Feeds

Privacy warning as cops lean on domain registrars

Mind-boggling delays lead to hasty fixes in Dakar

Next gen security for virtualised datacentres

Internet policy experts have warned about possible threats to privacy and an increased risk of police domain name seizures after domain firms were pressured into overhauling how they do business.

Intense criticism from governments including the US and UK, prompted by their respective cybercrime agencies, this week forced domain name registrars into agreeing to renegotiate their contracts with industry overseer ICANN.

The revamped contract is expected to water down domain name privacy services and could make it easier for law enforcement and intellectual property interests to take down websites.

A dramatic showdown, which saw registrars taking a public kicking from governments and police, played out at the 42nd meeting of ICANN, which has been running all week in Dakar, Senegal.

It started on Sunday with a heated meeting between registrars and ICANN's increasingly powerful Governmental Advisory Committee, which comprises senior civil servants from dozens of nations.

US GAC representative Suzanne Radell led a barrage of criticism, accusing registrars of dragging their feet and offering up "paltry" and "silly" self-regulation proposals.

She was supported by the UK rep, Mark Carvell of the Department of Culture, Media and Sport.

He said: "This is something that is right at the top level in governments, combating abuse and ensuring that this whole organisation, ICANN, works effectively with law enforcement."

ICANN has pseudo-regulatory power over the domain name industry's biggest players through contracts including the standard Registrar Accreditation Agreement, which all registrars must sign.

For years, law enforcement agencies including the FBI, Interpol and the UK's own Serious Organised Crime Agency have been asking for the RAA to be amended to force all registrars to cooperate more fully with criminal investigations.

A wish-list of 12 recommendations has been on the table since 2009. Some are no-brainers, such as an obligation for registrars to publish a physical address and abuse contact on their websites.

Others are more controversial, such as a possible requirement to disclose contact information of domain name owners using proxy services to privacy-protect their Whois records.

After two years of regular talks, law enforcement and governments have grown frustrated by the registrars' lack of progress voluntarily implementing these recommendations.

That frustration turned to incredulity this week after registrars decided to start a Policy Development Process within ICANN, which would force all registrars to publish a contact address and abuse email.

The PDP could take a year or more to become binding, governments were told, and even then it would leave nine of the law enforcement recommendations unaddressed.

"It is simply impossible for us to write a briefing memo for our political managers to explain why you need a policy to simply put your name on your website,” US rep Radell said on Sunday. “It is simply mind-boggling that you would require that.”

Registrars responded by saying that a PDP is the only way, under ICANN's rules, to ensure that new regulations become binding on all of ICANN's 900-plus registrars and not just the ones who already take tackling criminal activity seriously.

The Governmental Advisory Committee took its concerns to ICANN's ruling board of directors regardless, on Tuesday, but by that point registrars were already scrambling in behind the scenes closed-door meetings to address the criticisms.

“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” Radell told the ICANN board.

"We're not talking about rocket science here," said the Australian GAC rep. "We're talking about publishing an address to be served legal notice, or putting and email address on a website... I continue to be astounded that they [registrars] have known about this for two years and nothing has happened."

UK rep Carvell said: "This is politically significant. They shouldn't mess around here. Cybercrime is on the agenda."

Some speakers in Dakar have suggested that a failure by ICANN to act on law enforcement's needs threatened the very ICANN "multi-stakeholder" model itself.

Talking to its Generic Names Supporting Organisation (which includes registrars) on Tuesday, ICANN vice-chair Bruce Tonkin, himself an executive with a registrar, said that an absence of action meant some governments may push for the ITU to take over ICANN's role.

"If the GNSO is not working, that means ICANN is not working, and it means that ICANN should be got rid of," he said, explaining the predicament. "There's a bigger, longer-term risk in these issues."

ICANN chair Steve Crocker had similar words for the GAC. “If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.

The registrars' decision to renegotiate their contracts to give governments what they want was welcomed by intellectual property interests, but free speech advocates sounded a warning.

Law professor Wendy Seltzer, co-founder of the Chilling Effects Clearinghouse and a representative of non-commercial interests in ICANN, said she would not support RAA changes that would "reduce the privacy of registrants" or make domain take-downs easier.

Registrars and ICANN have set a deadline of 12 March next year to finalize a new RAA contract.

However, registrars will be under no obligation to sign it until their current contracts expire. In many cases, that could be three or four years from now. ®

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.