Privacy advocates are sounding the alarm over a potential policy change that would prevent some people from registering website addresses without revealing their personal information.
ICANN, the regulatory body that oversees domain names, has asked for public comment on whether it should prohibit the private registration of domains which are “associated with commercial activities and which are used for online financial transactions.”
Domain registration companies, privacy advocates and anti-harassment advocates have decried the proposed changes for putting internet users at risk. On the opposite side of the issue, companies like LegitScript and MarkMonitor have argued that the change is necessary to protect consumers from unscrupulous businesses.
According to ICANN’s rules, any domain registered on the Web needs a publicly-accessible Whois record that lists several contacts along with their physical address, email address and phone number. But privacy services exist that allow users to register a domain and use the privacy provider’s contact information so that they don’t have to reveal their own personal details.
Those providers will usually provide a relay service that lets people contact domain registrants if necessary, and will often turn over a registrant’s contact information in response to a court order. But they still provide a degree of privacy for domain registrants.
According to anti-harassment advocate Randi Harper, Whois privacy services are key to protecting people from abuse online. Harper, the CEO of the Online Abuse Prevention Initiative, said it was important for users to be able to protect their Whois data because it is the “lowest barrier to entry for finding personal information on a target of harassment.”
“Even someone who isn’t technically inclined is able to go to a website, put in a domain name, and get the address of the person who owns it,” she said in an email. “In many cases, this is the home address of an individual. Once this personal data is made public, targets of harassment can receive phone calls, mail, and often times threats of physical harm.”
Harper’s organization has joined other advocacy organizations including the Electronic Frontier Foundation and Fight for the Future, along with domain registrars like GoDaddy, Namecheap, eNom and Tucows in the fight against the changes.
Elisa Cooper, MarkMonitor’s vice president of product marketing, said in an emailed statement that the push to restrict anonymized registrations was designed to protect online consumers from shady businesses.
“Consumers on the Internet should be able to know who they are doing business with,” she said. “By allowing anonymized domain name registrations for sites that are transacting business online, we are creating a safe haven for criminal behavior to flourish.”
ICANN’s own working group is divided on the issue, which is why it’s soliciting public comments.
Libby Baney, a senior director at FaegreBD Consulting who participated in the working group, said that the policy was aimed at providing parity in the digital world for businesses that are already required to provide public registration of their information in the offline world.
But Stephanie Perrin, a Canadian member of ICANN’s Non-Commercial Users Constituency who was one of the civil society representatives on the working group, said that the policy would put organizations like political and women’s groups at risk of harassment.
“Many of these groups accept donations, sell paraphernalia (mugs, t-shirts, etc.) or generate advertising revenue,” she said in an email. “Denying them privacy proxy services may put them at risk.”
Cooper, for her part, said that “there is a lot of nuance” to the situation, and that the rules still have to address “corner cases,” but that the policy overall would benefit internet users.
“We believe that the interests of consumers and businesses of all sizes are best served by guarding against fraudulent sites that are attempting conceal their identities,” she said.
As for Harper, she hopes that ICANN will go in the opposite direction from the proposed changes, and make domain privacy standard for all domains not registered to a business entity.
“The idea of publicly listing physical addresses for websites is antiquated and unnecessary,” she said in an email. “While the Internet has evolved, our privacy standards in many areas have not.”
No matter how the issue gets resolved, it will still be a long time before ICANN comes to a decision. The organization will accept public comments on the changes through July 7, and a staff report on the policy is due July 21. After that, ICANN’s board will still have to vote on any policies before they go into effect.