Domain Owners Lose Privacy - Wired.com

By Kim Zetter

02:00 AM Mar. 04, 2005 PT

The U.S. Commerce Department has ordered companies that administer internet addresses to stop allowing customers to register .us domain names anonymously using proxy services.

The move does not affect owners of .com and .net domains. But it means website owners with .us domains will no longer be able to shield their name and contact information from public eyes.

The Electronic Privacy Information Center said the move violates First Amendment rights to anonymous free speech. And the representative of one of the largest domain-registration companies is concerned that customers who have been victims of stalkers won't be able to protect their privacy without changing their web address to a domain that offers anonymity.

Wired News has learned that the edict came a month ago from the National Telecommunications and Information Administration, the Commerce Department agency that advises the president on telecommunications and information policy. The agency ruled with no warning and without any discussion with the companies accredited to sell and register .us domains. The domain companies were told they would lose their right to sell .us domains -- the official, top-level domain for the United States -- if they didn't comply.

The NTIA did not return a call for comment. But it told registrars it was not setting a new policy with the directive -- it was simply enforcing a provision in a pre-existing contract that the registrars had violated. But Christine Jones, general counsel for Go Daddy, the largest registrar of .us domains, disputed this.

"This has nothing to do with them clarifying an existing contract," Jones said. "We've been selling proxy registrations for three years; they knew it but never said anything against it. They established a new policy, and for them to say otherwise is pure crap." The .us domain has been around since 1985. For nearly 20 years, it was used exclusively by schools and libraries, as well as state and federal government offices. But in April 2002, it was opened to the public for use -- with the stipulation that domain owners either be U.S. citizens or have a business in this country or some other direct connection to the country.

On Feb. 2, the NTIA sent a letter to NeuStar, the company responsible for administering the .us domain and for accrediting companies that sell the domain addresses.

The letter, obtained by Wired News, called on NeuStar to notify such domain registrars as Network Solutions, eNom and Go Daddy that they should cease allowing proxy registration for .us domains by Feb. 16.

The letter also called on registrars to correct existing proxy registration information -- including name, phone number and postal and e-mail addresses -- from .us customers and update the public Whois database for those domains by Jan. 26, 2006.

The law requires that registrars deposit the name and contact information for domains in the Whois database. But a handful of the 80-plus accredited companies that register .us domains offer a proxy service, for a small fee, that lets owners conceal their true contact information from the Whois database. Of the 300,000 .us domains that Go Daddy has registered, 23,000 are proxies.

The NTIA directive applied only to .us domains, because the NTIA doesn't set policy for other domain names, such as .com and .net. In the letter it sent to NeuStar, the NTIA said its move was intended to increase the accuracy and reliability of Whois information for the public and for "law enforcement officials who rely on the information." It would also allow the NTIA to contact website owners if their domain registrar goes out of business and to transfer their domain to another registrar.

But Go Daddy's Jones said the NTIA's edict would not ensure that registration information was accurate, because those who really want to conceal their identity or true contact information would provide fake information -- even if it violated the terms of agreement for purchasing a .us domain.

She also said nothing about proxy registration currently prevents law enforcement from getting the information it needs. Registrars place the true contact information for domain owners in an escrow account, which law enforcement officials can obtain with a subpoena.

It's possible legal action could prevent the NTIA and Department of Commerce from having their way -- privacy advocates say the directive violates First Amendment rights to anonymous free speech.

Marc Rotenberg, executive director of EPIC, said the Supreme Court has ruled on at least four occasions that the right to speak anonymously is protected by the First Amendment. He believes this allows individuals the right to express themselves on the internet without having to reveal their identity.

"The government simply may not require people who wish to speak to present their actual name as a condition of speaking," Rotenberg said. "This tradition of anonymity is deeply rooted in constitutional history, and it is very troubling when the U.S. government attempts to impose true-name disclosure requirements on people who are simply seeking to speak online."

Jeffrey Neuman, director of law and policy for NeuStar, said the Commerce Department was within its rights to eliminate proxy services because it is responsible for setting all rules governing .us domains. He added that only a small number of people use proxy services and would be affected by the ruling.

Neuman said he didn't know why the government had not objected to anonymous registrations before now. But he said the department discovered earlier this year that registrars were offering anonymous services that were not in compliance with its Whois policy requiring registrars to provide accurate contact information about domain owners. Therefore, the department ruled it should stop.

"The NTIA is saying this is not a new policy," Neuman said. "They never approved the offering of proxy domains, and they're simply enforcing an already existing policy."

