ICANN Pressed to Reform Outdated WHOIS Policy

In an attempt to reform outdated policies governing the use of a
registrar’s WHOIS database, Tucows Inc. of Canada is spearheading an effort
to force the Internet Corporate for Assigned
Names and Numbers
(ICANN) to protect domain name registrants, which must publicly
disclose critical private information.

Presently, anyone registering domain names must disclose key personal
information such as name, postal address, e-mail address, voice telephone
number, and (where available) fax number into a registrar’s WHOIS database.
And in order to remain accredited by ICANN, this information must be
accurate and publicly accessible to anyone seeking information about a
domain name registrant. The policy
dates back to the Internet’s infancy when Network Solutions Inc., now a part
of Verisign Inc., was the government-sanctioned monopoly administering all
domain names.

But while public access to the registrar WHOIS databases is a boon for
companies offering services to domain holders (i.e. hosting, applications
management, etc.), it clearly opens the door for misuse of the information.
Such was the charge by Register.com, who has sued
Verio Inc.
, for allegedly spamming its customers. Verio has vehemently denied those charges.

But while Register.com goes after abusers individually on a case-by-case
basis, Tucows is taking a public policy approach, lobbying for reforms to
the outdated rules. In a letter to the ICANN board as well as the general public, Tucows is proposing
“to change the accreditation agreement so that there is a positive burden on
name-holders to elect to have their names and personal information available
for marketing efforts.”

ICANN board officials had no immediate comment.

Support rains down elsewhere

Timothy Denton, a legal consultant to Tucows, explained the existing
provision in the registrar accreditation agreement
that requires registrars provide bulk access was drafted when NSI was a
monopoly and ICANN wanted to prevent it from having exclusive control of
domain registrant data.

“People do not want to have their data used in such a way that they are
the recipient of unwanted mass-marketing from third parties they haven’t
contracted with. We want to make sure that people dealing with domain name
registrars are confident that their personal information is being stored,
handled, and dealt with appropriately,” Denton said.

Surely, registrars such as Tucows, Bulkregister.com and Register.com may
also have their own economic motives. If registrars had the ability to
preserve their customer databases, they themselves can then upsell services,
thereby pushing into additional revenue streams and higher margin
businesses.

Indeed, Register.com, based in Manhattan, contends that companies in
every other industry except domain name registration has the ability to
preserve their own customer lists. However, Register.com officials say it
isn’t that simple.

“For us to say ‘we’re just doing it for selfish purposes’ isn’t
accurate,” said David Hirschler, VP of global marketing at Register.com.

“The public access of WHOIS was done to help the intellectual property
community…it’s been misused quite a bit. Anything that could help our
customers is something we would support. The most paramount concern we have
is the security, privacy and service of our customers. Any misuse that would
compromise that is something we’re very much against.”

Tucow’s proposal must be vetted by the Names Council of ICANN’s Domain
Name Supporting Organization and ultimately approved by the ICANN board.
Paul Kane, chair of the Names Council’s Who-Is committee, welcomed Tucows’
initiative as “the start of an important ongoing evaluation period” that is
in line with the strong data-protection movement in Europe.

Kane said the committee will be soliciting comments from Internet users
on a number of changes to who-is data policies. Besides proposals to
restrict bulk access, the committee will be asking for feedback on a
proposal to allow registrants to prevent the publication of their phone and
fax numbers in who-is look-ups.

And privacy advocates declared the reforms long overdue but warn of the
down side of such policies.

“I say, implement it yesterday. Clearly it’s the right thing to do. Even
if cutting off bulk access doesn’t make a measurable difference in junk mail
or solicitations, it’s fundamentally wrong to have made that data available
given the terms under which it was collected in the first place,” said
Lauren Weinstein, moderator of the Privacy Forum and co-founder of the
People for Internet Responsibility.

But Weinstein said he opposes the notion of limiting who-is look-ups by
individuals or allowing registrants to withold telephone contact
information. “In tracking down privacy, spam or network problems, when
things go wrong, you’ve got to be able to call someone. You can’t always
rely on email. So, what are you going to do, send them a letter?”

Still, Ray Everett-Church, a member of the board of the Coalition Against
Unsolicited Commercial Email (CAUCE), said the proposed change in ICANN’s
bulk access policy won’t stop spammers who harvest e-mails from WHOIS data
using autormated tools without the approval of registrars.

“As long as that information is available in some form, somebody will
probably find a means to abuse the policy. But it’s one thing to fight
abusers, but it’s another thing to have a mandate to have this data sold in
bulk to anybody with a capability of writing a check.”

News Around the Web