WHOIS is a DNS (and IP address) tool that identifies who has registered a particular domain name. WHOIS works by querying the WHOIS database with a domain name, and receiving back detailed information including contact information for the registrant, contact information for the host, technical information such as relevant IP number addresses, and expiration dates of the domain name. WHOIS is a tremendously useful tool, however WHOIS data is openly available to everyone everywhere - a privacy issue, and a significant portion of WHOIS data is either falsified or is incomplete. [GAO]
WHOIS has become a policy issue because:
The Intellectual Property community wants access to accurate WHOIS records in order to pursue violations of intellectual property; The law enforcement community also wants access to accurate WHOIS records in order to investigation criminal activity (but then the problem is, internationally, who constitutes legitimate law enforcement); Consumers can use WHOIS information in order to thwart Phishing and ID Theft; The privacy community wants to protect privacy and prevent domain name registrant's home address and phone number from being exposed to the world Note that the inclusion and disclosure of personal information in the WHOIS database has the potential to conflict with national privacy laws (for example, European Privacy Law)- placing ICANN in the predicament of how to administer a global address system which conforms with all of the different national privacy laws; Reports indicate that this personal information is scraped out of the WHOIS database (even though this is against policy) Different reports have concluded that WHOIS is or is not a source of spam Competitive (legitimate and illegitimate) use the WHOIS information to solicit domain name renewal business Likewise with IP number WHOIS, ISPs express concern that they are publishing their customer list The free speech community who wishes to protect anonymous speech; and The DNS operational community does not want to be caught in the cross fire. Administrative cost re updating and maintaining records depending on specific requirements International law: compliance with laws of multiple and potentially conflicting law, such as privacy law.
This simple issue has become highly charged and entrenched with years of deliberation without resolution. In the post-9/11 era, law enforcement demands on WHOIS have increased significantly.
WHOIS has been examined by the US Congress, ICANN, and many other legal or policy bodies. ICANN initiated in November 2007 a study of WHOIS data accuracy; the first report from the study is expected February 2008.
Derived from Internet Domain Names: Background and Policy Issues, CRS Report to Congress July 14, 2006:On April 12, 2006, the GNSO approved an official "working definition" for the purpose of the public display of WHOIS information. The GNSO supported a narrow technical definition favored by privacy advocates, registries, registrars, and non-commercial user constituencies, rather then a more expansive definition favored by intellectual property interests, business constituencies, Internet service providers, law enforcement agencies, and the Department of Commerce (through its participation in ICANN's Governmental Advisory Committee). At ICANN's June 2006 meeting, opponents of limiting access to WHOIS data continued urging ICANN to reconsider the working definition. The GNSO will next decide what data should be available for public access in the context of the working definition.
Meanwhile, over the past several years, with the WHOIS database continuing to be publicly accessible, registrants who wish to maintain their privacy have been able to register anonymously using a proxy service offered by some registrars. In February 2005, the National Telecommunications and Information Administration (NTIA) - which has authority over the .us domain name - notified Neustar (the company that administers .us) that proxy or private domain registrations will no longer be allowed for .us domain name registrations, and that registrars must provide correct WHOIS information for all existing customers by January 26, 2006. According to NTIA, this action will provide an assurance of accuracy to the public and to law enforcement officials. The NTIA policy is opposed by privacy groups and registrars who argue that the privacy, anonymity, and safety of people registering .us domain names will be needlessly compromised. A lawsuit is pending in U.S. District Court that challenges the NTIA policy.
Derived From: Derived From: Lennard Kruger, Internet Domain Names: Background and Policy Issues, Congressional Research Service p 10 (Oct. 28, 2009)
On April 12, 2006, the GNSO approved an official "working definition" for the purpose of the public display of WHOIS information. The GNSO supported a narrow technical definition favored by privacy advocates, registries, registrars, and non-commercial user constituencies, rather then a more expansive definition favored by intellectual property interests, business constituencies, Internet service providers, law enforcement agencies, and the Department of Commerce (through its participation in ICANN's Governmental Advisory Committee). At ICANN's June 2006 meeting, opponents of limiting access to WHOIS data continued urging ICANN to reconsider the working definition. On October 31, 2007, the GNSO voted to defer a decision on WHOIS database privacy and recommended more studies. The GNSO also rejected a proposal to allow Internet users the option of listing third party contact information rather than their own private data. Currently, the GNSO is exploring several extensive studies of WHOIS.
Solutions: A current proposed solution is know as the Operational Point of Contact (oPOC) solution. This would attempt to solve both problems: giving law enforcement access to WHOIS data while otherwise ensuring privacy of registrants. This is achieved by placing a proxy in the WHOIS database in place of the WHOIS registrant's information. If law enforcement needs access to the actual information, law enforcement would contact the proxy; otherwise the personal information of the registrant is not publicly visible within the WHOIS database. A claimed advantage of the OPOC solution is that it is an administrative solution which requires no technical change to WHOIS or the DNS. Some proxy registrars already exist.
This solution is controversial (for example, how do you determine who is a legitimate law enforcement agency; how do you comport with multiple national privacy laws).
First created April 2005 by independent working group Mar del Plata, Argentina Presented to GNSO WHOIS Task Force Jan. 18, 2006 GNSO WHOIS Task Force Final Report August 2007
Prevalence of False Contact Information for Registered Domain Names , GAO-06-165 (Nov. 2005) PDF GAO releases report Quantifying Prevalence of False Contact Information for Registered Domain Names"
GAO estimates that 2.31 million domain names (5.14 percent) have been registered with patently false data-data that appeared obviously and intentionally false without verification against any reference data-in one or more of the required contact information fields. GAO also found that 1.64 million (3.65 percent) have been registered with incomplete data in one or more of the required fields. In total, GAO estimates that 3.89 million domain names (8.65 percent) had at least one instance of patently false or incomplete data in the required Whois contact information fields.
: ADA : Broadband : Crime : Copyright : DNS : ECommerce : EGovt : First Amendment : Digital Divide :
: Network Neutrality : Intl : Privacy : Security : SPAM : Statistics : VoIP : Vote : And Much More! :
:: Feedback : Disclaimer ::