Open letter to ICANN on PPSAI

Subject: I may not need Domain Privacy, but others do!
From: Benjamin Lim <mail@limbenjamin.com>
Date: Fri, 3 Jul 2015 18:12:52 +0200

Dear ICANN,

I will not attempt to speak on behalf of the oppressed or the discriminated. There are already enough voices out there advocating the importance of domain privacy in allowing them a safe haven to express themselves.

I would instead like to impress on you the importance of domain privacy for small businesses. They may not have to worry about governments or right wing fanatics bothering them at their workplace, but the same personal information can be used by malicious individuals to carry out scams.

Domain renew scam

My domain's lease was expiring recently and I received the following email containing an invoice to renew my domain. Upon opening the email, I realised that the email was not from my domain registrar and the amount quoted was much higher than the approximate $10/year for a .com domain. I was able to determine that the email was from a scammer. The scammer obtained all the pieces of information including full name, address, phone number and domain expiry date through public WHOIS information.

Domain owners out there include many small businesses, whose employees might not be savvy enough or familiar with their domain registrar. Without domain privacy, these people would end up as victims of these scams. Thus, abolishing domain privacy would not reduce incidence of fraud, but instead result in an increase.

To further prove my point, a similar incident involving company registration occurred in Singapore. The official national regulator of businesses in Singapore is the Accounting And Corporate Regulatory Authority (ACRA). However, a company, Data Register Pte Ltd, sent out letters to companies claiming that their company's information will be "deleted" from the database if a fee is not paid. They are able to do so because they can look up the company's name, address and business registration number from ACRA's site. Over 2000 queries were been made and a number have paid the fees as they believed Data Register Pte Ltd to be the legitimate regulator of businesses. This proves that a similar scam would work on domain name registration. Data Register Pte Ltd even sent out lawyer letters claiming to be a legitimate company providing directory services and the fee it was charging was for inclusion into its own database.

Should domain privacy be abolished, I am afraid that similar scams may be pulled off on domain name registrations on a wider scale. It may not be possible to seek legal recourse if the language in the email is sufficiently ambiguous and actual directory services are provided.

Information source: https://www.acra.gov.sg/uploadedFiles/Content/News_and_Events/Press_releases/PR_2014_02.pdf

This letter is published at http://forum.icann.org/lists/comments-ppsai-initial-05may15/msg10903.html

--
Benjamin Lim
E: mail@limbenjamin.com
PGP : https://limbenjamin.com/pgp