Feeds

Telnic proposal spurs internal ICANN debate

Road map at last for intractable Whois mess?

Beginner's guide to SSL certificates

The other tried and true complaint has been that gutting the database would impede investigations into phishing attacks and other illegal or unlawful activities on IPC's Whois - a claim even asserted by the FBI at the IPC's Whois informational briefing.

This cuts both ways, however - ICANN's own investigations have established beyond any doubt that the current Whois database is a major source of spam, which is itself frequently a vehicle for viruses, Trojan horses, and assorted other malware. The extent to which the self-reporting and frequently inaccurate data in Whois is useful for investigative purposes needs to be examined more closely, and at the very least balanced against the extent to which the database is abused for questionable purposes.

If the best argument the IPC can articulate turns out to be a cost-shifting argument, it needs to be rejected outright - that argument, we can only assume, has already been made at the national level in the affected countries, and resolved. If so, it is simply a matter of national sovereignty, and an established cost of doing business in those jurisdictions that they have simply managed to avoid so far.

Only in LA

There is irony in the Telnic Whois debate not lost on those involved - after all, they are arguing over restricting access to personal information in a service whose sole purpose is to allow users to publish personal contact information.

Nevertheless, Telnic allows users to screen what contact information is published, and as conceived is not in conflict with any established law (the Whois requirements are merely contractual obligations between registrars and ICANN).

The proposed amendment to the Telnic contract was put up for comment the week before the Los Angeles meeting, to little fanfare and almost no public comment. However, after conversation with upper level ICANN management at the Los Angeles meeting, the Telnic proposal seems to have given them cause for optimism that the long-running Whois debate - which has gone absolutely nowhere for seven years - might at last move forward, at least incrementally.

The ICANN board also needs to consider short-circuiting a process that is pathologically dysfunctional. The opposing interests in this debate - privacy advocates versus corporate and law enforcement groups - give no quarter, and have shown no interest whatsoever in any sort of compromise. The GNSO council has proven completely ineffectual in pushing this forward, but the ICANN board is bound by neither the decision, nor the indecision, of the council. After all, inaction is simply a way to preserve the status quo and is itself a policy choice.

ICANN should seriously consider integrating something like the Telnic proposal into the revisions of the Registrar Accreditation Agreement (RAA) that are currently underway. It is the closest thing to a well-conceived compromise that has been proposed, and if the mortal enemies that have dragged this debate out for seven years don't like it, well, tough luck.

If that threat proves insufficient, ICANN should argue, based on national sovereignty alone, that viable registrars be approved by ICANN in accordance with the laws of the jurisdiction where they are incorporated or have their principal place of business. If businesses migrate to jurisdictions with more favorable regulations, so be it - it happens every day in tax law, and the world hasn't come to a stop.

ICANN is not some supra-jurisdictional entity, and it boggles the mind that otherwise legitimate businesses have been prevented from operating legally in their own jurisdiction due to ICANN's embrace of an anachronistic database which was originally designed to allow academics to keep in contact with each other to maintain the technical integrity of the network.

The board should make clear to all of its constituents that some sort of revision will be worked into the new RAA, with provisions for future review of the RAA if need be, and the interested constituents can either be a part of the solution or not. They clearly are incapable of resolving this on their own.

The Telnic amendment can be found here (PDF). ®

Burke Hansen, attorney at large, heads a San Francisco law office

Secure remote control for conventional and virtual desktops

More from The Register

next story
FCC, Google cast eye over millimetre wireless
The smaller the wave, the bigger 5G's chances of success
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.