Jump to content

Domain Privacy: Difference between revisions

From ICANNWiki
Dustin Loup (talk | contribs)
No edit summary
Dustin Loup (talk | contribs)
No edit summary
Line 1: Line 1:
Domain Privacy is a service provided [[registrars]] that prevents registrants' information from being listed in the [[WHOIS]] database. Registrars most commonly provide anonymity to the registrant by registering domains by proxy, listing the companies details in the WHOIS and providing a forwarding service.   
Domain Privacy is a service provided by [[registrars]] that prevents registrants' information from being listed in the [[WHOIS]] database. Registrars most commonly provide anonymity to the registrant by registering domains by proxy, listing the companies details in the WHOIS and providing a forwarding service.   


ICANN requires that each registered domain provides identifying and contact information, including name, address, email, phone numbers and administrative and technical contents.<ref>[http://whois.icann.org/en/about-whois About WHOIS]</ref>Proxy services enable registrants' to meet this requirement and maintain anonymity.  
ICANN requires that each registered domain provides contact information, including name, address, email, phone numbers and administrative and technical contents.<ref>[http://whois.icann.org/en/about-whois About WHOIS]</ref>Proxy services enable registrants' to meet this requirement and maintain anonymity.  
 
==ICANN Requirements==
Up until the 2013, privacy and proxy services fell outside the scope of the [[Registrar Accreditation Agreement|Registry Accreditation Agreements]] (RAA). 
 
The 2013 RAA requires that privacy and proxy service providers:
*Disclose service term (including pricing), on its website and abide by such terms;
*Publish an abuse/infringement point of contact;
*Disclose the business contact information on its website and/or registrar's website;
*Publish and abide by terms of service and description of procedures on its website and/or registrar's website, such as handling of abuse or trademark infringement reports, communication handling, conditions of ending service, Whois data publication conditions, and access to support services.<ref>[https://www.icann.org/resources/pages/privacy-proxy-registration-2013-03-22-en About Privacy/Proxy Registration Service]</ref>


==Origin of Private Domain Services==
==Origin of Private Domain Services==
Line 19: Line 10:
While these uses range between ethical and unethical, they reflect the changed internet landscape that led to a demand for privacy/proxy services. Registering a domain by proxy prevents registrants' information from being easily accessible to the public.
While these uses range between ethical and unethical, they reflect the changed internet landscape that led to a demand for privacy/proxy services. Registering a domain by proxy prevents registrants' information from being easily accessible to the public.


==Proposed Policy==
==ICANN Policy==
Privacy and proxy services began became a focal point for policy makers in the October 2011 when ICANN and the registrars stakeholder group began negotiations for the 2013 RAA.<ref>[http://gnso.icann.org/en/group-activities/active/ppsa PDP Privacy & Proxy Services Accreditation Issues Working Group]</ref> This was the first RAA to address the issue of privacy and proxy services. The ICANN Board approved the 2013 RAA on 27 June 2013, establishing interim requirements for registrars providing this service to be put in place until a formal accreditation process is developed.<ref>[https://www.icann.org/resources/board-material/resolutions-2013-06-27-en#2.b.rationale Board Resolutions 2013-06-27]</ref>
===Current Policy===
The 2013 [[RAA]] became the first to address the issue of Domain Privacy, when the ICANN Board approved it on 27 June 2013. Th Board was committed to having the new RAA in place prior to the delegation of gTLDs in the [[New gTLD Program]], leaving several issues unresolved, including those relating to Proxy and Private Registrations.<ref>[https://www.icann.org/resources/board-material/resolutions-2013-06-27-en#2.b Board Resolution 27 June 2013]</ref>
 
The Board adopted interim protections to be put in place until a formal policy could be implemented. These protections placed the following requirements on providers of privacy/proxy services:
*Disclose service terms (including pricing), on its website and abide by such terms;
*Publish an abuse/infringement point of contact;
*Disclose the business contact information on its website and/or registrar's website;
*Publish and abide by terms of service and description of procedures on its website and/or registrar's website, such as handling of abuse or trademark infringement reports, communication handling, conditions of ending service, Whois data publication conditions, and access to support services.<ref>[https://www.icann.org/resources/pages/privacy-proxy-registration-2013-03-22-en About Privacy/Proxy Registration Service]</ref>
===Proposed Policy===
Privacy and proxy services started becoming a focal point for policy makers in the October 2011 when ICANN and the registrars stakeholder group began negotiations for the 2013 RAA.<ref>[http://gnso.icann.org/en/group-activities/active/ppsa PDP Privacy & Proxy Services Accreditation Issues Working Group]</ref> In anticipation of being unable to deal with all of the issues facing the new RAA prior adopting it, the Board requested an Issue Report from the GNSO. The report preemptively evaluated proposed RAA amendments, identifying those suited for a [[Policy Development Process]] (PDP), in the case that the finalized RAA fails to address them. <ref>[http://gnso.icann.org/en/issues/raa/prelim-issue-report-raa-amendments-12dec11-en.pdf Preliminary GNSO Issue Report on the Registrar Accreditation Agreement Amendments]</ref> Following the Board's approval of the 2013 RAA, the issue of proxy/privacy services remained the only remaining issue suitable for a PDP. The GNSO followed by establishing the PDP Privacy & Proxy Services Accreditation Issues Working Group. The unresolved issue became a high priority issue as the Board and the GAC began to express urgency.


