Feeds

Privacy warning as cops lean on domain registrars

Mind-boggling delays lead to hasty fixes in Dakar

Intelligent flash storage arrays

Internet policy experts have warned about possible threats to privacy and an increased risk of police domain name seizures after domain firms were pressured into overhauling how they do business.

Intense criticism from governments including the US and UK, prompted by their respective cybercrime agencies, this week forced domain name registrars into agreeing to renegotiate their contracts with industry overseer ICANN.

The revamped contract is expected to water down domain name privacy services and could make it easier for law enforcement and intellectual property interests to take down websites.

A dramatic showdown, which saw registrars taking a public kicking from governments and police, played out at the 42nd meeting of ICANN, which has been running all week in Dakar, Senegal.

It started on Sunday with a heated meeting between registrars and ICANN's increasingly powerful Governmental Advisory Committee, which comprises senior civil servants from dozens of nations.

US GAC representative Suzanne Radell led a barrage of criticism, accusing registrars of dragging their feet and offering up "paltry" and "silly" self-regulation proposals.

She was supported by the UK rep, Mark Carvell of the Department of Culture, Media and Sport.

He said: "This is something that is right at the top level in governments, combating abuse and ensuring that this whole organisation, ICANN, works effectively with law enforcement."

ICANN has pseudo-regulatory power over the domain name industry's biggest players through contracts including the standard Registrar Accreditation Agreement, which all registrars must sign.

For years, law enforcement agencies including the FBI, Interpol and the UK's own Serious Organised Crime Agency have been asking for the RAA to be amended to force all registrars to cooperate more fully with criminal investigations.

A wish-list of 12 recommendations has been on the table since 2009. Some are no-brainers, such as an obligation for registrars to publish a physical address and abuse contact on their websites.

Others are more controversial, such as a possible requirement to disclose contact information of domain name owners using proxy services to privacy-protect their Whois records.

After two years of regular talks, law enforcement and governments have grown frustrated by the registrars' lack of progress voluntarily implementing these recommendations.

That frustration turned to incredulity this week after registrars decided to start a Policy Development Process within ICANN, which would force all registrars to publish a contact address and abuse email.

The PDP could take a year or more to become binding, governments were told, and even then it would leave nine of the law enforcement recommendations unaddressed.

"It is simply impossible for us to write a briefing memo for our political managers to explain why you need a policy to simply put your name on your website,” US rep Radell said on Sunday. “It is simply mind-boggling that you would require that.”

Registrars responded by saying that a PDP is the only way, under ICANN's rules, to ensure that new regulations become binding on all of ICANN's 900-plus registrars and not just the ones who already take tackling criminal activity seriously.

The Governmental Advisory Committee took its concerns to ICANN's ruling board of directors regardless, on Tuesday, but by that point registrars were already scrambling in behind the scenes closed-door meetings to address the criticisms.

“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” Radell told the ICANN board.

"We're not talking about rocket science here," said the Australian GAC rep. "We're talking about publishing an address to be served legal notice, or putting and email address on a website... I continue to be astounded that they [registrars] have known about this for two years and nothing has happened."

UK rep Carvell said: "This is politically significant. They shouldn't mess around here. Cybercrime is on the agenda."

Some speakers in Dakar have suggested that a failure by ICANN to act on law enforcement's needs threatened the very ICANN "multi-stakeholder" model itself.

Talking to its Generic Names Supporting Organisation (which includes registrars) on Tuesday, ICANN vice-chair Bruce Tonkin, himself an executive with a registrar, said that an absence of action meant some governments may push for the ITU to take over ICANN's role.

"If the GNSO is not working, that means ICANN is not working, and it means that ICANN should be got rid of," he said, explaining the predicament. "There's a bigger, longer-term risk in these issues."

ICANN chair Steve Crocker had similar words for the GAC. “If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.

The registrars' decision to renegotiate their contracts to give governments what they want was welcomed by intellectual property interests, but free speech advocates sounded a warning.

Law professor Wendy Seltzer, co-founder of the Chilling Effects Clearinghouse and a representative of non-commercial interests in ICANN, said she would not support RAA changes that would "reduce the privacy of registrants" or make domain take-downs easier.

Registrars and ICANN have set a deadline of 12 March next year to finalize a new RAA contract.

However, registrars will be under no obligation to sign it until their current contracts expire. In many cases, that could be three or four years from now. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.