Many of the internet defamation attacks regularly discussed on our blog are published on well-established, high-ranking websites such as Ripoff Report, Pissed Consumer or mainstream social media platforms. Oftentimes, however, bad actors will go as far as registering new domains solely to disparage another party or parties on their own websites.
These can include blatant attack websites. Other times, people will register domains in the names of the other persons or businesses—such as JohnSmith.com or CompanyName.net—with a dual purpose of not only disparaging them but also depriving the targeted parties of the ability to use the domains for personal and/or professional use.
Concealing an identity upon domain registration
As with most instances of defamation and online reputation attacks, bad actors who register domains to disparage others typically take some level of precaution in terms of concealing their identities. We regularly see parties using privacy and proxy services – including Domains By Proxy, LLC – to hide their identities, which is currently permissible.
However, others will provide actual fake or inaccurate information when registering their domains. But this is prohibited by the Internet Corporation for Assigned Names and Numbers (ICANN), the organization that essentially governs the internet.
Upon registration of a new domain, a person is required to provide certain contact information, including a name, address, email address, and phone number (“Registrant Contact Information”), as well as Administrative Contact Information and Technical Contact Information, which is often the same.
Anyone who searches our firm’s Vorys.com domain on a “Whois” look up website, such as https://who.is, can see this very information for Vorys. (Whois data refers to the collection of information relating to registered domains including the aforementioned contact information and the dates of registration and expiration, among other things).
But people who register domains for reasons such as to attack other persons or organizations might provide a fake name or inaccurate contact information in order to hide their true identities. For instance, someone might provide a fictitious person’s name, such as a literary character, and provide the address for a major public entity, such as a university, passing it off as legitimate registration information.
The good news about this is that, even if it difficult to identify the person behind the domain, it is easy to submit a Whois Inaccuracy Complaint Form to ICANN online and potentially get the domain cancelled and associated website offline.
Whois Inaccuracy Complaint
Through this form located on ICANN’s website, an Internet user can identify which pieces of Registrant, Administrative, and/or Technical Contact Information are incorrect (providing an explanation in the Comments section as necessary), and ICANN will send an inquiry or notice to the so-called sponsoring registrar, who is expected to take certain steps to investigate and/or correct the inaccurate data.
ICANN maps out this process—which sometimes includes multiple notices and different types of notice, as necessary—on its website. But generally, an initial inquiry or notice will prompt the registrar to respond within 15 business days.
A “best case scenario” for a harmed party would be receiving notice that ICANN has reviewed and closed its complaint because ICANN or the registrar cancelled or deactivated the domain.
Once a domain is no longer active and the associated website content is no longer up, the harmed party can submit the outdated URL to the search engines for expedited removal of the the URL from the search results.
Proxy usage up for debate
As mentioned above, using a proxy service is acceptable and is viewed differently than someone providing fake information to mask their identity. However, in the first half of 2015, there was significant discussion about potentially limiting the use of proxy services.
Additionally, early last year, US entertainment companies—concerned with the ease with which people can anonymously infringe on their intellectual property—testified before Congress that only in a narrow set of circumstances should domains be allowed to be registered privately.
As with anything else remotely involving speech on the internet, free speech advocates have argued in response that limiting the ability to hide one’s identity exposes them to potential “harassment, intimidation and identity theft,” as argued by the Electronic Frontier Foundation.
Yet this ability to speak and act anonymously is also providing the means for people to defame and harass people online, with little recourse for the harmed parties.
While this issue will continue to be debated, harmed parties should be aware that there is a means of getting websites targeting them potentially suspended or altogether taken offline if their attackers have supplied fake information upon registration.