What Charles Carreon could teach ICANN

Popehat is happy to offer a new guest post from Cathy Gellis.

There is no question that the right of free speech necessarily includes the right to speak anonymously. This is partly because sometimes the only way for certain speech to be possible at all is with the protection of anonymity.

And that’s why so much outrage is warranted when bullies try to strip speakers of their anonymity simply because they don’t like what these people have to say, and why it’s even more outrageous when these bullies are able to. If anonymity is so fragile that speakers can be so easily unmasked, fewer people will be willing to say the important things that need to be said, and we all will suffer for the silence.

We’ve seen on these blog pages examples of both government and private bullies make specious attacks on the free speech rights of their critics, often by using subpoenas, both civil and criminal, to try to unmask them. But we’ve also seen another kind of attempt to identify Internet speakers, and it’s one we’ll see a lot more of if the proposal ICANN is currently considering is put into place.

In short, remember Charles Carreon?

He spent some time a few years ago antagonizing The Oatmeal with bumptious legal threats and unfounded litigation. Then he doubled-down by threatening at least one of his critics with the same. And how did he manage to do that? By first threatening the intermediary the critic depended on to enable his heretofore anonymous online speech.

In that case the critic had selected a domain incorporating Carreon’s name in order to best get his point about Carreon’s thuggery across, which the First Amendment and federal trademark law allowed him to do. When he registered the domain name he also paid extra to avail himself of the registrar’s proxy WHOIS service in order to maintain his anonymity by keeping his identifying details hidden – a service that up to now domain registrars have been permitted to offer. Unfortunately, the registrar immediately caved to Carreon’s pressure and disclosed the critic’s identifying information, thereby eviscerating the privacy protection the critic expected to have, and depended on, for his commentary.

It was a denial of anonymity that never should have happened, but under the new ICANN proposal this sort of exposure of speakers’ identifying information will only happen more often as ICANN seeks to make the privacy protections of the WHOIS proxy service less available and more flimsy, particularly in cases where IP owners dislike the speech taking place at that domain.

It is a proposal that is extraordinarily glib about its consequences for any Internet speaker preferring not to be dependent on another domain host for their online speech. First, it naively pre-supposes that the identifying information of a domain name holder would only ever be used for litigation purposes, when we sadly already know that this presumption is misplaced. As this letter to ICANN points out (linked to from the independently expressive domain name “icann.wtf”), people objecting to others’ speech often use identifying information about Internet speakers to enable campaigns of harassment against them, sometimes even with the threat of life and limb (for example, by “swatting”).

Secondly, it pre-supposes that even if this identifying information were to be used solely for litigation purposes that a lawsuit is a negligible thing for a speaker to find itself on the receiving end of, when of course it is not. In the case of Carreon’s critic he was fortunate to be able to secure pro bono counsel, but not everyone can, and having to pay for representation can often be ruinously expensive.

Thirdly it pre-supposes that there is somehow an IP-related exemption to the First Amendment, when there most certainly is not. Speech is speech and it is all protected by the First Amendment. Attempts to carve out exemptions from its protections for speech that somehow implicates IP should not be tolerated, particularly when the consequences to discourse are just as damaging to speech chilled by IP owners as they are by anyone else seeking to suppress what people may say.

It is important to hold fast on this all-speech-is-protectable principle especially because, fourthly, just because an IP owner may object to certain speech does not magically make that objection valid. Remember, Carreon’s critic was ultimately vindicated, but only after he had lost his anonymity, which Carreon was way too easily able to destroy. In fact, Carreon’s example shows how, in light of this potential for abuse, we should actually be strengthening the ability of intermediaries to resist demands to unmask their users, not making them more vulnerable to this pressure, as ICANN currently proposes.

So what can you do to stop this? Per the EFF post, you can send comments by email to comments-ppsai-initial-05may15@icann.org. They are due July 7. You can also support a petition that a coalition of companies and concerned individuals have established at savedomainprivacy.org, or use the phone and email tool of another coalition at respectourprivacy.com.

Also, continue to watch how this issue develops and be prepared to let appropriate U.S. government representatives know that they need to ensure that all of the First Amendment protections online discourse depends on, including the right to speak anonymously, remain protected, particularly in instances like this one when they are under such direct threat. Sadly this is not the only example of how online free speech is under fire, but that’s a subject for other blog posts another day . . . .

Last 5 posts by Cathy Gellis


  1. Jim says

    "So what can you do to stop this?"

    Woodchippers. Large, massive, turbocharged woodchippers.

  2. says

    While I appreciate the post and bringing this to my attention, it could have used at least a one-sentence summary of what ICANN is actually considering here (something along the lines of "seeking to greatly limit the categories of users who can request anonymous Whois data"). I know from your post that ICANN is considering something that would limit or remove anonymization, but that's awfully vague, and I have to read five paragraphs deep into a linked article to find out any details. (And I imagine your post is even less informative to readers who've never done a whois lookup.)

  3. ElSuerte says

    This reminds me of the recent Kimberlin litigation. For the unaware, Kimberlin (aka the Speedway Bomber) and an associate sued at least two anonymous bloggers for defamation/rico/iied/etc and tried to subpena their identity. Ace of Spades, one of the bloggers being sued, managed to get Paul Allen Levy of Public Citizen to represent him. Ace was lucky to get that subpena quashed unlike Carreon's victim.

