Joint letter to ICANN: New proposal will endanger domain owners and impact marginalized communities

Published on 9 July 2015
Page last updated on 8 May 2017

Publisher:

APC

Letter to ICANN. July 2015

Internet Corporation for Assigned Names and Numbers 12025 Waterfront Drive, Suite 300 
Los Angeles, CA 90094-2536  

To the Internet Corporation for Assigned Names and Numbers:  

We are an alliance of digital rights groups, anti-harassment initiatives, media advocacy groups, women’s rights organizations, and private individuals.  

We are writing to you about the Initial Report on the Privacy & Proxy Services published on May 5th, which proposes requiring “commercial website” owners to display their address under their WHOIS data. Broadly defined, this prevents millions of site owners from safeguarding their private information. We strongly oppose the Working Group’s proposal, which will physically endanger many domain owners and disproportionately impact those who come from marginalized communities. People perceived to be women, nonwhite, or LGBTQ are often targeted for harassment, and such harassment inflicts significant harm. The endemic nature of inequity online is a matter of deep concern for all of us, as we are working to make the Internet a safe and accessible place for all voices.  

The proposal in front of ICANN would radically undermine progress in that direction, in part by making it far easier to dox domain owners. “Doxing” is the malicious practice of obtaining someone’s personal information (e.g. home address, phone number, etc) and making that information more readily and widely available. Doxing makes possible a wide range of crowdsourced harassment and intimidation, which includes everything from unwanted pizza deliveries to unrelenting barrages of rape- and death threats. Doxing also enables “swatting,” or calling in false tips that send a fully armed SWAT team crashing through a targeted person’s door. Public online directories give doxers, swatters, and stalkers alike easy access to their targets’ personal information.  

Our concern about doxing is not hypothetical. Randi Harper, a technologist, anti-harassment activist, and founder of the Online Abuse Prevention Initiative, was swatted based on information obtained from the WHOIS record for her domain. The only reason law enforcement did not draw their weapons and break down Harper’s door was that she had previously warned her local police department about swatting.  

Even the most limited definition of a “website handling online financial transactions for commercial purpose” will encompass a wide population that could be severely harmed by doxing, such as:

Women indie game developers who sell products through their own online stores
Freelance journalists and authors who market their work online small business
Owners who run stores or businesses from their homes
Activists who take donations to fund their work, especially those living under totalitarian regimes
People who share personal stories online to crowdfund medical procedures.

To make things worse, the proposed definition of what constitutes “commercial purpose” could be expanded to include other types of activity such as running ads or posting affiliate links.  

If implemented, the current proposal will chill speech—especially speech from people who lack access to lavish legal resources. It will be a generous gift both to harassers and to oppressive regimes. It will curb economic activity by adding untenable risk to using a website to promote one’s business or to collect donations, and may even add this risk to hosting ads. Women, people of color, and members of other marginalized communities, who are the most frequent targets of doxing, will be forced to take costly, speech-restrictive steps in order to protect themselves.  

The WHOIS system is, in the words of ICANN’s own Expert Working Group on gTLD Directory Services, “widely regarded as ‘broken,’” but the proposed change will make WHOIS even worse. The proposal leaves domain owners with three options:

Accept the risk of having their home address available to all
Pay for a P.O. box—although that option is not available in every region or country
Falsify their address information

Falsified information, however, puts domain owners at risk of having their domains terminate for breaching their registrars’ terms of service. Because the remaining options are either “public” or “pay,” domain owners who are targets or potential targets of harassment have a safety tax levied upon them. While some registrars currently charge a fee to withhold personal information from WHOIS, the current proposal will make an already-undue burden even more burdensome.  

Although the working group stakeholders’ concerns about being able to verify consumer transactions and find information about businesses are valid, we did not find any evidence that Internet users are having difficulty getting information about businesses because of privacy and proxy services. Further, law enforcement agencies and copyright-holders are already able to access this information through existing legal processes. The unclear merits of this proposal cannot outweigh the inevitable harm that will follow from making millions of website owners’ personal information public. Even an ICANN working group recognized (in 2013) that in cases “where identification of speakers would cause a threat to their lives or those of their families,” individuals should be entitled to heightened privacy protection.  

We strongly recommend that the proposed policy not be adopted. We further recommend that ICANN revisit its own findings from 2013 and move toward making WHOIS privacy the default for everyone. We believe that ICANN should not be complicit in making doxing, stalking, & swatting any easier than they already are. While ICANN certainly did not set out to exacerbate online harassment, that will ultimately be the result of this policy.  

