A few weeks ago, the US National Telecommunications and Information Administration (NTIA), asked the public for input on ways to improve consumer privacy.
The NTIA wants to increase the privacy of users through more transparency, user control, minimization of data collection, and security, among other things. This is particularly important when it comes to online platforms.
“Often, especially in the digital environment, these products and services depend on the collection, retention, and use of personal data about their users,” NTIA wrote.
“Users must therefore trust that organizations will respect their interests, understand what is happening with their personal data, and decide whether they are comfortable with this exchange.”
The request came a few months after the EU’s new privacy regulation, the GDPR, was implemented. The GDPR requires many online services and tools to tighten their privacy policies, which also affects domain registrars.
As of June 2018, ICANN implemented a temporary measure to restrict access to personal data that would previously have been available through WHOIS, unless explicit permission is given. A welcome privacy change to many domain registrants, but anti-piracy groups are not happy.
While the limited WHOIS data is supposed to improve user privacy, the MPAA tells the NTIA that the opposite is true. They believe that opening it up again “will advance privacy while protecting prosperity and innovation,” in line with NTIA’s aims.
The MPAA is taking a different approach when compared to most of the other comments we’ve seen. For example, more transparency is generally seen as services being more open about what personal information they collect and share.
Or, as the NTIA puts it: “Users should be able to easily understand how an organization collects, stores, uses, and shares their personal information.”
The MPAA says that when it comes to WHOIS data, sharing more personal data in public – as it was in the past – benefits the public at large. Sharing personal data of all website owners allows visitors to check who they are dealing with.
“Users are not ‘reasonably informed’ or ’empowered to meaningfully express privacy preferences’ if they cannot determine the entity behind a website,” the MPAA explains.
“Continued access to WHOIS data will help consumers identify domain name registrants and web site operators when necessary, advancing the NTIA’s user-centric outcome of transparency.”
In other words, the MPAA believes that it is important for WHOIS data to be ‘transparent’ so the public can decide whether they can trust a website with their personal details. That’s a bit of a shift when compared to how other commenters approached this question.
Of course, there’s also a downside to public WHOIS data. In the past, other organizations have warned that WHOIS details may make it easier for criminals to harass website owners, as their digital and real-life addresses are listed publicly.
The Hollywood group realizes that there are possible concerns. It notes, however, that a risk analysis weighs in favor of restoring full WHOIS access, adding that registrants only have to provide “mundane” information.
“The risk to registrants is also comparatively small, as they, too, have long operated with these types of obligations and the information they must provide is relatively mundane data used to contact them,” MPAA writes.
The group, therefore, calls on the NTIA to ensure that the original WHOIS requirements are restored. Not just to help Hollywood to fight piracy, but also to address other crimes, including sex trafficking and illegal drug sales.
“This overbroad application of the GDPR is already hindering the ability of law enforcement agencies and others to investigate illicit behavior — including sex trafficking, unlawful sale of opioids, cyber-attacks, identity theft, and theft of intellectual property,” the MPAA warns.
Concerns about limited WHOIS data are not new. Previously, a group of 50 organizations warned that it makes pirates harder to catch, which is of course the MPAA’s main stake in the matter.
A copy of MPAA’s full submission is available here (pdf).