|
WHOIS is a DNS tool that identifies who has registered a
particular domain name. WHOIS works by
querying the WHOIS database with a domain name, and receiving back
detailed information including contact information for the registrant,
contact information for the host, technical information such as
relevant IP number addresses, and expiration dates of the domain name.
WHOIS is a tremendously useful tool, however WHOIS data is openly
available to everyone everywhere - a privacy issue, and a significant
portion of WHOIS data is either falsified or is incomplete. [GAO]
WHOIS has become a policy issue because:
- The Intellectual Property
community wants access to accurate WHOIS records in order to pursue
violations of intellectual property;
- The law enforcement
community also wants access to accurate WHOIS records in order to
investigation criminal activity (but then the problem is, internationally, who constitutes legitimate law enforcement);
- Consumers can use WHOIS information in order to
thwart Phishing and ID Theft;
- The privacy community
wants to protect privacy and prevent domain name registrant's
home address and phone number from being exposed to the world
- Note that the inclusion and disclosure of personal information in the WHOIS database has the potential to conflict with national privacy laws - placing ICANN in the predicament of how to administer a global address system which conforms with all of the different national privacy laws;
- Reports indicate that this personal information is scraped out of the WHOIS database (even though this is against policy)
- Different reports have concluded that WHOIS is and is not a source of spam
- Competitive (legitimate and illegitimate) use the WHOIS information to solicit domain name renewal business
- The free speech
community who wishes to protect anonymous speech; and
- The DNS operational
community does not want to be caught in the cross fire.
This simple issue has become highly charged and
entrenched with years of deliberation without resolution. In the post-9/11 era, law enforcement demands on
WHOIS have increased significantly.
WHOIS has been examined by the US Congress, ICANN, and
many other legal or policy bodies. ICANN initiated in November 2007 a study of WHOIS data accuracy ; the first report from the study is expected February 2008.
Derived from Internet Domain Names: Background and Policy Issues, CRS Report to Congress  July 14, 2006:
On April 12, 2006, the GNSO
approved an official "working definition" for the purpose of the public display of WHOIS
information. The GNSO supported a narrow technical definition favored by privacy
advocates, registries, registrars, and non-commercial user constituencies, rather then a
more expansive definition favored by intellectual property interests, business
constituencies, Internet service providers, law enforcement agencies, and the Department
of Commerce (through its participation in ICANN's Governmental Advisory Committee).
At ICANN's June 2006 meeting, opponents of limiting access to WHOIS data continued
urging ICANN to reconsider the working definition. The GNSO will next decide what
data should be available for public access in the context of the working definition.
Meanwhile, over the past several years, with the WHOIS database continuing to be
publicly accessible, registrants who wish to maintain their privacy have been able to
register anonymously using a proxy service offered by some registrars. In February 2005,
the National Telecommunications and Information Administration (NTIA) - which has
authority over the .us domain name - notified Neustar (the company that administers .us)
that proxy or private domain registrations will no longer be allowed for .us domain name
registrations, and that registrars must provide correct WHOIS information for all existing
customers by January 26, 2006. According to NTIA, this action will provide an assurance
of accuracy to the public and to law enforcement officials. The NTIA policy is opposed
by privacy groups and registrars who argue that the privacy, anonymity, and safety of
people registering .us domain names will be needlessly compromised. A lawsuit is
pending in U.S. District Court that challenges the NTIA policy.
Solutions: A current proposed solution is know as the Operational Point of Contact (oPOC) solution. This would attempt to solve both problems: giving law enforcement access to WHOIS data while otherwise ensuring privacy of registrants. This is achieved by placing a proxy in the WHOIS database in place of the WHOIS registrant's information. If law enforcement needs access to the actual information, law enforcement would contact the proxy; otherwise the personal information of the registrant is not publicly visible within the WHOIS database. A claimed advantage of the OPOC solution is that it is an administrative solution which requires no technical change to WHOIS or the DNS. Some proxy registrars already exist.
This solution is controversial (for example, how do you determine who is a legitimate law enforcement agency; how do you comport with multiple national privacy laws).
- First created April 2005 by independent working group Mar del Plata, Argentina
- Presented to GNSO WHOIS Task Force Jan. 18, 2006
- GNSO WHOIS Task Force Final Report August 2007
Hearings
- FTC
Calls for Openness, Accessibility in Whois Database System, FTC
7/18/2006
- NTIA
WHOIS Testimony:, NTIA 7/18/2006
- House Judiciary Committee: Internet Domain Name Fraud: The USG's Role in Ensuring Public Access to Accurate WHOIS Data, Sept 2003
- Hearing
on Whois Accuracy May 2002 House Judiciary committee
- House Judiciary Committee Hearing The Whois Database:
Privacy and Intellectual Property Issues. July 12, 2001 Witness
List, Honorable
Howard Coble, Honorable
Howard Berman, Jason Catlett,
Lori
Fena, Steven
Mitchell, Timothy
Trainer
Law
- See Fraudulent
Online Identity Sanctions Act FOISA
- CRS:
"Fraudulent Online Identity Sanctions Act - Amends the Trademark Act of 1946 and Federal copyright law to make it a violation
of trademark and copyright law if a person knowingly provided, or
caused to be provided, materially false contact information in making,
maintaining, or renewing the registration of a domain name used in
connection with the violation. Amends the Federal criminal code to require the maximum
imprisonment otherwise provided for a felony offense to be doubled or
increased by seven years, whichever is less, if the defendant knowingly
falsely registers a domain name and uses that domain name in the course
of the felony offense. Directs the U.S. Sentencing Commission to review
and amend sentencing guidelines with respect to a conviction for the
false registration and use of a domain name during the course of a
felony offense."
