RealTime IT News

ICANN Pressed to Reform Outdated WHOIS Policy

In an attempt to reform outdated policies governing the use of a registrar's WHOIS database, Tucows Inc. of Canada is spearheading an effort to force the Internet Corporate for Assigned Names and Numbers (ICANN) to protect domain name registrants, which must publicly disclose critical private information.

Presently, anyone registering domain names must disclose key personal information such as name, postal address, e-mail address, voice telephone number, and (where available) fax number into a registrar's WHOIS database. And in order to remain accredited by ICANN, this information must be accurate and publicly accessible to anyone seeking information about a domain name registrant. The policy dates back to the Internet's infancy when Network Solutions Inc., now a part of Verisign Inc., was the government-sanctioned monopoly administering all domain names.

But while public access to the registrar WHOIS databases is a boon for companies offering services to domain holders (i.e. hosting, applications management, etc.), it clearly opens the door for misuse of the information. Such was the charge by Register.com, who has sued Verio Inc., for allegedly spamming its customers. Verio has vehemently denied those charges.

But while Register.com goes after abusers individually on a case-by-case basis, Tucows is taking a public policy approach, lobbying for reforms to the outdated rules. In a letter to the ICANN board as well as the general public, Tucows is proposing "to change the accreditation agreement so that there is a positive burden on name-holders to elect to have their names and personal information available for marketing efforts."

ICANN board officials had no immediate comment.

Support rains down elsewhere

Timothy Denton, a legal consultant to Tucows, explained the existing provision in the registrar accreditation agreement that requires registrars provide bulk access was drafted when NSI was a monopoly and ICANN wanted to prevent it from having exclusive control of domain registrant data.

"People do not want to have their data used in such a way that they are the recipient of unwanted mass-marketing from third parties they haven't contracted with. We want to make sure that people dealing with domain name registrars are confident that their personal information is being stored, handled, and dealt with appropriately," Denton said.

Surely, registrars such as Tucows, Bulkregister.com and Register.com may also have their own economic motives. If registrars had the ability to preserve their customer databases, they themselves can then upsell services, thereby pushing into additional revenue streams and higher margin businesses.

Indeed, Register.com, based in Manhattan, contends that companies in every other industry except domain name registration has the ability to preserve their own customer lists. However, Register.com officials say it isn't that simple.

"For us to say 'we're just doing it for selfish purposes' isn't accurate," said David Hirschler, VP of global marketing at Register.com.

"The public access of WHOIS was done to help the intellectual property community...it's been misused quite a bit. Anything that could help our customers is something we would support. The most paramount concern we have is the security, privacy and service of our customers. Any misuse that would compromise that is something we're very much against."

Tucow's proposal must be vetted by the Names Council of ICANN's Domain Name Supporting Organization and ultimately approved by the ICANN board. Paul Kane, chair of the Names Council's Who-Is committee, welcomed Tucows' initiative as "the start of an important ongoing evaluation period" that is in line with the strong data-protection movement in Europe.

Kane said the committee will be soliciting comments from Internet users on a number of changes to who-is data policies. Besides proposals to restrict bulk access, the committee will be asking for feedback on a proposal to allow registrants to prevent the publication of their phone and fax numbers in who-is look-ups.

And privacy advocates declared the reforms long overdue but warn of the down side of such policies.

"I say, implement it yesterday. Clearly it's the right thing to do. Even if cutting off bulk access doesn't make a measurable difference in junk mail or solicitations, it's fundamentally wrong to have made that data available given the terms under which it was collected in the first place," said Lauren Weinstein, moderator of the Privacy Forum and co-founder of the People for Internet Responsibility.

But Weinstein said he opposes the notion of limiting who-is look-ups by individuals or allowing registrants to withold telephone contact information. "In tracking down privacy, spam or network problems, when things go wrong, you've got to be able to call someone. You can't always rely on email. So, what are you going to do, send them a letter?"

Still, Ray Everett-Church, a member of the board of the Coalition Against Unsolicited Commercial Email (CAUCE), said the proposed change in ICANN's bulk access policy won't stop spammers who harvest e-mails from WHOIS data using autormated tools without the approval of registrars.

"As long as that information is available in some form, somebody will probably find a means to abuse the policy. But it's one thing to fight abusers, but it's another thing to have a mandate to have this data sold in bulk to anybody with a capability of writing a check."