Signed,   individually:

Kendra Albert, Berkman Center for Internet & Society*
Katherine Cross, CUNY Graduate Center*
Nadia Kayyali, Electronic Frontier Foundation
Randi Harper, Online Abuse Prevention Initiative
Sarah Jeong
Whitney Erin Boesel, Berkman Center for Internet & Society and MIT Center for Civic Media*
Aaron Johnson, Computer Scientist
Alicia Liu, Software Engineer
Alison Macrina, Library Freedom Project
Amanda Palmer
Amber Yust
Andi McClure, Indie Game Developer
Andrea Horbinski, Organization for Transformative Works
Andrew Losowsky
Anil Dash, ThinkUp*
Anita Sarkeesian, Feminist Frequency
Anna Kreider
Annalee Flower Horne, Activist and Small Business Owner
Arthur Chu
Ashley Judd
Azure Jane Lunatic, Anti-spam Volunteer at Dreamwidth*
Brianna Wu, Giant Spacekat*
Bruce Schneier, Berkman Center for Internet and Society*
Camille M. François, Berkman Center for Internet and Society*
Caroline Sinders, Researcher/activist
Charles Nesson
Chris Kluwe
Christine Love
Claudio Guarnieri, Centre for Internet and Human Rights*
Coraline Ada Ehmke, contributor—covenant.org*
Cory Doctorow, Happy Mutants, LLC*
Cynthia Fraser, Safety Net Canada*
Dan Gillmor
Dana Mangum, Executive Director, North Carolina Coalition Against Domestic Violence
Danielle Keats Citron, University of Maryland Francis King Carey School of Law*
David Goulet, The Tor Project
David M. Perry
David Mirza Ahmad, Subgraph*
Emily Lindin, The UnSlut Project
Erika Smith
Erinn Clark, The Tor Project
Ethan Zuckerman, Center for Civic Media, MIT*
Faruk Ateş, Modernizr.js
Fiona Barnett, HASTAC and Duke University*
Griffin Boyce
Helen Jamieson
Harmony Rodriguez, Writer and Anti-violence Activist
Harper Reed, Modest, Inc*
Heidi Tandy, FYeahCopyright*
Holly Jacobs, Cyber Civil Rights Initiative*
Izzy Galvez, GWhois.org*
J. Nathan Matias, MIT Center for Civic Media*
Jack Cushman, Berkman Center for Internet and Society*
Jaclyn Friedman
Jacob Hoffman-Andrews, Block Together*
Jacob Kaplan-Moss, Salesforce.com*
Jacqueline Wernimont
Jessica Moreno
Jonathan Zittrain
Joseph Reagle
Kanane Jones, Indie Game Developer
Kate Krauss, The Tor Project
Katherine J. Mack
Laura Bates, Writer and Founder, EverydaySexism *
Laura Poitras, Praxis Films *
Leigh Honeywell
Lili_Anaz, Laboratorio de Interconectividades
Lisa Nakamura, Gwendolyn Calvert Baker Collegiate Professor, University of Michigan, Ann Arbor*
Liz Henry
Lynn Harris, Feminist Journalist and Essayist
Marcia Hofmann, Attorney
Mary Anne Franks, University of Miami School of Law*
Maryam Namazie, One Law for All*
Matt Haughey, MetaFilter*
Mehves Evin, Milliyet newspaper, Turkey*
Mel Chua
Melissa Elliott
Michael Curry
Michelle McNeil
Nico Sell, The Wickr Foundation
Nima Fatemi, Technologist/activist
Nóirín “Trouble” Plunkett, Simply Secure*
Renee Davidson, Writer
Rey Junco, Iowa State University/Berkman Center for Internet and Society*
Richard M. Stallman, Free Software Foundation*
Risa Goodman
Robert Faris, Berkman Center for Internet and Society*
Runa A. Sandvik, Security Researcher
Sands Fish, Harvard University*
Sara Williamson
Sarah Agudo, Medium*
Selena Deckelmann, Open Source Programmer
Sheri Rubin, Design Direct Deliver*
Soraya Chemaly, The Women’s Media Center Speech Project*
Sue Gardner
Tarleton Gillespie, Microsoft Research New England*
Thorlaug Agustsdottir, Pirate Party, Reykjavik*
Toiya Kristen Finley, Writer
Tom Leckrone, The Tor Project
Urs Gasser
Valerie Aurora, Ada Initiative
Vivian Brown
Wendy Seltzer, Board Member, The Tor Project
Willow Brugh, Berkman Center for Internet and Society*
Zoe Quinn, Crash Override Network