Will the Next Threat to Consumer Privacy Target the WHOIS Protocol?
Whether it's supporting net neutrality rules or reforming the Electronic Communications Privacy Act (ECPA), Internet companies should be passionately devoting themselves to making the web a safer, more welcoming place. That's why two points in a proposal before the Internet Corporation for Assigned Names and Numbers (“ICANN”) -- that threatens to affect privacy services for domain registrants -- are cause for concern.
There is an immediacy to that concern. ICANN, which coordinates the names and operation of the Internet, is accepting interested parties' comments until July 7, ahead of its decision later this year. Comments may be emailed to: firstname.lastname@example.org.
The first controversial point would prohibit privacy services for domains broadly classified as being for "commercial use"; these domain owners would lose their ability to purchase privacy "proxy" services.
The second point would require privacy providers to disclose personal information about domain owners to third parties alleging intellectual property infringement. Complaining parties would not be required to provide any verifiable evidence of such infringement.
These troubling plans are being discussed as part of a new accreditation program ICANN is developing for WHOIS privacy service providers. WHOIS, standardized in the 1980s, is a protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system. Although searches to look up domains, people and resources related to domain registration were once permissive, they have since been limited, with the rise of the commercialized internet.
Endurance, which provides web presence solutions to small business customers, supports the creation of an accreditation program that would establish minimum standards of conduct for the industry. Such a program would also provide consistency across the industry for consumers and other third parties that interact with WHOIS privacy service providers.
These minimum standards and best practices would support both the rights of registrants and of third parties that need to contact them. An accreditation program would strengthen the industry and provide consumers with a more uniform experience across all privacy providers.
Protecting WHOIS privacy services is a part of this effort and a critically important consumer privacy option that should be available to all domain registrants, regardless of the type of website they operate.
If you register a domain name, your personal information is currently published in the WHOIS database, which is publicly available. Opting to use WHOIS privacy services protects your personal information, such as your home address, telephone number and email, from public disclosure.
However, excluding a broad category of domains designated as being for "commercial use" (defined as the sale or exchange of goods or services) would have a devastating impact on users and set a dangerous precedence that would chip away at the few remaining pieces of consumer privacy online.
Many small business websites are operated by individuals from their homes. For example, a personal blog that sells a few homemade products online would fall under the “commercial use” category and be ineligible for privacy protection. Privacy services keep your personal information private, help protect against identity theft and even help protect a business owner's personal safety.
Whether you run a personal blog, sell flowers online or run a community nonprofit, you should have the option to purchase privacy services that protect your personal information. Overall, the ability for all consumers to purchase privacy services must be protected.
The accreditation program also proposes minimum standards relating to how privacy providers process and respond to intellectual property infringement complaints. We support the rights of intellectual property holders, but those rights need to be balanced against privacy rights.
Allegations alone are an insufficient standard to use to require the disclosure of private personal information. We believe that any minimum standard should require verifiable evidence of wrongdoing before a privacy provider has to disclose a registrant’s private personal information to a third party.
We believe that business owners have a responsibility to help make the web a better, safer place for all consumers, but not at the expense of consumer privacy. We support the creation of an accreditation program for privacy service providers but do not support a program that prohibits certain users from protecting their personal information, identity and personal safety. We don't support a program that requires privacy providers to disclose private information without verifiable evidence of a registrant’s wrongdoing.
If you share our concerns and want to learn more, please visit SaveDomainPrivacy.org. You can find out how to submit your comments and concerns directly to ICANN, or sign a petition to support the protection of your private information.