ICANN's Whois privacy reforms stalled again

A working group set up by the Internet Corporation for Assigned Names and Numbers (ICANN) to thrash out differences over proposed privacy changes to the WHOIS database stopped work last week with little real agreement on how or even whether to implement the reforms.

Share

The ICANN working group was set up five months ago to address that issue and came up with several ideas for structuring access to WHOIS data, Mueller said.

One of the most significant was a proposal to shield the contact information of individual domain registrants while making that of commercial registrants publicly accessible. There were also suggestions on how access to shielded WHOIS information could be provided on a one-time basis or on an as-needed basis to those who could demonstrate a valid reason for access to the information, he said.

However, the proposals failed to gain broad support for a variety of reasons, Mueller said. Representatives from commercial entities and intellectual property holders, for instance, tried to whittle down the privacy protections and make information available only to individuals whose internet activities were completely noncommercial in nature. Along with the law enforcement and banking interests, this group also wanted backdoor processes for gaining access to the shielded information on any domain based purely on their assertions that they needed it for valid reasons, he said.

There was also concern among the registrars about the cost implications of some of the proposed changes, said Lynn Goodendorf, vice president of information privacy protection at Intercontinental Hotels Group, the Atlanta-based owner of hotel brands such as Holiday Inn and Crowne Plaza.

For instance, if the proposal to shield contact data of individual registrants had been accepted, it would have required registrars to implement an authentication process to ensure that registrants were indeed individuals and not commercial entities, she said. "The implication was that it would cost money to implement solutions to improve the security and accuracy of WHOIS data and improve it in a way it can't be abused," Goodendorf said. Most registrars appear to be unwilling to pass these costs onto their customers, she added.

Registrars today also sell proxy services that allow registrants to hide their identities and contact information from WHOIS queries. "If there is no reform, they can continue to sell privacy to their users using proxy registrations, making profits that far exceed those they make on normal domain name registrations," Mueller explained. Therefore, she said, "they bailed out."

In addition to those issues, there was some disagreement over accountability issues under OPoC and the speed at which registrars would be required to respond to requests for access to shielded data, said Eric Dierker, chairman of the general assembly of ICANN's Generic Names Supporting Organisation. The GNSO is the body responsible for developing policy for the domain name system.

According to Dierker, who was a working group member, the final outcomes report released last week downplays some of the disagreements among members. One area in particular that appears to have been glossed over is the concern registrars expressed over the potential costs of the proposed changes. "The one thing that we were agreed on is that something needs to be done to fix the current situation," Dierker said.

Ultimately, Mueller said, implementing any of the proposed changes would have meant less access to the WHOIS information that has been freely available for a long time. For those used to getting that information for free, that appears to have been more than they were willing to concede, he said

"Despite flirting with the kind of compromises and reforms that might actually reconcile privacy rights with identification needs, in the final weeks of the process, trust and agreement among the parties broke down completely," Mueller said in a blog post.