For the London Free Press – October 1, 2007
A debate has been raging within both CIRA and ICANN about just what information should be available using a WHOIS search to see who owns a domain name.
Some cite privacy concerns and argue that as little information as possible should be available. Others fear the lack of accountability that may occur should the contents of a WHOIS search be curtailed.
CIRA is the Canadian Internet Registration Authority — responsible for operating Canada’s dot-ca Internet country code Top Level Domain. ICANN is the Internet Corporation for Assigned Names and Numbers — responsible for operating generic Top Level Domains such as dot-com.
WHOIS is an online directory service that allows anyone to see who owns Internet Domain Names. For example, a WHOIS search on “harrisonpensa.com” will reveal the name and contact information of its owner and the administrative contact who has authority to deal with the domain name.
Both CIRA and ICANN have been developing policies to address privacy concerns.
Under the new policy, if a registrant’s data is disclosed to a third party without their knowledge, the registrant will be informed between 30 and 60 days after the disclosure. This seems to be geared toward concerns expressed by law enforcement regarding the impact notice may have on ongoing investigations.
The new policy attempts to deal with concerns regarding the ability of would-be purchasers of domains to contact domain owners. CIRA will establish an administrative process for passing correspondence from interested parties to registrants.
The new policy will amend CIRA’s Dispute Resolution Policy rules. There is concern that changes to the WHOIS policy will make it more difficult to prove a domain was registered in bad faith. The changes are intended to make it easier for a complainant to provide evidence to prove their case.
ICANN has struggled to reach a consensus, with neither camp willing to move from their position. The current proposal put forth by ICANN replaces some personal information with a pointer to a proxy known as the OPOC, the Operational Point of Contact. The OPOC would act as a mediator between the registrant and the party wishing to contact them. The OPOC would only be placed in front of individual registrants. This element of the proposal addresses one major issue overlooked by CIRA in that privacy concerns apply only to individuals, not to corporations.
While such systems might help address concerns regarding individual privacy, it will also create an additional layer of bureaucracy to be navigated by law enforcement and others who rely on WHOIS to deal with abuse of the internet.
Currently WHOIS can provide an easy way for lawyers to contact parties whose websites may be violating the rights of others, such as improperly using copyrighted materials, defamation, or trade-mark infringement.
Complicating this process will certainly increase the time and costs associated with such efforts.