Want anonymity on the Internet? ICANN thinks you can’t

The Wire
June 29, 2015

Your face. When you commit murder and someone sees your face, you’re given away. Even if it was your evil identical twin who did it, the police now know where to start looking. A person’s face is one of the fundamental modes of physical identity, and its ability to correspond to a unique individual is matched in precision only by more sophisticated ID-ing techniques like DNA-profiling and fingerprints. However, life on the Internet obviates the need for any of these techniques not just because virtual murder isn’t (yet) a crime but also because identity on the web can be established using non-physical information – like an encrypted password.

Generating this information is remarkably easy, cost-effective, and non-intrusive – to the extent that a person can have multiple identities on the web. This has proven both good and bad, but far more good than bad. The fair use of multiple identities, many of which are typically redundant, is what has made whistleblowing possible and encouraged satire. Being a whistleblower or a satirist just physically renders you always liable to physical retaliation, but on the web, you can be both persons at once – the content citizen and the disenfranchised contractor. At the heart of this realm of human enterprise is the need for the services that provide anonymity to also be anonymous. If not, they will simply make for that proverbial trail of blood.

It is this need for anonymity that a new policy document from the Internet Corporation for Assigned Names and Numbers tries to eliminate.

ICANN is an organisation based out of Los Angeles and responsible for managing the technical infrastructure of the Internet. Its policy document on the subject, published on the web on May 5, is open for public comments. After that, a Working Group will “review” the comments and prepare a final report due July 21 this year. And if the final report speaks against anonymisation services like proxies that provide a layer of opacity so a user’s information doesn’t show up in a search, a lot of websites are going to be in trouble. In fact, while the proposal is targeted at “commercial” websites, the World Intellectual Property Organisation considers websites that run ads to be commercial. This doesn’t limit the dragnet in a way it deserves to be because it endangers even harmless blogs.

One of the simplest ways to look for information about who owns a domain is to perform a WHOIS lookup. For example, looking up theladiesfinger.com throws up the following information about the domain:

Domain Name: THELADIESFINGER.COM
Registrar URL: http://www.godaddy.com
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
DNSSEC: unsigned

At the time of purchasing the domain, some domain registrars give an option for the purchaser to pay a fee and mask these details from showing up on lookups. If someone really wants to access them, they’d have to get a court order. The ICANN proposal wants to abolish this option. Effectively, it’s the removal of discretionary access that’s tantamount to denying what’s increasingly being called a new fundamental right: the right to encryption, and with it the right to anonymity. Without it, domains like theladiesfinger.com could be susceptible to increased harassment that they’ve been able to easily dodge until now*.

An entertainment-industry lobby called the Coalition for Online Accountability has been rooting for the proposal – for it will unlock access to private registrations that make up at least 20% of all domains on the web, many of which, according to the COA, deserve to be shut down for trading in pirated content. Its argument against retaining the private registrations system is that the authorities in many foreign countries often aren’t cooperative when investigating intellectual property theft. In fact, the coalition seems very eager to push through the proposed policy, going by a testimony it submitted on May 13, 2015, stating that “if a satisfactory accreditation system cannot be achieved in the near future within the ICANN structure, it would be timely and appropriate for Congress to consider whether a legislative solution is feasible”.

Tens of thousands of comments have been submitted to date, and most of them speak against removing private registrations for commercial websites. A bulk of them also use the same language – hopefully the result of a targeted campaign and not astroturfing.

Dear ICANN –

Regarding the proposed rules governing companies that provide WHOIS privacy services (as set forth in the Privacy and Policy Services Accreditation Issues Policy document):

I urge you to respect internet users’ rights to privacy and due process.
– Everyone deserves the right to privacy.
– No one’s personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency.

Private information should be kept private. Thank you.

The last day to submit comments is July 7. They can be emailed to: comments-ppsai-initial-05may15@icann.org.

*There are many groups on the web that, on the face of it, just don’t like women doing things. While a Pew Research Centre study found that men are “somewhat more likely than women to experience at least one of the elements of online harassment”, the intensity of harassment has been greater toward women.