Domain name privacy has been a thorn in the side of IP owners and law enforcement officials for many years. It is abused by miscreants ranging from cyber-squatters, counterfeiters, and copyright infringers to trademark violators, spammers and scammers, providing them with a safe harbor to conduct their online operations with relative anonymity and impunity.
Domain privacy services are provided by accredited domain name registrars that list alternative Whois details, providing anonymity to the registrant of a domain name. A similar product is called a proxy service, where the organisation that provides the service (such as the domain name registrar) is the actual registrant and licenses the domain name to the user.
In many cases when an IP owner wants to find out who an infringer is, the ISP or domain name registrant set up very stringent obstacles to protect their client details, such as:
- a court order (in the same jurisdiction as the proxy provider)
- a subpoena (in the same jurisdiction as the proxy provider)
- proof of a pending civil action
- a decision from a WIPO (World Intellectual Property Organization) court in respect of a UDRP (Uniform Dispute Resolution Policy) case
Even in clear cases of intellectual property infringements, IP owners are often forced to wait for weeks – sometimes months – for proceedings to conclude and domain name information to be released.
The University of Cambridge and NPL study into domain privacy abuse
In 2013, ICANN commissioned a study that highlighted the current ad-hoc privacy controls in place with the Whois system. The study was conducted by the University of Cambridge and the National Physical Laboratory (NPL), and concluded – to no one’s surprise – that privacy/proxy services were being abused by criminals.
It showed that the percentage of domain names used to conduct illegal or harmful Internet activities that were registered via privacy or proxy services is significantly greater than those used for lawful online activities.
NPL attempted to contact a sample of registrants using a privacy service that did not seem to be engaging in criminal activity, and found that up to 55% of the time they were unable to be contacted. For domain names that were being used in illegal activity, that number rose to up to 93%. This highlights the problems IP owners have in attempting to resolve issues of IP infringements directly with domain name registrants, who generally have to resort to subpoenas, litigation or dispute resolution to get access to this information.
The study also found that
- 55% of sampled unlicensed pharmacies used privacy/proxy-registered domain names
- 46% of sampled advanced fee fraud cases used privacy/proxy-registered domain names
- 28% of sampled websites hosting illegal child abuse sexual images used privacy/proxy-registered domain names
- by comparison, just 9% of licensed pharmacies and 13% of law firms studied by NPL used privacy/proxy services; on the other hand, 44% of lawful websites hosting adult content and 28% of legitimate banks studied by NPL used privacy/proxy-registered domain names
Some IP owners publicly supported the conclusions of the reports, such as the InterContinental Hotels Group, which responded to the report that the “study provides objective evidence to support urgent need for ICANN to initiate processes to oversee and regulate privacy and proxy services providers.”
General Electric Company (GE) also responded that the findings were generally unsurprising, but also commented that the study did not fully elaborate on issues of media and software privacy, or trademark infringement (i.e. counterfeiting), and called on ICANN to undertake a full study that looked at the full gambit of IP abuse on the Internet via domain privacy and proxy settings.
Despite the report’s limited scope, it provided clear evidence that the domain name privacy service was being abused by criminals and IP infringers, and encouraged ICANN to take steps to start to address the issue.
Where are we today?
This issue has very sensitive elements to it, and both the IPR groups and pro-privacy camp are equally passionate about their respective positions. Well-executed campaign by the pro-privacy brigade, and a lack of participation in the debate from individual IP owners, has seen the tide turn against IPR owners, but the debate is still in the open and with the increasing level of criminal activity that hides behind domain name privacy, it is likely that this debate will continue on for some time.
If you want to find out a 3rd parties details
Each Registry, Registrar and ISP has some form a policy for dealing with these types of information requests. Where a subpeona is the only seeming course of action, there are other strategies that you can follow to gain this information, such as launching a DRP proceeding where the Registry will release details of the Respondent, and other arbitration mechanisms, for dispute management purposes. This is in one example, but a lot cheap than going through the courts.
Brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.