===Privacy & Proxy Services Accreditation Issues Working Group===
The board expressed this urgency at ICANN 42 in Dakar:  
The GNSO established the Privacy & Proxy Services Accreditation Issues Working Group, in response to the ICANN Board's request for an Issue Report, to be developed into a GNSO [[Policy Development Process]] (PDP) following the approval of the 2013 RAA. The board expressed urgency for this issue at ICANN 42 in Dakar:  
<blockquote>"The Board wishes to convey its sense of urgency on this issue. Law enforcement agencies and a GNSO working group have developed a list of specific recommendations for amending the RAA to provide greater protections for registrants and reduce abuses. Yet no action has been taken on these recommendations. The Board requires action. Direct negotiations between the contracted parties is seen as a way to rapidly develop a set of amendments for consideration."<ref>[https://www.icann.org/resources/board-material/resolutions-2011-10-28-en Board Resolution 2011-10-28]</ref></blockquote>
<blockquote>"The Board wishes to convey its sense of urgency on this issue. Law enforcement agencies and a GNSO working group have developed a list of specific recommendations for amending the RAA to provide greater protections for registrants and reduce abuses. Yet no action has been taken on these recommendations. The Board requires action. Direct negotiations between the contracted parties is seen as a way to rapidly develop a set of amendments for consideration."<ref>[https://www.icann.org/resources/board-material/resolutions-2011-10-28-en Board Resolution 2011-10-28]</ref></blockquote>
The Board was referring to a set of recommendations developed and proposed by law enforcement agencies from [[GAC]] members, including: Australian Federal Police; Department of Justice (US); Federal Bureau of Investigation (US); New Zealand Police; Royal Canadian Mounted Police; and Serious Organized Crime Agency (UK).


Among these were recommendations concerning [[WHOIS]] data. Law Enforcement stated that it does not condone any use of proxy/private registration, citing the requirement for "accurate, detailed, and public" WHOIS information for all gTLDs stipulated in the 2009 Affirmation of Commitments. In lieu of placing a ban proxy/private registrations, Law Enforcement urged ICANN to adopt an amendment that set the following requirements:
The recommendations referred to date back to October 2009 at ICANN 36 in Seoul and were developed and proposed by law enforcement agencies from [[GAC]] members, including: Australian Federal Police; Department of Justice (US); Federal Bureau of Investigation (US); New Zealand Police; Royal Canadian Mounted Police; and Serious Organized Crime Agency (UK).  
#Registrars are to accept proxy/privacy registrations only from ICANN accredited Proxy Registration Services.
 
#Registrants using privacy/proxy registration services will have authentic WHOIS information immediately published by the Registrar when registrant is found to be violating terms of service, including but not limited to the use of false data, fraudulent use, spamming and/or criminal activity.<ref>[http://gnso.icann.org/en/issues/raa/raa-improvements-proposal-final-report-18oct10-en.pdf RAA Improvements Proposal Final Report]</ref>
Law Enforcement stated that it does not condone any use of proxy/private registration, citing the 2009 Affirmation of Commitments, which requires "accurate, detailed, and public" WHOIS information for all gTLDs. In lieu of placing an absolute ban proxy/private registrations, Law Enforcement urged ICANN to adopt the following requirements:
# The proxy/privacy registrant is a private individual using the domain name for noncommercial purposes only
# The proxy/privacy registration service has been accredited by ICANN using the same due diligence process as a Registrar/Registry
# Information from the WHOIS database can be provided to law enforcement authorities when the information will assist in the prevention, detection, investigation prosecution or punishment of criminal offences or breaches of laws imposing penalties, or when authorised or required by law.
 
This set of recommendations
 


'''Timeline'''
'''Timeline'''

Revision as of 17:54, 11 September 2015

Domain Privacy is a service provided by registrars that prevents registrants' information from being listed in the WHOIS database. Registrars most commonly provide anonymity to the registrant by registering domains by proxy, listing the companies details in the WHOIS and providing a forwarding service.

