Educational CyberPlayGround ®

Network Solutions Sells Out -- Domain Info For Sale to Marketers

Date: Wed, 14 Feb 2001 15:31:01 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Network Solutions Sells Out -- Domain Info For Sale to Marketers

Greetings. As dot-com companies continue to drop like flies, and many Internet banner-ad business models are relegated to the scrapheap, increasing numbers of Internet-related firms are finding that one of their few truly valuable assets is their customer database, often chock full of fascinating information. Even small databases with high accuracy rates can be lucrative, while large databases can prod even the most jaded of direct marketing gurus into a frenzy of excitement.

So, we really shouldn't be surprised to learn that Network Solutions,Inc. (NSI), the 800-pound gorilla of ".com" domain registrations, is now busily promoting the availability of their domain registration database -- and related activity tracking services -- for direct marketing uses. Such moves are almost certain to create a firestorm, given past questions regarding NSI's former effectively "monopoly" status (including concerns at the Congressional level). One can't help but wonder if NSI's moves to market users' domain data are the result of terminal greed, serious "cluelessness", or some morbid combination of both.

Even though NSI now has some competition in the domain name registration business, they still control the bulk of the most lucrative domain registration space, are involved behind the scenes with .com registrations by their competitors, and are key to the running of the Internet Domain Name System (DNS) itself at crucial levels. Many parties expressed concern when VeriSign (which controls the lion's share of the public key encryption certificate market) recently purchased NSI. The effects of this sort of business concentration are now becoming very evident.

Network Solutions is anything but shy when it comes to promoting the value of the data that most domain holders have been required to provide NSI over the years. Advertising text apparently placed by NSI in publications devoted to direct marketing has been very enthusiastic:

"On your mark, get set, go! The VeriSign/Network Solutions domain registration database is available for the first time ever. Approximately 6 million unique customers, sliced and diced for you to target prospects ..."

"... You can target based on their status in the dot com lifecycle: Is their web site live, is it secure or e-commerce enabled? We'll even tell you about their host switching behavior ..."

Did you realize that you signed up for this sort of sales blitz back when you got your domain? Surprise! And what's that? You've had your domain with NSI for ages, and you can't recall them ever clearly notifying you that your domain registration had become marketing fodder? You're not alone!

The actual URL that contains the pitch for NSI's marketing of domain and related data is at:

http://www.dotcom.com/services/index.html

Dotcom.com, by the way, appears to be NSI's primary data marketing arm. On that page, you can find glowing descriptions of how your domain data is now for sale:

"Taking advantage of our position as a market leader, we have organized our pool of over 15 million registered domain names into a customer database of over 5 million unique customers. Our data service offers access to the key decision-makers behind millions of leading Web businesses."

"Taking advantage" is certainly an apt description. They go on to note that:

"We also track the progress of sites through key stages in the dotcom lifecycle, including live or not-live sites, e-commerce status, membership features and more. Want to target only small businesses with live sites? Nobody offers a better snapshot of this hard-to-reach group than we do..."

But wait! There are even more of your domain-data goodies available:

"For ISPs and other service providers, meanwhile, we offer extensive data on registered businesses' site switching behavior and hosting arrangements. ISPs and Web hosting firms can use this data to target customers when they're most likely to be ready for new opportunities."

Yep, it appears that your every domain move may be watched -- and sold. The dotcom.com privacy policy link doesn't really seem to address any of these issues. In order to find the operative language, you have to dig through NSI's main privacy policy page, at:

http://www.networksolutions.com/en_US/legal/privacy-policy.html

Dig down deep enough in that text, and you can find mentions of what NSI calls "bulk" access and "business partner" access to the domain database. One or both of these appear to be NSI codeword phrases for marketing.

While NSI apparently will ask the firms who buy your domain data and related information to refrain from sending out spam e-mail, that's the only significant restriction (other than non-transferability) on the use of the data that's detailed in the privacy policy itself. Since the friendly marketing folks getting your info from NSI are likely to want a method to contact you one way or another, it appears probable that other elements of the data, such as phone, fax, and mailing address, are the key contact points. And who knows, maybe your e-mail address will still get onto some spam lists as well.

If you don't want to participate in NSI's bulk/marketing bonanza, you'll need to avail yourself (*now* that you'll know about them) of their opt-outs. Buried within their privacy policy it says that you can send notes with the text:

remove bulk access

or:

remove domain

respectively, in the subject lines of e-mail to: privacy@networksolutions.com

with a list in the body of the message detailing the domains (for which you are the registrant) that you wish to opt-out.

It is not detailed how such requests are authenticated, nor is any particular format for the lists specified. If a human is reading those requests, they're likely to be getting pretty busy very soon!

Concerns about the privacy of domain registration data have been raised in the past, mostly relating to the theoretical possibility of the data being abused. That having been said, the public "whois" databases, which provide access to individual domain registration records, are still crucial resources for network administrators attempting to correct network problems, determine the source of spam or hacking attacks, and so on.

For quite awhile, NSI has been taking steps to limit the public's access to that whois data in various ways. There are warnings displayed about its use. In some cases, NSI has apparently attempted to "cut off" sites that were felt to be submitting too many individual queries to the database through whois. One might have thought that NSI's motive in this regard was to help prevent abuse of the data for commercial purposes. But now it appears that their primary concern may have been simply to protect the domain-data mother lode for themselves, just waiting for the day that they could cash in their domain chips bigtime.

These issues reflect darkly on much more than only the matters of being hassled by telemarketers and junk mail. Any situation that inspires significant numbers of domain registrants to provide inaccurate contact data (telephone, fax, address, etc.) could result in serious potential problems for the stability of the Internet itself when abuses or technical failures occur. It's absolutely crucial that responsible individuals be reachable in such situations. Yet, NSI's creation of a marketing profit center from their registration database -- and the information that domain registrants have been *required* to provide -- could have exactly that very dangerous effect.

I said earlier that it was unclear if NSI's marketing moves were the result of greed, a lack of understanding of the seriousness of their actions, or both. Regardless of the current situation's genesis, there's one thing that can clearly be said about the marketing monstrosity they've created. It definitely stinks.

--Lauren-- Lauren Weinstein lauren@pfir.org or lauren@vortex.com or lauren@privacyforum.org Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy

------------------------------

Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com

-------------------------------------------------------------------

The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum.

-------------------------------------------------------------------

CONTENTS Network Solutions Sells Out -- Domain Info For Sale to Marketers (Lauren Weinstein; PRIVACY Forum Moderator)

*** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com".

All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations.

The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive.

All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access

. ---------------------------------------------------------------------------- VOLUME 10, ISSUE 03 Quote for the day: "Someday you too will be King, and you too will know everything!" -- King Mongkut of Siam (Yul Brynner) "The King and I" (Fox; 1956)

---------------------------------------------------------------------------- End of PRIVACY Forum Digest 10.03 ************************