Cybertelecom Federal Internet Law & Policy An Educational Project

WHOIS

WHOIS is a DNS (and IP address) tool that identifies who has registered a particular domain name. WHOIS works by querying the WHOIS database with a domain name, and receiving back detailed information including contact information for the registrant, contact information for the host, technical information such as relevant IP number addresses, and expiration dates of the domain name. WHOIS is a tremendously useful tool, however WHOIS data is openly available to everyone everywhere - a privacy issue, and a significant portion of WHOIS data is either falsified or is incomplete. [GAO] [Farnan 2003] [ARIN's WHOIS]

WHOIS has become a policy issue because:

• Enforcement
  • The Intellectual Property community wants access to accurate WHOIS records in order to pursue violations of intellectual property;
  • The law enforcement community also wants access to accurate WHOIS records in order to investigation criminal activity (but then the problem is, internationally, who constitutes legitimate law enforcement);
• ARIN and Law Enforcement Agencies, ARIN;
• Abuse Issues and IP Addresses, IANA;
• Compare ECPA Basic Subscriber Information and FCC Customer Proprietary Network Information
• Chris Grundemann, Annual WHOIS POC Validation Emails from ARIN, don't panic (Nov. 24, 2010) ("One of the most important resources when dealing with Internet abuse (including hijacking, spam, dos/ddos, phishing, child pornography, illegal drug sales, etc) is Whois. The Whois database is THE goto resource for security professionals and law enforcement alike when investigating abuse of the Internet")
• Bobby Flaim, WHOIS Accuracy and Public Safety, presented at ARIN 38 (Oct. 20-21, 2016) ("WHOIS is the most common starting point for most investigations" Working with RIRs, including ARIN Oct. 2016, "to develop community-supported WHOIS accuracy policy")
• NB: WHOIS is an "open source" (i.e., publicly available) information source for law enforcement who which they generally need no court authority in order to access; If law enforcement has to approach ISPs or registries for customer information, they will likely need court authority (subpoena; order), increasing costs, and delaying investigations.
• Bobby Flaim, The FBI and the Internet, ARIN 16 (WHOIS a tool during Mytob/Zotob worm; 9/11 and anthrax investigations, kidnappings, child pornography...)
• Support for Data Retention in Aid of the Investigation of Crimes Facilitated or Committed Through the Use of the Internet and Telephone-Based Communicaitons Services, International Association of Chiefs of Police, Resolution, Oct. 17, 2006 p. 45 ("WHEREAS, publicly-available “whois” databases containing information involving the allocation of Internet resources, such as Internet Protocol address space and domain names, are a critical tool used by law enforcement, but may not remain publicly available, which would severely hamper or eliminate the ability for law enforcement agencies to conduct investigations in a timely manner; ")
• Consumers can use WHOIS information in order to thwart Phishing and ID Theft;
• Civil Rights
  • The free speech community who wishes to protect anonymous speech;
    • Compare Media Policy concern over fake news sites operated by anonymous sources. Larry Press, A Real-Name Domain Registration Policy Would Discourage Political Lying, CircleID Nov. 17, 2016
  • The privacy community wants to protect privacy and prevent domain name registrant's home address and phone number from being exposed to the world
    • Note that the inclusion and disclosure of personal information in the WHOIS database has the potential to conflict with national privacy laws (for example, European Privacy Law)- placing ICANN in the predicament of how to administer a global address system which conforms with all of the different national privacy laws;
    • Reports indicate that this personal information is scraped out of the WHOIS database (even though this is against policy)
    • Different reports have concluded that WHOIS is or is not a source of spam
    • Competitive (legitimate and illegitimate) use the WHOIS information to solicit domain name renewal business
    • RIR WHOIS where IP Block Allocation information is entered by the vendor - does the customer have choice and control over what information is added to the database. [ARIN.NET Whois Privacy Issues, Comcast Business Forum, Sept. 25, 2013 (complaining that personal information was entered into ARIN WHOIS, where Comcast gave customer no choice what information would appear)]
• Internet Service Providers
  • ISPs express concern that they are publishing their customer list
  • Administrative cost re updating and maintaining records depending on specific requirements
  • Burden of identifying legitimate requests from legitimate law enforcement, on a global basis, where ISPs must comply with multiple and potentially conflicting international law.
  • ISPs have an incentive to populate the IP Address database in order to establish utilization in order to qualify for additional allocations (or transfers) of IP addresses (ISPs also have an incentive to sandbag utilization numbers in order to bolster their utilization numbers and support their requests for additional assignments)
• The DNS and IP Address registry community does not want to be caught in the cross fire.