- Domain name registration lock:
Locking domain name to specific IP address so that where content is
subject to takedown at one host, content creator cannot acquire new
host, revise DNS, and be back up online. See crime | phishing | spamming
Govt Activity
- "ICANN's Registrar Accreditation Agreement requires each of its accredited registrars to investigate and correct any reported inaccuracies in Whois contact information for the domain names that they register. After establishing the agreement, ICANN publish the following four notices to provide additional information or guidance to registrars regarding their obligation to investigate and correct data inaccuracies:
- Registrar Advisory Concerning Whois data accuracy, May 10, 2002
- Steps to Improve Whois Data Accuracy, September 3, 2002.
Registrar Advisory concerning the 15 Day Period in Whois Accuracy Requirements, April 3, 2003, and.
- Whois Data Reminder Policy Posted, June 16, 2003." -GAO 2005
- GNSO WHOIS Working Group created March 28, 2007 by GNSO
- Final Task Force Report on Whois Services, including the public comments report on comments received on the policy proposals from November 2006 - January 2007; .
- Staff notes on Potential Implementation Issues;
Documents
- "Implementing oPOC" proposal
- S. Romano, M Stahl, RFC 1020, Internet Numbers (Nov. 1997) ("The NIC Handle is a unique identifier that is used in the NIC WHOIS (NICNAME) service.") (early WHOIS reference)
- See Mueller Chango WHOIS Timeline
- 2006: FTC Calls for Openness, Accessibility in Whois Database System, FTC 7/18/2006
- 2003: House Judiciary Committee: Internet Domain Name Fraud: The USG's Role in Ensuring Public Access to Accurate WHOIS Data, Sept 2003
- 2002: Hearing on Whois Accuracy May 2002 House Judiciary committee
- 2001: House Judiciary Committee Hearing The Whois Database:
Privacy and Intellectual Property Issues. July 12, 2001
- 2000: Letter to the Committee from the ICANN Staff establishing ICANN WHOIS Committee
- 1999: The Management of Internet Names and Addresses: Intellectual Property Issues, Final Report of the WIPO Internet Domain Name Process, April 30, 1999 (The Availability of Contact Details, para 74)
- 1997: S. Romano, M Stahl, RFC 1020, Internet Numbers (Nov. 1997)
- 1985: K Harrenstein, M Stahl, E Feinler, IETF RFC 954, Nickname/Whois (October 1985)
- 1982:
- Zaw-Sing Su, Jon Postel, IETF RFC 819, The Domain Name Convention for Internet User Applications (August 1982)
- Ken Harrenstien, VicWhite, IETF RFC 812 Nickname/Whois
Links  Whois
News
- Notice of Implementation Date for WHOIS National Laws Procedure, ICANN 12/18/2007
- GNSO Council Invites Recommendations for Future Studies on WHOIS, ICANN 1/9/2008
- Update: ICANN Projects Underway to Improve Whois Accuracy, ICANN 1/3/2008
- Getting Rid of Whois, CircleID 11/1/2007
- ICANN: WHOIS Back to Rathole #0, CircleID 11/1/2007
- Internet Policymakers May Punt on Privacy Issue, Wash Post 11/1/2007
- Is it time to get rid of the Whois directory?, CNET 10/31/2007
- Whois may be scrapped to break deadlock, Globe and Mail 10/31/2007
- WHOIS Redux: Demand Privacy in Domain Name Registration, CircleID 10/26/2007
- Dot Name Domain Registry Charging for Whois Access, Security Researchers Not Happy, CircleID 10/2/2007
- ICANN's GNSO Council Seeks Additional Comments on Proposed Changes to WHOIS, ICANN 9/18/2007
- More on WHOIS Privacy, CircleID 9/4/2007
- If WHOIS Privacy is a Good Idea, Why is it Going Nowhere?, CircleID 8/29/2007
- Another Whois-Privacy Stalemate, CircleID 8/24/2007
- ICANN Publishes Fourth Annual Update on the InterNIC Whois Data Problem Report System and Announces Whois Data Accuracy and Availability Audits, ICANN 5/1/2007
- Final Task Force Report On Whois Services, 16 March 2007, ICANN 4/18/2007
- Getting WHOIS Server Address Directly from Registry, CircleID 4/18/2007
- Whois Policy Reform Advances, CircleID 3/23/2007
- Privacy for Internet names moves forward, Internet News 3/21/2007
- ISOC-NY
Panel: The Future of WHOIS Policy (Webcast), CircleID 11/17/2006
- Public
Comment Forum on Combined Whois Task Force Preliminary Report,
ICANN 9/19/2005
- WHOIS
Inaccuracies Hampering FTC, Internet News 5/22/02
- Industry,
Government Want WHOIS Fixes, Wash Tech 5/22/02
- FTC Testimony on WHOIS,
FTC 5/22/02
- Intellectual
Property Owners Stump For Better WHOIS Data, Washtech 7/13/2001
- Whois at
heart of congressional hearings, CNET 7/12/01
- Congressional
hearings focus on domain database, USAToday 7/12/01
|
