Action demanded over internet data sale

Privacy groups have reacted angrily to the sale of customer data by the leading internet domain name registrar, Verisign.

Verisign has been busy promoting its services as an information broker, selling on the information in its Whois database to direct marketing companies.

Although Verisign snapped up Network Solutions last year and has competition in the registration sector, it is still the largest registrar in the business and has as many as six million names at its disposal.

The recent revelations have sparked a storm of controversy amongst privacy advocates. The US Electronic Privacy Information Centre (EPIC) has demanded urgent congressional action over allowing the sale of personal data.

EPIC said that the sale "violates well established principles of law as well as international privacy standards, including privacy rules specifically developed to address concerns related to privacy in the context of domain name registration."

As a result, the body is calling for "new legislation to safeguard the information that is provided by internet users and companies as a condition of registering a domain name".

The crux of the EPIC argument is that it is not just email addresses at risk; particularly for personal registrations, the Whois database also contains a mailing address, and fax and telephone numbers.

Verisign has been less than shy about cashing in on the potential goldmine of Whois data. Advertising text on the website of Verisign's marketing arm, Dotcom.com, reads: "Ready to win the Internet marketing game? Take your marketing program to the next level with Data Services from Verisign/Network Solutions. We have organised our pool of over 15 million registered domain names into a customer database of over 5 million unique customers. Our data service offers access to the key decision-makers behind millions of leading Web businesses."

In the text the company also claims to offer associated services, such as site progress tracking "through key stages in the dotcom lifecycle, including live or not-live sites, ecommerce status, membership features" as well as extensive data on registered businesses' site switching behaviour and hosting arrangements.

Although Verisign customers have not been informed of the sale of their information, it is possible to opt out by sending an email to privacy@networksolutions.com with a list in the body of the message detailing the domains that you wish not to appear in.