This simple issue has become highly charged and entrenched with years of deliberation without resolution. In the post-9/11 era, law enforcement demands on WHOIS have increased significantly.

WHOIS Accuracy: A complaint is that WHOIS data can be inaccurate, stale, or fraudulent, thus frustraiting LEA.

• The accuracy of WHOIS data has been the subject of multiple congressional hearings.
• ARIN conducts an annual WHOIS POC verification. [ARIN Number Resource Policy Manual 3.6]
• Fraudulent Online Identity Sanctions Act was passed to make it a crime to provide fraudulent or misleading WHOIS registration data
• ICANN has developed policies addressing the accuracy of WHOIS
• FBI indicates that in the Fall of 2016 it has been working with the RIRs to address this problem. Bobby Flaim, WHOIS Accuracy and Public Safety, presented at ARIN 38 (Oct. 20-21, 2016). See also Gregory Mounier, European Cyber Crime, EUROPOL, WHOIS Accuracy and Public Safety, presented at RIPE 73 (Oct. 24-28, 2016)
• Bobby Flaim, The FBI and the Internet, ARIN 16

WHOIS has been examined by the US Congress, ICANN, and many other legal or policy bodies. ICANN initiated in November 2007 a study of WHOIS data accuracy; the first report from the study is expected February 2008.

www.WhatIsMyIP.com

Derived from Internet Domain Names: Background and Policy Issues, CRS Report to Congress July 14, 2006:

On April 12, 2006, the GNSO approved an official "working definition" for the purpose of the public display of WHOIS information. The GNSO supported a narrow technical definition favored by privacy advocates, registries, registrars, and non-commercial user constituencies, rather then a more expansive definition favored by intellectual property interests, business constituencies, Internet service providers, law enforcement agencies, and the Department of Commerce (through its participation in ICANN's Governmental Advisory Committee). At ICANN's June 2006 meeting, opponents of limiting access to WHOIS data continued urging ICANN to reconsider the working definition. The GNSO will next decide what data should be available for public access in the context of the working definition.

Meanwhile, over the past several years, with the WHOIS database continuing to be publicly accessible, registrants who wish to maintain their privacy have been able to register anonymously using a proxy service offered by some registrars. In February 2005, the National Telecommunications and Information Administration (NTIA) - which has authority over the .us domain name - notified Neustar (the company that administers .us) that proxy or private domain registrations will no longer be allowed for .us domain name registrations, and that registrars must provide correct WHOIS information for all existing customers by January 26, 2006. According to NTIA, this action will provide an assurance of accuracy to the public and to law enforcement officials. The NTIA policy is opposed by privacy groups and registrars who argue that the privacy, anonymity, and safety of people registering .us domain names will be needlessly compromised. A lawsuit is pending in U.S. District Court that challenges the NTIA policy.

Derived From: Derived From: Lennard Kruger, Internet Domain Names: Background and Policy Issues, Congressional Research Service p 10 (Oct. 28, 2009)

On April 12, 2006, the GNSO approved an official "working definition" for the purpose of the public display of WHOIS information. The GNSO supported a narrow technical definition favored by privacy advocates, registries, registrars, and non-commercial user constituencies, rather then a more expansive definition favored by intellectual property interests, business constituencies, Internet service providers, law enforcement agencies, and the Department of Commerce (through its participation in ICANN's Governmental Advisory Committee). At ICANN's June 2006 meeting, opponents of limiting access to WHOIS data continued urging ICANN to reconsider the working definition. On October 31, 2007, the GNSO voted to defer a decision on WHOIS database privacy and recommended more studies. The GNSO also rejected a proposal to allow Internet users the option of listing third party contact information rather than their own private data. Currently, the GNSO is exploring several extensive studies of WHOIS.

