Make Private Domain Registrations Illegal

Originally, the ability to identify the owner of an Internet domain was considered so important that every domain registrar was required by ICANN regulations to have an easily located Whois link on its web site. The prevalence of spam resulted in a very popular option that Internet domain registrars offer with domain registrations, namely, to make the contact information private. This means that if someone decides to search with a feature called "Whois" to see who owns a domain, instead of actual names and addresses of the person or organization that registered the domain, the real information is replaced by falsified information that traces back to the registrar. Over the years, private registrations became as common as normal registrations.

In recent years, irresponsible laws unilaterally imposed on the world by the European Union have made Whois searches almost worthless. Many domain registrars have redacted all of their publicly available contact information for fear of running afoul of the misguided privacy regulations in the GDPR. On top of that, the popularity of private registrations usually makes a Whois search today an exercise in futility. As an IT professional, I can't even determine what the contact information is for domains that my own clients claim to own so that we can have the logon information reset if it has been lost or forgotten. I can't even determine if they are correct when they claim to have registered a domain, or if their web developer might have done it for them.

The need for publicly accessible contact information for a domain has only increased in recent years. It is no less essential today than it was when the Internet first developed in the late twentieth century. The prevalence of malware, ransomware, and other criminal activities on Internet makes the European Union's actions look downright foolish, and it makes the rest of the world look like a bunch of sycophantic buffoons as everyone blindly follows the lead of a controversial government that gets lots of other obvious stuff wrong besides.

The truth of the matter is that private domain registrations provide cover that is simply too convenient for criminals. As things stand today, even without the European Union's naive approach to privacy, anyone can register a domain name for any reason, and by checking the box marked "private," one needs a court order to have any hope of determining even who registered a domain name, much less have a reasonable chance of determining why it was registered.

If someone wants to purchase land, the identity of the owner becomes a matter of public record. Purchasing land is a public act. Granted, one could possibly create any number of shell companies to obfuscate the individual or company that ultimately owns the land-- but even all of that in the end constitutes a public act, and, therefore, becomes publicly available information available to any citizen. If someone wants to enjoy the public benefits of land ownership, the tradeoff is that the public act is traceable. If you don't want anyone to know that you own land, your alternative is to rent. The public can't be expected to enforce someone's claim on land if the identity of the owner is secret.

Similarly, if a man and a woman want to marry, they must take public vows before witnesses and have their marriage recorded by a minister or government clerk and placed in the public record. The possibility of a secret marriage is not generally allowed as it leaves open too many avenues for abuse. If you want to learn if a particular man and woman are legally married, you can request a search of public records in a place where they are believed to have taken vows; no court order is required-- and no suspicion of criminal activity is necessary.

In exchange for allowing a person or company to make an enforceable claim on an Internet domain name, requiring that the identity of the claimant be made public is not at all unreasonable-- in fact, in today's world where Internet crime is rampant, such disclosure is absolutely essential. As far as the notion of obtaining a court order is concerned, the world simply moves too fast, and crime is too prevalent to strip the public of such basic protection against rogue registrations. If someone needs to decide whether to click on a link or open an email, instant access to true, correct, and complete registration information is essential. By the time a court order is obtained, the criminals have already covered their tracks.

The domain registrars are likely quite happy enforcing the GDPR regulations as they are probably making a killing on bulk registrations made by criminals, and the private registration option can add 10% to 20% to the cost of a domain registration. The criminals are quite happy to hide behind falsified and redacted information. The time has come to put a brake on these nefarious activities. It is time for the rest of the world to catch up to reality and assert its right to regulate what ought to be public activities in a sensible, sane way. The time has come for the world, starting with the United States, to thumb its nose at the clueless people who run the European Union and make private domain registrations illegal.

Any domain registrar that operates in our country should be required to abide by our laws, not those of an entity that we neither elected nor control-- an entity that does not speak for citizens of the United States. (If you live in another country, feel free to substitute the name of your country; you shouldn't be bullied by the European Union either.) Our law should require that every single domain registration be accompanied by publicly available contact information. Redacted and obfuscated information should be absolutely prohibited, barring a court order, which should be the exception, not the rule.

Obviously, we'll still have criminals that register domains to companies whose principals are unclear. We'll still have secret government agencies registering domain names for murky purposes. Still, at least one will be able to see who does not own a domain. If a criminal registers a misspelling of a legitimate domain, at least we will be able to see that it wasn't registered by the owners of the legitimate domain. If a criminal attempts to compromise your computer, you'll at least be able to see at a glance who might be responsible, or at least if the domain was registered by someone located in an unfriendly country. You might even be able to stop a compromise by making an informed decision about whether to proceed to a questionable web site, instead of being forced by bureaucrats in a far-away place to take a wild guess with potentially catastrophic consequences if you guess wrong.

Write your senator and representative in Congress today and demand an end to private domain registrations, at least in this country. Perhaps we can't control other countries, regardless of how foolish they are, but neither should they be allowed to control us by imposing their foolishness on us.

Valid HTML 4.01 Strict