Original URL: http://www.theregister.co.uk/2006/06/01/nominet_whois_warning/

Nominet warns on Whois data mining

US firm caught harvesting personal information

By Kieren McCarthy

Posted in Security, 1st June 2006 09:09 GMT

Nominet has issued a warning about commercial companies that are swiping copyrighted information on domain name owners from its Whois database.

Several weeks ago, the UK internet registry owner noticed a sharp increase in the number of people accessing its Whois service, an online searchable database that provides ownership details for individual .uk internet addresses, including the name of the individual and sometimes their home address.

Nominet director of IT Jay Daley said in one 24-hour period there were an additional 50,000 look-ups appearing to come from 5,000 different internet addresses. Thanks to careful monitoring and analysis, however, Nominet was able to trace the source of the requests to a single company - US security company Intrusion.com.

Nominet blocked Intrusion.com and sent an email to the company requesting an explanation, but heard nothing back. A week later, it phoned the US firm and sent another email before finally speaking to its co-founder, vice-president and vice-chairman T Joe Head, who confirmed the company had been building a database of .uk domain ownership in order to help its products perform better.

According to Daley, Head claimed to have a database of 130m domain names across the world, with Whois data on 70m of them. When the company identifies a domain name that is being used for nefarious purposes it runs a search across its database for any other domains run or owned by the same organisation and reviews their status.

The company's use of the information is immaterial, however, as under European law the Whois database is the copyrighted property of Nominet.

Nominet is particularly sensitive about its database after Australian scammers tricked 50,000 Nominet customers into paying imaginary renewal fees when they were contacted through their Whois details, stolen from the Nominet website by an automated request program.

Brad Norrish and Chesley Rafferty were found guilty in January this year and fined AU$2.3m (£980,000) by an Australian court after a Nominet chase lasting nearly three years. Nominet has since provided all customers with the option to opt-out of providing anything but their name on the public Whois database, and carefully monitors access to the database.

According to Daley, Intrusion.com claimed it wasn't aware of the UK and European law that makes the database copyrighted material. It said its actions are perfectly possible as the law in the US, and extended to all global top-level domains including .com, .net, .org and so on, is that all details of domain owners - including home telephone numbers and email addresses - are made freely and publicly available.

Daley said he was keen to publicise the issue of database mining so commercial companies were aware of the law difference between the US and EU, and to make other countries' registries aware that their databases were probably also being stolen through sophisticated request techniques.

In a statement to The Register, Intrusion’s president and CEO, G Ward Paxton, said it had deleted any information on domain names registered by Nominet and while it investigates the “concerns over Intrusion’s use of the information”.

But Paxton defended Intrusion’s technology and business model, saying the only way to identify the source of attacks on networks was to utilize domain name information, and that domain registrars are the only source of such information

“As a result,” he said, “We believe it is essential to the public interest to allow companies like Intrusion to access these publicly available sources of domain name information in order to allow the victims of those attacks to identify the source of such attacks and effectively defend their computer networks.”

A change in the rules State-side

That same law may also soon apply to the US, however, according to internet historian and computer science professor at Syracuse University, Milton Mueller. The existing rule is a hangover from the early days of the internet when intellectual property lawyers had a dispropotionate influence over the creation of domain name rules and procedures.

But the Generic Names Supporting Organisation (GNSO), the arm of internet overseeing organisation ICANN in charge of domain name policy, last month voted in favour of a new, more restrictive, definition for the purposes of Whois data after a three-year review. The new definition should see people's home addresses and telephone numbers pulled from the publicly available database, and there remains ongoing debate whether the email address and even the registrant's name should appear in the records.

According to Mueller, the definition has to be accepted by ICANN, although it will still have to be put to a board vote. It could be adopted as early as 30 June at ICANN's next meeting in Morocco.

Those opposed to the increased privacy, says Mueller, are law enforcement, because of ease of use and the resulting cost without it, commercial search services and intellectual property laws, and data miners. As a result of pressure from these constituencies, the US government also remains opposed to a reduction in the amount of information made available.

It is uncertain whether the US government will again abuse its position as ultimate overseer of the internet, however, following embarassing revelations earlier this month that it had secretly intervened to prevent the creation of a .xxx top-level domain because of pressure from right-wing Christian groups.

The ready availability of millions of people's personal details has remained a concern and high priority for a large number of groups both inside and outside the US, however, and continues to be a main source of information for scammers and spammers on the net.®