http://www.icann.org/en/reviews/affirmation/whois-rt-discussion-paper-09jun11-en.pdf

Translations of the WHOIS Review Team Discussion Paper:

العربية
[PDF, 150 KB]

Español
[PDF, 149 KB]

Français
[PDF, 135 KB]

Русский
[PDF, 196 KB]

中文
[PDF, 224 KB]

INTRODUCTION

WHOIS Review

The WHOIS review team has been constituted under the Affirmation of Commitments (AoC), which was signed by the United States Department of Commerce and the Internet Corporation for Assigned Names and Numbers on 30 September 2009.

In accordance with the principles set out in the AoC, in particular its paragraph 9.3.1, the scope of the review team is to assess the extent to which existing WHOIS policy in the generic top level domains (gTLDs) and its implementation:

  • is effective;
  • meets the legitimate needs of law enforcement; and
  • promotes consumer trust.

The review team will also undertake an analysis and determination of ICANN's performance against the AoC requirements that ICANN:

  • implements measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information; and
  • enforces its existing policy relating to WHOIS, subject to applicable laws.

Purpose of this Paper

This paper describes of areas of interest identified by the review team to date, both in its own deliberations and in discussions with the community. The review team seeks comment from the community on any aspect of this paper, including any relevant issues not covered by the paper.

Background on WHOIS

WHOIS is a protocol that enables users to find information about Internet resources including domain names, IP address blocks and autonomous systems.

The current version of the WHOIS protocol (RFC 3912) states that while WHOIS was originally used to provide "white pages" services and information about registered domain names, current deployments cover a much broader range of information services. The review team understands that WHOIS facilitates identification and communication for a range of purposes.

Some issues are potentially beyond the scope of the review team. For example, the review team is aware of work being done elsewhere in the community on the internationalisation of WHOIS data and the technical evolution of the protocol. The review team is also aware that ICANN is considering several WHOIS studies, and that discussions are underway on potential amendments to the Registrar Accreditation Agreement. The review team will take account of these issues when developing its recommendations.

How to comment

The closing date for comment is 23 July 2011.

Comments should be sent to: xxxx

ISSUES FOR DISCUSSION

In its preliminary discussions and interactions with the community, the review team’s attention has been drawn to several areas of interest which will inform its work going forward. Questions on each of these issues are below.

Clarity of existing policy

 The Affirmation of Commitments (paragraph 9.3.1) and 2007 GAC Principles Regarding gTLD WHOIS Services appear to provide high level principles that are intended to inform WHOIS policy development and its implementation. However, it is not clear whether these principles are reflected in ICANN’s consensus policies, or in its mechanisms to implement policy.

There is limited ICANN consensus policy on WHOIS, and that which does exist is supplementary to the rules set out in other documents. These include technical standards (such as Internet Engineering Task Force Requests for Comment) and ICANN contracts (such as the Registrar Accreditation Agreement). Current consensus policies regarding WHOIS are:

  1. An annual WHOIS Data Reminder Policy designed to improve Whois accuracy (effective October 31, 2003) 
  2. A Restored Names Accuracy Policy that applies when names have been deleted on the basis of submission of false contact data or non-response to registrar inquires (effective November 12, 2004)
  3. A WHOIS Marketing Restriction Policy prohibiting bulk access to Whois information for marketing purposes (effective November 12, 2004), and also
  4. prohibiting resale or redistribution of bulk WHOIS data by data users (effective November 12, 2004).

Finally, there is a consensus procedure for “Handling WHOIS conflicts with Privacy Law” (effective January 2008) which details how ICANN will respond to a situation where a registrar or registry indicates it is legally prevented by local/national privacy laws or regulations from complying with the provisions of its ICANN contract regarding the collection, display and distribution of personal data via WHOIS. The procedure is for use by ICANN staff and did not change the obligations of registries, registrars or third parties when approved by the GNSO and adopted by the Board.

Questions

  1. What measures should ICANN take to clarify its existing WHOIS policy?
  2. How should ICANN clarify the status of the high level principles set out in the Affirmation of Commitments and the GAC Principles on WHOIS?


Applicable Laws, Privacy issues and Proxy/Privacy

The review team understands that some registrants are concerned about publicly sharing their  information through WHOIS. The review team is also aware of concerns raised within the community about potential conflicts between WHOIS requirements, domestic privacy laws and consumer protection laws.

The review team is interested in ways that ICANN could balance privacy concerns with its AoC goal of making accurate and complete WHOIS data publicly accessible without restriction.

Questions
3.  HWhat insight can country code TLDs (ccTLDs) offer on their response to domestic laws and how they have or have not modified their ccTLD WHOIS policies?


One response to these concerns has been the use of privacy and proxy services, which limit publicly accessible information about domain name registrants. A recent ICANN study found that at least 18% of domain names registered under the top five gTLDs are likely to have been registered using a privacy or proxy service[1|#_ftn1].

Questions
H4.  How can ICANN balance the privacy concerns of some registrants with its commitment to having accurate and complete WHOIS data publicly accessible without restriction?
5.  How should ICANN address concerns about the use of privacy/proxy services and their impact on the accuracy and availability of the WHOIS data?


ICANN’s compliance and enforcement activities

The review team is interested to examine any gaps between ICANN’s commitments, stakeholder expectations and ICANN’s actual implementation and enforcement activities. This includes whether ICANN has the power and/or resources to enforce its commitments.

A key example relates to WHOIS accuracy. WHOIS accuracy is mentioned in the AoC, and is also a requirement in policy and contractual documents. However, a recent ICANN report found that, by the strictest interpretation, only 22.8% of WHOIS records could be considered "fully accurate[2|#_ftn2]". The report further categorized the accuracy according to the ability to contact the registrants. On this analysis, 22.8 % was considered "no failure", 20.9% "substantial failure" and 7.8 % "full failure".

Some actors in the WHOIS space appear to have little or no direct contractual relationship with ICANN (e.g. resellers and privacy and proxy service providers). The review team is interested to examine whether this raises any compliance issues for ICANN.

The review team is aware that there may be examples of good practice across the ccTLDs with regard to data accuracy, but notes that ccTLD policy is independent of the ICANN process, and that the contractual framework and other elements vary across the ccTLDs, and this should be borne in mind when drawing any comparisons.

Questions

  1. How effective are ICANN’s current WHOIS related compliance activities?
  2. Are there any aspects of ICANN’s WHOIS commitments that are not currently enforceable?
  3. What should ICANN do to ensure its WHOIS commitments are effectively enforced?
  4. Does ICANN need any additional power and/or resources to effectively enforce its existing WHOIS commitments? 10.  How can ICANN improve the accuracy of WHOIS data?
    11.  What lessons can be learned from approaches taken by ccTLDs to the accuracy of WHOIS data?
    12.  Are there barriers, cost or otherwise, to compliance with WHOIS policy?
    13.  What are the consequences or impacts of non-compliance with WHOIS policy?


Other issues

The review team is also interested to hear from the community about any other relevant issues relating to its scope.

Questions
14.  Are there any other relevant issues that the review team should be aware of? Please provide details.


[1|#_ftnref1]                 http://www.icann.org/en/compliance/reports/privacy-proxy-registration-services-study-14sep10-en.pdf

[2|#_ftnref2]                 http://www.icann.org/en/compliance/reports/whois-accuracy-study-17jan10-en.pdf

  • No labels