PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page

PRIVACY Forum Digest     Wednesday, 14 February 2001     Volume 10 : Issue 03


            Moderated by Lauren Weinstein (         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable & Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

        Network Solutions Sells Out -- Domain Info For Sale to Marketers
           (Lauren Weinstein; PRIVACY Forum Moderator)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

        "Someday you too will be King, 
         and you too will know everything!"

            -- King Mongkut of Siam (Yul Brynner)
               "The King and I" (Fox; 1956)


Date:    Wed, 14 Feb 2001 15:31:01 PST
From: (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Network Solutions Sells Out -- Domain Info For Sale to Marketers

Greetings.  As dot-com companies continue to drop like flies, and many
Internet banner-ad business models are relegated to the scrapheap,
increasing numbers of Internet-related firms are finding that one of their
few truly valuable assets is their customer database, often chock full of
fascinating information.  Even small databases with high accuracy rates can
be lucrative, while large databases can prod even the most jaded of direct
marketing gurus into a frenzy of excitement.

So, we really shouldn't be surprised to learn that Network Solutions, Inc.
(NSI), the 800-pound gorilla of ".com" domain registrations, is now busily
promoting the availability of their domain registration database -- and
related activity tracking services -- for direct marketing uses.  Such moves
are almost certain to create a firestorm, given past questions regarding
NSI's former effectively "monopoly" status (including concerns at the
Congressional level).  One can't help but wonder if NSI's moves to market
users' domain data are the result of terminal greed, serious "cluelessness,"
or some morbid combination of both. 

Even though NSI now has some competition in the domain name registration
business, they still control the bulk of the most lucrative domain
registration space, are involved behind the scenes with .com registrations
by their competitors, and are key to the running of the Internet Domain Name
System (DNS) itself at crucial levels.  Many parties expressed concern when
VeriSign (which controls the lion's share of the public key encryption
certificate market) recently purchased NSI.  The effects of this sort of
business concentration are now becoming very evident.

Network Solutions is anything but shy when it comes to promoting the value
of the data that most domain holders have been required to provide NSI over
the years.  Advertising text apparently placed by NSI in publications
devoted to direct marketing has been very enthusiastic:

     "On your mark, get set, go! The VeriSign/Network Solutions domain
      registration database is available for the first time ever.
      Approximately 6 million unique customers, sliced and diced for you
      to target prospects ..."

     "... You can target based on their status in the dot com
      lifecycle: Is their web site live, is it secure or e-commerce
      enabled? We'll even tell you about their host switching behavior ..."

Did you realize that you signed up for this sort of sales blitz back when
you got your domain?  Surprise!  And what's that?  You've had your domain
with NSI for ages, and you can't recall them ever clearly notifying you that
your domain registration had become marketing fodder?  You're not alone!

The actual URL that contains the pitch for NSI's marketing of domain and
related data is at:, by the way, appears to be NSI's primary data marketing arm.  On
that page, you can find glowing descriptions of how your domain data is now
for sale:

     "Taking advantage of our position as a market leader, we have organized
      our pool of over 15 million registered domain names into a customer
      database of over 5 million unique customers. Our data service offers
      access to the key decision-makers behind millions of leading Web

"Taking advantage" is certainly an apt description.  They go on to note that:

     "We also track the progress of sites through key stages in the dotcom
      lifecycle, including live or not-live sites, e-commerce status,
      membership features and more. Want to target only small businesses
      with live sites?  Nobody offers a better snapshot of this
      hard-to-reach group than we do..."

But wait!  There are even more of your domain-data goodies available:

     "For ISPs and other service providers, meanwhile, we offer extensive
      data on registered businesses' site switching behavior and hosting
      arrangements.  ISPs and Web hosting firms can use this data to target
      customers when they're most likely to be ready for new opportunities."

Yep, it appears that your every domain move may be watched -- and sold.  The privacy policy link doesn't really seem to address any of these
issues.  In order to find the operative language, you have to dig through
NSI's main privacy policy page, at:

Dig down deep enough in that text, and you can find mentions of what NSI
calls "bulk" access and "business partner" access to the domain database.
One or both of these appear to be NSI codeword phrases for marketing.  

While NSI apparently will ask the firms who buy your domain data and related
information to refrain from sending out spam e-mail, that's the only
significant restriction (other than non-transferability) on the use of the
data that's detailed in the privacy policy itself.  Since the friendly
marketing folks getting your info from NSI are likely to want a method to
contact you one way or another, it appears probable that other elements of
the data, such as phone, fax, and mailing address, are the key contact
points.  And who knows, maybe your e-mail address will still get onto some
spam lists as well.

If you don't want to participate in NSI's bulk/marketing bonanza, you'll
need to avail yourself (now that you'll know about them) of their opt-outs.
Buried within their privacy policy it says that you can send notes with the

     remove bulk access


     remove domain

respectively, in the subject lines of e-mail to:

with a list in the body of the message detailing the domains (for which you
are the registrant) that you wish to opt-out.

It is not detailed how such requests are authenticated, nor is any particular
format for the lists specified.  If a human is reading those requests,
they're likely to be getting pretty busy very soon!

Concerns about the privacy of domain registration data have been raised in
the past, mostly relating to the theoretical possibility of the data being
abused.  That having been said, the public "whois" databases, which provide
access to individual domain registration records, are still crucial
resources for network administrators attempting to correct network problems,
determine the source of spam or hacking attacks, and so on.

For quite awhile, NSI has been taking steps to limit the public's access to
that whois data in various ways.  There are warnings displayed about its
use.  In some cases, NSI has apparently attempted to "cut off" sites that
were felt to be submitting too many individual queries to the database
through whois.  One might have thought that NSI's motive in this regard
was to help prevent abuse of the data for commercial purposes.  But now it
appears that their primary concern may have been simply to protect the
domain-data mother lode for themselves, just waiting for the day that they
could cash in their domain chips bigtime.

These issues reflect darkly on much more than only the matters of being
hassled by telemarketers and junk mail.  Any situation that inspires
significant numbers of domain registrants to provide inaccurate contact data
(telephone, fax, address, etc.) could result in serious potential problems
for the stability of the Internet itself when abuses or technical failures
occur.  It's absolutely crucial that responsible individuals be reachable in
such situations.  Yet, NSI's creation of a marketing profit center from their
registration database -- and the information that domain registrants have
been required to provide -- could have exactly that very dangerous effect.

I said earlier that it was unclear if NSI's marketing moves were the result
of greed, a lack of understanding of the seriousness of their actions, or
both.  Regardless of the current situation's genesis, there's one thing
that can clearly be said about the marketing monstrosity they've created.
It definitely stinks.

Lauren Weinstein or or
Co-Founder, PFIR: People For Internet Responsibility -
Moderator, PRIVACY Forum -
Member, ACM Committee on Computers and Public Policy


End of PRIVACY Forum Digest 10.03

PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.