 | |
| |
TechnologyDaily Mobile
Grappling With The Great Domain Registry
by Maureen Sirhal
Officials engaged in battles against online piracy, computer intrusions and Internet fraud have a potentially valuable resource in their crusades: the universal "Whois" database that serves as an online source of information for anyone who purchases an Internet address.
The Internet Corporation for Assigned Names and Numbers (ICANN) requires domain-name registrants to provide addresses and telephone numbers for administrative and technical contacts. The aim of the Whois database that stores the information is primarily technical -- Internet service providers need contact information in case of technical glitches -- but ICANN also decided to make the information available in an effort to catch individuals violating intellectual property laws or committing fraud on the Web.
The database has not satisfied those expectations, however. Increasingly plagued by a lack of accuracy, Whois has hampered law enforcement's ability to use it as a tool for combating online crime and left policymakers and the Internet community with questions about how to fix it. The database tentatively is scheduled to be the subject of a hearing at the House Judiciary Courts, the Internet and Intellectual Property Subcommittee on Thursday.
A Flawed System?
The Whois debate chiefly stems from concerns about incorrect, fraudulent or outdated registration information. Businesses that register domains may list one individual as a point of contact, for instance, but without frequent updates, the data becomes outdated as employees change jobs or leave the company. Individuals who register domains also move or change phone numbers. And some registrants list fake names, like Mickey Mouse, as the contact.
A recent case involving the Organization for Economic Cooperation and Development (OECD) demonstrates the problem. When the OECD mistakenly let the registration for the ocde.org domain lapse, the misspelling of the global policy group's actual Internet address, oecd.org, was linked to a pornographic site. The Whois information on the new owner of ocde.org domain led the OECD to a fake company at a non-existent address in Armenia, and the discovery sparked a lengthy battle between the OECD and the domain registrar to correct the matter.
The report, issued publicly and intended to aid the World Intellectual Property Organization in its work on domain issues, highlights the broader problems associated with the need for correct Whois data. "To those in the OECD secretariat involved in the effort to recover the ocde.org domain name," the report stated, "the experience proved that something is quite wrong in the current system, and the public interest is not being well protected by it."
Law enforcement agencies are becoming increasingly reliant on the Whois data. While police possess other means of obtaining data on domain ownership or finding the operators of particular Web sites, they see the Whois database as an ideal tool because it is speedy. "It's something we use very frequently in our law enforcement capacity," said one investigator. "False domain-name registrations have been an impediment and slowed down ... our ability to identify law violators."
Citing increases in Internet-related crimes, law enforcement groups have warned Congress and ICANN of the need to keep the Whois data as accurate as possible. The FTC, for example, has raised the issue in communications with ICANN over the past few years. And the FBI has met with some overseers of domain-name suffixes such as .info to air concerns over their approach to keeping the database on domain registrants.
According to a recent draft study conducted by an ICANN task force on Whois, more than half of the groups that use the Whois rely on it to "find out the identity of a person or organization who is responsible for a domain name or Web site." Nearly 43 percent said they are concerned about the "effective identification" of the individuals or organization that are behind a given domain. And of the commercial and government entities that responded to the survey, nearly half said they have been "harmed or inconvenienced" by the inaccurate Whois data.
The problems have left industry observers and policymakers wondering why registrars cannot simply clean their files.
The Clean-Up Challenge
The registrars that grant domain names to applicants are supposed to keep the information accurate, but they face several hurdles in attempting to verify data. Most domain registrations, for example, occur purely online, making it difficult to verify where customers live.
In a recent interview, Marilyn Cade, who co-chairs ICANN's Whois task force, noted that registrars lack the resources to authenticate registrations, and mandating that they verify the information provided by their customers could raise the price of domains. Mason Cole, a vice president of marketing for the domain re-seller SnapNames, added that registrars often have differing policies for handling Whois information, and that piecemeal approach to collecting and storing the data may facilitate the filing of incorrect data.
Although credit-card numbers and billing information associated with domains may be verifiable, they may not correspond to the information provided for the technical or administrative contacts. Web sites may be registered via company credit cards whose billing addresses do not match the contact person's location. And verifying the information of registrants who are abroad is far more burdensome than doing so on people in the United States.
Domain sellers note that privacy concerns also may contribute to the proliferation of false Whois information. Many domain consumers submit personal data such as home and e-mail addresses, and telephone numbers. ICANN mandates that registrars make the data available to competing firms in an effort to assure equal access to the domain marketplace. But some companies have used the information in marketing targeted at consumers, so domain holders may be less inclined to provide accurate data for fear of being bombarded by advertising.
Privacy advocates argue that disclosing personal data under the Whois database should be optional and that firms relying on such information should be held to specific purposes. In testimony before a House Judiciary subcommittee last year, for instance, Junkbusters President Jason Catlett said no company should be able to gather information from the database under the "pretext" of protecting a trademark and later use the data for marketing purposes.
ICANN accreditation agreements require the Whois and also allow domain sellers to remove Internet addresses for which the registrants provided incorrect or even fraudulent data. But it is not clear whether registrars are comfortable taking such steps to discourage misinformation, some sources said, noting the lack of resources that registrars have to confront the issue.
Some observers also said registrars have no incentive to keep the data updated so long as the billing information is accurate. The fact that registrars lose customers when they remove Internet addresses because of Whois inaccuracies is another disincentive for reform.
ICANN's Whois task force has been studying ways to enhance the Whois system while also balancing the conflicting needs of the commercial, government and nonprofit sectors. The group's draft report will be posted for public commentary, and that feedback will be fashioned into a full report and roster of recommendations. The panel will present the report to ICANN by May, making it ready for action at ICANN's June board meeting in Bucharest, Romania.
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
