Posted June 6th, 2011
As you may know, WHOIS is a protocol used to (among other things) identify domain name registrants. It is a great asset if you need to get in touch with a registrant or find out who “owns” a domain name. The results, of a WHOIS search, depending on where you are looking can vary and the system is not ideally cohesive. However, WHOIS, originally handled by DARPA has been evolving since the early 1980s and the current incarnation of the gTLD WHOIS system is under scrutiny for misuse.
For those who haven’t sat through the ICANN sessions regarding WHOIS, there has long been a debate over how to amend a potentially flawed WHOIS. There has also been debate about whether a domain registrant’s identity and contact information should be available to the public. While it is beneficial in many instances to be able to identify and communicate with a registrant, it can also leave them open to more unsavory contact. WHOIS misuse, according to an interview with Liz Gasster for IDNblog.com: “refers to harmful acts that exploit contact information obtained from Whois. Those harmful acts may include generation of spam, abuse of personal data, intellectual property theft, loss of reputation or identity theft, loss of data, phishing and other cybercrime-related exploits, harassment, stalking, or other activity with negative personal or economic consequences.”
There is also the problem of accredited registrars who don’t maintain accurate WHOIS data. Although it is a requirement of the RAA to do so, it is advantageous to some registrars to let the house keeping slide when it comes to providing accurate information on registrants including those who may be engaged in trademark abuse.
This sort of misuse as well as other issues have been an area of particular interest to ICANN since 2007 when the organization began to undertake a study of the WHOIS system. As WHOIS will continue to be a hot button topic at ICANN 41 in Singapore we have re-printed the GNSO WHOIS Motion of 4/28/2011 to bring everyone up to speed on the trajectory of this issue prior to the meeting.
In October 2007, the GNSO Council concluded that a comprehensive and objective understanding of key factual issues regarding the gTLD WHOIS system would benefit future GNSO policy development efforts (http://gnso.icann.org/resolutions/).
Before defining study details, the Council solicited suggestions from the community for specific topics of study on WHOIS. Suggestions were submitted (http://forum.icann.org/lists/WHOIS-comments-2008/) and ICANN staff prepared a ‘Report on Public Suggestions on Further Studies of WHOIS’, dated 25-Feb-2008 (http://gnso.icann.org/issues/Whois-privacy/Whois-study-suggestion-report-25feb08.pdf).
On 28-Mar-2008 the GNSO Council resolved to form a WHOIS Study Working Group to develop a proposed list, if any, of recommended studies for which ICANN staff would be asked to provide cost estimates to the Council (http://gnso.icann.org/meetings/minutes-gnso-27mar08.shtml).
The WHOIS Study WG did not reach consensus regarding further studies, and on 25-Jun-2008 the GNSO Council resolved to form a new WHOIS Hypotheses working group to prepare a list of hypotheses from the ‘Report on Public Suggestions on Further Studies of WHOIS’ and the GAC letter on WHOIS studies (http://www.icann.org/correspondence/karlins-to-thrush-16apr08.pdf). The WG reported to the Council on 26-Aug-2008. (https://st.icann.org/Whois-hypoth-wg/index.cgi?Whois_hypotheses_wg#Whois_study_hypotheses_wg_final_report).
On 5-Nov-2008, the Council convened a group of Councilors and constituency members to draft a resolution regarding studies, if any, for which cost estimates should be obtained. The Whois Study Drafting Team further consolidated studies including those from the GAC (http://www.icann.org/correspondence/karlins-to-thrush-16apr08.pdf). The Team determined that the six studies with the highest average priority scores should be the subject of further research to determine feasibility and obtain cost estimates.
On 04-Mar-2009, Council requested Staff to conduct research on feasibility and cost estimates for selected Whois studies and report its findings to Council. (See Motion 3, http://gnso.icann.org/resolutions/#200903).
On 23-Mar-2010, Staff presented a report on the feasibility and cost estimates for the Whois “Misuse” and Whois “Registrant Identification” Studies, finding that each study would cost approximately $150,000 and take approximately one year to complete. (http://gnso.icann.org/issues/whois/whois-studies-report-for-gnso-23mar10-en.pdf). The Whois Registrant Identification study would gather info about how business/commercial domain registrants are identified, and correlate such identification with the use of proxy/privacy services.
The ICANN Board approved in Brussels a FY2011 budget that includes at least $400,000 for WHOIS studies (see http://www.icann.org/en/minutes/resolutions-25jun10-en.htm#8).
On 8-September-2010 the GNSO Council approved a resolution requesting staff to proceed with the Whois “Misuse” Study, which would explore the extent to which publicly displayed WHOIS data is misused, http://gnso.icann.org/resolutions/#201009.
On 5-October-2010, staff provided feasibility and cost analysis for a Whois Privacy and Proxy “Abuse” study, http://gnso.icann.org/issues/whois/gnso-whois-pp-abuse-studies-report-05oct10-en.pdf. This study would compare broad sample of domains registered with a proxy or privacy service provider that are associated with alleged harmful acts with overall frequency of proxy and privacy registrations. This study was estimated to cost $150,000 and take less than a year to complete.
On 11-February-2011, staff provided a feasibility and cost analysis for a Whois Proxy and Privacy “Relay and Reveal” study, http://gnso.icann.org/issues/whois/whois-pp-relay-reveal-studies-report-11feb11-en.pdf, which would analyze relay and reveal requests sent for Privacy and Proxy-registered domains to explore and document how they are processed. The staff analysis concluded that it was premature to conduct a full study, and recommended that a pre-study “survey” be conducted first, to determine if launching a full study is feasible to do.
Council requests ICANN staff to proceed with the WHOIS Registrant Identification Study, as described in Staff’s 23-Mar-2010 Report, using the vendor selection process described in Annex of that same report. (http://gnso.icann.org/issues/whois/whois-studies-report-for-gnso-23mar10-en.pdf).
Further resolved, that the Council requests ICANN staff to proceed with the Whois Privacy and Proxy “Abuse” study, as described in staff’s 5-October-2010 report, using the vendor selection process described in that same report, http://gnso.icann.org/issues/whois/gnso-whois-pp-abuse-studies-report-05oct10-en.pdf.
Further resolved, that the Council requests ICANN staff to proceed with the Whois Privacy and Proxy “Relay and Reveal” pre-study survey, as proposed in staff’s 11-February-2011 report, http://gnso.icann.org/issues/whois/whois-pp-relay-reveal-studies-report-11feb11-en.pdf.
Further resolved, that the Council request that the Board authorize additional funding for FY 2012 for Whois studies, to make up the shortfall of $130,000 between the amount of “at least $400,000” that was allocated for Whois studies in FY 2011 (and remains unspent), and the total amount needed to conduct the Whois Misuse Study ($150,000); the Whois Registrant Identification Study ($150,000); the Proxy/Privacy “Abuse” Study ($150,000); and the Proxy and Privacy “Pre-study” ($80,000), total of $530,000.
Further resolved, in recognition that there is a substantial amount of coordination needed to direct this research, that staff be given the discretion to manage the studies serially or in parallel, with a goal of expediting completion of the studies as efficiently as possible.