ICANN's Whois privacy reforms stalled again

A working group set up by the Internet Corporation for Assigned Names and Numbers (ICANN) to thrash out differences over proposed privacy changes to the WHOIS database stopped work last week with little real agreement on how or even whether to implement the reforms.

Share

A working group set up by the Internet Corporation for Assigned Names and Numbers (ICANN) to thrash out differences over proposed privacy changes to the WHOIS database stopped work last week with little real agreement on how or even whether to implement the reforms.

The group's failure to come up with a proposal that could have been accepted by ICANN continues a long-standing stalemate on efforts to reform the way WHOIS data is handled. The group's findings were summarised in a final outcomes document released 20 August.

"The WHOIS debate has gone on for years, and [ICANN] needs to call an end to it for now," said Tim Ruiz , vice president of corporate development and policy at The Go Daddy Group, a domain name services provider. "It's been clear for some time that unanimity, or even consensus, on any changes is not possible."

Ruiz was a member of the 60-person working group. Other members included user representatives, as well as representatives of service providers, registrars and law enforcement authorities.

The WHOIS registry is the domain name systems' legacy database; it contains names and contact information of all those who register Internet domains. The contents of the database have been publicly accessible to anyone who wanted it.

Companies, intellectual property holders and law enforcement authorities have argued in favour of such open access to the WHOIS database on the grounds that it helps them go after phishers, trademark infringers, copyright violators and other crooks. Privacy advocates, on the other hand, have opposed unrestricted WHOIS access on the grounds that it could expose individual domain registrants to spam and unwanted surveillance. They have for some time now wanted the information in the WHOIS database to be shielded from public access.

"It's a basic disagreement about the relative rights of a tiny minority of Internet users versus all of the Internet users who have to deal with the mischief" that some domain registrants do, said John Levine, co-founder of the Domain Assurance Council, a standards body for email certification.

According to Levine, only a small percentage of domain registrants are individuals rather than businesses. And while there is a need to address privacy concerns, "it is absurd to cripple all of WHOIS for the putative interests of this tiny group," said Levine, who was a member of the WHOIS working group.

A WHOIS task force set up by ICANN has been working for more than four years to address the needs of the competing sides and recently came out with a proposal called the Operational Point of Contact (OPoC).

Under OPoC, domain name registrars would have been able to continue collecting contact information from all those who wanted to register domains. But they would have been required to keep the street level of the addresses of domain registrants shielded from public access, except in cases where law enforcement authorities and other entities could demonstrate a valid need for it.

The OPoC proposal, however, failed to gain broad support within ICANN because of, among other things, concerns over how the exceptions process would be handled, said Milton Mueller, a professor at Syracuse University's school of information studies and a partner in the Internet Governance Project.

The concerns related to who should have access to shielded WHOIS data, when they should have it and under what circumstances, said Mueller.

Find your next job with computerworld UK jobs