Draft Comments on Proxy Services

[Marc Schneiders]

Kathy, you argue very much from a freedom of speech approach. Why not
from a privacy approach? Why on earth should anybody be able to find
out who is the owner of a car with license plate ZS-06-LK in Holland?
That is my car. It can do much more harm than a domain. Still, if you
want to find out, that it is my car, you have to go through legal
loopholes. The burden of proof is upon those who want a thick,
obligatory, whois, not on those who want it tuned down to minimal and
voluntary data.

In Europe this is sort of normal. Any company that wants your data has
to ask for your permission (in writing) to store them in a database.
And it cannot share it with anyone else.

Am I wrong that registrars are still entitled (or even obliged) to
sell my whois data to third parties? Why? Who is the owner of my data?
I can opt out of this bulk selling of my data. But not of making
public that I own a domain. In some (or many I do not know) European
countries you cannot even find out who owns a piece of land, unless
you can establish a legitimate interest in knowing the details. Why
for domains open to all at any time so easily? Ask those who insist on
whois as it is, why, why, why. The burden is upon them. Not us.

 On Mon, 23 Feb 2004, at
11:00 [=GMT-0500], KathrynKL at AOL.COM wrote:

> To All:
> Thanks for all the responses to my questions about pen names and proxy domain
> name registration services.  Your input was very helpful.
>
> Below is a draft I have prepared for NCUC's response to questions #3 about
> proxy services.  In researching these questions, I found that there is really no
> anonymity and very little privacy protection from these proxy services --
> they will quickly hand over the domain name registrant's data if the company
> asking is big enough, and for any law enforcement request (with or without due
> process).  I have used a few examples -- if you have any more please let me know.
>
> Please take a look, and let me know if you have changes or corrections.  We
> should submit these by Wednesday.  Thanks, Kathy
> ******************************************************************************
> *************
> TF2 Questions to All Constituencies
> Noncommercial Users Constituancy Comments on
> Question 3 Re: “Anonymous Domain Name Registrations.”
>
> Preface:
> The Noncommercial Constituency believes that the right to anonymous
> communication – on the Internet and elsewhere – is a fundamental human right.   For
> countries that value democracy, anonymity is often the way that a political
> minority publishes its dissenting or minority opinions that argue for a change of
> government official and their policies.  The Internet has become a major voice
> for those who engage in political dialog.
>
> For countries that do not value democracy, the need for anonymity is even
> greater.  It is anonymity that protects the human rights groups and their members
> who research and publish about torture, jailed dissidents, corruption,
> bribery, election rigging and other crimes against their people.  The Internet has
> become a major voice for those who trumpet human rights abuses.
>
> For those who value cultural and personal freedom, the need for anonymity is
> great.  Since the beginning of writing, the use of pseudonyms (pen names) has
> allowed writers to publish their candid literary critiques of their societies
> (e.g., Moliere, Voltaire, George Sand, Mark Twain).  It has allowed
> politicians to change their name to more popular variations (e.g., German chancellor
> Willi Brandt, born Herbert Frahm) and actors to assume more pleasing titles
> (e.g., Tom Cruise, born Thomas Cruise Mapother IV and Meg Ryan, born Margaret
> Hyra).  The Internet has become a major voice by which people share their plays,
> stories, ideas, and concerns.
>
> The tradition of anonymity and privacy in other mediums means that online we
> should not be forced to relinquish our names, home addresses, home phone
> numbers and personal email as a “cost” of posting our expression.
>
> The TF2 Questionnaire asked:
>
> A. Please comment on any mechanisms that you are aware of to allow anonymous
> domain registrations, or to limit the amount of contact data made publicly
> available through Whois? Please also comment on the conditions under which the
> registrant's anonymity is lifted when these services are used.
>
>     Overview:  The Noncommercial Constituency is aware of no mechanisms that
> allow (and maintain) anonymous domain registrations.  We are aware of a few
> services that limit the amount of contact data provided publicly through the
> WHOIS database, but submit that these groups provide little true privacy or
> protection.
>
>     Discussion: Because it is the stated requirement of ICANN that Registrars
> must collect and provide public access to domain name registrant data,
> including name, address, phone, fax and email.  (Registrar Accreditation Agreement
> Section II (F)), the vast majority of ICANN Registrars do so without providing
> options for privacy or anonymity.  There are a few companies that offer some
> level of privacy protection, but their efforts, to the best of our knowledge do
> not rise anywhere close to anonymity protection for protected noncommercial
> and commercial speakers.
>
>     The companies we know that provide a level of privacy in domain name
> registration offer a “proxy” service.   For an additional fee, the “proxy provider
> ” will place its own information in the Registrant, Administrative Contact,
> and Technical Contact fields.  Unfortunately, we have found that these services
> offer minimal privacy protection, but in some cases great exposure.
>         `
