Domain Privacy

Revision as of 17:54, 11 September 2015 by Dustin Loup (talk | contribs)

Domain Privacy is a service provided by registrars that prevents registrants' information from being listed in the WHOIS database. Registrars most commonly provide anonymity to the registrant by registering domains by proxy, listing the companies details in the WHOIS and providing a forwarding service.

ICANN requires that each registered domain provides contact information, including name, address, email, phone numbers and administrative and technical contents.[1]Proxy services enable registrants' to meet this requirement and maintain anonymity.

Origin of Private Domain Services edit

The public WHOIS database was created in the early 1980s, before ARPANET had become the internet we know today. It was originally intended to be used as a directory service for resolving technical issues with ARPANET.[2] While the primary use of WHOIS has shifted to become commercial in nature, the protocols have remained relatively unchanged.[3]

When the internet gained popularity, WHOIS became a service used by law enforcement, companies seeking to protect intellectual property and individuals trying to contact registrants with interest in purchasing their domains. While these uses may seem reasonable, the database also attracts data miners, that use the listed information for unethical, or even illegal purposes.[4]

While these uses range between ethical and unethical, they reflect the changed internet landscape that led to a demand for privacy/proxy services. Registering a domain by proxy prevents registrants' information from being easily accessible to the public.

ICANN Policy edit

Current Policy edit

The 2013 RAA became the first to address the issue of Domain Privacy, when the ICANN Board approved it on 27 June 2013. Th Board was committed to having the new RAA in place prior to the delegation of gTLDs in the New gTLD Program, leaving several issues unresolved, including those relating to Proxy and Private Registrations.[5]

The Board adopted interim protections to be put in place until a formal policy could be implemented. These protections placed the following requirements on providers of privacy/proxy services:

  • Disclose service terms (including pricing), on its website and abide by such terms;
  • Publish an abuse/infringement point of contact;
  • Disclose the business contact information on its website and/or registrar's website;
  • Publish and abide by terms of service and description of procedures on its website and/or registrar's website, such as handling of abuse or trademark infringement reports, communication handling, conditions of ending service, Whois data publication conditions, and access to support services.[6]

Proposed Policy edit

Privacy and proxy services started becoming a focal point for policy makers in the October 2011 when ICANN and the registrars stakeholder group began negotiations for the 2013 RAA.[7] In anticipation of being unable to deal with all of the issues facing the new RAA prior adopting it, the Board requested an Issue Report from the GNSO. The report preemptively evaluated proposed RAA amendments, identifying those suited for a Policy Development Process (PDP), in the case that the finalized RAA fails to address them. [8] Following the Board's approval of the 2013 RAA, the issue of proxy/privacy services remained the only remaining issue suitable for a PDP. The GNSO followed by establishing the PDP Privacy & Proxy Services Accreditation Issues Working Group. The unresolved issue became a high priority issue as the Board and the GAC began to express urgency.

The board expressed this urgency at ICANN 42 in Dakar:

"The Board wishes to convey its sense of urgency on this issue. Law enforcement agencies and a GNSO working group have developed a list of specific recommendations for amending the RAA to provide greater protections for registrants and reduce abuses. Yet no action has been taken on these recommendations. The Board requires action. Direct negotiations between the contracted parties is seen as a way to rapidly develop a set of amendments for consideration."[9]

The recommendations referred to date back to October 2009 at ICANN 36 in Seoul and were developed and proposed by law enforcement agencies from GAC members, including: Australian Federal Police; Department of Justice (US); Federal Bureau of Investigation (US); New Zealand Police; Royal Canadian Mounted Police; and Serious Organized Crime Agency (UK).

Law Enforcement stated that it does not condone any use of proxy/private registration, citing the 2009 Affirmation of Commitments, which requires "accurate, detailed, and public" WHOIS information for all gTLDs. In lieu of placing an absolute ban proxy/private registrations, Law Enforcement urged ICANN to adopt the following requirements:

  1. The proxy/privacy registrant is a private individual using the domain name for noncommercial purposes only
  2. The proxy/privacy registration service has been accredited by ICANN using the same due diligence process as a Registrar/Registry
  3. Information from the WHOIS database can be provided to law enforcement authorities when the information will assist in the prevention, detection, investigation prosecution or punishment of criminal offences or breaches of laws imposing penalties, or when authorised or required by law.

This set of recommendations


Timeline

  • Preliminary Issue Report submitted-12 December 2011(PDF)
  • Final Issue Report-6 March 2012
  • GNSO Resolution on the Initiation of the PDP-31 October 2013
  • Working Group Charter-31 October 2013 (PDF)
  • Working Group Initial Report-5 May 2015 (PDF)
    • Public Comment Period-5 May 2015-7 July 2015

References edit