But Go Daddy's Jones said NeuStar and the government knew anonymous proxy registration had been offered since the company began selling .us domains three years ago. She said NeuStar had asked Go Daddy at the time how it intended to verify that proxy registrants had the right to own a .us domain. "The old provision said you had to have accurate contact data, and we've always had accurate contact data," Jones said. "They've changed it and expanded it to now say there can be no proxy registrations. It's brand-new language. So for them to say this is not a new policy is absolutely not true."

© Copyright 2005, Lycos, Inc. All Rights Reserved.

Go Daddy slams US on domain privacy - Computer Business Review Online

Go Daddy Software Inc, the second-largest domain name registrar in the US, this week slammed the US Department of Commerce for "trampling the right to privacy" by closing down anonymous registrations in the .us domain.

4 Mar 2005, 10:33 GMT - The DoC's National Information and Telecommunications Administration, which has responsibility over .us, has given companies that sell .us domains until today to shut down any "private registration" services they may have.

NTIA instructed NeuStar Inc, which is the contractor that runs .us, to inform companies including Go Daddy that private registrations services are, and always have been "inconsistent with registrars' obligations" under the contracts.

"Here we have a situation where we have a bureaucrat... who arbitrarily made a decision that will violate the privacy of thousands of law abiding Americans," Go Daddy CEO Bob Parsons wrote on his web site earlier this week.

Parsons is calling for a letter-writing campaign, and says he already has some law enforcement officials and members of the House and Senate who agree with him.

Registering a domain name in most of the popular domains has always meant handing over your name, address, telephone number and email address to be included in a publicly searchable database known as Whois.

In recent years, registrars including Go Daddy and Network Solutions Inc have introduced "proxy" services, where the registrar keeps your contact data on file, but submits its own corporate details to Whois instead.

Parsons said Go Daddy introduced its Domains By Proxy service after hearing from a "terrified" female customer who said she had been stalked by a man and was afraid he would be able to find her using a Whois lookup.

Whois is also used by law enforcement, in the rare cases where criminals with web sites provide their true contact information when registering their domain, and by corporate lawyers who want to send threatening letters to web site owners.

The NTIA said in a letter to NeuStar that an accurate Whois database for .us domains "provides an assurance of accuracy to the American public and to law enforcement officials who rely upon this information".

"All registrant data is the property of the US government, and as such must be correct, current and complete," the NTIA said in a letter signed by Joseph Watson, associate administrator at the NTIA.

Jeffrey Neuman, director of law and policy at NeuStar, said that NeuStar is simply enforcing NTIA policy and its own registrar accreditation agreements, and that the decision was made by NTIA, not NeuStar.

"Our position on .us is enforcing our contracts," he said. "We don't have a position on proxy services." NeuStar sent a letter to registrars last month saying the NTIA "directed NeuStar to phase out the offering of such services".

Companies including Go Daddy will no longer be permitted to offer proxy services in .us as of today, but will get until January 26 2006 to phase out all their existing anonymous registration customers, the NeuStar letter said.

Neuman said that one of the bad things about proxy services is that if a proxy-offering registrar was to go out of business or somehow lose all its registrant data, the registry would have no records of who owns what domain.

NTIA has nominal control over all of the internet's domains, but Neuman noted that this decision affects the .us domain only. Go Daddy, NSI and others can continue to offer proxy registrations in .com, .net and other domains.

But Parsons is not so sure. He wrote: "I assure you, .us is just the first battlefield, it's the test to see if we will allow our privacy to be taken away. If we allow this to happen, the next step is to take away our right to privacy for .com and other top-level domain names. And then, if we lose this privacy, who knows what's next to go."

Neuman, who is on the Whois reform task force at the Internet Corp for Assigned Names and Numbers, disagrees. "I can say with confidence that what is happening in .us is not what is going to happen in .com," he said.

Parsons said he and his lawyers had been to Washington DC to argue Go Daddy's case, but were stonewalled. "Those affected by this decision were afforded no opportunity to provide commentary as to what effect or hardship it might have upon them," he said.

While Go Daddy's proxy service makes it impossible to get a hold of somebody's Whois data via a simple lookup, it is not completely anonymous. Law enforcement and lawyers can still get hold of contact data, but they have to ask Go Daddy directly.

© 2005 Computer Business Review Online

Ruling on '.us' Domain Raises Privacy Issues - washingtonpost.com

By David McGuire
washingtonpost.com Staff Writer
Friday, March 4, 2005; 4:26 PM

People who own Internet addresses ending in ".us" will no longer be allowed to keep their personal contact information private, a move that has drawn objections from some consumer advocates and from companies that sell third-party Web registrations.

The decision, issued by the Commerce Department in February, bans the practice whereby Web site operators pay a "proxy" company to register an Internet address for them. Instead, people who own .us addresses must provide their phone numbers and street addresses for listing in publicly searchable databases by January 2006 or lose their registrations.