> 1.      Companies that Offer Domain Name Registration Services; Conditions
> Under Which Anonymity is Lifted
>
>     The best-known company today offering domain name proxy services is
> ICANN-Accredited registrar Go Daddy based in the United States.  Marketing its
> privacy service under the business name “Domains by Proxy,” Go Daddy urges:  “
> Make your domain registration private! Protect yourself from spam, scams, prying
> eyes and worse.”  For an extra fee of $12 a year (currently marked down to $9
> a year), Domains by Proxy will enter its name and contact information in the
> WHOIS data, and the domain name registrant believes he/she/it is purchasing
> privacy protection.
>
>     At the outset, there is clearly no protection for anonymous speech in the
> Domains by Proxy registration because anonymity means that the speaker does
> not have to disclose his/her/its identity.  Domains By Proxy, however, makes
> clear in its Agreement that the Registrant must provide his/her/its full name,
> address, email, phone and fax numbers to Go Daddy as a condition of
> registration -- subject to loss of the domain.
>
>        “In exchange for DBP [Domains By Proxy] becoming the Registrant of
> each    domain name registration on Your behalf, DBP shall keep Your name, postal
>     address, phone and fax numbers confidential, subject to Section 4 of this
>     Agreement.”
>        Domain Name Proxy Agreement (DNPA), Section 1.
> www.domainsbyproxy.com/popup/DomainNameProxyAgreement.htm#gd
>
>     Further, the Domains by Proxy agreement clearly gives Go Daddy the
> ability to fully disclosure a registrant’s personal data without notice to the
> Registrant, without an opportunity to challenge the disclosure with Go Daddy or
> challenge the subpoena in court, and in situations without definitive proof of
> wrongdoing or illegality.
>
>     According to its Agreement, Go Daddy gives itself “the absolute right and
> power, in its sole discretion and without any liability to You whatsoever” to
> “close Your Account” and “reveal Your name and personal information” for
> numerous reasons, including:
>     –   “requests from law enforcement (with or seemingly without due
> process) and
>
>        - “if the domain name DBP registers on Your behalf violates or
> infringes a third       party’s trademark, trade name or other legal rights” (with
> or seemingly             without any legal decision).  DNPA, Section 4.
>
>     History bears out Go Daddy’s commitment to the terms of its Agreement.
> In April 2003, Go Daddy disclosed the personal information of Re-Code.com on
> the demand of Wal-Mart, without a court order and without prior notice to the
> Registrant.  Wendy Seltzer, Staff Attorney with the Electronic Frontier
> Foundation, reported with shock the disclosure in her blog:
>
>        “On April 10th, Re-Code [registrant] was informed that their anonymity
> service     agreement had been terminated by Domains by Proxy – on the mere
> allegation    of unlawful activity.  Unfortunately, that means the anonymizing
> service fails just   when it’s needed most.  It fails to protect unpopular
> speakers from the chilling      effect of threats.  We still need anonymous
> domain name registration for those    cases.”
>
>
>     2.      Other Services Offer Even Greater Exposure for Domain Name
> Registrants
>
>     Yet, Domains by Proxy may be the best example of proxy services that we
> have.  Go Daddy is a well-respected company, and we expect it would honor
> requests for transfer and renewals by its Domains by Proxy customers.
>
>     Unfortunately, the deep need for privacy and anonymity in domain
> registration is driving human rights organizations and others into the hands of much
> less scrupulous businesses. These third companies are not ICANN-accredited
> registrars, but contract with Registrars for domain names on behalf of their
> customers.
>
>     Those registering domain names under our current system are at great
> risk.  Because in this “proxy” model, the third-party company (“private proxy
> provider”) places its name is in the WHOIS information on behalf of the
> Registrant.  If the Registrant wants to renew the domain name or transfer it to another
> Registrar or registration company, it is completely at the will of the
> private proxy provider.
>
>     Last year in the US, this type of situation turned into disaster for
> thousands of domain name holders working with third-party proxy company that went
> bankrupt.  The Registrants, mostly individuals, small organizations and small
> businesses seeking to keep their home information out of the global databases,
> lost all ability to control their domain names.  They could not renew or
> transfer them because the proxy company failed to respond.  Hundreds of complaints
> went to the state Attorney General’s office.  Dozens of domain names (if not
> more) were lost, together with their websites, listservs and the array of
> noncommercial and commercial expression that the registrant offered.  The
> situation caused a tremendous amount of hardship, lost expression, and lost
> businesses.  It is not the price that an organization or individual should have to pay
> for privacy and anonymity.
>
>     Conclusion:
>
>     Privacy is a right, not a privilege.  The NCUC submits that, to the
> extent allowed by local law, ICANN-Accredited Registrars and thick Registries
> should be allowed and encouraged to offer privacy and anonymity as a regular
> feature of the domain name registration process.   To be consistent with the
> protections of human rights, freedom of expression and due process, these privacy and
> anonymity protections should be real -- not subject to the limitations of
> fine print or the intimidation of a large company.
>