ICANN’s top brass have sent personal apologies to the people whose home addresses were exposed when it published their new gTLD applications last week.
The organization blamed “human error” and said it is now conducting an “investigation” to figure out what went wrong.
The note, which is signed by CEO Rod Beckstrom, chairman Steve Crocker, and COO Akram Atallah, reads:
Dear [name of the affected executive],
On behalf of ICANN, we want to personally apologize for our error in exposing your postal address on the TLD Application website. This was a human error, and we have corrected it. We are conducting an internal investigation in order to learn from this mistake and to ensure that it does not happen again.
In the meantime, please be assured that the New Generic Top-level Domain Program remains on track. We are moving ahead with the screening and evaluation of applications, and returning to our shared goal of bringing competition and choice to the Internet’s domain name space.
We are committed to serving you to the very best of our ability and to ensuring the integrity of the New gTLD Program. If you have questions or concerns, please don’t hesitate to reach out to us directly.
As I blogged last week, ICANN accidentally neglected to redact the home addresses of many applicants’ named primary and secondary contacts when it published all 1,930 applications last week.
It has since removed the offending information.
ICANN has temporarily blocked access to its newly revealed new gTLD applications after accidentally publishing the home addresses of many applicants.
Some applicants noticed today that the personal contact information of their named primary and secondary contacts had been published during yesterday’s Big Reveal.
In many cases this included these employees’ home addresses, despite the fact that the Applicant Guidebook specifically states that this information would not be published.
After being notified of the snafu by DI, ICANN confirmed that the addresses were published by mistake.
It’s taken down all the applications and will republish them later with the private data removed.
“This was an oversight and the files have been pulled down,” ICANN’s manager of gTLD communications Michele Jourdan said. “We are working on bringing them back up again without this information.”
It’s another big data leakage embarrassment for ICANN, following the recent outage caused by the TLD Application System bug.
It’s not likely to win ICANN any friends in the dot-brand community, where ICANN’s demands for background information on applicants’ directors caused huge procedural problems for many companies.
For applicants for controversial gTLDs, the revelation of this private data may carry its own set of risks.
The need for the domain name industry to enforce accurate Whois is often cited by law enforcement and intellectual property interests as a consumer protection measure.
But most regular internet users haven’t got a clue that Whois even exists, let alone what data it contains or how to use it.
A study (pdf) carried out for ICANN’s Whois Review Team last year found that only 24% of consumers know what Whois is.
This stream of tweets I chanced across this afternoon, from what appears to be a first-time domain registrant, is probably more representative of consumer attitudes to Whois.
UPDATE (April 27): I’ve removed the tweets per the request of the Twitter user in question.
.CO Internet has started allowing registrars to offer Whois privacy services for .co domains, according to Go Daddy.
In a blog post, Go Daddy’s “RachelH”, wrote:
When the Internet Corporation for Assigned Names and Numbers (ICANN) and .CO Internet S.A.S. drafted the .co policy earlier this year, they decided to hold off on private registration to prevent wrongful use of the new ccTLD — especially during the landrush. Now that .co has carved its place among popular TLDs, you can add private registration to your .co domain names.
Unless I’m mistaken, ICANN had no involvement in the creation of .co’s policies, but I don’t think that’s relevant to the news that .co domains can now be made private.
During its first several months, .CO Internet has been quite careful about appearing respectable, which is why its domains are relatively expensive, why its trademark protections were fairly stringent at launch, and why it has created new domain takedown policies.
It may be a sign that the company feels confident that its brand is fairly well-established now that it has decided to allow Whois privacy, which is quite often associated with cybersquatting (at least in some parts of the domain name community).
It could of course also be a sign that it wants to give its registrars some love – by my estimates a private registration would likely double their gross margin on a .co registration.
As many as 20 million domain names are registered via Whois privacy or proxy services, an ICANN-sponsored study has found.
The study, conducted by the National Opinion Research Center, looked at a sample of 2,400 domains registered in .com, .org, .net, .info and .biz.
It found that 18% of these names used a privacy/proxy service to hide the contact details of the true registrant. Its margin of error means the actual number could be between 16% and 20%.
Extrapolating to the universe of 101 million domains registered in these five TLDs at the time the sample was taken in January 2009, NORC estimates that between 17.7 million and 18.4 million domains used a proxy.
NORC also estimates that the current number of private registrations could be “substantially higher” today, due to increased market traction for such services.
This, combined with the growth in registration numbers to over 115 million domain names as of January 2010, means that the actual number of privacy/proxy registrations among the top five gTLDs is likely to be substantially higher than 18 million.
When you consider that some privacy services charge as much as $10 a year for private registrations, that adds up to quite a healthy market.