The governing body that oversees the internet’s naming system is considering wide-ranging changes to the way domain names are registered. The changes are designed to protect the privacy of people who own websites, but critics argue that such a move would make cybercrime harder to fight and possibly even stifle future innovation.
When you buy a website, say for example qz.com, you have to provide certain registration details to the non-profit Internet Corporation for Assigned Names and Numbers (ICANN). In the case of corporate websites, it’s easy enough: just use the office address, phone number and company name. But it is trickier for individuals. Just because you want people to find your work at yourname.com doesn’t mean you want to give away your home address and phone number.
At the moment, anyone can find out who owns a website through a simple and easily accessibly online tool called WHOIS. For example, here are the details for qz.com. But this system is widely considered “broken.” To register a domain name, you usually go to a registrar such as GoDaddy. Most registrars will cloak your details for a small fee. Some such as Dreamhost do it by default. Crooks and shady business exploit these privacy tools to hide their origins, but so do regular people who want to hide from spammers. That means the information is patchy at best. And these workarounds come with all sorts of legal implications, including confusion over who actually owns the domain name.
If it’s broken, don’t fix it
Late last year ICANN, which runs the website-naming system, assembled a group of experts to address the issue. Instead of trying to fix it, they decided to redesign it. What the group suggests in a report issued earlier this year is a new system where all information is protected by default and kept in a central repository, called the Aggregated Registration Data Service (ARDS). Some basic technical information like the servers being used will still be easily available. But for data like names and phone numbers, the system will ask interested parties to register and provide a reason for their requests.
Not everyone is happy with the proposed changes. Critics argue (pdf) that the group wants to “centralize global control over who gets to access that key Internet information, what can be done with it and why.” Others say it will allow governments easy access to information but freeze out individuals. And the idea of a single store of information is seen by some as as antithetical to the open, decentralized ideals of the internet.
“It democratizes privacy, which is nice,” Robert Hansen, a computer security expert at WhiteHat Security, told Quartz. But law enforcement agencies will have no trouble getting access, he adds. “What it does protect against is guys like me and I’d consider myself a good guy. So I would naturally oppose a concept like that, but that doesn’t mean it’s bad.”