[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

part 2 - Comments of CDT

Comments of the Center for Democracy and Technology
on the WIPO Interim Report and
on the ICANN Guidelines for Accreditation of Internet Domain Name Registrars:

Privacy and Other Human Rights Implications
of the Domain Name System

26 February 1999

Part 2

Models of Responsible Database Management

The information in any DNS database need not be viewed in a unitary fashion. Some elements may be treated as public information while others are not. For example, some information must be made available to Internet users in order to support the technical functioning of the Internet. It does not follow, however, that the home address of a domain name holder should be available to all requesters without restriction. Even for information that must be broadly available for technical reasons, however, different methods can be employed to make the information available. Even with a more open database, some information might be made public directly, other information might be searchable, and yet other information might not be disclosable at all or only with cause. Regardless of the management structure, standards for access that consider and protect privacy principles should be established.

There are several models that could be adopted in managing the DNS system databases:

(1) The database could be regarded as a public register, subject to government regulation, which might permit anything from unrestricted access to very limited access by authorized users only.

(2) The database might be treated as the private property of a domain name registrar to be used and made accessible as the registrar sees fit in accordance with rules agreed to by the registrar and its customers.

(3) Another approach would be to consider the database as privately produced but subject to governmental regulatory controls.

(4) The database could be viewed as privately controlled but subject to rules and limitations developed by a non-governmental body such as ICANN or an international body.

Whether publicly managed or privately owned, access to the database can be made available at several different levels, and careful consideration must be given to the impact that each of these possibilities will have on the privacy of Internet users. Legal models already exist that offer valuable points of reference.

Public or Private Management, Unlimited Access

Some public and private records are available for unrestricted public search and use.
Example are the land ownership records, corporation registration statements, liens and other commercial documents required by law to be filed with a government agency and made available for public inspection. In the U.S., private companies routinely obtain the full content of such records, often in bulk, and sell them to their clients. Increasingly, governments are making these records available online, and increasingly privacy concerns are being raised, leading to a reevaluation of disclosure policies.

If some or all of a DNS database is freely accessible to all, the information might be employed for a variety of purposes, including the promotion of competition, marketing, research, government functions, Internet governance, government functions, and other activities. Some or all of these activities may impinge on the privacy interests of individuals and the confidentiality interests of legal persons. If the database is only made available through a search engine, users may be unable to compile a copy of all or part of the database. However, the ability to duplicate the database may depend on how the search engine is configured. The issues to be decided include how searches may be performed, what information is made available from the search process, and who is permitted to perform searches.

Private Management, Regulated Access

Some privately owned records are expressly regulated for reasons that include efficiency, public confidence, and personal privacy. The European Union's Data Protection Directive is an example of regulated access on a transnational level. The directive requires EU member states to enact laws with specified limitations on the collection, maintenance, use, and disclosure of personal information by public and private record keepers. Those who maintain personal data in any state must disclose information on their personal data processing operations to the supervisory authority of the state. The states are then required to establish a register of processing operations open for inspection by any person. The policy is that some information about data processing activities that affect individuals must be placed in the public domain for inspection by all.

In the U.S., the Fair Credit Reporting Act offers another example. Privately owned and operated consumer credit reporting companies must collect, maintain, and disclose their records in accordance with federally prescribed standards. The law benefits the subjects of consumer credit reporting records who are not customers of the credit reporting company.

Another useful example comes from the U.S. law and regulations establishing rules for the use of customer proprietary network information (CPNI) by telecommunications carriers. CPNI is information maintained by a telephone company describing who and when a customer calls and what telephone features the customer uses. When Congress deregulated the telephone industry in 1996, it recognized the need to establish policies for telecommunications companies for use of this information. The resulting complex rules provide that customer consent must be obtained before some information in the possession of the telecommunications company can be used for marketing directly to the customer. Subscriber list information, however, can be used without restriction. The rules provide for the sharing of CPNI with competing carriers with customer consent. A company may not use CPNI to regain the business of a former customer.
The CPNI rules may be particularly relevant to the DNS question because they were intended to strike a balance between privacy and competitiveness interests. Registrars may compete with each other for registration business, and they may compete with other businesses for ancillary products and services.

Public Management, Regulated Access

It is possible that, in some jurisdictions, a government agency will serve as a domain name registrar. If so, then rules regulating government databases will apply, both in terms of restrictions and access. Voter registration records are an example of a public register with regulated access. While access policies in the U.S. vary considerably from state to state, some states limit access to those who have a proper purpose recognized by state law. California allows access to any person for an election, scholarly, journalistic, political, or governmental purpose, and those seeking records must explain their intended use. Pennsylvania requires users to state in writing that the registration records will not be used for purposes unrelated to elections, political activities, or law enforcement.

