Reminder: There is no Whois privacy for .us domain names – Domain Name Wire

Text of the letter:

“Michael D. Gallagher
Assistant Secretary of Commerce for Communications and Information
National Telecommunications and Information Administration
United States Department of Commerce
1401 Constitution Avenue, NW
Washington, D.C. 20230

Dear Mr Gallagher,

We are writing to join other public interest groups and Internet companies in urging the NTIA
to fine-tune a decision that threatens the privacy of Americans who have addresses in the
nation’s sovereign “.us” Internet domain. Although we understand the reasoning behind
NTIA’s decision to ban so-called “proxy” recordings, we are concerned that the decision, which
was made without the possibility of public comment, is too broad and unnecessarily
threatens the privacy of thousands of Americans. We urge the NTIA to adopt a policy that
allows for greater privacy in the .us domain. Left unchanged, the decision, which was
aimed at increasing the accuracy of data on the owners of .us addresses, could have the
opposite effect, because the registrants lie to prevent their identity from being revealed.

Publicly available “whois” databases for Internet domains such as .com, .net and .us are
valuable resources that provide contact information for millions of domain names
registered. Originally designed to allow users to contact a website operator in case
of a technical problem, the databases are now used by law enforcement, consumers
protection agencies and private groups, including intellectual property rights holders.

Before the NTIA made its decision, Internet users who purchased web addresses ending in .us
might pay extra to register them through one of the many proxies, or private
registration service. The proxy services in turn kept these records in their internal files,
replace their customers’ data with their own contact details in the whois
database for the .us domain. All proxy services maintain a policy of
provide the names of their clients to law enforcement working on investigations, and as such
do not provide any sort of shield for criminal activity. Rather, services offer people a
safe and legal way to keep their personal data out of reach of surfers, merchants and
potentially dangerous bullies.

A privately registered domain name is the online equivalent of an unlisted phone number.
Both offer valuable protections to individuals without interfering with the needs of the law.
law enforcement and courts. If the NTIA maintains its ban on proxy recordings in their current form,
we urge the agency to allow some sort of private registration process. The NTIA could
clarify how these services might operate and in what situations they would be required to
disclose customer data, thus fulfilling the need for an open and public whois database,
without compromising customer privacy.

Whois registration requirements raise privacy concerns for individuals. In public
recordings are generally uncontroversial for major commercial recordings, most
domain operators require customers to provide their names, home addresses, home phone
public personal telephone numbers and e-mail addresses in order to register an Internet address.

Proxy or private registrations have been widely recognized as at least a partial solution to
whois privacy issue by a range of stakeholders on the issue. While lots of privacy
defenders have argued that proxy recordings don’t go far enough, they at least have
view them as a useful tool, far preferable to comprehensive public records. 1 Meanwhile, many
copyright holders and others who have generally advocated for more public access to
Whois information has also supported proxy registrations as a way to respond to
some privacy concerns while preserving the access they deem necessary.2

Without such a mechanism to protect their privacy, many more users are
likely to place false information in the Whois database. At a time when we worry
identity theft and online safety, it is unwise to require millions of people registered
to place their home phone numbers, home addresses, and personal email accounts in one
publicly available database that imposes no restrictions on the use of such data.

We believe that a balance can be found on Whois data that protects privacy and allows
reasonable access to data for important public purposes. The interpretation of the rules
that the banned proxy registrations represented a big enough change in .us policy that it
justifies public intervention. We believe the Department of Commerce and American Online
public could greatly benefit from a more thorough review of the decision.
We would be happy to discuss this issue with you in more detail. Do not hesitate to contact me
at (202) 637-9800 or by email at


jerry berman

President, Center for Democracy and Technology

1 See, for example, Tom Cross, DNS WHOIS: Barking Up the Wrong Tree, CIRCLE ID (June 28, 2004), on (“Political speakers on the Internet have a legitimate need to
protect their identities. The internet currently supports a vibrant ecology of political websites and blogs
of all flavors and prejudices. Together, they constitute meaningful discourse on nearly every issue of the
daytime. Many of these sites use WHOIS proxies or publish limited contact information. “)
2 See, for example, Legislative Hearing on HR 3754, the Fraudulent Online Identity Sanctions Act,
Subcom. on the Courts, the Internet and the House Comm’s Intellectual Property. on the judiciary, 108 th
holiday 91605 (2004) (Mark Bohannon, on behalf of the Copyright Coalition on Domain Names: “I think
that when it comes to websites that can be registered by individuals, which in my opinion is probably the most
sensitive issue, in principle we work with intermediaries and proxy services who can, in fact, keep this
information, and as long as it is accurate and readily available, we have no problem with that. ); Viacom
International, Comments on ICANN Whois Privacy Working Group Preliminary Report, (July 1, 2004)
available at (Proxy
registrations can, “if properly implemented, provide a viable system for registrants seeking to achieve
better protection of privacy. )”

Previous How to Interpret EU Directives on Global DNS Abuse
Next Dilip Cherian | MHA Holds Another Face-to-Face with States on IPS Delegation