Few Americans know that it is in fact illegal to to falsify personal details when registering a domain. With the enacting of the Truth in Domain Names Act in 2003, it became a crime to “knowingly and with the intent to defraud” provide false contact information to a domain registrar. Offenders are punishable by up to 5 years in prison and/or fines.
The law was enacted with the goal of protecting Internet users and to fight child pornography online. To help support their case, the bill’s sponsors gave the example of John Zuccarini, a notorious typosquatter who faced several lawsuits for his cyber crime. However, those behind the lawsuits were unsure if the name– obtained from the WHOIS database– was even accurate.
A number of organizations, including the ACLU, have criticized the law for being over ambiguous and violating civil liberties, most notably the right to privacy. While I think it is important to keep the Internet honest, I don’t see how this law is doing much good. It does nothing to impose regulation at the registrar level and is designed to be enforced after the fact. As in the case of Zuccarini, even if false contact data is provided, how can the authorities track down the real registrant?
According to one estimate, 10% of all domain registrations are under false names. That seems like an awfully high number. My guess is most of these people do not know about WHOIS privacy services and are simply trying to protect their identities. Perhaps this situation would be better handled by registrars. A much more effective deterrent would be to force registrars to verify domain contact data and then purge registrations if the details do not match up. But of course, nothing will ever be that easy.