Remember when phone books and the Yellow Pages were relevant and more than just heavy reams of paper moved from the front steps straight to the recycling bin? Although phone books are a remnant of the pre-Google era, the basic phonebook model—a central repository of publicly available contact information—has thrived online as the WHOIS Database. The WHOIS Database, operated by ICANN (a non-profit corporation responsible for Internet Protocol address allocation and Domain Name System management) lists contact information for Internet domain owners. However, just as some people preferred an unlisted phone number, some registrants prefer to shield their contact information when they purchase a domain name. This desire for privacy led to the creation and use of privacy/proxy service providers, which allow customers (domain name registrants) to populate the WHOIS database with the provider’s contact information rather than their own. Now ICANN is considering changes to how those privacy/proxy services are accredited and used. As we outlined in our recently filed comments, some of the changes under consideration could pose serious threats to the privacy of individuals online.
Privacy/proxy services are incredibly popular, used not only by private individuals seeking to protect their online identity, but also by household names, such as presidential candidate Jeb Bush, whose campaign website, Jeb2016.com, is registered through a proxy service. Other websites using proxy services include online newsmagazine The Intercept and the Jackson Women’s Health Organization (the last remaining abortion clinic in the state of Mississippi). It’s easy to understand why privacy/proxy services are so popular and boast a diverse set of customers. The shielding of domain registrant contact information protects domain registrants from possible physical abuse or harm. For example, Randi Harper, activist and founder of the Online Abuse Prevention Initiative, was the victim of “swatting” after someone had law enforcement officers sent to her home. The perpetrator had obtained Harper’s address from the WHOIS record for her domain, as was explained in a recent letter to ICANN from a broad alliance of digital rights groups, anti-harassment initiatives, media advocacy groups, women’s rights organizations, and private individuals.
In addition to protecting against physical harm, the use of a privacy/proxy service allows a speaker to be judged by the message presented rather than the identity of the speaker. Intellectual property owners have expressed concern that the use of privacy/proxy services by domain name registrants will lead to increased online piracy and sale of counterfeit goods. Whatever the justification for unmasking an anonymous speaker, free speech interests demand the preservation of opportunities for anonymous speech. As the U.S. Supreme Court explained, “our society accords greater weight to the value of free speech than to the dangers of its misuse.”
Indeed, established protections for freedom of expression—such as the First Amendment in the United States and international human rights laws around the world—recognize the critical role of anonymous and pseudonymous speech, including anonymous speech online. The Internet is the modern public forum, affording users around the world the opportunity to exchange ideas and access information on a scale never before seen. But the Internet’s role as a global marketplace of ideas will be undermined and online expression will be chilled if speakers are prohibited from engaging in anonymous speech.
For all of these reasons, OTI supports strong protections for anonymous and pseudonymous expression online. That’s why, in response to a recent report published by an ICANN working group on the use of privacy/proxy service providers, we submitted written comments last week. The report discussed issues related to the accreditation of privacy and proxy service providers and included a proposal for how to standardize the rules that govern these services. The report invited public comment on several questions in the proposal, including whether domain names “associated with commercial activities” should be prohibited from using these privacy/proxy services.
Our comments, jointly authored with the Center for Democracy & Technology and Public Knowledge, emphasize that all domain name registrants should have access to privacy/proxy services in order to keep the web open, free, and safe. We argue that all registrants (including those with domains associated with commercial activities) should be allowed to use privacy/proxy services. Stripping some domain registrants of their right to privacy could chill their online free expression and, for some individuals, pose threats to their safety. There are a variety of reasons a registrant may want to keep personal information private, including fear of harassment or retaliation. Others may simply seek the reassurance of privacy to assert an identity online that is at odds with his or her offline identity. In addition, even for registrants who have “nothing to hide,” publication of contact information raises legitimate locational privacy concerns.
Our recommendations to the GNSO Working Group also highlight additional steps ICANN should take to protect domain registrants’ privacy, including establishing fair procedures and a high threshold for revealing customer data.