I may not need Domain Privacy, but others do!

[Lim Benjamin <mail@xxxxxxxxxxxxxxx>]

Dear ICANN,

I will not attempt to speak on behalf of the oppressed or the
discriminated. There are already enough voices out there advocating the
importance of domain privacy in allowing them a safe haven to express
themselves.

I would instead like to impress on you the importance of domain privacy for
small businesses. They may not have to worry about governments or right
wing fanatics bothering them at their workplace, but the same personal
information can be used by malicious individuals to carry out scams.


​

My domain's lease was expiring recently and I received the following email
containing an invoice to renew my domain. Upon opening the email, I
realised that the email was not from my domain registrar and the amount
quoted was much higher than the approximate $10/year for a .com domain. I
was able to determine that the email was from a scammer. The scammer
obtained all the pieces of information including full name, address, phone
number and domain expiry date through public WHOIS information.

Domain owners out there include many small businesses, whose employees
might not be savvy enough or familiar with their domain registrar. Without
domain privacy, these people would end up as victims of these scams. Thus,
abolishing domain privacy would not reduce incidence of fraud, but instead
result in an increase.

To further prove my point, a similar incident involving company
registration occurred in Singapore. The official national regulator of
businesses in Singapore is the Accounting And Corporate Regulatory
Authority (ACRA). However, a company, Data Register Pte Ltd, sent out
letters to companies claiming that their company's information will be
"deleted" from the database if a fee is not paid. They are able to do so
because they can look up the company's name, address and business
registration number from ACRA's site. Over 2000 queries were been made and
a number have paid the fees as they believed Data Register Pte Ltd to be
the legitimate regulator of businesses. This proves that a similar scam
would work on domain name registration. Data Register Pte Ltd even sent out
lawyer letters claiming to be a legitimate company providing directory
services and the fee it was charging was for inclusion into its own
database.

Should domain privacy be abolished, I am afraid that similar scams may be
pulled off on domain name registrations on a wider scale. It may not be
possible to seek legal recourse if the language in the email is
sufficiently ambiguous and actual directory services are provided.

Information source:
https://www.acra.gov.sg/uploadedFiles/Content/News_and_Events/Press_releases/PR_2014_02.pdf

This letter is published at
http://limbenjamin.com/articles/open-letter-to-icann-on-ppsai](http://limbenjamin.com/articles/open-letter-to-icann-on-ppsai

--
*Benjamin Lim*
E: mail@xxxxxxxxxxxxxxx
PGP : https://limbenjamin.com/pgp <http://limbenjamin.com/pgp>

Attachment: domain_renew_scam.png
Description: PNG image