DRAFT STATEMENT OF THE ALAC ON RECENT WHOIS REPORTS - Draft
“Registration Abuse Policies Working Group Initial Report” and the “NORC: Draft Report for the Study of the Accuracy of WHOIS Registrant Contact Information.”
Revision #1 – 2010-03-23
The RAA demands an “accurate” name and postal address for registrations. The rationale for this provision remains impatient of debate. This required data forms the basis of the ‘whois’ construct, compels registrars to collect the same as well as to provide for free and unfettered access to this data. These requirements have created situations in provision and use of whois data that juxtaposes two powerful interests; privacy and security. And the debate swirls around how these interests may be balanced, indeed which interest may be precedent.
ALAC believes that activities that degrades the user experience, undermines the security of use and perpetuates fraudulent conversations and transactions for which relief may be initiated by access to valid and accurate whois data is a compelling user interest. As such, we believe that nonconformance to the existing RAA requirements in the form of non-existent or inaccurate whois data is demonstrably inimical to user interests and compels our attention.
The ALAC explicitly acknowledge that solong as we lack a solution that addresses the privacy concerns arising from unfettered access to and the display of whois data, the accuracy of the collected whois data shall be dependent on the willingness of individual registrants to display their private details to the whole world. In this context, we do take note of and welcome the commitment made by former ICANN CEO Paul Twomey during the Public Forum in Sydney.
Extract: "ICANN's contracts, of course, cannot compel a party to break the law in their own jurisdiction, and we have actually, as you've pointed out, made an accommodation in dot tel for conflict of laws, and the – I think in the draft contract that we're preparing for new gTLDs, the concern you raised has I think been recognized and I think we're probably going to follow that dot tel – general dot tel approach.”
The telnic model of WHOIS – a model that was agreed by ICANN - represents a reasonable solution that respects both the right to privacy of the individual and the legitimate concerns of those clearly identified entities that have a genuine need to access the full whois dataset. The ALAC believes that by implementing the telnic whois model as a standard beginning with new gTLD contracts and progressing to legacy ones in concert with an accreditation program for those entities that need full access to the WHOIS dataset, regardless of gTLD or registry location, presents a workable solution forward.
The At-Large further urges ICANN to launch an effort to introduce the IRIS system, which would greatly help in solving the problems above, as well as address the multilingual aspects of the WHOIS.
The two latest studies concerning WHOIS are: “Registration Abuse Policies Working Group Initial Report” and the “NORC: Draft Report for the Study of the Accuracy of WHOIS Registrant Contact Information.” Both reveal information widely suspected and previously confirmed by other studies; that significant and deliberate inaccuracies plague the domain registration system, and that there is a material relationship between WHOIS fraud, acts of malfeasance and misfeasance as well as outright criminal activity. The response to these studies has been to conduct more studies.
The NORC study, while thorough on process is drastically weak on data. It also used the lowest common denominator for accuracy to gauge WHOIS compliance. One might describe it as “a mile-wide and an inch deep.” According to the NORC report page 14: “All contacts were made between June and October 2009, using experienced interviewers at NORC’s offices in Chicago.” So, over a period of five months they reviewed 1,419 WHOIS records. Maybe without meaning to, the actors sent a message that the exercise is both onerous and time-consuming. This is of particular concern since the time and cost for validation has been among the arguments successfully used to block a validation requirement. At-Large volunteers are sure that validation systems currently exist that could validate 70,000 to 100,000 WHOIS records per day. The ALAC does not believe that less than 50% accuracy of WHOIS data that was achieved via “watered down” criteria is commendable or cause for celebration.
This study neglects to indicate which Registrars are connected to the bulk of the WHOIS inaccuracies. We insist that this kind of information might be useful for targeted enforcement activities since it is with the Registrars that ICANN has obligated influence, not registrants.
The WG report on Registration Abuse Policies is an excellent and thorough document that opens the door to good work and policy development, but does not address the problems of the current record set.
We question the assertion that the entire gTLD WHOIS record set cannot be validated. It is ALAC’s view that this endeavour devolves more to a question of will and not possibility. That "there are too many records" for validation is undermined by systems that currently exists:
- The Library of Congress keeps and tracks 130 million cataloged books;
- Wikipedia has 19.5 million pages;
- Visa processed an average of 549 million transactions each day;
- Astronomers count and catalog billions of stars;
- A common bank coin counting machine can record 864,000 coins per day
- Over 2 million SAT tests for college entry are graded, including via electronic means, each year.
The ALAC fundamentally believes that it is possible to validate the entire WHOIS record for the gTLD space, even if the number of domains were to double in the next year. On the balance of the evidence from interactions in our daily lives, we are not persuaded that the body that oversees the gTLD Internet space cannot effectively track and certify the core record set of the gTLD space. We do not believe that registration verification will add significant cost to Registrar operations; there are too many instances of verification procedures associated with and collocated to electronic registration forms for this assertion to stand serene and unchallenged. In fact, one of our At-Large Structures with particular talents in this area is currently engaged in an initiative that will demonstrate the feasibility of 100% WHOIS data validation. The ALAC will await further results and will deliver an opinion on this effort, as appropriate, in due course.
We will complete by 24th April, so your help supporting the construction industry At-Large participation in this key element of the new gTLD programe will be a real help.replica handbags
contributed by firstname.lastname@example.org on 2010-07-03 05:37:56 GMT