Feeds

Telnic proposal spurs internal ICANN debate

Road map at last for intractable Whois mess?

Top three mobile application threats

The other tried and true complaint has been that gutting the database would impede investigations into phishing attacks and other illegal or unlawful activities on IPC's Whois - a claim even asserted by the FBI at the IPC's Whois informational briefing.

This cuts both ways, however - ICANN's own investigations have established beyond any doubt that the current Whois database is a major source of spam, which is itself frequently a vehicle for viruses, Trojan horses, and assorted other malware. The extent to which the self-reporting and frequently inaccurate data in Whois is useful for investigative purposes needs to be examined more closely, and at the very least balanced against the extent to which the database is abused for questionable purposes.

If the best argument the IPC can articulate turns out to be a cost-shifting argument, it needs to be rejected outright - that argument, we can only assume, has already been made at the national level in the affected countries, and resolved. If so, it is simply a matter of national sovereignty, and an established cost of doing business in those jurisdictions that they have simply managed to avoid so far.

Only in LA

There is irony in the Telnic Whois debate not lost on those involved - after all, they are arguing over restricting access to personal information in a service whose sole purpose is to allow users to publish personal contact information.

Nevertheless, Telnic allows users to screen what contact information is published, and as conceived is not in conflict with any established law (the Whois requirements are merely contractual obligations between registrars and ICANN).

The proposed amendment to the Telnic contract was put up for comment the week before the Los Angeles meeting, to little fanfare and almost no public comment. However, after conversation with upper level ICANN management at the Los Angeles meeting, the Telnic proposal seems to have given them cause for optimism that the long-running Whois debate - which has gone absolutely nowhere for seven years - might at last move forward, at least incrementally.

The ICANN board also needs to consider short-circuiting a process that is pathologically dysfunctional. The opposing interests in this debate - privacy advocates versus corporate and law enforcement groups - give no quarter, and have shown no interest whatsoever in any sort of compromise. The GNSO council has proven completely ineffectual in pushing this forward, but the ICANN board is bound by neither the decision, nor the indecision, of the council. After all, inaction is simply a way to preserve the status quo and is itself a policy choice.

ICANN should seriously consider integrating something like the Telnic proposal into the revisions of the Registrar Accreditation Agreement (RAA) that are currently underway. It is the closest thing to a well-conceived compromise that has been proposed, and if the mortal enemies that have dragged this debate out for seven years don't like it, well, tough luck.

If that threat proves insufficient, ICANN should argue, based on national sovereignty alone, that viable registrars be approved by ICANN in accordance with the laws of the jurisdiction where they are incorporated or have their principal place of business. If businesses migrate to jurisdictions with more favorable regulations, so be it - it happens every day in tax law, and the world hasn't come to a stop.

ICANN is not some supra-jurisdictional entity, and it boggles the mind that otherwise legitimate businesses have been prevented from operating legally in their own jurisdiction due to ICANN's embrace of an anachronistic database which was originally designed to allow academics to keep in contact with each other to maintain the technical integrity of the network.

The board should make clear to all of its constituents that some sort of revision will be worked into the new RAA, with provisions for future review of the RAA if need be, and the interested constituents can either be a part of the solution or not. They clearly are incapable of resolving this on their own.

The Telnic amendment can be found here (PDF). ®

Burke Hansen, attorney at large, heads a San Francisco law office

Top three mobile application threats

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.