Solutions: A current proposed solution is know as the Operational Point of Contact (oPOC) solution. This would attempt to solve both problems: giving law enforcement access to WHOIS data while otherwise ensuring privacy of registrants. This is achieved by placing a proxy in the WHOIS database in place of the WHOIS registrant's information. If law enforcement needs access to the actual information, law enforcement would contact the proxy; otherwise the personal information of the registrant is not publicly visible within the WHOIS database. A claimed advantage of the OPOC solution is that it is an administrative solution which requires no technical change to WHOIS or the DNS. Some proxy registrars already exist.

This solution is controversial (for example, how do you determine who is a legitimate law enforcement agency; how do you comport with multiple national privacy laws).

First created April 2005 by independent working group Mar del Plata, Argentina

Presented to GNSO WHOIS Task Force Jan. 18, 2006

GNSO WHOIS Task Force Final Report August 2007

Statistics | Assessment | Forensics

Petreaus Incident

What an IP Address Can Reveal About You, Office of the Privacy Commissioner of Canada(May 2013) (providing account of the Petraeus Incident where the report of a threatening email to the FBI resulted in a search that "eventually resulted in the revelation of an extramarital affair by the Director of the CIA, David Petraeus, and other compromising details, which resulted in his resignation.")

• NBC News, Engel, R., "Petraeus' biographer Paula Broadwell under FBI investigation over access to his e-mail, law enforcement officials say", 9 November 2012
• WIRED Magazine (online edition), Zetter, K., "Email Location Data Led FBI to Uncover Top Spy's Affair", 12 November 2012,
• USA Today, Leinwand Leger, D., Alcindor, Y, "Petraeus and Broadwell used common e-mail trick", 13 November 2012
• Klosowski, T., "How CIA Director David Petraeus's Emails Were Traced (And How to Protect Yourself)", 13 November 2012
• American Civil Liberties Union (ACLU), Sogohian, C., "Surveillance and Security Lessons from the Petraeus Scandal", 13 November 2012,
• BBC, "How email trail aided Petraeus case", 14 November 2012,
• Sanchez, J., "Collateral damage of our surveillance state", Reuters (US Edition), 15 November 2012,
• Schneier, Bruce, "E-mail security in the wake of Petraeus", 19 November 2012,

 

Hearings

• July 18, 2006 House Financial Services "ICANN and the WHOIS Database: Providing Access to Protect Consumers from Phishing"
  • FTC Calls for Openness, Accessibility in Whois Database System, FTC 7/18/2006
  • NTIA WHOIS Testimony:, NTIA 7/18/2006
• House Judiciary Committee: Internet Domain Name Fraud: The USG's Role in Ensuring Public Access to Accurate WHOIS Data, Sept 2003
  • Testimony of James E. Farnan, Deputy Deputy Assistant Director, Cyber Division, Assistant Director, Cyber Division, Federal Bureau of Investigation, Before the House Judiciary Subcommittee, Subcommittee on Courts, the Internet and Intellectual Property Washington DC September 04, 2003
• Hearing on Whois Accuracy May 2002 House Judiciary committee
  • Accuracy of "WHOIS" Internet Database Essential to Law Enforcement, FTC Tells Congress, FTC May 22, 2002 ("Beales cited examples of FTC and international law enforcement efforts that were hampered because of inaccurate names, addresses, and telephone numbers listed in the Whois database. He noted that the FTC has called on the Internet Corporation for Assigned Names and Numbers, the body that governs assignment of Internet names, ". . . to work with registrars to implement and enforce the provisions of its Registrar Accreditation Agreement that ensure the completeness and accuracy of Whois data."")
• House Judiciary Committee Hearing The Whois Database: Privacy and Intellectual Property Issues. July 12, 2001 Witness List, Honorable Howard Coble, Honorable Howard Berman, Jason Catlett, Lori Fena, Steven Mitchell, Timothy Trainer

