Cybertelecom
Cybertelecom
Federal Internet Law & Policy
An Educational Project

WHOIS

Navigation Links:
:: Home :: Feedback ::
:: Disclaimer :: Sitemap ::

Internet Addresses
- DNS
- History
- NTIA & Fed Activity
- ICANN
- Root Servers
- ccTLDs
- - .us
- - -.kids.us
- gTLDs
- - .gov
- - .edu
- - .mil
- - .xxx
- WHOIS
- WGIG
- ENUM
- IP Numbers
- - IPv6
- BGP
- NATs
- Ports
- Security
- Trademark
- AntiCybersquatter Consumer Protection Act
- Gripe Sites
- Truth in Domain Names

WHOIS is a DNS (and IP address) tool that identifies who has registered a particular domain name. WHOIS works by querying the WHOIS database with a domain name, and receiving back detailed information including contact information for the registrant, contact information for the host, technical information such as relevant IP number addresses, and expiration dates of the domain name. WHOIS is a tremendously useful tool, however WHOIS data is openly available to everyone everywhere - a privacy issue, and a significant portion of WHOIS data is either falsified or is incomplete. [GAO]

WHOIS has become a policy issue because:

  • The Intellectual Property community wants access to accurate WHOIS records in order to pursue violations of intellectual property;
  • The law enforcement community also wants access to accurate WHOIS records in order to investigation criminal activity (but then the problem is, internationally, who constitutes legitimate law enforcement);
  • Consumers can use WHOIS information in order to thwart Phishing and ID Theft;
  • The privacy community wants to protect privacy and prevent domain name registrant's home address and phone number from being exposed to the world
    • Note that the inclusion and disclosure of personal information in the WHOIS database has the potential to conflict with national privacy laws (for example, European Privacy Law)- placing ICANN in the predicament of how to administer a global address system which conforms with all of the different national privacy laws;
    • Reports indicate that this personal information is scraped out of the WHOIS database (even though this is against policy)
      • Different reports have concluded that WHOIS is or is not a source of spam
    • Competitive (legitimate and illegitimate) use the WHOIS information to solicit domain name renewal business
      • Likewise with IP number WHOIS, ISPs express concern that they are publishing their customer list
  • The free speech community who wishes to protect anonymous speech; and
  • The DNS operational community does not want to be caught in the cross fire.
    • Administrative cost re updating and maintaining records depending on specific requirements
  • International law: compliance with laws of multiple and potentially conflicting law, such as privacy law.

This simple issue has become highly charged and entrenched with years of deliberation without resolution. In the post-9/11 era, law enforcement demands on WHOIS have increased significantly.

WHOIS has been examined by the US Congress, ICANN, and many other legal or policy bodies. ICANN initiated in November 2007 a study of WHOIS data accuracy; the first report from the study is expected February 2008.

Derived from Internet Domain Names: Background and Policy Issues, CRS Report to Congress PDF July 14, 2006:

On April 12, 2006, the GNSO approved an official "working definition" for the purpose of the public display of WHOIS information. The GNSO supported a narrow technical definition favored by privacy advocates, registries, registrars, and non-commercial user constituencies, rather then a more expansive definition favored by intellectual property interests, business constituencies, Internet service providers, law enforcement agencies, and the Department of Commerce (through its participation in ICANN's Governmental Advisory Committee). At ICANN's June 2006 meeting, opponents of limiting access to WHOIS data continued urging ICANN to reconsider the working definition. The GNSO will next decide what data should be available for public access in the context of the working definition.

Meanwhile, over the past several years, with the WHOIS database continuing to be publicly accessible, registrants who wish to maintain their privacy have been able to register anonymously using a proxy service offered by some registrars. In February 2005, the National Telecommunications and Information Administration (NTIA) - which has authority over the .us domain name - notified Neustar (the company that administers .us) that proxy or private domain registrations will no longer be allowed for .us domain name registrations, and that registrars must provide correct WHOIS information for all existing customers by January 26, 2006. According to NTIA, this action will provide an assurance of accuracy to the public and to law enforcement officials. The NTIA policy is opposed by privacy groups and registrars who argue that the privacy, anonymity, and safety of people registering .us domain names will be needlessly compromised. A lawsuit is pending in U.S. District Court that challenges the NTIA policy.