Each country has its own two-letter domain -- like .uk in England, .de in Germany or .tv in Tuvalu -- and sets the policies for registration. The United States restricted .us registrations to city and state governments and other official entities until 2002, when it opened the domain to all U.S. citizens and businesses.

The federal agency that oversees the domain maintains that the decision, handed down in February, is not a change, but simply a clarification of its existing policies. "The U.S. Department of Commerce has never authorized or permitted the offering of proxy or anonymous domain-registration services in the .us addressing space," National Telecommunications and Information Administration spokesman Clyde Ensslin said in a prepared statement. But opponents say the decision is a step backward in the fight to preserve the privacy rights of Internet users.

"This is a very disappointing development for consumers and for privacy," said Alan Davidson, associate director of the Center for Democracy and Technology, a Washington-based advocacy group. "Proxy registrations have been viewed as a sensible market-based solution to allow people to keep their privacy, but still gives law enforcement what they need. One would hope that the United States would be leading the way with the best practices in this area, but instead the U.S. government is continuing to ignore the privacy interests of registrants."

"We've always believed that that [proxies are] important in order to protect the privacy of free speech," said Lee Tien, senior staff attorney for the Electronic Frontier Foundation. "Being able to speak through a proxy, particularly if you're a human-rights dissident in a third-world country, can mean the difference between life and death. For .us it may not be as important, but it sets a bad precedent for Internet speech all around."

Bob Parsons, president of Scottsdale, Ariz.-based registrar GoDaddy, said his biggest fear is that the new rule will be viewed as a test case for similar policies in more popular domains like .com and .net, which account for nearly 40 million Web addresses registered worldwide. There are approximately 900,000 .us addresses.

The Internet Corporation for Assigned Names and Numbers -- the nonprofit body responsible for worldwide generic domains like .com, .net and .org -- has been debating a change to public-listing rules for several years. General counsel John Jeffrey said ICANN takes no official position on the .us policy change, and had no comment on whether a similar ruling could be forthcoming on generic domains.

NTIA has always required that .us registrants submit accurate contact information. Government investigators, intellectual-property owners and attorneys use these searchable collections of registration data -- known as "whois" databases -- to trace the sources of online fraud and copyright infringement. But in recent years, the companies that sell Internet addresses have offered, for an additional fee of about $9 a year, to list their own contact information in the whois database on behalf of customers who seek anonymity.

Network Solutions and GoDaddy said they make customer information available to official parties, but keep it hidden from casual seekers. "It's not intended to be Switzerland. It's just intended to give law-abiding citizens a right to privacy," Parsons said.

GoDaddy has provided proxy services for 23,000 of the 311,000 .us addresses it has sold, according to the company. Network Solutions, based in Herndon, Va., has sold roughly 78,000 .us addresses and acts as a proxy for 2,500 of them, according to chief executive Champ Mitchell.

Mitchell said that although .us addresses are a "minuscule" part of the company's business, Network Solutions will "do everything in its power" to protect the privacy of its hundreds of thousands of proxy customers in all domains.

Neither company would make any of its proxy customers available for immediate comment. Parsons said he has been discussing the policy on his blog at www.bobparsons.com and that some users have e-mailed him expressing fear that their personal data will be made public.

Mitchell and Parsons said they will appeal to the Commerce Department and to Congress to overturn the decision before it takes full effect in January. Although the Commerce Department has allowed .us site operators the rest of the year to supply their names for the whois database, registrars were required to stop selling .us proxy services by Feb. 16. Companies that did not comply must do so by today or risk losing their accreditation to sell .us addresses.

All registrars who were offering the proxy service have agreed to comply, according to Jeff Neuman, NeuStar's director of law and policy. Neither Neuman, who issued the order on behalf of the Commerce Department, nor the NTIA would reveal how many registrars were affected by the decision.

© Copyright 1996-2005 The Washington Post Company

Tell your elected offical how you feel about your right to privacy. It's their job to represent you and your interests.

Take immediate action and join the ranks of those who will stand up for their right to privacy.

View the letters and new agreements issued by the NTIA and NeuStar in order to eliminate privacy on .US domain names. Also see the chronology of how .US private registrations were eliminated.

How .US Privacy Was Eliminated

NTIA Response to Congressional Inquiries

Stories of citizens who absolutely must have Whois privacy:

A Battered & Stalked Woman

A Rape Victim

A Businessman

A Political Activist

An Online Fraud Victim

A Credit Card Theft Victim

A Father Harrassed by Fanatics

The Whistleblower

The At-Home Worker

Why privacy makes the Internet safer. How anonymity hides the bad guys!

Domain Owners Lose Privacy - Wired.com

Go Daddy slams US on domain privacy - Computer Business Review Online

Ruling on '.us' Domain Raises Privacy Issues - washingtonpost.com