Intellectual Property Holders Press For Access To WHOIS Data
The conflict pits individuals and groups that favor privacy protections against organizations and law enforcement agencies that favor data access.
The seven-year-old battle over access to WHOIS data -- the names, street addresses, e-mail addresses and phone numbers of those who have registered Internet domains -- remains a stalemate this week, leaving reforms undone.
The conflict pits individuals and groups that favor privacy protections against organizations and law enforcement agencies that favor data access to police intellectual property and to curtail cybercrime.
In a blog post on the Internet Governance Project's (IGP) Web site, Milton Mueller, Professor and Director of the Telecommunications Network Management Program at the Syracuse University School of Information Studies and a partner in the IGP, details the Final Outcomes Report of the WHOIS Working Group, published on Tuesday, and inability of the various stakeholders to reach any kind of consensus.
Caught in the middle are Internet domain registrars that have to balance customer data protection with data access requirements mandated by the Internet Corporation for Assigned Numbers and Names' (ICANN) Registrar Accreditation Agreement (RAA).
The RAA requires registrars to allow lawful uses of registration data, with certain limitations to protect against data harvesting by spammers. The RAA also requires registrars to allow bulk access to WHOIS data for not more than $10,000.
"This part of the RAA was meant to accommodate the political demands of a growing number of trademark monitoring service providers who systematically collected WHOIS data and compiled it into analyses that were sold to trademark holders," Mueller explained in an e-mail.
But corporate and law enforcement interests would like still greater access to WHOIS data.
"[Intellectual property lawyers] tried to whittle down the shielding of data to natural persons whose Internet activities were completely noncommercial in nature," said Mueller on the IGP blog. "Along with the law enforcement and banking interests, they wanted backdoor access procedures enabling almost any private company to gain unlimited access to the shielded data of any domain merely by asserting that they needed it to pursue bad actors."
One of the problems this presents for registrars is that greater access would hurt their privacy service business. The RAA allows registrars to serve as a proxy for registrants, and many do so, providing their own contact information in place of the domain registrant's for a fee. Such services don't shield registrants from law enforcement inquiries, but it does keep registrant data from circulating freely.
"If there is no reform they can continue to sell privacy to their users using proxy registrations, making profits that far exceed those they make on normal domain name registrations," said Mueller.
The impasse between the various constituencies prompted Philip Shepherd, Chair of the WHOIS Working Group, to change the definition of "Agreement" in the Working Group's report to claim consensus where there isn't any. "In the final report, Shepherd failed to obtain agreement on points he considered to be the desired policy," said Mueller. "So the definition of agreement was changed."
According to Mueller, Shepherd represents a European trademark lobbying group.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.