The members of the Non-Commercial Stakeholder Group of the GNSO indicated below
have reviewed the findings published by the Study on Whois Privacy & Proxy
Service Abuse. We are submitting the feedback below in response to the study
and its findings:
As per the scope and definition of the study set by ICANN and agreed upon by
the different members of the community who drafted its terms of reference found
the scope of the research and hypothesis testing was “To focus on study goals,
this sample will be composed exclusively of domains involved in illegal or
harmful Internet communication, as documented by organizations that routinely
track, investigate, and/or remediate various kinds of activities”.
In choosing to test the validity of a second hypothesis comparing the use of
privacy/proxy services between lawful and illegal activity on the Internet, the
research team went beyond the scope and mandate of the study as defined by the
terms of reference. We find this decision to be highly questionable, and
request an explanation as to how and why this occurred.
Furthermore, we find that the selection of the study group, especially in WP6,
was problematic in achieving its intended goal of comparing domain name
registrations between lawful and illegal activity on the Internet.
This selection was described as follows: “The categories have been chosen to
approximately mirror the criminal and harmful sites studied in some of the
other work packages. However, these categories do not necessarily reflect
overall usage of privacy or proxy services by the totality of all lawful and
harmless websites.” Note also that WP6’s focus on lawful activities was beyond
the scope of study described on page 32 of section 12.
Further, the diversity of the study group included in WP6 excluded a number of
potential users of Whois privacy and proxy users whose results would have been
more generalizable. Examples of excluded organizations include but are not
limited to human rights organizations, minority rights organizations, religious
organizations, political groups, as well as activist groups (political and
Thus, the second hypothesis is invalid: “The percentage of domain names used to
conduct illegal or harmful Internet activities that are registered via privacy
or proxy services is significantly greater than the percentage of domain names
used for lawful Internet activities that employ privacy or proxy services”.
This hypothesis was far beyond the scope of the study, and its results might
have still been significantly different had the sampling of the study group,
particularly that in WP6, been broadened to include lawful activities in the
human rights and minority speech and activity area outlined in the paragraph
We believe that excluding these activities from WP6 makes it difficult to
generalize the findings of the study beyond the sample selected to be
researched. We feel that this is a clear example of how avoidable errors in
judgment could be made when going beyond the scope outlined in the terms of
reference of the study.
We highlight the finding of the limited role of DNS Whois in the countering of
unlawful activity outlined in section 3 of the study, particularly in combating
violations of criminal law (as opposed to civil law). Simply put, other forms
of tracing are better and the study provides a context for the limited role of
Whois in cybercrime.
Insightful comments of the report include:
“Webpage ‘take down’ is achieved by communicating with someone who can suspend
the web hosting and/or with someone who has sufficient access to the website to
make the necessary changes.” and
“The hosting company can often be identified by looking up IP addresses in the appropriate Regional Internet Registry (RIR) Whois system rather than the domain name Whois system which we consider here.”
We find that the choice to quantify accessibility of registrants using phone
numbers listed in the Whois database is highly questionable and deeply
problematic. This concern was addressed at length as part of the final
negotiations over the new Registrar Accreditation Agreement (RAA), during which
registrars received the requirement to validate one field, and there was a
clear discussion as to whether it would be via telephone or email. During these
discussions, many registrars expressed that validation of email addresses was
the far less-invasive, less-sensitive, much more responsible piece of data to
validate for their registrants/customers.
This was found to be especially true for registrants in the U.S., where the
majority of the study sample of the research conducted was selected. Had the
researchers attempted to contact registrants using email addresses listed in
the Whois database, the results would have most likely been significantly
Finally, a very important emphasis should be made for the purpose of future
policy development; that in validating a hypothesis that “A significant
percentage of the domain names used to conduct illegal or harmful Internet
activities are registered via privacy or proxy services to obscure the
perpetrator’s identity”, the meaning of significant percentage should not be
misinterpreted as the majority. In this context, the meaning of significant
percentage is referring to the statistical significance in the quantitative
analysis performed. The fact that this is not equal in meaning to stating that
the majority of the domain names used to conduct illegal or harmful Internet
activities are registered via privacy or proxy services to obscure the
perpetrator’s identity is evident in the table on page 45/section 16 of the
In fact, this table shows remarkable findings, including:
– that the the range of percentages of usage of privacy and proxy services in
domain names registered maliciously was LOW and BELOW 50% in EVERY CASE BUT ONE
– Less than a third of known bad actors in child abuse image-related activities
use proxy registration services.
– and one one set of “bad actors” is over 50% (with 54.8% for unlicensed
pharmacies, the highest percentage of use of proxy/privacy services in the
study, and the ONLY one over 50%). We further note that not all countries
required licensing of pharmacies in the same way, so the classification may
well include legitimate pharmacies in non-Western countries.
Overall, it is important in making the distinction in this case between what is
statistically significant and what is a majority of use, and that one should
not be misinterpreted to refer to the other in meaning.
In conclusion, scientific approaches and empirical data, properly done and in
keeping with the scope of the ICANN-Community defined Terms of Reference, may
be useful in supporting policy analysis and the policy decision-making
process. However, the methodology used here means that these research findings
are fundamentally flawed, show bias and are therefore not a safe basis for
policy development. While we appreciate the efforts of the research team on the
work done in an effort of producing the final report, we respectfully but
strongly submit that the results of this study do not provide the necessary
insight to support policy decisions at this time, and require more Whois
privacy and proxy service abuse research to be conducted.
We hope future studies will refrain from deviating from the terms of reference
as set by the community, whether this involves the scope of the hypothesis or
the samples selected to conduct the research. As is, the findings of this study
are hardly conclusive and cannot be found to be generalizable for the purpose
of policy development. We hope to see more of this type of initiative in the
future, and would be willing to contribute in any way we can.
NCSG members who support this statement include: