Skip to main content

Domain Privacy at Risk at the OECD in a Devious Move to Bypass ICANN

DEEPLINKS BLOG
July 13, 2015

Domain Privacy at Risk at the OECD in a Devious Move to Bypass ICANN

The powerful interests who shape the development of rules for the Internet have far more resources at their disposal than those who fight for users' rights and freedoms online. As such, they are exceptionally well organized, and you can guarantee for every one of their initiatives that reaches the public spotlight, they have several parallel backup plans that may slip past the radar.

The interest groups and law enforcement authorities behind the proposal to ICANN, the global domain name authority, to limit the availability of privacy services for broadly-defined "commercial" websites are a perfect example of this. That proposal has since blown up into the biggest public consultation ever received by ICANN, and spawned several cross-constituency coalitions and a powerful joint letter. Not only has ICANN issued a face-saving response, but so too has one of the architects of the proposal, the Motion Picture Association of America (MPAA). The MPAA's response belittles the concerns that thousand of respondents expressed, making out that groups like EFF had exaggerated the threat, and that its intention was never to stop commercial users from hiding their registration details from the public.

Yet a concurrent proposal for the revision of the of the 1999 Guidelines for Consumer Protection in the Context of Electronic Commerce [PDF] of the Organization for Economic Co-operation and Development (OECD) proves this to be a lie. The proposed text is not yet public, but the committee has authorized members of the Consumer Policy Committee (including EFF) to consult with other stakeholders on its potential impacts, and for that purpose we can exclusively reveal a text proposal that would require any business engaged in electronic commerce to "make readily available" their "domain name registration information".

What are these OECD Guidelines? As a club of developed countries, the OECD does not make laws as such. However it does make influential standards, such as this one, which serve as a template for the development of domestic laws and policies of member countries. It is highly probable that if the OECD were to adopt new rules recommending that e-commerce websites maintain public domain registration information, then this may find its way into laws and policies around the world—thereby precluding the operators of those websites from availing themselves of privacy protective services. Worst of all, such rules could override any decision made by ICANN to maintain the availability of these privacy services for commercial users. Since a "business engaged in electronic commerce" could simply be a fan artist with a domain name linked to an Etsy store, this proposal amounts to exactly what the MPAA claims it wasn't trying to accomplish at ICANN.

And make no mistake that the ICANN proposal does stem from exactly the same source as this OECD proposal. This is made explicit in a statement that former FCC Commissioner Mozelle Thompson made fully 15 years ago, in a speech about the OECD guidelines:

Because many of you have worked on issued related to ICANN, I wanted to let you know that we have provided comments to the organization about the need for stricter requirements on their part regarding complete and accurate domain name registration information. Already in our law enforcement activities, we have uncovered fraudulent web sites only to be hampered in our ability to track the originators due to incomplete or inaccurate registration data. We believe that domain registrars can help us stop online fraud by requiring complete and verifiable contact information at the time a web site is registered.

You can also be assured that the responsible OECD committee has already been made aware of our concerns about this provision. We provided comments to the OECD on an earlier draft of the same provision on June 18 of this year. Those comments were disregarded, and the latest draft of the text, released last Friday, is exactly the same as the text that we objected to. A copy of a follow-up letter from EFF to the OECD, sent today, is appended to this post.

Thus, the war on domain privacy is being fought on several fronts. The battle at ICANN remains a crucial one, and although the official comment period on the current proposal has expired, we intend to maintain the heat on this issue as the decision makes its way from the Privacy/Proxy Services Accreditation Issues (PPSAI) Working Group, to the GNSO Council, and ultimately to the ICANN Board. You can take action and stand up to preserve anonymity and domain privacy, and we will deliver your message to the next public ICANN meeting in Dublin in October.

Meanwhile, EFF also has users' interests covered at the OECD. We will continue to speak out at the OECD's Committee on Consumer Policy as it finalizes what will become the final draft of the text for consideration at the 90th  session of the Committee, which also takes place in October, leading into the its adoption by the OECD Council at a June 2016 Ministerial on the digital economy.

Back to top

JavaScript license information