Derived From: Derived From: Lennard Kruger, Internet Domain Names: Background and Policy Issues, Congressional Research Service p 10 (Oct. 28, 2009)

On April 12, 2006, the GNSO approved an official "working definition" for the purpose of the public display of WHOIS information. The GNSO supported a narrow technical definition favored by privacy advocates, registries, registrars, and non-commercial user constituencies, rather then a more expansive definition favored by intellectual property interests, business constituencies, Internet service providers, law enforcement agencies, and the Department of Commerce (through its participation in ICANN's Governmental Advisory Committee). At ICANN's June 2006 meeting, opponents of limiting access to WHOIS data continued urging ICANN to reconsider the working definition. On October 31, 2007, the GNSO voted to defer a decision on WHOIS database privacy and recommended more studies. The GNSO also rejected a proposal to allow Internet users the option of listing third party contact information rather than their own private data. Currently, the GNSO is exploring several extensive studies of WHOIS.

Solutions: A current proposed solution is know as the Operational Point of Contact (oPOC) solution. This would attempt to solve both problems: giving law enforcement access to WHOIS data while otherwise ensuring privacy of registrants. This is achieved by placing a proxy in the WHOIS database in place of the WHOIS registrant's information. If law enforcement needs access to the actual information, law enforcement would contact the proxy; otherwise the personal information of the registrant is not publicly visible within the WHOIS database. A claimed advantage of the OPOC solution is that it is an administrative solution which requires no technical change to WHOIS or the DNS. Some proxy registrars already exist.

This solution is controversial (for example, how do you determine who is a legitimate law enforcement agency; how do you comport with multiple national privacy laws).

  • First created April 2005 by independent working group Mar del Plata, Argentina
  • Presented to GNSO WHOIS Task Force Jan. 18, 2006
  • GNSO WHOIS Task Force Final Report August 2007

Hearings

Law

  • See Fraudulent Online Identity Sanctions Act FOISA
    • CRS: "Fraudulent Online Identity Sanctions Act - Amends the Trademark Act of 1946 and Federal copyright law to make it a violation of trademark and copyright law if a person knowingly provided, or caused to be provided, materially false contact information in making, maintaining, or renewing the registration of a domain name used in connection with the violation. Amends the Federal criminal code to require the maximum imprisonment otherwise provided for a felony offense to be doubled or increased by seven years, whichever is less, if the defendant knowingly falsely registers a domain name and uses that domain name in the course of the felony offense. Directs the U.S. Sentencing Commission to review and amend sentencing guidelines with respect to a conviction for the false registration and use of a domain name during the course of a felony offense."
  • Domain name registration lock: Locking domain name to specific IP address so that where content is subject to takedown at one host, content creator cannot acquire new host, revise DNS, and be back up online. See crime | phishing | spamming

Govt Activity

  • Prevalence of False Contact Information for Registered Domain Names , GAO-06-165 (Nov. 2005) PDF GAO releases report Quantifying Prevalence of False Contact Information for Registered Domain Names"

    GAO estimates that 2.31 million domain names (5.14 percent) have been registered with patently false data-data that appeared obviously and intentionally false without verification against any reference data-in one or more of the required contact information fields. GAO also found that 1.64 million (3.65 percent) have been registered with incomplete data in one or more of the required fields. In total, GAO estimates that 3.89 million domain names (8.65 percent) had at least one instance of patently false or incomplete data in the required Whois contact information fields.

ICANN

  • "ICANN's Registrar Accreditation Agreement requires each of its accredited registrars to investigate and correct any reported inaccuracies in Whois contact information for the domain names that they register. After establishing the agreement, ICANN publish the following four notices to provide additional information or guidance to registrars regarding their obligation to investigate and correct data inaccuracies:
    • Registrar Advisory Concerning Whois data accuracy, May 10, 2002
    • Steps to Improve Whois Data Accuracy, September 3, 2002.
    Registrar Advisory concerning the 15 Day Period in Whois Accuracy Requirements, April 3, 2003, and.
    • Whois Data Reminder Policy Posted, June 16, 2003." -GAO 2005
  • GNSO WHOIS Working Group created March 28, 2007 by GNSO
  • Final Task Force Report on Whois Services, including the public comments report on comments received on the policy proposals from November 2006 - January 2007; .
  • Staff notes on Potential Implementation Issues;

Documents

Timeline

Papers

Links

News

 

Web services provided by Wyoming.com
: Home : About Us : Contact Us : Sitemap : Discussion : Search : Newsletter :RSS :
: ADA : Broadband : Crime : Copyright : DNS : ECommerce : EGovt : First Amendment : Digital Divide :
: Network Neutrality : Intl : Privacy : Security : SPAM : Statistics : VoIP : Vote : And Much More! :
:: Feedback : Disclaimer ::
© Cybertelecom ::