking of the Internet as a medium
that gives users unprecedented opportunities to spill the beans about
themselves: the results can be seen all over the popular social
networking and photo sites.



And the maturing Internet puts more and more pressure to attach
identifying information to participants. Commercially, of course,
tracking users offers a lot to vendors and makes it possible to trust
whom you're dealing with. Even the free-wheeling world of commentary
is creating its own reputation systems. If people know who you are,
you can start to rate the things you like; you can start to be taken
seriously and to have others take seriously the things you care
about. This can be empowering.



But just as important, the Internet also offers the crucial
opportunity to remain hidden, while revealing information for which
governments or other powerful actors could desire retribution. So far
as WHOIS goes, publicizing contact information has risks ranging from
unsolicited commercial email to harrassment to government persecution.



Do you need a domain name to express yourself? Why not just get a
blog? Some initiatives call for more than a URL hanging off of
somebody's else's server; a site may deserve its own domain name. You
can get a telephone number without revealing your personal information
to the public; domain names should be the same. This is part of the
right to communicate on the Internet.



The debate at ICANN seems almost absurdly narrow. On the one side are
defenders of noncommercial interests, along with the people
responsible for actually running the system (the domain name
registrars and registries). They want contact information released
only for narrow reasons required for maintaining domain name service.
On the other side are large trademark holders and their
representatives, who would like information released for "technical,
legal or other issues related to the registration or use of a domain
name."



The trademark holders are placing people at risk just to save
themselves a couple steps when they have a legal problem. There are
plenty of laws and mechanisms to facilitate the take-down of
information that is displayed illegally (because of trademark
violations or other infractions) and for discovery and legal action
against perpetrators. The registry can simply move a domain name entry
and stop pointing queries to the associated systems.



Therefore, it is a dangerous and gross overextension of WHOIS to allow
it to be used for nontechnical disputes The argument used by the
trademark holders is cynical: they base it on the excuse that these
risks were not recognized several decades ago when WHOIS began, in a
age when the numbers and types of Internet users were radically
different from today.



It's also ironic that ICANN (at the behest of the U.S. Commerce
Department, in the memorandum bringing it to life) created the system
of domain name registrars, an unnecessary extra layer between the
holder of the domain name and the registry maintaining the
information. The registrars present a natural bulwark against the
release of information; a built-in buffer between vulnerable users and
those who want to harrass them. And now ICANN may breech this
security.



Let's enjoy our growing public information resources on the Internet,
but keep it safe for people who want to stay in the shadows as well.


6 Comments

jwenting
2006-02-07 23:57:47
OTOH
whois information also empowers the consumer in that it allows him to check out a potential supplier to see if it is a respectable company rather than a scam operation.

If the contact information is incomplete or clearly faked (as happens a lot, apparently more than a few registrars are less than dilligent about it as long as they get paid) that's a clear warning that there's something fishy going on with the domain.

With telephone information it's disclosed for all to see (name, address, everything) in the phone directory unless you make it known you don't want that (and even then the telco often reserves the right to sell the information anyway). Something similar could maybe be applied here as well, but the above reasoning would still apply. If a company wants to sell me something but they don't want me to know who they are, I won't trust them and go elsewhere.
chrisrimmer
2006-02-08 04:49:22
European perspective
Here in the UK we have stronger privacy laws and more protection over what businesses can do with personal data. This has meant that the .uk registry allows individuals to opt-out of having their details shown (see here: http://www.nominet.org.uk/other/whois/faq/#choose). I think this is a good compromise.
andyo
2006-02-08 11:00:53
OTOH
jwenting shows an interesting aspect of WHOIS (and other repositories
of information): enterprising users often find ancillary or "folk"
uses for them. I don't underestimate the value (although it's often
rough) of these informal uses, but I don't believe they should
override privacy concerns.


jwenting's posting also displays a viewpoint that is typical of
trademark and copyright holders and can be summarized by old
cliché "If you haven't done anything wrong, you have nothing to
hide." A good answer appears below in some heartfelt commentary from
someone text I got from someone I was corresponding with--someone who
owns a domain name and doesn't want to be identified. (But I got
permission to circulate the text.)


---


For some of us, the question isn't a trademark worry, but a
life and death question of avoiding stalkers. For some, it's
a question of harrassment lawsuits designed to destroy free
speech.


It's one thing for a business to have contact information on
the Internet publicly available. The executives and their
beloved families don't live at the corporate address. If
they did, they'd be howling about their privacy. If ICANN
made a rule that all executives of all corporations must
provide contact information for their home addresses and
provide their home phone numbers to apply for a domain name,
you'd have the equivalent of what bloggers are being asked
to submit themselves to.


Bloggers live where they work, at home. Providing that kind
of contact information publicly is a way of setting them up
for identify theft, stalking, stupid lawsuits, and the fear
of never knowing when some net kook is going to show up on
one's doorstep. Most bloggers have families, children they
wish to protect from kidnapping or other horrible things.
In other words, anonymity doesn't reflect a desire to be
mysterious. It really is a question of safety.

Backgammon on line
2006-03-16 06:56:10
Backgammon on line Super :)
Backgammon instructions
2006-03-17 15:51:26
Backgammon instructions Super :)
IdentityMIA
2006-04-23 01:26:39
I created a dot com a handful of years ago, forgetting entirely about the WHOIS because I was so proud of myself. I inserted my real information.


Some time down the road, Googled my name, a violent online group posted my information that they got from the WHOIS, long after the dot com was gone, along with a bunch of libel.


I can understand the concerns about knowing if you're on an actual business site or a spoof, or whatever other concerns you may have. But, as a private user with a very personal dot com, my information should not have been public, even though I was stupid enough to put it.