Whois Studies Approved, Privacy Deferred -- Redmondmag.com

Whois Studies Approved, Privacy Deferred

By The Associated Press
11/01/2007

A panel on Internet names voted Wednesday to defer long-simmering questions on whether names, phone numbers and other private information on domain name owners should remain public in open, searchable databases called Whois.

Instead, the committee of the Internet Corporation for Assigned Names and Numbers, or ICANN, decided on further studies, which privacy advocates consider a stall tactic after seven years of discussions so far.

The committee also rejected a proposal to give Internet users the ability to list third-party contacts rather than their own private data in the Whois databases.

Law-enforcement officials, trademark lawyers and journalists, as well as spammers, now access Whois to figure out who may be behind a Web site. But privacy advocates say individuals shouldn't have to reveal personal information simply to have a Web site.

A third proposal, a so-called "sunset" option that would have allowed domain name registration companies to stop making the data available through Whois, was narrowly rejected, 13-10. That measure would have likely resulted in large gaps in registration records and was seen as a way to force concessions from current Whois users before the sunset actually takes effect.

Debate ran for about two hours, with the panel becoming bogged down at times on whether to amend the language of motions that had been slated for vote.

The proposal on listing third-party contacts was defeated 17-7, the same margin by which the studies measure was approved. The votes also had the effect of formally removing the Whois issue from the committee's agenda, leaving it to ICANN's board to decide whether and how to proceed further.

"We seem to be closing off the development process at the same time we're opening the box to the same old debates that have been going on for seven years," complained Milton Mueller, a Syracuse University professor on the committee. "The whole world is watching now. ... They're expecting ICANN to do something about this."

Ross Rader, a committee member who is the sunset proposal's chief sponsor, said afterward that he was disappointed the committee opted for an "open-ended" study.

"We've had seven years of study on this issue ... What has not been answered is what are the specific questions we want answers to," Rader said. "From my perspective, further, broad, open study is just a way for (opponents) to say you don't have enough votes to change the status quo."

The committee, the Generic Names Supporting Organization Council, set a deadline of Feb. 15 to identify what types of studies are needed.

Mike Rodenbaugh, one of the panelists representing commercial and business Internet users, defended criticism that ordering additional studies was "silly."

"We still see, obviously, very significant issues with Whois in general, and while there is sure to be debate on what precisely the scope of the studies (will be) ... almost all the constituencies have requested studies of various kinds," he said.

Frequent users of Whois were relieved.

Lynn Goodendorf, chief privacy officer for Intercontinental Hotels Group PLC, said that although she was sensitive to privacy concerns that individuals may have, those must be balanced with the needs of businesses and law enforcement officials fighting fraud.

"There are a lot of different wrinkles in this," she said. "The proposal that was on the table to change the policy still had too many potential adverse effects to everyone on the Internet."

Privacy wasn't a big consideration when the current addressing system started in the 1980s. Back then, government and university researchers who dominated the Internet knew one another and didn't mind sharing personal details to resolve technical problems.

But the makeup of the Internet population and the use of Whois have changed greatly since then. The requirements for domain name owners to provide such details also contradict, in some cases, European privacy laws that are stricter than those in the United States.

Over the past few years, some companies already have been offering proxy services, for a fee, letting domain name owners list the proxy rather than themselves as the contact. It's akin to an unlisted phone number, though with questionable legal status.

The rejected proposal, known as operational point of contact, would have made that standard, with fewer restrictions on who could be named as a proxy.

Steve DelBianco, executive director of NetChoice, a coalition of trade groups that represents tech companies, including eBay Inc., Oracle Corp. and Time Warner Inc.'s AOL LLC, said the rise of proxy services shows "the market is working faster to address privacy concerns than ICANN processes ever can."

Featured

Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.