GoDaddy Warns India's Crackdown on Fake Site Registrars Could Upend Internet Privacy Everywhere
"The internet is filled with fakes," writes Gizmodo. "A court in India is setting out to address the problem by requiring more transparency from domain registrars to make it easier to crack down on fraud. And while the intentions might be good, Reuters is reporting that major American domain registrar GoDaddy is sounding the warning bells that the court's decision could fundamentally reshape the internet well beyond India's borders."
GoDaddy argues the move would even make the internet less safe, reports Reuters.
Background: India's Cyber Fraud Challenge
Online fraud is a key challenge for Prime Minister Narendra Modi's government, which last year received 2.4 million complaints of alleged cyber fraud amounting to $2.4 billion.
Starting in 2019, lawsuits were brought by dozens of Indian and global firms - Amazon against fake shopping sites trading on its name and McDonald's complaining against bogus sites offering franchises. More than 20 companies filed a complaint, including Microsoft.
The Court's December Directives
In December, an Indian court blocked more than 1,100 such websites. The New Delhi judge however went further, ordering sweeping new measures that tech experts say have rewritten rules of internet governance:
- Domain sellers should not offer buyers free privacy protection by default.
- The buyer's details should be released to anyone with a "legitimate interest" within 72 hours.
- Website addresses that are variations of protected brand names must be prohibited.
GoDaddy's Challenge
U.S.-based GoDaddy has challenged the directives before a larger bench of judges at the Delhi High Court, according to a Reuters review of non-public filings. It says the ruling will affect legitimate businesses that have names similar to big brands.
Stopping privacy-by-default features, GoDaddy said, will result in public disclosure of name, address, telephone and email of legitimate website owners, exposing them to "foreseeable privacy and security risks" such as stalking and harassment.
As domain names operate globally, not locally, the order could force GoDaddy to regulate website addresses across the world, it said.
On the court's order imposing a 72-hour deadline on companies to provide registration details to anyone with "legitimate interest", GoDaddy argues it has no wherewithal to assess who has legitimate interest or not.
The "commercially destabilising" directives may force domain name companies to "exit India", said one of GoDaddy's appeal documents that ran into 5,121 pages.
Other Registrars Join the Appeal
GoDaddy rivals, Arizona-based Namecheap and Netherlands-based Hosting Concepts, have also challenged the New Delhi ruling, court records show, although Reuters could not ascertain details of their appeals.
Privacy Law Conflicts
GoDaddy argues that diluting the privacy feature will run contrary to India's data protection law and the European Union GDPR law which mandates a "privacy by default" approach.
Farzaneh Badii, a New York-based researcher on internet governance, criticised the New Delhi ruling, noting that Europe redacted such details because publishing them had been abused by harassment and targeted phishing. "The people exposed will be journalists, activists, small business owners, and private individuals. The brand impersonators will not," she said.
Government Role and Next Steps
While the sweeping December directives were issued by a court, they followed government's submissions, documents showed.
The judges will hear the appeals on July 16.
GoDaddy manages 80 million domains and serves over 20 million users, with annual revenue over $5 billion.
Comments
No comments yet. Start the discussion.