Web users still fighting uphill battle for privacy

Associated Press

NEW YORK — Every time John Levine registers a new Internet address, he can count on somebody calling, mailing or faxing him a sales pitch for Web site hosting, high-speed access or the like.

John Levine, author of "Internet for Dummies," is one of millions of Web users who fight the endless barrage of junk mail. Levine's 150 domain names invite a steady stream of solicitations. Associated Press

They cost him money, too. Faxes use up paper and ink, while junk mail fills his trash can more quickly — he pays disposal fees by the can in rural Trumansburg, N.Y.

Complaints from Levine and other Internet users are raising questions about the automatic public disclosure of contact information — such as names and phone numbers — on anyone who registers a domain name.

"The fact that it's public information doesn't mean it's an invitation for every lamebrained marketer in the world to pitch stuff," said Levine, author of "The Internet for Dummies" and an enemy of unsolicited e-mail.

Originally meant as a way to reach domain name owners in case of technical trouble, the information is now widely exploited. Marketers willing to fork over up to $10,000 annually can even buy data sets in bulk from businesses that register domain names.

As it stands, anyone registering a domain name must provide a name, e-mail address, postal address and telephone number. The data go into databases called Whois — akin to a global phone directory but without the option for an unlisted number.

A committee of the Internet Corporation for Assigned Names and Numbers, the organization that oversees domain name policies, circulated a survey this month asking Internet users how they use Whois and whether they believe policy changes are needed.

Some people want access restricted to such data to protect themselves from marketers, even stalkers. But trademark-holders, among others, want easy access to remain easy.

Separately, a congressional committee has scheduled hearings next month on Whois databases and intellectual property rights.

Paul Kane, ICANN's Whois committee chairman, says the survey was prompted in part by new requirements of the European Union and Canada for protecting personal data.

Responses are due by July 31. Although no policy recommendations are expected for at least several months, the survey still marks a recognition that practices developed in the Net's early days aren't always fit for the present.

Similar privacy concerns have been raised with Finger, a technique for determining whether or where someone is online.

Both Whois and Finger were developed when the Internet's population was small and limited largely to government and university researchers. Net users knew then who their colleagues were online.

That's not the case these days. As well, more individuals now have personal Web sites. So what's disclosed are home addresses and phone numbers.

"The Internet is maturing certainly, and as it matures one has to reflect the situation," Kane said.

Whois information is obtained by accessing servers at companies that register domain names.

Internet users can find out whether a name is available, as well as whom to contact for possible purchase if a name is already taken.

Businesses use Whois to pursue potential trademark violators and to contact the owners of sites that post copyrighted materials without permission.

"It's an important tool in policing the new medium," said Dov Scherzer, a New York lawyer who specializes in information technology.

When ICANN introduced competition to the registration business in 1999, it required registration companies to make Whois data available in bulk.

The idea, said ICANN chief policy officer Andrew McLaughlin, was to prevent any one company from controlling the market for related services by having a lock on the data.

Bulk purchasers were forbidden from using data for e-mail solicitations. And in May, they were additionally barred from using it for fax and telephone pitches.

Even so, restrictions are sometimes ignored. And direct mail is still permitted.

VeriSign Inc., one of the dominant registration companies, actively marketed domain name data in recent months, promoting it as "access to the key decision-makers behind millions of leading Web businesses."

VeriSign officials say they marketed only sites belonging to businesses, gave them the option to opt out and did not include e-mail addresses. They say the practice is fundamentally no different from what competitors do.

Another registration company, Tucows Inc., wants the ability to sell data only with the explicit permission of customers, an approach known as opt-in. ICANN guidelines now require companies to assume permission unless customers specifically opt out.

Although database sales are not major revenue sources for registration companies, they could be highly valuable to marketers, who could potentially generate thousands of dollars in sales leads.

Register.com had to take a Web site hosting company, Verio Inc., to court when Verio wrote software that automatically pulled contact information from Register's domain name registration databases.

Verio is appealing a preliminary injunction issued to Register, which had complained of unfair marketing.

Lauren Weinstein, who runs an e-mail discussion list on privacy, worries that unless privacy issues are addressed, Whois will no longer be useful for its original purpose — reaching technical contacts.

Already, he said, individuals falsify contact data for fear of unsolicited marketing.

"People are so livid about their information being misused," he said. "If that information starts to become corrupted, ... that could affect the stability of the Internet."