Difference between revisions of "Domain Privacy"

Domain Privacy is a service provided registrars that prevents registrants' information from being listed in the WHOIS database. Registrars most commonly provide anonymity to the registrant by registering domains by proxy, listing the companies details in the WHOIS and providing a forwarding service.

ICANN requires that each registered domain provides identifying and contact information, including name, address, email, phone numbers and administrative and technical contents.^[1]Proxy services enable registrants' to meet this requirement and maintain anonymity.

ICANN Requirements

Up until the 2013, privacy and proxy services fell outside the scope of the Registry Accreditation Agreements (RAA).

The 2013 RAA requires that privacy and proxy service providers:

• Disclose service term (including pricing), on its website and abide by such terms;
• Publish an abuse/infringement point of contact;
• Disclose the business contact information on its website and/or registrar's website;
• Publish and abide by terms of service and description of procedures on its website and/or registrar's website, such as handling of abuse or trademark infringement reports, communication handling, conditions of ending service, Whois data publication conditions, and access to support services.^[2]

Origin of Private Domain Services

The public WHOIS database was created in the early 1980s, before ARPANET had become the internet we know today. It was originally intended to be used as a directory service for resolving technical issues with ARPANET.^[3] While the primary use of WHOIS has shifted to become commercial in nature, the protocols have remained relatively unchanged.^[4]

When the internet gained popularity, WHOIS became a service used by law enforcement, companies seeking to protect intellectual property and individuals trying to contact registrants with interest in purchasing their domains. While these uses may seem reasonable, the database also attracts data miners, that use the listed information for unethical, or even illegal purposes.^[5]

While these uses range between ethical and unethical, they reflect the changed internet landscape that led to a demand for privacy/proxy services. Registering a domain by proxy prevents registrants' information from being easily accessible to the public.

Proposed Policy

Privacy and proxy services began became a focal point for policy makers in the October 2011 when ICANN and the registrars stakeholder group began negotiations for the 2013 RAA.^[6] This was the first RAA to address the issue of privacy and proxy services. The ICANN Board approved the 2013 RAA on 27 June 2013, establishing interim requirements for registrars providing this service to be put in place until a formal accreditation process is developed.^[7]

Privacy & Proxy Services Accreditation Issues Working Group

The GNSO established the Privacy & Proxy Services Accreditation Issues Working Group, in response to the ICANN Board's request for an Issue Report, to be developed into a GNSO Policy Development Process (PDP) following the approval of the 2013 RAA. The board expressed urgency for this issue at ICANN 42 in Dakar:

"The Board wishes to convey its sense of urgency on this issue. Law enforcement agencies and a GNSO working group have developed a list of specific recommendations for amending the RAA to provide greater protections for registrants and reduce abuses. Yet no action has been taken on these recommendations. The Board requires action. Direct negotiations between the contracted parties is seen as a way to rapidly develop a set of amendments for consideration."^[8]

The Board was referring to a set of recommendations developed and proposed by law enforcement agencies from GAC members, including:

• Australian Federal Police
• Department of Justice (US)
• Federal Bureau of Investigation (US)
• New Zealand Police
• Royal Canadian Mounted Police
• Serious Organized Crime Agency (UK)

Among these recommendations were proposed policies concerning WHOIS data. It was stated that law enforcement does not condone any use of proxy/private registration, citing the requirement for "accurate, detailed, and public" WHOIS information for all gTLDs as stipulated in ICANN's 2006 JPA Affirmation of Responsibilities and the 2009 Affirmation of Commitments. In lieu of placeing a ban proxy/private registrations, law enforcement urged ICANN to adopt an amendment that set the following requirements:

1. Registrars are to accept proxy/privacy registrations only from ICANN accredited Proxy Registration Services.
2. Registrants using privacy/proxy registration services will have authentic WHOIS information immediately published by the Registrar when registrant is found to be violating terms of service, including but not limited to the use of false data, fraudulent use, spamming and/or criminal activity.^[9]

Timeline

• Preliminary Issue Report submitted-12 December 2011(PDF)
  • Public Comment Period-12 December 2011- 13 January 2012 (Submitted Comments)
• Final Issue Report-6 March 2012
• GNSO Resolution on the Initiation of the PDP-31 October 2013
• Working Group Charter-31 October 2013 (PDF)
• Working Group Initial Report-5 May 2015 (PDF)
  • Public Comment Period-5 May 2015-7 July 2015

References