[WSIS CS-Plenary] Privacy concerns with domain name registration: the .us

[Nabil El-Khodari]

During the past month I have received four comments that either support the
NTIA's decision to eliminate your privacy, and/or that question my support
for .US private registrations. I can understand that to some, these comments
make sense. However once you consider the facts, each comment is easily
discredited. I also think that taking a look at the facts that arise when
each comment is considered, provides a sharper understanding of the NTIA's
inappropriate handling of the .US privacy issue. Here are the four comments,
along with my response to each. You be the judge.

Comment #1: There is nothing that I can find online detailing the NTIA
decision. Don't expect me to support something I can't research and verify
on my own.

My response: The reason you can't find anything online detailing the NTIA
decision is because of the way they went about eliminating your privacy.
Everything the NTIA did was done "under the radar," and except for the
agreements they made registrars sign, and the letters they sent threatening
us if we didn't comply, there literally is nothing documented.

This all came about on February 2nd of this year when the NTIA sent NeuStar,
Inc., the .US registry operator, a letter telling them to tell each
registrar to stop selling private domain name registrations, and to provide
an amended accreditation agreement forbidding private registrations. You can
see this letter at the following link:
http://www.thedangerofnoprivacy.com/NTIA_Proxy1.pdf.

As you can see in the above letter, registrars were notified on Feb 2, 2005
and only given until Feb 16, 2005 to discontinue offering private domain
name registrations. I might add once again that the NTIA decided to strip
.US domain holders of their right to privacy, without notice, and without
hearings of any kind.

Also on February 2, 2005, all .US registrars were sent a new agreement by
the registry which we were told to sign. You can see this agreement at the
following link:
http://www.thedangerofnoprivacy.com/usTLD_Registrar_Accreditation_Agreem
ent.pdf. Pay attention to paragraph 3.7.7.4, which we have highlighted in
red. This new section forbids registrars from selling private .US
registrations.

Initially Go Daddy refused to comply with the demand and also refused to
sign the agreement. So the NTIA, via the registry operator NeuStar, Inc.,
"made us an offer we couldn't refuse." On February 17, 2005, NeuStar, Inc.
sent us a letter via Federal Express saying that if we didn't stop selling
.US private registrations by March 4, 2005, we would lose our accreditation
to sell .US domain name registrations, and our customers would be
transferred away to another accredited .US registrar. You can see this
letter at the following link:
http://www.thedangerofnoprivacy.com/letter.pdf.

We seriously considered letting the accreditation go, and discontinuing
offering .US domain names. The reason we finally decided to yield to the
NTIA pressure, was because our .US customers would simply be transferred to
another registrar. We strongly believed we had an obligation to our .US
customers and that if we simply let them be transferred away to another
registrar, it would go against everything we stand for. So on March 3, 2004,
we signed the amended agreement and stopped selling .US registrations.

The newest NTIA trick.
Since I've been writing about this issue, over 10,000 of you took the time
to write your Congressperson and Senators. And recently, there was an even
more interesting development . This new happening will show you just how
clever the bureaucrats at the NTIA can be. When legislators have written the
NTIA in connection with your complaints, the NTIA has been replying that
they only recently discovered that private registrations were being offered,
and that private registrations were never authorized in the .US domain. You
can see one of these letters at the following link:
http://www.thedangerofnoprivacy.com/congressionalletter.pdf.

The NTIA response letter does not mention that private .US registrations
have been available for over three years. NeuStar (the .US registry
operator) was well aware of this fact, because GoDaddy.com provided them
with a letter detailing how GoDaddy.com would maintain Nexus information for
private registrations way back when we started offering these registrations.
We can be sure that the NTIA has been well aware of private registrations
since then also. They also claim that they eliminated private registrations
so that better information will be available for law enforcement and
intellectual property holders. The truth is that law enforcement and
intellectual property holders know that private registrations make for more
accurate information and as such support them.

This reply to Senatorial and Congressional inquiries literally disguises the
fact that the NTIA just pulled one over on all of us (without due process
and without hearings of any kind), and makes it look like they are enforcing
an agreement that has been in place for years. It makes no mention of, and
completely disguises that the reason .US private registrations are not
permitted is because in February 2005 they forced all registrars to sign a
new agreement which forbids them. I've got to give them credit, it's a
really slick move.

Comment #2: The NTIA must have a good reason to eliminate privacy on .US
domain names.

My response: Actually, they don't. This move of the NTIA revolves around one
thing: power. If anyone should know if private registrations are harmful it
is those who work in federal and local law enforcement. It also includes
those who are involved in protecting intellectual property.

After the NTIA made the unilateral decision to strip away your privacy, Go
Daddy representatives flew to Washington and provided the NTIA with a letter
from a federal law enforcement agency that supports private registrations.
We also offered to provide the names of others in law enforcement that felt
the same way. Law enforcement supports private registrations because they
know:

1. That the underlying information associated with private domain name
registrations, compared to public registrations, is far more likely to be
accurate. People don't pay to protect false information.
2. That the bad guys don't pay to protect bad information. Instead they
simply provide false information.
3. That, if they need to, law enforcement can quickly get to the information
behind a private domain name registration. They know that with a private
registration there is accountability.
4. That private domain name registrations exist only to provide law abiding
citizens with privacy. Private registrations do not in any way shield
crooks.

The NTIA refused to consider any of this and simply told us that the
decision had been made. We then asked them why they made this decision and
who was behind it. Guess what? They refused to tell us. This is not the way
our government is supposed to operate.

There are those of you who are thinking (I know because I'll get the posts)
that the NTIA must have some deep reasons of National Security, or the
elimination of SPAM or some other evil, behind their decision to eliminate
private .US registrations. I can tell you that this simply isn't the case.
Like we told the NTIA, those who are involved in the evils that take place
on the Internet don't use private registrations. The crooks simply provide
false information. It's only law abiding citizens that purchase private
registrations, who have no problem being accountable for their actions. Law
enforcement knows this. That's why law enforcement supports private domain
name registrations.

Comment #3: There is no Constitutional right to privacy.

My response: This is simply not true. There is a right to privacy, which is
derived from the Constitution and subsequent amendments.

It is true that the word "privacy" does not appear in the Constitution
anywhere. The Constitution is a document about what the government can do,
not about what people can do. So, logically, it never says something like
"people have a right to privacy."

The right to privacy has been interpreted to belong to people as a result of
what the Constitution does not allow the government to do. Specifically, the
right to privacy has evolved to protect the freedom of people to choose
whether or not to perform certain acts or subject themselves to certain
experiences, and keeps the government out of those decisions. This personal
autonomy has grown into a "liberty" protected by the due process clause of
the 14th amendment.

Further extensions of the right to privacy have been attempted under the
1st, 4th and 5th amendments. The right of privacy has developed along with a
statutory right of privacy which limits access to personal information. The
FTC enforces this statutory right of privacy, and the existence of privacy
policies demonstrate the FTC's work in this area.

Source: 

Hot Points! A weblog (blog) by Bob Parsons
http://www.bobparsons.com/NTIAprivacyeliminationtricksexplainedThedocumenttr
ailt.html

Sincerely,

Nabil El-Khodari
Founder
Nile Basin Society

Tel.: +1 (647) 722-3256
Fax: +1 (647) 722-3273

http://nilebasin.com
http://nile.ca

108 Waterbury Dr. 
Toronto, ON M9R 3Y3
Canada

"How we decide and who gets to decide often determines what we decide."
Environmental Governance

"If the people will lead, the leaders will follow" Dr. David Suzuki