Law

• Fraudulent Online Identity Sanctions Act FOISA
  • CRS: "Fraudulent Online Identity Sanctions Act - Amends the Trademark Act of 1946 and Federal copyright law to make it a violation of trademark and copyright law if a person knowingly provided, or caused to be provided, materially false contact information in making, maintaining, or renewing the registration of a domain name used in connection with the violation. Amends the Federal criminal code to require the maximum imprisonment otherwise provided for a felony offense to be doubled or increased by seven years, whichever is less, if the defendant knowingly falsely registers a domain name and uses that domain name in the course of the felony offense. Directs the U.S. Sentencing Commission to review and amend sentencing guidelines with respect to a conviction for the false registration and use of a domain name during the course of a felony offense."
• Domain name registration lock: Locking domain name to specific IP address so that where content is subject to takedown at one host, content creator cannot acquire new host, revise DNS, and be back up online. See crime | phishing | spamming

Govt Activity

• Prevalence of False Contact Information for Registered Domain Names , GAO-06-165 (Nov. 2005) PDF GAO releases report Quantifying Prevalence of False Contact Information for Registered Domain Names"

  GAO estimates that 2.31 million domain names (5.14 percent) have been registered with patently false data-data that appeared obviously and intentionally false without verification against any reference data-in one or more of the required contact information fields. GAO also found that 1.64 million (3.65 percent) have been registered with incomplete data in one or more of the required fields. In total, GAO estimates that 3.89 million domain names (8.65 percent) had at least one instance of patently false or incomplete data in the required Whois contact information fields.

ICANN

• 2009 Affirmation of Commitments (AoC) between ICANN and the US Department of Commerce contains the following: “9.3.1 ICANN additionally commits to enforcing its existing policy relating to WHOIS, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information.”
  • the WHOIS Review Team's Final Report
• "ICANN's Registrar Accreditation Agreement requires each of its accredited registrars to investigate and correct any reported inaccuracies in Whois contact information for the domain names that they register. After establishing the agreement, ICANN publish the following four notices to provide additional information or guidance to registrars regarding their obligation to investigate and correct data inaccuracies:
• Registrar Advisory Concerning Whois data accuracy, May 10, 2002
• Steps to Improve Whois Data Accuracy, September 3, 2002.

Registrar Advisory concerning the 15 Day Period in Whois Accuracy Requirements, April 3, 2003, and.

• Whois Data Reminder Policy Posted, June 16, 2003." -GAO 2005
• GNSO WHOIS Working Group created March 28, 2007 by GNSO
• WHOIS Privacy
• Draft Outcomes Report of the WHOIS working group version 1.8 (PDF) 2007-08-13
• GNSO Council Teleconference August 30, 2007

 

• Final Task Force Report on Whois Services, including the public comments report on comments received on the policy proposals from November 2006 - January 2007; .
• Staff notes on Potential Implementation Issues;

Documents

• Quick Guide to ARIN's WHOIS, ARIN
• "Implementing oPOC" proposal
• Milton Mueller, Whois Privacy Stalemate... Again, IGP (August 2007) (recounting how OPOC and the GNSO WHOIS Task Force failed to resolve the WHOIS problem)
• Milton L. Mueller and Mawaki Chango, "Disrupting Global Governance: The Internet Whois Service, ICANN and Privacy." Journal of Information Technology and Politics Vol. 5, No. 3, (2008) 303-325.
• ICANN proposal would shield contact info in Whois record , Ars Technica (March 2007)
• WHOIS privacy reform reaches dead end , Ars Technica (August 2007)
• OPOC Presentation to GNSO WHOIS Task Force PDF
• S. Romano, M Stahl, RFC 1020, Internet Numbers (Nov. 1997) ("The NIC Handle is a unique identifier that is used in the NIC WHOIS (NICNAME) service.") (early WHOIS reference)
• NZ WHOIS Policy April 2008
• IETF
  • Zaw-Sing Su, Jon Postel, IETF RFC 819, The Domain Name Convention for Internet User Applications (August 1982)
  • Ken Harrenstien, VicWhite, IETF RFC 812 Nickname/Whois 1982
  • K Harrenstein, M Stahl, E Feinler, IETF RFC 954, Nickname/Whois (October 1985)
  • S. Romano, M Stahl, RFC 1020, Internet Numbers (Nov. 1997)
  • C. Weider; R. Wright (July 1993). "A Survey of Advanced Usages of X.500". RFC 1491

