CIRA attempts to Protect Personal Info

The Canadian Internet Registration Authority (CIRA) announced today that it has launched a new privacy policy and WHOIS search tool to protect the privacy of .CA domain name registrants. The new policy aims to limit public access to personal information. Under the new policy the personal information of individual domain name registrants, including registrant name, home address, phone number and email address, will now be automatically protected as private. Full registration information for corporate domain name holders will continue to be accessible and individual registrants may choose to make their information accessible. One catch – under “specific, limited circumstances” certain registrant contact information may be disclosed in situations arising from child endangerment offenses, intellectual property disputes (cybersquatting), threats to the Internet, and identity theft. Canadian Internet Law veteran Michael Geist sees this as a backdoor left wide open that leaves Canadians completely exposed.

This represents a stunning about-face after years of public consultation on the whois policy. While the law enforcement exception appears to be narrowly tailored, the exception for trademark, copyright, and patent interests undermines a crucial part of the whois policy, namely compliance with Canadian privacy law (the policy now arguably violates the law) and the appropriate balance between privacy and access. For example, consider a Canadian that registers (name your company) as a whistleblower site about a particular company. They understandably wish to remain anonymous to the general public since disclosure of their personal information could lead to negative repercussions. Under the new CIRA policy, if they use fake registrant information, they risk losing the domain. On the other hand, the backdoor exception means that the trademark holder can easily smoke out the identity of the registrant as CIRA will simply hand over this information.

Sounds like Geist is right.