Whois database targeted for destruction
The long-running attempt by privacy advocates to bin the Whois database will be up for vote at the ICANN meeting in Los Angeles tomorrow.
Cheerleaders for the six-year-old "sunset proposal" say people shouldn't be required to give up personal information to the web to register a domain name. It is frequently abused by spammers and fraudsters, they argue.
Whois dates back to the early 1980s, when the internet was comprised and used by trusted government and academic institutions.
The calls for registrars to be more discerning about who they share Whois data with are opposed by law enforcement and lawyers. They say that ease of access is central to its usefulness.
For webmasters concerned about anonymity the current system presents a dilemma. If they don't give accurate personal information and someone complains about their site, they could lose the domain name. Alternatively, they must submit to junk mail and potential harrassment by web crackpots.
The debate is further complicated by the fact that some registrars already provide a premium "hidden Whois" service for the privacy-conscious.
The sunset proposal is being pushed at ICANN by generic names councillor Ross Rader, who works for internet services firm Tucows. he wrote on his blog in March: "For as long as the Whois system has been around, they've been able to look up your personal contact data and churn out demand letters and other nasty legal notices on demand."
Rader doesn't neccessarily want to scrap Whois outright, but would like to ditch the current setup so that ICANN's bureaucracy is kickstarted into drawing up new rules that err on the side of privacy. He claims some participants have stalled negotiations to reform the system over the years because the current system plays into their hands, reports the Associated Press.
US telco giant AT&T is calling for further study of abuse of Whois before any decisions on the database's future are taken. The AP reporter at ICANN reckons that's the most likely option to prevail tomorrow.
More here. Burke Hansen is our man on the ground at the talks. We'll keep you posted. ®
well, those companies/websites should have a webmaster@ or WORKING abuse@ or similar email address that, if they are unable to monitor it, should go to their ISP or outsourced contractor or whoever runs their site. Again, if you're on 24/7, then it should be your responsibility to be somehow accountable and available the same 24/7.
Keep up the good work. I still believe Individuals should be allowed to stay anonymous and believe nominet's Opt Out scheme works very well. They check my domains with me once every two years sending out a form to my home address. I use this to enter the security code onto an online secure form to authenticate my domain. This reduces abuse but nothing can stop it completely. 123-reg have a 24 hour SLA to respond to all email queries and have even been able to resolve conflicts across registrars for me. Perhaps the UK system is better and the WhoIs database should be abolished leaving adequate registrars to manage the system properly! As you say the WhoIs database is invariably incorrect even for the registered businesses.
Opt-out for individuals would be fine. But if a registrar is processing thousands of registrations per hour, who checks to see whether a domain is registered under the correct category? If you check the whois information for spam sites you will quickly see that in most cases no one is checking anything, and that obviously fake information is being accepted. Even registrars who are seriously trying to avoid spammers still have some domains registered by notorious spam operations slip through despite their best efforts.
As far as registrars being required to be responsive: I notified eNom (via the email address they list with ICANN) of a domain registered with stolen identity information on 10/10/07. Six days later the site was still up, and so I telephoned eNom to explain that I had promised the victim that I would take care of this and I wanted to follow through. The person I spoke with said that they only accepted reports via an online form and that he didn't even know they had any email address for reporting. He assured me that they ignored all email because there was so much spam. When I pointed out that ICANN required a reporting email address, he changed his story and said that they did look at emails but that it would take a long time. He also would not accept any information about the fraud over the phone. (He didn't have to believe me; he just had to call the phone number in the whois information itself.) So I filed the online form. It is now over two weeks later and the site is still up. And eNom is far from the worst registrar. Repeated reports and pleading letters to ICANN about even some of the most egregious offenders get no response except an email from their challenge-response antispam system.
If ICANN won't police anything, and the registrars selling cheap domain names can't afford to police anything at the prices they charge, it is up to the general public to do the best we can to fight criminal activity on the internet. Don't take away one of the few tools we have.