Domain Owners Lose Privacy

The U.S. Commerce Department has ordered companies that administer internet addresses to stop allowing customers to register .us domain names anonymously using proxy services.

The move does not affect owners of .com and .net domains. But it means website owners with .us domains will no longer be able to shield their name and contact information from public eyes.

The Electronic Privacy Information Center said the move violates First Amendment rights to anonymous free speech. And the representative of one of the largest domain-registration companies is concerned that customers who have been victims of stalkers won't be able to protect their privacy without changing their web address to a domain that offers anonymity.

Wired News has learned that the edict came a month ago from the National Telecommunications and Information Administration, the Commerce Department agency that advises the president on telecommunications and information policy. The agency ruled with no warning and without any discussion with the companies accredited to sell and register .us domains. The domain companies were told they would lose their right to sell .us domains -- the official, top-level domain for the United States -- if they didn't comply.

The NTIA did not return a call for comment. But it told registrars it was not setting a new policy with the directive -- it was simply enforcing a provision in a pre-existing contract that the registrars had violated. But Christine Jones, general counsel for Go Daddy, the largest registrar of .us domains, disputed this.

"This has nothing to do with them clarifying an existing contract," Jones said. "We've been selling proxy registrations for three years; they knew it but never said anything against it. They established a new policy, and for them to say otherwise is pure crap."

The .us domain has been around since 1985. For nearly 20 years, it was used exclusively by schools and libraries, as well as state and federal government offices. But in April 2002, it was opened to the public for use -- with the stipulation that domain owners either be U.S. citizens or have a business in this country or some other direct connection to the country.

On Feb. 2, the NTIA sent a letter to NeuStar, the company responsible for administering the .us domain and for accrediting companies that sell the domain addresses.

The letter, obtained by Wired News, called on NeuStar to notify such domain registrars as Network Solutions, eNom and Go Daddy that they should cease allowing proxy registration for .us domains by Feb. 16.

The letter also called on registrars to correct existing proxy registration information -- including name, phone number and postal and e-mail addresses -- from .us customers and update the public Whois database for those domains by Jan. 26, 2006.

The law requires that registrars deposit the name and contact information for domains in the Whois database. But a handful of the 80-plus accredited companies that register .us domains offer a proxy service, for a small fee, that lets owners conceal their true contact information from the Whois database. Of the 300,000 .us domains that Go Daddy has registered, 23,000 are proxies.

The NTIA directive applied only to .us domains, because the NTIA doesn't set policy for other domain names, such as .com and .net.

In the letter it sent to NeuStar, the NTIA said its move was intended to increase the accuracy and reliability of Whois information for the public and for "law enforcement officials who rely on the information." It would also allow the NTIA to contact website owners if their domain registrar goes out of business and to transfer their domain to another registrar.

But Go Daddy's Jones said the NTIA's edict would not ensure that registration information was accurate, because those who really want to conceal their identity or true contact information would provide fake information -- even if it violated the terms of agreement for purchasing a .us domain.

She also said nothing about proxy registration currently prevents law enforcement from getting the information it needs. Registrars place the true contact information for domain owners in an escrow account, which law enforcement officials can obtain with a subpoena.