Proxy Battle Pits Registrars Against Law Enforcers

The Internet Law Resource Center™ is the complete information solution for practitioners in cyberlaw. Follow the latest developments on ICANN’s gTLD program, keyword advertising, online privacy,...

By Joseph Wright

July 8 — A broad coalition of Internet users, domain name registrars and privacy advocates overwhelmingly support maintaining universal access to proxy domain name registration, while some business interests champion a bid to eliminate anonymity from commercial transacting websites, according to comments filed with ICANN in a comment period ending July 7.

The question is part of an ongoing battle among major stakeholders. On one side are law enforcement agencies and intellectual property interests, each of which wants to make it easier to identify Internet users engaged in misconduct or illegal activities. On the other side are registrars, often acting as or affiliated with proxy service providers, who want to contain costs and avoid what they see as policing content, as well as human rights and privacy advocates who want to preserve anonymous free speech.

The Internet Corporation for Assigned Names and Numbers convened a working group to create an accreditation process for privacy and proxy service providers, who allow domain name registrants to keep their personal contact information out of the publicly available Whois database. The working group submitted an initial report for public comment May 5.

Comment Forum Flooded

Due to lack of consensus within the working group, it sought comment on certain issues including: “Should registrants of domain names associated with commercial activities and which are used for online financial transactions be prohibited from using, or continuing to use, privacy and proxy services?”

The report itself noted several complexities arising from any such proposed rule, such as whether the use of a third-party payment processor such as PayPal would count, and whether groups seeking donations for social and political activities that may or may not qualify for “non-profit” status in their home countries would be covered by such a rule.

A campaign championed by domain name registrars and privacy advocates flooded the comment forum with thousands of nearly identical comments from individuals. The comments stated that everyone deserves privacy rights, personal information shouldn't be revealed absent a court order and privacy is about protection from state corruption rather than hiding wrongdoing. Another similarly themed campaign provided over 500 pages of individualized comments in the form of a user petition as a single comment submission.

Registrars themselves focused on the difficulty of separating distinct uses of websites. Michele Neylon, who heads ICANN's Registrar Stakeholders Group but writing in his capacity as CEO of Blacknight Internet Solutions Ltd., said policing domain name usage would put a “ridiculous” burden on registrars.

“A very large portion of the Internet resides ‘below the surface' i.e. you need to have a username and password to access the content,” Neylon said. “It would be impossible for a service provider to verify domain name usage.”

Intellectual property interests, on the other hand, favor the restriction. Lori Schulman, senior director of Internet policy for the International Trademark Association, said proxy services are designed specifically to hide attribution. “In that sense they are, at their core, the opposite of trademarks: they are not source identifiers but source concealers,” Schulman said. Schulman noted that under both the European Convention on Human Rights and U.S. First Amendment law, commercial speech is not provided the same level of protection as political expression and debate, thus lessening the interest in anonymous speech in the commercial context.

Government Reps Weigh In

At a July 8 hearing on other ICANN issues, Rep. Leonard Lance (R-N.J.) asked Assistant Commerce Secretary Lawrence E. Strickling and ICANN chief executive officer Fadi Chehadé about the status of the proxy proposal. Strickling responded that the proposed changes were narrower than many people had been led to believe but said the issue is a complex one on which the U.S. government has not taken a position. Chehadé agreed regarding the narrowness of the proposal. He also said that no policy will be enacted unless the working group can come to consensus, and cited the active comment period as an example of the fluorishing multistakeholder process.

Rep. Katherine Clark (D-Mass.) said in a July 6 letter to Chehadé that proxy services are important for people and groups at risk for online abuse and harassment. She mentioned the practice of “swatting” recently used against an activist seeking to stop online harassment of women. Using publicly available Whois information, harassers published her name and address in a public forum and then used the information to send a S.W.A.T. team to her house.

“These violent online threats are not only emotionally devastating; they curtail the professional choices of women and limit their full participation in the economy,” Clark said.

Clark said that the extreme complexity of designing a system to distinguish domains worth of privacy protection led her to the conclusion that rejecting a commercial/non-commercial distinction altogether is the only way to adequately safeguard privacy.

Who Pays for Relay?

An additional issue presented in the report is cost allocation for relay of abuse reports from the proxy service to the registrant. In the event of a persistent failure of an e-mail to the registrant, the proxy service may be required to send physical mail notification of the report.

Proxy providers argue that the complaining party should bear the cost of any physical relay because they have already taken the affirmative step of sending a complaint. Copyright and trademark holders argue that the proxy services should bear the cost or pass it along to registrants, who have put themselves in position to take on costs by failing to maintain a working e-mail contact point. Proxy providers, however, say that would drive up costs and limit access to proxy services.

Comments focused on several other issues including:

• whether proxy providers should be required to disclose registrant data without a subpoena or other legal process, including a domain name arbitration proceeding;

• whether a nominal fee for abuse reports would prevent or limit frivolous and harassing reports;

• whether a process should be created to give law enforcement requests priority across jurisdictional boundaries;

• whether registrants should have the option of cancelling domain name registrations rather than having their identities disclosed in the face of a valid abuse complaint; and

• how much time proxy providers and registrants should have to respond to complaints.

 

Need for Accreditation Questioned

Several comments went further, saying proxy service accreditation is a misguided idea that should be abandoned.

Volker Greimann, counsel for Key Systems GmbH, called the idea “a first step towards full registrant accreditation requirements” that would introduce a new set of contracted parties into the ICANN ecosystem, imposing upon service providers an additional financial and administrative burden. Greimann suggested instead a system of registrar-certified providers rather than an accreditation scheme.

Andy Abrams, senior trademark counsel for Google Inc., said Google is skeptical of the group's efforts to reform Whois — a topic it said has engaged the ICANN community for many years with little to show for it. Abrams said the accreditation concept is fundamentally flawed, as it only covers a small subset of truly proxy registrations, those provided by registrar-affiliated proxy services, and would disproportionately affect individuals and small businesses.

“Registrar­provided privacy and proxy services simply offer the general public the same type of privacy that has long been available to corporations and wealthy individuals through arrangements such as shell corporation,” Abrams said.

Several comments also sought clarification as to whether law firms or marketing companies holding domain names on behalf of clients would be subject to accreditation rules.

A final report from the working group is expected in September or October for submission to the Generic Names Supporting Organization Council for consideration at the ICANN October meeting in Dublin. If passed, it would be submitted to ICANN's board for implementation.

To contact the reporter on this story: Joseph Wright in Washington at jwright@bna.com

To contact the editor responsible for this story: Thomas O'Toole at totoole@bna.com