[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[comments-gtlds] The case for a privacy-enchanced gTLD



The current DNS is everywhere insufficiently attentive to the privacy
needs of individuals. 

Domains can be registered for social, political, religious and other
expressive purposes. The name facilitates communication and in some cases
is part of the communication itself. 

Individuals engaged in these expressive activities should not have to put
their identities and their full contact details into a searchable
database. Parents sometimes register domains for children. It would be
wrong to require that personal information such as where the child resides
be on an open data base. The problem is not restricted to non-commercial
users. If, as many predict, the Internet accelerates the trend towards
small home-based businesses, than an increasing number of people will be
registering domains for which the only contact address and telephone
numbers are their homes. Again, while it may be proper in most cases to
collect this data (the primary exceptions being social, ethnic, religious,
and political groups who have reason to fear retaliation if the
information were disclosed), it is not proper to display the information
for all the world to see. The DNS data base may someday include the name
and contact details of every computer user in the world. Every collector
and keeper of this data should be held to the highest standards of
protecting individual privacy.

There is no privacy interest in the fact that a particular domain has been
registered. In addition, the technical contact needs to be accessible on
short notice. On the other hand, there is no need to publish the identity
of a registrant in an open database nor is there any need to publish
contact details. Indeed, to do so invites numerous harms, ranging from
spamming (mass mail of junk e-mail) to the stalking of individuals either
on line ("cyber-stalking") or to their homes. Publication also invites
poaching of one registration authority's customers by another.

If it is essential that rights holders be able to communicate with
registrants, simple measures can be developed to facilitate this. For
example, the registry could run an automated forwarding service, by which
after payment of a fee just large enough to discourage spammers the
registry could forward the message to the registrant.

If a mechanism is to be created by which third parties can acquire the
physical address, e-mail address, or telephone number of a registrant, the
procedure for acquiring this information must be hedged with significant
protections. Others are more expert than I as to what might be required,
but at a minimum the request for the data should be reviewed by a human
being before it is released, a fee should be charged to discourage
frivolous invasions of privacy, and the registrant should automatically be
informed of the identity of the requestor whenever a request for the data
is made, given an opportunity to protest, and then told whether the
request was honored.

A privacy-enhanced gTLD, providing functionality similar to an unlisted
telephone number, is a matter of very high priority.

Access to this gTLD could be limited to non-commercial users.  This would
require a definition of "non-commercial" for this purpose, which is not a
trivial task.  That project, however, would be a worthy one and should be
undertaken as soon as possible.

-- 
A. Michael Froomkin   |    Professor of Law    |   froomkin@law.tm
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
                    -->   It's hot here.   <--