[registrars] New Services Are Making It Easier To Hide Who Is Behind Web Sites

[Jay Westerdal]

 New Services Are Making It Easier  
To Hide Who Is Behind Web Sites

By CARL BIALIK 
THE WALL STREET JOURNAL ONLINE
September 30, 2004; Page A1

The number of anonymous sites on the World Wide Web is surging, influencing
political contests, raising concerns about criminal activity and spurring
debate about privacy on the largely unregulated Internet.

Of the 42.2 million Web sites whose addresses end in common suffixes -- com,
biz, net, org, info and us -- only about 1% of them protect the identity of
operators.

But of new registrants, nearly 5% are seeking to shield their names and
contact information -- known to users as "whois info" -- according to Name
Intelligence Inc., a Bellevue, Wash., company that tracks the industry.
There have been 6.3 million new registrations overall so far this year.

A host of new services has sprung up in recent years offering to shield
whois info for a small fee, making it easier for hundreds of thousands of
Web-site owners to hide their identities. Typically, Web-site owners can buy
privacy guards for an extra $9 or so per year, from the same companies that
sell domain names.

Customers must provide their real contact information to these companies,
known as registrars. But some registrars offer add-on services, such as
Domains by Proxy and ID Protect, which hide the name of a Web-site owner and
instead show generic contact information. The registrars also screen phone
calls and filter e-mails for these customers.

Legal issues surrounding the services remain unsettled, since they are new
and largely untested. But people who feel wronged by anonymous sites do have
some recourse. Registrars say they share contact info with law enforcement,
and sometimes will remove privacy shields when they receive complaints or
subpoenas. Some companies have successfully sued to get registrars to turn
over contact information of their customers. But people without the means or
inclination to sue generally can't find out who's behind the Web sites.

[name market]To critics, including some lawmakers, the privacy services are
making the Internet harder to regulate -- and create opportunities for
mischief. "They're like a pawn shop that doesn't keep good records," says
Vernon Schryver, a software consultant and antispam activist in Boulder,
Colo. Adds Dennis Soper, a systems administrator at the University of
Oregon, "The Internet is supposed to be open. Too many people have been
hiding."

But privacy advocates argue that Web-site owners, particularly those who
don't operate businesses, shouldn't be required to publish their addresses
and telephone numbers in public databases. They point out that whois info is
a ripe target for spammers and identity thieves, and that some Web-site
owners want to hide their contact information for legitimate reasons.

"People should have the option to hide their personal data from a casual
observer, particularly when it comes to issues of free speech," says Annalee
Newitz, policy analyst at the Electronic Frontier Foundation, a civil-rights
organization in San Francisco.

With their growth this year, anonymous, and often little-known, Web sites
have figured into several election-year controversies. Little Green
Footballs, an unaffiliated political Web log that uses privacy shields, was
an early and influential critic of the disputed CBS News report on President
Bush's National Guard service, which the network later was forced to admit
relied in part on forged documents. Another site, RNCDelegates.com
<http://www.RNCDelegates.com> , published the names of delegates to the
Republican convention and the addresses of their New York hotels, as an aid
to protesters.

Often such sites can quickly attract readers by following -- or sometimes
creating -- big news stories, thanks to links from other Web logs, which can
produce prominent rankings when using search engines such as those of Google
Inc. and Yahoo Inc. WinterSoldier.com <http://www.WinterSoldier.com> , a
site that gathers information questioning Sen. John Kerry's war record,
ranks in the top 10 of searches for "soldier Kerry" on both Google and
Yahoo.

Scott Swett, who says he is WinterSoldier.com's owner and registrant, says
he uses a privacy service to avoid angry phone calls about the site. "I've
received a tremendous amount of hate mail and a few threats" at the e-mail
addresses published on the site, Mr. Swett says. "I figured there was no
particular reason to have my personal information on my site."

Whois info played a prominent role in another recent political controversy
in Eugene, Ore. There, several Web sites were set up to encourage voters to
back departing Mayor Tim Torrey, who had decided not to run for re-election,
as a write-in candidate against primary winner Kitty Piercy this November.
She is the only candidate for the office.

Supporters of Ms. Piercy ran whois searches on the sites -- RunJimRun.org
<http://www.RunJimRun.org>  and TruthAboutKitty.org
<http://www.TruthAboutKitty.org>  -- and found that their owners were using
a service to mask their identities. But they also learned that the sites had
been registered within a minute of each other and appeared to be hosted on
the same computer network. To them that indicated the sites were operating
in concert as a political action committee and thus needed to register with
the state.

In an e-mail, Mr. Torrey wrote that he "had nothing to do with either of
these Web sites." He didn't respond to a follow-up e-mail and phone call.

After the controversy, Mr. Torrey decided not to run. RunJimRun eventually
registered as a PAC, but no one has come forward to claim ownership of the
other site. Elections officials are investigating.

"It's new ground," says Jennifer Hertel, a compliance specialist on the
campaign-finance team at Oregon's election division. "It makes it extremely
difficult. If we can't ascertain who's behind a particular Web site, how can
we proceed with any of our regulatory procedures?"

Other officials are concerned that privacy shields provide a new opportunity
for criminal activity on the Web, already a growing law-enforcement concern.
Joseph Borg, director of the Alabama Securities Commission, worries that
more securities fraudsters will use the services to stay anonymous, though
so far he says it's been just a blip for regulators. He urges registrars to
confirm contact information before providing the privacy services. "I would
hope responsible companies who provide the service for legitimate use
provide some screening in line with their social responsibility," Mr. Borg
says.

Christine Jones, general counsel for Scottsdale, Ariz.-based Go Daddy
Software Inc., the fast-growing registrar that pioneered the idea of privacy
shields two years ago through its subsidiary Domains by Proxy, dismisses
concerns about criminal activity. "The vast, vast majority of people who use
this service use it for privacy reasons," she says. She adds that Go Daddy,
a closely held company, turns over whois info when it receives what it
considers legitimate complaints and cooperates with law-enforcement
agencies.

Go Daddy also will forcibly remove identity guards from sites, sometimes
without warning, that violate its terms and conditions, she says. The
company did just that last year with a site called SchoolScum.com
<http://www.SchoolScum.com>  on which high-school students were anonymously
insulting each other.

Whois info has never been sacrosanct. Because of loose regulations, many
Web-site owners invent fictional identities, like Mickey Mouse, and bogus
phone numbers like 555-5555. But registrars field complaints about false
information and are supposed to fix it or boot the offending Web site from
their system. With the privacy guards, by contrast, the general public has
no way to find out who is behind a site.

In some cases, computer-systems administrators have complained that Web
sites with privacy guards have unintentionally launched attacks after being
hijacked by spammers or identity thieves. But, they say, when they have
tried to contact such sites through their proxy services, it can take much
longer to get a response.

Registrars say they generally pass important queries on to their customers
within a few hours or days, and that it's possible Web sites that choose to
cloak their identity are less likely to respond.

Rep. Howard Berman has led efforts in Washington to improve whois data
accuracy, but with little success. Earlier this year, the California
Democrat co-sponsored a bill that would have placed some liability on
registrars to ensure the quality of their whois info. But vigorous
opposition led to a bill merely raising the penalty for certain felonies if
fraudulent whois data are involved. It remains legal to lie in Web-site
registrations.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/registrars/attachments/20040930/494b1a44/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 6025 bytes
Desc: not available
URL: <https://mm.icann.org/pipermail/registrars/attachments/20040930/494b1a44/image001.gif>