ICANN’s plans to strip anonymity from website owners puts already vulnerable Internet users at further risk

by Anja Kovacs

The Internet Democracy Project has joined a coalition of anti-harassment initiatives and digital rights organisations to fight a proposal from ICANN that would force a wide range of website owners to reveal significant personal information. An initiative of the Online Abuse Prevention Initiative, the group has written to ICANN in protest. Like others in the coalition, the Internet Democracy Project believes that ICANN's proposed changes to the WHOIS records put already vulnerable Internet users at further risk, and that they significantly reduce the empowering potential that Internet access has for these groups. The text of the letter that the coalition wrote to ICANN can be found below.

LETTER TO ICANN, JULY 2015 

Internet Corporation for Assigned Names and Numbers

12025 Waterfront Drive, Suite 300

Los Angeles, CA 90094 – 2536

To the Internet Corporation for Assigned Names and Numbers: 

We are an alliance of digital rights groups, anti-harassment initiatives, media advocacy groups, women’s rights organizations, and private individuals.

We are writing to you about the Initial Report on the Privacy & Proxy Services published on May 5th, which proposes requiring commercial website” owners to display their address under their WHOIS data. Broadly defined, this prevents millions of site owners from safeguarding their private information. We strongly oppose the Working Group’s proposal, which will physically endanger many domain owners and disproportionately impact those who come from marginalized communities. People perceived to be women, nonwhite, or LGBTQ are often targeted for harassment, and such harassment inflicts significant harm 1. The endemic nature of inequity online is a matter of deep concern for all of us, as we are working to make the Internet a safe and accessible place for all voices.

The proposal in front of ICANN would radically undermine progress in that direction, in part by making it far easier to dox domain owners. Doxing” is the malicious practice of obtaining someone’s personal information (e.g. home address, phone number, etc) and making that information more readily and widely available. Doxing makes possible a wide range of crowdsourced harassment and intimidation, which includes everything from unwanted pizza deliveries to unrelenting barrages of rape- and death threats. Doxing also enables swatting,” or calling in false tips that send a fully armed SWAT team crashing through a targeted person’s door. Public online directories give doxers, swatters, and stalkers alike easy access to their targets’ personal information.

Our concern about doxing is not hypothetical. Randi Harper, a technologist, anti-harassment activist, and founder of the Online Abuse Prevention Initiative, was swatted based on information obtained from the WHOIS record for her domain. The only reason law enforcement did not draw their weapons and break down Harper’s door was that she had previously warned her local police department about swatting.

Even the most limited definition of a website handling online financial transactions for commercial purpose” will encompass a wide population that could be severely harmed by doxing, such as:

  • women indie game developers who sell products through their own online stores

  • freelance journalists and authors who market their work online

  • small business owners who run stores or businesses from their homes

  • activists who take donations to fund their work, especially those living under totalitarian regimes

  • people who share personal stories online to crowdfund medical procedures

To make things worse, the proposed definition of what constitutes commercial purpose” could be expanded to include other types of activity such as running ads or posting affiliate links.

If implemented, the current proposal will chill speech — especially speech from people who lack access to lavish legal resources. It will be a generous gift both to harassers and to oppressive regimes. It will curb economic activity by adding untenable risk to using a website to promote one’s business or to collect donations, and may even add this risk to hosting ads. Women, people of color, and members of other marginalized communities, who are the most frequent targets of doxing, will be forced to take costly, speech-restrictive steps in order to protect themselves.

The WHOIS system is, in the words of ICANN’s own Expert Working Group on gTLD Directory Services, widely regarded as broken,’” 2 but the proposed change will make WHOIS even worse. The proposal leaves domain owners with three options:

  • accept the risk of having their home address available to all

  • pay for a P.O. box — although that option is not available in every region or country

  • falsify their address information

Falsified information, however, puts domain owners at risk of having their domains terminated for breaching their registrars’ terms of service. Because the remaining options are either public” or pay,” domain owners who are targets or potential targets of harassment have a safety tax levied upon them. While some registrars currently charge a fee to withhold personal information from WHOIS, the current proposal will make an already-undue burden even more burdensome.

Although the working group stakeholders’ concerns about being able to verify consumer transactions and find information about businesses are valid, we did not find any evidence that Internet users are having difficulty getting information about businesses because of privacy and proxy services. Further, law enforcement agencies and copyright-holders are already able to access this information through existing legal processes. The unclear merits of this proposal cannot outweigh the inevitable harm that will follow from making millions of website owners’ personal information public. Even an ICANN working group recognized (in 2013) that in cases where identification of speakers would cause a threat to their lives or those of their families,” individuals should be entitled to heightened privacy protection.

We strongly recommend that the proposed policy not be adopted. We further recommend that ICANN revisit its own findings from 2013 and move toward making WHOIS privacy the default for everyone. We believe that ICANN should not be complicit in making doxing, stalking, & swatting any easier than they already are. While ICANN certainly did not set out to exacerbate online harassment, that will ultimately be the result of this policy.