  4. ElSuerte says

    @Thad My understanding is that the proposed rule is that commercial or transactional websites can't keep their whois data anonymous. People are interpreting transactional websites to include things like blogs which have a paypal tipjar.

  5. Rich Rostrom says

    I have never posted anonymously or under a handle. (One exception – I post to AlternateHistory.com as "Anarch, King of Dipsodes" – but the user page for AKoD, which anyone can read, lists my real name.

    Maybe I would feel differently if someone actually attacked me in a personal way.

    As to the benefits of anonymity – it strikes me as a very weak shield. In cryptography, "security through obscurity" is considered a fallacy. One should not rely on the workings of the crypto method remaining secret. Current crypto techniques rely only on the key being secret. If the method fails once its details are known, security will collapse at the first breach, like a bubble.

    Likewise, anonymity as protection fails completely when breached.

    ISTM that what is ultimately needed is to reformulate legal processes to prevent abusive practice, and to make it practical to punish harassment – including anonymous harassment.

    WI an anonymously-owned domain is being used to source a massive spam campaign?

  6. Kratoklastes says

    @Kevin – I took it as read that the evil of ponies (and pony-related activities, and Iran's secret pony development program) was implied.

    In fact I think the social implications of ICANN's actions are similar to if Iran had launched a surprise July 4 attack in the 5-10 megapony range.

  7. OrderoftheQuaff says

    I read about a proposed workaround involving the attorney-client privilege. Larry Lawyer specializes in registering domain names for his clients (easy, easy work). The privilege prevents him from disclosing their identities without a court order and he's made of a little sterner stuff than the registrar in the Carreon case. I would consider reactivating my bar card to do this, it would all be online and I wouldn't even have to move back to California.

    How did Cathy Gellis get to be a guest pope? We've seen what happens when people offer guest posts to Popehat. How did she get through the pony gauntlet?

  8. Scooby says

    @OrderoftheQuaff- I had the same thought, but I am not a lawyer, so I wasn't sure how viable that would be.

  9. Scott Jacobs says

    How did she get through the pony gauntlet?

    She beat up on Carreon. Ponies hold little terror for such a soul.

  10. Tim LeVier says

    I made the mistake once of registering a domain name and not using an anonymity service. I got junk mail in my physical mailbox for months. Last time I ever make that mistake.

  11. GuestPoster says

    The whole WhoIs thing always seemed pretty sketchy to me – why should ANYBODY be able to figure out who owns any given domain name? I mean, heck, it's not like you can figure out the owners of most corporations, given how many shells they're hidden behind – why should a $15 website domain name be any different?

    But then, maybe that's the point. If you can't afford the complexity of 12 shell corporations and three fabricated identities, you don't deserve anonymity.

  12. Castaigne says

    I can't be against ICANN on this, as I wish to remove anonymity on the internet entirely. Ah well.

  13. TimothyAWiseman says

    Thank you for highlighting the issue. While there certainly are times it is appropriate to strip someone of the protections of anonymity, it is not something that should be done lightly as you make clear here.

  14. Al Iverson says

    I think you're saying that the takeaway after the domain registrar outed Carreon's critic was that we should make privacy protect…less flimsy? My takeaway from it was more that truly, you cannot trust privacy protect to protect you in the real world. It's not really good at it and if your life could depend on it (if you live, in say, Iran), you really shouldn't give your domain registrar any information you don't want your government to know.

    As a long time spam fighter, I find that privacy protection of domain registration information can impede a lot of the good work that good guys do to track bad guys. I've blogged a bit about that over on my Spam Resource blog: http://www.spamresource.com/2015/06/domain-registration-privacy-another-view.html

  15. says

    Al, thank you for the comment. We removed one link to your site because its our longstanding policy not to allow commenters to link commercial sites unless we approve. We find that this reduces comment spam, so I'm surely you approve.

  16. Narad says

    The whole WhoIs thing always seemed pretty sketchy to me – why should ANYBODY be able to figure out who owns any given domain name?

    Ah, Eternal September.

  17. bvierra says

    I have been following this closely since the initial report came out of ICANN's working group in early May. Which I should point out is located at: http://gnso.icann.org/en/issues/raa/ppsai-initial-05may15-en.pdf

    As someone who has been involved with registrars / webhosts for well over 10 years now I have always followed such changed closely. While I feel for many people and the need for privacy, I really think that this was blown out of proportion. The initial findings include a lot of options for a lot of different cases and in fact allow more privacy. Those that tend to limit it, they are specifically asking for people to comment on. I wrote it in Google Docs to make formatting easier and you can see my opinions on it at: https://docs.google.com/document/d/1l15PBWj9NaKzEJkKvZwg7TjaqodE5zxYflRdn4eD7tY/edit?usp=sharing

    (please note these are my personal opinions and do not have anything to do with any present / past employers)

  18. Al Iverson says

    Hey Patrick, not sure what you mean about a commercial link. Spam Resource is my personal email industry blog in the same way that Popehat is the group platform for all of you guys. I don't make any money from it, nor am I a consultant using it to put feelers out to get work or something. It's been around longer than Popehat, though it's obviously very narrowly focused to email and spam fighting.

    I've been a reader of Popehat for a while, though only rarely a commenter. Probably stumbled across it initially thanks to Ken's Prenda Law coverage.