ICANN requires that each registered domain provides contact information, including name, address, email, phone numbers and administrative and technical contents.[1]Proxy services enable registrants' to meet this requirement and maintain anonymity.

Origin of Private Domain Services[edit | edit source]

The public WHOIS database was created in the early 1980s, before ARPANET had become the internet we know today. It was originally intended to be used as a directory service for resolving technical issues with ARPANET.[2] While the primary use of WHOIS has shifted to become commercial in nature, the protocols have remained relatively unchanged.[3]

When the internet gained popularity, WHOIS became a service used by law enforcement, companies seeking to protect intellectual property and individuals trying to contact registrants with interest in purchasing their domains. While these uses may seem reasonable, the database also attracts data miners, that use the listed information for unethical, or even illegal purposes.[4]

While these uses range between ethical and unethical, they reflect the changed internet landscape that led to a demand for privacy/proxy services. Registering a domain by proxy prevents registrants' information from being easily accessible to the public.

ICANN Policy[edit | edit source]

Current Policy[edit | edit source]

The 2013 RAA became the first to address the issue of Domain Privacy, when the ICANN Board approved it on 27 June 2013. Th Board was committed to having the new RAA in place prior to the delegation of gTLDs in the New gTLD Program, leaving several issues unresolved, including those relating to Proxy and Private Registrations.[5]

The Board adopted interim protections to be put in place until a formal policy could be implemented. These protections placed the following requirements on providers of privacy/proxy services:

  • Disclose service terms (including pricing), on its website and abide by such terms;
  • Publish an abuse/infringement point of contact;
  • Disclose the business contact information on its website and/or registrar's website;
  • Publish and abide by terms of service and description of procedures on its website and/or registrar's website, such as handling of abuse or trademark infringement reports, communication handling, conditions of ending service, Whois data publication conditions, and access to support services.[6]

Proposed Policy[edit | edit source]

Privacy and proxy services started becoming a focal point for policy makers in the October 2011 when ICANN and the registrars stakeholder group began negotiations for the 2013 RAA.[7] In anticipation of being unable to deal with all of the issues facing the new RAA prior adopting it, the Board requested an Issue Report from the GNSO. The report preemptively evaluated proposed RAA amendments, identifying those suited for a Policy Development Process (PDP), in the case that the finalized RAA fails to address them. [8] Following the Board's approval of the 2013 RAA, the issue of proxy/privacy services remained the only remaining issue suitable for a PDP. The GNSO followed by establishing the PDP Privacy & Proxy Services Accreditation Issues Working Group. The unresolved issue became a high priority issue as the Board and the GAC began to express urgency.

The board expressed this urgency at ICANN 42 in Dakar:

"The Board wishes to convey its sense of urgency on this issue. Law enforcement agencies and a GNSO working group have developed a list of specific recommendations for amending the RAA to provide greater protections for registrants and reduce abuses. Yet no action has been taken on these recommendations. The Board requires action. Direct negotiations between the contracted parties is seen as a way to rapidly develop a set of amendments for consideration."[9]

The recommendations referred to date back to October 2009 at ICANN 36 in Seoul and were developed and proposed by law enforcement agencies from GAC members, including: Australian Federal Police; Department of Justice (US); Federal Bureau of Investigation (US); New Zealand Police; Royal Canadian Mounted Police; and Serious Organized Crime Agency (UK).

Law Enforcement stated that it does not condone any use of proxy/private registration, citing the 2009 Affirmation of Commitments, which requires "accurate, detailed, and public" WHOIS information for all gTLDs. In lieu of placing an absolute ban proxy/private registrations, Law Enforcement urged ICANN to adopt the following requirements:

  1. The proxy/privacy registrant is a private individual using the domain name for noncommercial purposes only
  2. The proxy/privacy registration service has been accredited by ICANN using the same due diligence process as a Registrar/Registry
  3. Information from the WHOIS database can be provided to law enforcement authorities when the information will assist in the prevention, detection, investigation prosecution or punishment of criminal offences or breaches of laws imposing penalties, or when authorised or required by law.

This set of recommendations


Timeline

  • Preliminary Issue Report submitted-12 December 2011(PDF)
  • Final Issue Report-6 March 2012
  • GNSO Resolution on the Initiation of the PDP-31 October 2013
  • Working Group Charter-31 October 2013 (PDF)
  • Working Group Initial Report-5 May 2015 (PDF)
    • Public Comment Period-5 May 2015-7 July 2015

References[edit | edit source]