Timeline

• See Mueller Chango WHOIS Timeline
• 2006: FTC Calls for Openness, Accessibility in Whois Database System, FTC 7/18/2006
• 2000: Letter to the Committee from the ICANN Staff establishing ICANN WHOIS Committee
• 1999: The Management of Internet Names and Addresses: Intellectual Property Issues, Final Report of the WIPO Internet Domain Name Process, April 30, 1999 (The Availability of Contact Details, para 74)

Notes

• Shared Whois Project (SWIP)

News

• Milton Mueller, Battle Begins Over IP Address WHOIS Data, IGP (Feb. 12, 2011) ("ARIN is refusing to allow a new company to get bulk access to its Whois records. What is at stake here is the control of IP address Whois data – or more precisely, whether ARIN owns this data and can withhold it from other organizations in order to maintain exclusive control over certain services.")
• Whois Scared?, Paul Vixie 3/2/2011
• Mandatory Provision of Abuse Contact Information in WHOIS, Circleid 11/22/2010
• The Sad State of WHOIS, and Why Criminals Love It, Circleid 5/17/2010
• Law enforcement lobbies hard for ICANN changes, CW 3/24/2010
• Public Comment: Draft Report on WHOIS Accuracy, ICANN 2/16/2010
• WHOIS Privacy Considered "Material Falsification", Circleid 1/21/2010
• Whois Accuracy Study Launches, ICANN 6/9/2009
• CIRA's Whois Debacle, Michael Geist 7/28/2008
• CIRA Creates Backdoor WHOIS Exceptions for Police and IP Owners, CircleID 6/13/2008
• Canadian Domain Whois Policy Changes Face Opposition from Law Enforcement, CircleID 5/28/2008
• Notice of Implementation Date for WHOIS National Laws Procedure, ICANN 12/18/2007
• GNSO Council Invites Recommendations for Future Studies on WHOIS, ICANN 1/9/2008
• Update: ICANN Projects Underway to Improve Whois Accuracy, ICANN 1/3/2008
• Getting Rid of Whois, CircleID 11/1/2007
• ICANN: WHOIS Back to Rathole #0, CircleID 11/1/2007
• Internet Policymakers May Punt on Privacy Issue, Wash Post 11/1/2007
• Is it time to get rid of the Whois directory?, CNET 10/31/2007
• Whois may be scrapped to break deadlock, Globe and Mail 10/31/2007
• WHOIS Redux: Demand Privacy in Domain Name Registration, CircleID 10/26/2007
• Dot Name Domain Registry Charging for Whois Access, Security Researchers Not Happy, CircleID 10/2/2007
• ICANN's GNSO Council Seeks Additional Comments on Proposed Changes to WHOIS, ICANN 9/18/2007
• More on WHOIS Privacy, CircleID 9/4/2007
• If WHOIS Privacy is a Good Idea, Why is it Going Nowhere?, CircleID 8/29/2007
• Another Whois-Privacy Stalemate, CircleID 8/24/2007
• ICANN Publishes Fourth Annual Update on the InterNIC Whois Data Problem Report System and Announces Whois Data Accuracy and Availability Audits, ICANN 5/1/2007
• Final Task Force Report On Whois Services, 16 March 2007, ICANN 4/18/2007
• Getting WHOIS Server Address Directly from Registry, CircleID 4/18/2007
• Whois Policy Reform Advances, CircleID 3/23/2007
• Privacy for Internet names moves forward, Internet News 3/21/2007
• ISOC-NY Panel: The Future of WHOIS Policy (Webcast), CircleID 11/17/2006
• Public Comment Forum on Combined Whois Task Force Preliminary Report, ICANN 9/19/2005
• WHOIS Inaccuracies Hampering FTC, Internet News 5/22/02
• Industry, Government Want WHOIS Fixes, Wash Tech 5/22/02
• FTC Testimony on WHOIS, FTC 5/22/02
• Intellectual Property Owners Stump For Better WHOIS Data, Washtech 7/13/2001
• Whois at heart of congressional hearings, CNET 7/12/01
• Congressional hearings focus on domain database, USAToday 7/12/01

© Cybertelecom ::