Signed,

Individually:

Kendra Albert, Berkman Center for Internet & Society*

Katherine Cross, CUNY Graduate Center*

Nadia Kayyali, Electronic Frontier Foundation

Randi Harper, Online Abuse Prevention Initiative

Sarah Jeong

Whitney Erin Boesel, Berkman Center for Internet & Society and MIT Center for Civic Media*

Aaron Johnson, Computer Scientist

Alicia Liu, Software Engineer

Alison Macrina, Library Freedom Project

Amanda Palmer

Amber Yust

Andi McClure, Indie Game Developer

Andrea Horbinski, Organization for Transformative Works

Andrew Losowsky

Anil Dash, ThinkUp*

Anita Sarkeesian, Feminist Frequency

Anna Kreider

Annalee Flower Horne, Activist and Small Business Owner

Arthur Chu

Ashley Judd

Azure Jane Lunatic, Anti-spam Volunteer at Dreamwidth*

Brianna Wu, Giant Spacekat*

Bruce Schneier, Berkman Center for Internet and Society*

Camille M. François, Berkman Center for Internet and Society*

Caroline Sinders, Researcher/​activist

Charles Nesson

Chris Kluwe

Christine Love

Claudio Guarnieri, Centre for Internet and Human Rights*

Coraline Ada Ehmke, contributor — covenant​.org*

Cory Doctorow, Happy Mutants, LLC*

Cynthia Fraser, Safety Net Canada*

Dan Gillmor

Dana Mangum, Executive Director, North Carolina Coalition Against Domestic Violence

Danielle Keats Citron, University of Maryland Francis King Carey School of Law*

David Goulet, The Tor Project

David M. Perry

David Mirza Ahmad, Subgraph*

Emily Lindin, The UnSlut Project

Erika Smith

Erinn Clark, The Tor Project

Ethan Zuckerman, Center for Civic Media, MIT*

Faruk Ateş, Modernizr.js

Fiona Barnett, HASTAC and Duke University*

Griffin Boyce

Helen Jamieson

Harmony Rodriguez, Writer and Anti-violence Activist

Harper Reed, Modest, Inc*

Heidi Tandy, FYeahCopyright*

Holly Jacobs, Cyber Civil Rights Initiative*

Izzy Galvez, GWhois​.org*

J. Nathan Matias, MIT Center for Civic Media*

Jack Cushman, Berkman Center for Internet and Society*

Jaclyn Friedman

Jacob Hoffman-Andrews, Block Together*

Jacob Kaplan-Moss, Sales​force​.com*

Jacqueline Wernimont

Jessica Moreno

Jonathan Zittrain

Joseph Reagle

Kanane Jones, Indie Game Developer

Kate Krauss, The Tor Project

Katherine J. Mack

Laura Bates, Writer and Founder, EverydaySexism *

Laura Poitras, Praxis Films *

Leigh Honeywell

Lili_​Anaz, Laboratorio de Interconectividades

Lisa Nakamura, Gwendolyn Calvert Baker Collegiate Professor, University of Michigan, Ann Arbor*

Liz Henry

Lynn Harris, Feminist Journalist and Essayist

Marcia Hofmann, Attorney

Mary Anne Franks, University of Miami School of Law*

Maryam Namazie, One Law for All*

Matt Haughey, MetaFilter*

Mehves Evin, Milliyet newspaper, Turkey*

Mel Chua

Melissa Elliott

Michael Curry

Michelle McNeil

Nico Sell, The Wickr Foundation

Nima Fatemi, Technologist/​activist

Nóirín Trouble” Plunkett, Simply Secure*

Renee Davidson, Writer

Rey Junco, Iowa State University/​Berkman Center for Internet and Society*

Richard M. Stallman, Free Software Foundation*

Risa Goodman

Robert Faris, Berkman Center for Internet and Society*

Runa A. Sandvik, Security Researcher

Sands Fish, Harvard University*

Sara Williamson

Sarah Agudo, Medium*

Selena Deckelmann, Open Source Programmer

Sheri Rubin, Design Direct Deliver*

Soraya Chemaly, The Women’s Media Center Speech Project*

Sue Gardner

Tarleton Gillespie, Microsoft Research New England*

Thorlaug Agustsdottir, Pirate Party, Reykjavik*

Toiya Kristen Finley, Writer

Tom Leckrone, The Tor Project

Urs Gasser

Valerie Aurora, Ada Initiative

Vivian Brown

Wendy Seltzer, Board Member, The Tor Project

Willow Brugh, Berkman Center for Internet and Society*

Zoe Quinn, Crash Override Network

Organizations:

Arizona Coalition to End Sexual and Domestic Violence

ACCESS

Ada Initiative

Black Girl Dangerous Press

bolwerK

Breakthrough

Chayn

Crash Override Network

Dangerous Speech Project

Electronic Frontier Foundation

End Domestic Abuse WI

Feminist Frequency

Fight for the Future

Free Software Foundation

Illinois Coalition Against Domestic Violence

Iowa Coalition Against Domestic Violence

Internet Democracy Project, India

Jewish Women International

Laboratorio de Interconectividades

National Alliance to End Sexual Violence

National Center on Domestic and Sexual Violence

National Coalition Against Domestic Violence

National Council of Women’s Organizations

National Domestic Violence Hotline

National Network to End Domestic Violence

National Resource Center on Domestic Violence

Nebraska Coalition to End Sexual and Domestic Violence

Net Family News Inc.

New York State Coalition Against Domestic Violence

North Carolina Coalition Against Domestic Violence

Online Abuse Prevention Initiative

Organization for Transformative Works

Peng! Collective

Renewable Freedom Foundation

Sonic

Stop Street Harassment

Subgraph

The Tor Project

The UnSlut Project

The Wickr Foundation

Virginia Sexual and Domestic Violence Action Alliance

Women’s Media Center Women Under Siege

Women’s Media Center Speech Project

Women, Action and The Media

Women’s Media Center

Wyoming Coalition Against Domestic Violence and Sexual Assault

*Organizational affiliation listed for identification purposes only


  1. Citron, Danielle Keats. Hate crimes in cyberspace. Harvard University Press, 2014↩︎

  2. Initial Report from the Expert Working Group on gTLD Directory Services: A Next Generation Registration Directory Service, June 24, 2013 ↩︎