The Driver's Privacy Protection Act, a U.S. federal law that regulates how the states make personal information from motor vehicle records available for public use, illustrates the potential complexity of regulating the use and disclosure of records. Motor vehicle records are used for many purposes and by many institutions not directly related to the regulation of motor vehicles. The Act allows many of these purposes and restricts others. A major feature of the Act is the provision giving individuals a choice in certain uses. Before a state can make records available in response to individual inquiries or for marketing uses, the state must give each individual an opportunity to opt-out of the disclosure. The Act has resulted in a considerable amount of constitutional litigation over the authority of the federal government to impose these limitations on the states. However, the model of individual choice over the disclosure of some information for some uses remains relevant.

While it is unlikely that an agency of the U.S. government will serve as a registrar, it is useful to consider by analogy the effect that U.S. laws would have on a DNS database run by a federal government body. The records management provisions of the Privacy Act would not be likely to cause any special problems. However, the requirement for recording the date, nature, and purpose of each disclosure of a record might result in the maintenance of a separate compilation of information about anyone who obtained data from the domain name holder database. The Act permits disclosure of records to law enforcement agencies without the need for legal process. If the entity responsible for the DNS database were a federal agency, the federal Freedom of Information Act might require disclosure of some or all of the database in a manner that might be inconsistent with general rules for registrars. The FOIA might require the disclosure of the identity of those who use the database to retrieve information. Open records laws vary considerably around the world, and other types of conflicts between openness laws and database disclosure rules could arise.

International Enforcement of Privacy Standards

Privacy regulatory regimes differ around the world, and efforts are underway to reconcile the differences. Regardless whether those efforts succeed, the domain name holder database may present some unique problems. Because of the global nature of the Internet, supporting records may have no natural jurisdictional locus. Alternatively, the records may have multiple loci. For some or many domain name registrars, the data subjects will be located in different jurisdictions. Thus, the same jurisdictional questions that surround other Internet activities will arise with the database.

Many existing requirements of national data protection laws can work for a domain name holder database located within the jurisdiction of those laws. However, problems will arise. The EU data protection directive includes exceptions and restrictions for national security, defense, public security, criminal investigations and prosecutions, important national economic interests, and the protection of data subjects and the rights and freedoms of others. How these exceptions and restrictions might be applied to the DNS database is a major issue. If widely divergent exceptions and restrictions are imposed in different countries, privacy protections afforded in one jurisdiction may be unavailable in another. Another set of issues derives from the EU Directive's requirement that data controllers define in advance the purposes of the processing for which the data are intended and the recipients or categories of recipients to whom data might be disclosed. In order to meet this requirement, it will be necessary to identify and resolve in advance uses of the DNS database.

Free Speech Concerns

The assignment of domain names creates numerous possibilities for infringements on the international human right to free expression. Will registrars have the authority to deny registration to domain names that they find offensive or obscene? We expect that registrars will face pressure to deny or revoke registration to domains hosting unpopular content. In particular, we have already seen governments pressure for denial of service to their critics. ICANN should address this threat, and develop rules that insulate or bolster registrars and registries against this kind of pressure.

WIPO's proposed trademark dispute resolution practices also have the potential to chill speech. Professor Michael Froomkin notes in his comments on the WIPO Interim Report that the "right of personality," when politicians, actors, and other famous people are given the trademark rights over their names, can "constrain expressive activity if, for example, politicians could claim that their critics were not allowed to register their names as domains." Also under the guise of trademark infringement, companies could prevent consumers from criticizing their products. The threat of having personal contact information revealed threatens the anonymity that makes Internet communication unique, and might prevent domain name holders from publishing their opinions. Internet users should not have to sacrifice their privacy to exercise their rights to free speech.

Human rights activists were among the first to recognize the power of the Internet as a democratizing medium. In order to assist in developing guidelines that will assist registrars and registries in resisting government, WIPO and ICANN should undertake a broader consultation that gives human rights and public interests communities their "seats at the table."


In their current form, neither the WIPO Interim Report nor the ICANN guidelines adequately addresses the issue of privacy standards on an international level. Technical means and a variety of legal mechanisms -- including contracts, license agreements, and statutes -- might be employed to enforce the limitations. Whether any of these mechanisms would be effective in the global Internet environment, however, remains to be seen.

These comments have attempted to illustrate the complexity of the choices that are involved in designing the DNS databases and the rules that will govern them, as well as to encourage open discussion regarding the privacy implications of these choices. At ICANN and WIPO, this discussion should involve representatives from beyond the trademark and technical communities. Domain name holders, registrars, data protection authorities, national governments, Internet users, civil rights and other advocacy organizations, merchants, advertisers, marketers, journalists, libraries, and others also have an interest in the rules that govern the collection, maintenance, use, and disclosure of the domain name holder database.

Furthermore, we should keep in mind that domain name management process has the potential to reach beyond the mere handling of personal information to influence the rights of Internet users in a larger context. For example, the WIPO Interim Report already suggests the possibility that when a domain name is used in connection with political activities, disclosure of contact details might lead to threats of suppression of freedom of expression. Internet users should not have to sacrifice their privacy and personal safety to exercise their right to free speech and expression. These larger civil liberties issues should be considered in the ongoing dialogue about domain name management.