Feeds

Mickey Mouse Whois ban threat sparks privacy fears

Days of pretending to be N. O. Body are numbered

Providing a secure and efficient Helpdesk

The days of pretending to be Mickey Mouse or Daffy Duck when you register a domain name could be numbered, following demands placed on ICANN by law enforcement agencies and governments.

ICANN is currently locked in contract talks with its accredited domain name registrars, and expects they will agree to make the verification of customer identities mandatory later this year.

If the rule changes go ahead, registrars such as Go Daddy and Network Solutions could be obliged to ensure that the Whois database records submitted by their customers are accurate.

Such a policy would very likely increase the price of .com domain names, due to the registrars' added cost of paying for commercial verification services. While encouraged by law enforcement and intellectual property concerns, which regularly and loudly complain about the difficulty of tracking down crooks online, the proposed rule change has been criticised by privacy advocates.

Today, Whois databases contain the contact information – including name, physical address and phone number – of people who register domain names. Most top-level domains have such a database.

But while registrars are obliged to remind customers annually about Whois accuracy, and can take down domains if they receive complaints, they don't have to proactively check that Whois records are accurate.

This means that nervous domain buyers can either pay an extra fee for a privacy-protection service, or pretend to be Mr Nobody from Nowheresville, Nowhere, giving a phone number of 555-555-5555.

But this could change under amendments to the ICANN Registrar Accreditation Agreement (RAA) currently under negotiation in closed-door talks between ICANN and registrars. On three occasions over the last few weeks, senior ICANN executives have notified the US administration and Congress that they expect a revised RAA to crack down on phoney Whois.

"ICANN expects that the RAA will incorporate – for the first time – Registrar commitments to verify WHOIS data," CEO Rod Beckstrom told the US Department of Commerce earlier this month.

His words were echoed in two letters to concerned congressmen by senior vice president Kurt Pritz last week, following on from Congressional hearings held in December. Beckstrom indicated that the new RAA will be drafted before March, and that registrars with years left on their current contracts – the majority – will be offered incentives to switch to the new version before 2013. The RAA applies to the 21 generic top-level domains – such as .com, .org, .biz and .xxx – and the hundreds of new gTLDs ICANN intends to start approving next year, rather than country-codes such as .uk and .fr. In the UK, individuals are allowed to privacy-protect their .uk Whois records.

The changes would not affect registrars' ability to offer Whois privacy services for an additional fee, though other amendments could formalise the process of unmasking such registrants accused of criminal behaviour or cybersquatting. And it's not certain yet that Whois verification will become mandatory. Registrars generally oppose such moves, largely due to the complexity and because the cost of commercial identity database services could double the price of domain names in some cases.

Members of ICANN's Non-Commercial Users Constituency also oppose Whois verification on privacy grounds, fearing abuse by over-zealous cops and copyright interests. But there's a significant amount of political pressure to make the changes.

Whois verification was part of a package of a dozen measures first proposed by law enforcement agencies in 2009, but it was not until ICANN's public meeting in Senegal last October – when registrars got a good kicking from governments including the US and UK – that talks to amend the RAA began in earnest.

Some registrars, speaking privately to El Reg, are concerned that their industry could be in for a rematch when ICANN convenes its next public meeting in Costa Rica this March.

Now that ICANN has told the US that Whois verification is "expected", if the provision does not make an appearance in the redrafted RAA then ICANN's Governmental Advisory Committee, backed by national law enforcement agencies, will likely claim that the industry is incapable of self-regulation. While the RAA amendments are a separate policy issue to ICANN's recently launch new generic top-level domains programme, interest from Congress has tied the two problems together. If ICANN cannot secure the RAA amendments governments are demanding, it will likely face further criticism that its new gTLDs will be a haven for fraud. ®

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Turnbull: NBN won't turn your town into Silicon Valley
'People have been brainwashed to believe that their world will be changed forever if they get FTTP'
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
ISPs' post-net-neutrality world is built on 'bribes' says Tim Berners-Lee
Father of the worldwide web is extremely peeved over pay-per-packet-type plans
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.