GNSO study to assess extent of abusive use of privacy and proxy services

The Internet Corporation for Assigned Names and Numbers (ICANN) is seeking to engage independent research organizations to undertake a study on the extent to which domain names used to conduct illegal internet activities are registered via privacy or proxy services.
One of the many tasks of ICANN is to develop policy in relation to the provision of free public access to the registration details of domain names, commonly referred to as the WHOIS data. To this effect, all ICANN-accredited registrars are required to collect and make available to the general public the registrations details of domain names that they are acting as registrar for. 
These details include the following:
  • registrant holder details;
  • administrative contact details;
  • technical contact details;
  • registrar details;
  • registration and expiry dates; and
  • details of the domain name system hosting the domain name
However, it is becoming common practice, when registering a domain name, to use either a privacy or a proxy service. Essentially, this enables the contact details of the true owner of a domain name to be kept out of the WHOIS data.
There is a subtle difference between a privacy service and a proxy service. This difference has been clearly defined by the Generic Names Supporting Organization (GNSO) of ICANN in a document released in February 2009, which sets out the working definitions for future WHOIS studies. In summary, WHOIS privacy services prevent their customers' details from being entered into the WHOIS record by providing alternative contact details and mail forwarding services. WHOIS proxy services operate by registering the domain name to a third-party organization. This third party then enables the customer to access and use the domain name as it so desires.
A WHOIS privacy/proxy prevalence study carried out by ICANN in September 2009, which covered a random sample of 2,400 domain names across the top five generic top-level domains (gTLDs), revealed that between 15 and 25% were registered using a privacy or proxy service.
The GNSO is responsible for developing and recommending to the ICANN board substantive policies relating to gTLDs. The GNSO Council is now exploring several extensive studies of WHOIS and has asked ICANN to estimate the cost and feasibility of conducting several studies proposed by members of the ICANN community and ICANN's Government Advisory Committee.
The main focus of the GNSO study is to ascertain the levels of use of privacy and proxy services by third parties who are conducting illegal and infringing activities on the Internet. These activities include:
  • phishing attacks;
  • email spam;
  • online IP infringements;
  • identity theft; and
  • cybersquatting. 
The task of identifying the entities behind such activities is made more difficult with the use of privacy and proxy services.
The introduction of some form of regulation over the use of privacy and proxy services is thus necessary, especially when considered in the context of the launch of new gTLDs. While there are many providers of WHOIS privacy or proxy servers that do cooperate with requests for disclosure of their customers details when provided with evidence of wrongdoing, there are also many providers that refuse to divulge such details.
ICANN is presently seeking to engage independent research organizations to undertake this study. The "WHOIS Privacy and Proxy Abuse Cover Letter" illustrates the scope of work and the criteria for selection, and can be found on ICANN's website.
David Taylor, Hogan Lovells, Paris

Unlock unlimited access to all WTR content