Comment by Members from the NCSG on the “Study on Whois Privacy & Proxy Service Abuse” Commissioned by ICANN

[Amr Elsadr <aelsadr@xxxxxxxxxxx>]

Hello,

The below statement was drafted by members of the NCSG as feedback to the final 
report of the Study on Whois Privacy & Proxy Abuse, and has received 
endorsement from the following members of the NCSG:

Kathy Kleiman
Milton Mueller
Wendy Seltzer
William Drake
Edward Morris
Joy Liddicoat
Maria Farrell
Avri Doria
Amr Elsadr


Comment by Members from the NCSG on the “Study on Whois Privacy & Proxy Service 
Abuse” Commissioned by ICANN

The members of the Non-Commercial Stakeholder Group of the GNSO indicated below 
have reviewed the findings published by the Study on Whois Privacy & Proxy 
Service Abuse. We are submitting the feedback below in response to the study 
and its findings:

As per the scope and definition of the study set by ICANN and agreed upon by 
the different members of the community who drafted its terms of reference found 
at http://gnso.icann.org/issues/whois/whois-proxy-abuse-study-18may10-en.pdf, 
the scope of the research and hypothesis testing was “To focus on study goals, 
this sample will be composed exclusively of domains involved in illegal or 
harmful Internet communication, as documented by organizations that routinely 
track, investigate, and/or remediate various kinds of activities”. 

In choosing to test the validity of a second hypothesis comparing the use of 
privacy/proxy services between lawful and illegal activity on the Internet, the 
research team went beyond the scope and mandate of the study as defined by the 
terms of reference. We find this decision to be highly questionable, and 
request an explanation as to how and why this occurred.

Furthermore, we find that the selection of the study group, especially in WP6, 
was problematic in achieving its intended goal of comparing domain name 
registrations between lawful and illegal activity on the Internet. 

This selection was described as follows: “The categories have been chosen to 
approximately mirror the criminal and harmful sites studied in some of the 
other work packages. However, these categories do not necessarily reflect 
overall usage of privacy or proxy services by the totality of all lawful and 
harmless websites.” Note also that WP6's focus on lawful activities was beyond 
the scope of study described on page 32 of section 12.

Further, the diversity of the study group included in WP6 excluded a number of 
potential users of Whois privacy and proxy users whose results would have been 
more generalizable. Examples of excluded organizations include but are not 
limited to human rights organizations, minority rights organizations, religious 
organizations, political groups, as well as activist groups (political and 
others). 

Thus, the second hypothesis is invalid: “The percentage of domain names used to 
conduct illegal or harmful Internet activities that are registered via privacy 
or proxy services is significantly greater than the percentage of domain names 
used for lawful Internet activities that employ privacy or proxy services”.  
This hypothesis was far beyond the scope of the study, and its results might 
have still been significantly different had the sampling of the study group, 
particularly that in WP6, been broadened to include lawful activities in the 
human rights and minority speech and activity area outlined in the paragraph 
above. 

We believe that excluding these activities from WP6 makes it difficult to 
generalize the findings of the study beyond the sample selected to be 
researched. We feel that this is a clear example of how avoidable errors in 
judgment could be made when going beyond the scope outlined in the terms of 
reference of the study.

We highlight the finding of the limited role of DNS Whois in the countering of 
unlawful activity outlined in section 3 of the study, particularly in combating 
violations of criminal law (as opposed to civil law).  Simply put, other forms 
of tracing are better and the study provides a context for the limited role of 
Whois in cybercrime. 

Insightful comments of the report include:
“Webpage 'take down' is achieved by communicating with someone who can suspend 
the web hosting and/or with someone who has sufficient access to the website to 
make the necessary changes.” and 

“The hosting company can often be identified by looking up IP addresses in the 
appropriate Regional Internet Registry (RIR) Whois system rather than the 
domain name Whois system which we consider here.”

We find that the choice to quantify accessibility of registrants using phone 
numbers listed in the Whois database is highly questionable and deeply 
problematic. This concern was addressed at length as part of the final 
negotiations over the new Registrar Accreditation Agreement (RAA), during which 
registrars received the requirement to validate one field, and there was a 
clear discussion as to whether it would be via telephone or email. During these 
discussions, many registrars expressed that validation of email addresses was 
the far less-invasive, less-sensitive, much more responsible piece of data to 
validate for their registrants/customers. 

This was found to be especially true for registrants in the U.S., where the 
majority of the study sample of the research conducted was selected. Had the 
researchers attempted to contact registrants using email addresses listed in 
the Whois database, the results would have most likely been significantly 
different.

Finally, a very important emphasis should be made for the purpose of future 
policy development; that in validating a hypothesis that “A significant 
percentage of the domain names used to conduct illegal or harmful Internet 
activities are registered via privacy or proxy services to obscure the 
perpetrator's identity”, the meaning of significant percentage should not be 
misinterpreted as the majority. In this context, the meaning of significant 
percentage is referring to the statistical significance in the quantitative 
analysis performed. The fact that this is not equal in meaning to stating that 
the majority of the domain names used to conduct illegal or harmful Internet 
activities are registered via privacy or proxy services to obscure the 
perpetrator’s identity is evident in the table on page 45/section 16 of the 
report. 

In fact, this table shows remarkable findings, including:
-  that the the range of percentages of usage of privacy and proxy services in 
domain names registered maliciously was LOW and BELOW 50% in EVERY CASE BUT ONE 

- Less than a third of known bad actors in child abuse image-related activities 
use proxy registration services. 
- and one one set of “bad actors” is over 50% (with 54.8% for unlicensed 
pharmacies, the highest percentage of use of proxy/privacy services in the 
study, and the ONLY one over 50%).  We further note that not all countries 
required licensing of pharmacies in the same way, so the classification may 
well include legitimate pharmacies in non-Western countries. 

Overall, it is important in making the distinction in this case between what is 
statistically significant and what is a majority of use, and that one should 
not be misinterpreted to refer to the other in meaning.

In conclusion, scientific approaches and empirical data, properly done and in 
keeping with the scope of the ICANN-Community defined Terms of Reference, may 
be useful in  supporting policy analysis and the policy decision-making 
process. However, the methodology used here means that these research findings 
are fundamentally flawed, show bias and are therefore not a safe basis for 
policy development. While we appreciate the efforts of the research team on the 
work done in an effort of producing the final report, we respectfully but 
strongly submit that the results of this study do not provide the necessary 
insight to support policy decisions at this time, and require more Whois 
privacy and proxy service abuse research to be conducted. 

We hope future studies will refrain from deviating from the terms of reference 
as set by the community, whether this involves the scope of the hypothesis or 
the samples selected to conduct the research. As is, the findings of this study 
are hardly conclusive and cannot be found to be generalizable for the purpose 
of policy development. We hope to see more of this type of initiative in the 
future, and would be willing to contribute in any way we can.

NCSG members who support this statement include:

Kathy Kleiman
Milton Mueller
Wendy Seltzer
William Drake
Edward Morris
Joy Liddicoat
Maria Farrell
Avri Doria
Robin Gross
Amr Elsadr