Though NSI, a unit of VeriSign, has been selling the data for more than a year, it's recently stepped up marketing efforts. In recent weeks, the domain name registrar has been sending e-mails to companies and taking out ads in newsletters that urge marketers to sign up to use its database of "more than 5 million unique customers."
NSI said it's not including dossiers from personal Web sites in the database, only details about sites run by companies listed with business information provider Dun & Bradstreet. NSI spokeswoman Cheryl Regan said the domain name registrar's actions are no different than other companies'.
"It's a common business practice to sell your customer database," she said. "Credit card companies do it. Telecom companies do it."
Some companies pushing upstream against the dot-com economic slump are looking to cash in by selling the details people once thought were private, and the Web makes it easier to slice and dice information and distribute it broadly. That increase also has caused privacy advocates to become increasingly alarmed about databases compiled from information that's public, such as court filings and voter registration data.
Much of the information NSI is making available--including the names, street addresses and telephone numbers of domain name registrants--is already public through the WhoIs database. But NSI is assembling the data into manageable packages that include details such as whether a company is taking security measures or whether it sells products online, letting marketers better target the sites' owners.
The company said it is removing e-mail addresses from the information sold to marketers.
Privacy advocates are concerned that not only is the domain name registrar selling information, but it has yet to directly contact businesses to tell them their domain details are being hawked. NSI does provide information about the program on its Web site.
"Clearly a lot of people who've registered for domain names in the last couple of years had no idea their data would be sold to marketers," said Andrew Chen, policy analyst with the Electronic Privacy Information Center (EPIC).
The marketing move affects most businesses with a domain name because for years, NSI was the only place to register addresses ending in .com, .net or .org.
EPIC hopes to pursue the issue at the March meeting of the Internet Corporation for Assigned Names and Numbers (ICANN), the group that oversees domain name registration. On Friday, EPIC sent a letter to members of Congress, asking them to beef up the privacy rights of domain name holders. Under ICANN's current rules, registrars are allowed, and sometimes required, to sell registrants' information.
In particular, privacy advocates worry about NSI's practice of categorizing sites into certain groups and using bots to determine the level of security at a certain site, whether it's selling things online, or even if it's changed hosts recently, so that it can later market to companies selling security software or those looking to do business with e-commerce companies.
Since finding out about the plan, privacy advocates have been trying to warn people.
"One can't help but wonder if NSI's moves to market users' domain data are the result of terminal greed, serious 'cluelessness' or some morbid combination of both," Lauren Weinstein, wrote to subscribers of his Privacy Forum newsletter.