Difference between revisions of "Domain Privacy"

Domain Privacy is a service provided by registrars that prevents registrants' information from being listed in the WHOIS database. Registrars most commonly provide anonymity to the registrant by registering domains by proxy, listing the companies details in the WHOIS and providing a forwarding service.

ICANN requires that each registered domain provides contact information, including name, address, email, phone numbers and administrative and technical contents.^[1]Proxy services enable registrants' to meet this requirement and maintain anonymity.

Origin of Private Domain Services

The public WHOIS database was created in the early 1980s, before ARPANET had become the internet we know today. It was originally intended to be used as a directory service for resolving technical issues with ARPANET.^[2] While the primary use of WHOIS has shifted to become commercial in nature, the protocols have remained relatively unchanged.^[3]

When the internet gained popularity, WHOIS became a service used by law enforcement, companies seeking to protect intellectual property and individuals trying to contact registrants with interest in purchasing their domains. While these uses may seem reasonable, the database also attracts data miners, that use the listed information for unethical, or even criminal and illegal purposes.^[4]

While these uses range between ethical and unethical purposes, they reflect the changed internet landscape that led to a demand for privacy/proxy services. Registering a domain by proxy prevents registrants' information from being easily accessible to the public.

ICANN Policy

Current Policy

The 2013 RAA became the first to address the issue of Domain Privacy, when the ICANN Board approved it on 27 June 2013. The Board was committed to having the new RAA in place prior to the delegation of gTLDs in the New gTLD Program, leaving several issues unresolved, including those relating to Proxy and Private Registrations.^[5]

The Board adopted interim protections to be put in place until a formal policy could be implemented. These protections, due to expire at the end of 2016, placed the following requirements on providers of privacy/proxy services:

• Disclose service terms (including pricing), on its website and abide by such terms;
• Publish an abuse/infringement point of contact;
• Disclose the business contact information on its website and/or registrar's website;
• Publish and abide by terms of service and description of procedures on its website and/or registrar's website, such as handling of abuse or trademark infringement reports, communication handling, conditions of ending service, Whois data publication conditions, and access to support services.^[6]

Proposed Policy

Privacy and proxy services started becoming a focal point for policy makers in the October 2011 when ICANN and the registrars stakeholder group began negotiations for the 2013 RAA.^[7] In anticipation of being unable to deal with all of the issues facing the new RAA prior adopting it, the Board requested an Issue Report from the GNSO. The report preemptively evaluated proposed RAA amendments, identifying those suited for a Policy Development Process (PDP), in the case that the finalized RAA fails to address them. ^[8] Following the Board's approval of the 2013 RAA, the issue of proxy/privacy services remained the only remaining issue suitable for a PDP. This became a high priority issue as the Board and the GAC began to express a level of urgency.

The board expressed this urgency at ICANN 42 in Dakar:

"The Board wishes to convey its sense of urgency on this issue. Law enforcement agencies and a GNSO working group have developed a list of specific recommendations for amending the RAA to provide greater protections for registrants and reduce abuses. Yet no action has been taken on these recommendations. The Board requires action. Direct negotiations between the contracted parties is seen as a way to rapidly develop a set of amendments for consideration."^[9]

The recommendations referred to date back to October 2009 at ICANN 36 in Seoul and were developed and proposed by law enforcement agencies from GAC members, including: Australian Federal Police; Department of Justice (US); Federal Bureau of Investigation (US); New Zealand Police; Royal Canadian Mounted Police; and Serious Organized Crime Agency (UK).

Law Enforcement stated that it does not condone any use of proxy/private registration, citing the 2009 Affirmation of Commitments, which requires "accurate, detailed, and public" WHOIS information for all gTLDs. In lieu of placing an absolute ban proxy/private registrations, Law Enforcement urged ICANN to adopt the following requirements:

1. The proxy/privacy registrant is a private individual using the domain name for noncommercial purposes only
2. The proxy/privacy registration service has been accredited by ICANN using the same due diligence process as a Registrar/Registry
3. Information from the WHOIS database can be provided to law enforcement authorities when the information will assist in the prevention, detection, investigation prosecution or punishment of criminal offences or breaches of laws imposing penalties, or when authorised or required by law.

This set of recommendations was further developed and included in a set of 12 Law Enforcement recommendations for amending the RAA.

Privacy & Proxy Services Accreditation Issues Working Group

The GNSO established the PDP Privacy & Proxy Services Accreditation Issues Working Group, adopting its Charter on 31 October 2013. The staff paper reporting on the conclusion of the 2013 RAA outlined 27 issues for the working group (WG) to address.^[10] A comprehensive list of the 27 issues can be found in the WG's Charter. (PDF)

The WG submitted their initial report on 5 May 2015, with the public comment period spanning from 5 May 2015 to 7 July 2015. It included a set of preliminary agreements among the WG, issues with agreements yet to be finalized and issues with no consensus.

The only issue that failed to reach some level of consensus was whether domains actively used for commercial/financial transactions should be allowed to use P/P services. This has been the most contentious and controversial issue surrounding the Domain Privacy and the RAA more generally.

Privacy & Proxy Services vs Open Internet

The directory service is today a commercial package offered to the public by domain registering companies as a service. Where a client desires to limit the exposure of their private data to the public, they would be required to purchase privacy. While it is great that there are options to secure personal data, debates going on in internet governance forums are that should it come at a cost and doesn't this impact negatively on the openness of the internet.

Timeline

• Preliminary Issue Report submitted-12 December 2011(PDF)
  • Public Comment Period-12 December 2011- 13 January 2012 (Submitted Comments)
• Final Issue Report-6 March 2012
• GNSO Resolution on the Initiation of the PDP-31 October 2013
• Working Group Charter-31 October 2013 (PDF)
• Working Group Initial Report-5 May 2015 (PDF)
  • Public Comment Period-5 May 2015-7 July 2015

References