Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    Privacy Whois: Watch out for that "White List"
    posted by Mueller on Sunday May 09 2004, @12:43PM

    ICANN's revision of its Whois policy is reaching a critical phase. After numerous deadline extensions, the three task forces are scheduled to submit their final reports May 28.

    There is the potential for great progress here, but there is also a strong possibility that the whole reform effort will be undercut and rendered meaningless by the creation of a so-called "White List" that would give the IPR lawyers free rein to all Whois data merely by asking for it.

    During the WHOIS review process, the forces of privacy protection and individual rights have made substantial headway, due to a combination of pressure from the registrars (especially European ones), European data protection officials, the Noncommercial Users Constituency, and the ALAC. But there are strong vested interests at work.

    By permitting (and even requiring) Whois data to be available to intellectual property monitoring firms for several years, ICANN has fostered the creation of commercial information services based on unlimited access to whois data. It has created an entire generation of IPR lawyers who believe that they have a God-given right to rummage through all domain name holders' contact data at any time, for any reason.

    These vested interests talk a lot about "law enforcement," but legitimate law enforcement needs can easily be reconciled with privacy rights through due process. What is really at stake for them is money. Companies like Thomson and Thomson and Mark Monitor have built businesses around your domain name registration data. They won't give it up without a fight, and ICANN's industry self-regulation ethic frequently elevates such commercial considerations over individual rights.

    ICANN's Whois review process has converged around the concept of "tiered access." Tiered access means that some of the Whois data -that considered to be nonsensitive - will be accessible to anyone and everyone as it is now (call it "Tier 1). But the more sensitive data, such as registrant telephone number, email and postal address, and possibly even registrant name, would be shielded from public anonymous access (Tier 2). To get it, a Whois data user would have to jump through a hoop or two. What kind of a hoop? That is the question.

    Registrars, NCUC and ALAC have fought to make those requesting access to Tier 2 data certify who they are, and specify a legitimate purpose for their use of the data. More importantly, they want these requests to be made individually for each domain name that is being requested. The mere fact that .025% of all domain name registrants are suspected of infringing trademarks should not give a law firm untrammeled access to the contact information of the other 99.975% of the registrants. Both the identification requirement and the specification of purpose could be automated, they argue; the former through digital certificates and the latter by means of a multiple choice list that would easily be translated into all the world's languages.

    The business/surveillance interests, on the other hand, propose the concept of a "white list" of whois data users. The "White List" is intended to give certain approved users the right to access sensitive data via port 43 (or other means). Organizations would apply for approval and once they were placed on the White list they could search, store and download sensitive whois data, without any further restriction.

    The White List concept, if implemented as the business interests want, is a disaster for the following reasons.

    1. The concept is impractical.
    Creating such a list would add a huge operational burden to ICANN. There are hundreds of millions of Internet users and they come from every geographic region and language group, and involve data use purposes ranging from academic research to IP enforcement. ICANN would in effect be setting up a global certification process that had to be able to respond to all this diversity. If ICANN did this task conscientiously, the administrative burden would be huge. Not only would it have to investigate the legitimacy of each applicant, it should in principle also be able to constantly monitor the behavior of approved entities to make sure that they were not abusing their privileges. It would have to be willing to withdraw the privilege, and handle disputes and appeals relating to that.
    If ICANN did not do this task conscientiously, if it simply added entities pro forma to the list whenever they applied, then there is no reason to create the list at all. Anyone and everyone could get the status, which is no different than opening up all Whois information to everyone.

    2. The concept is discriminatory
    The right to access Whois data must be balanced against the privacy rights of the domain name registrants. Once the proper balance is struck, all Internet users should have the same rights to access Whois data under the same terms and conditions. Intellectual property interests have no greater claim on that information than anyone else. The White List is designed to create a two-class world of the spied-upon users, who have no rights, and privileged, surveillance- authorized users, who are permitted to spy on registrants.

    3. The concept violates international privacy norms
    A White List would give any approved user the equivalent of bulk access to whois zone files. According to George Papapavlou of the European Union, under data protection law bulk access is a "disproportionate, privacy infringing step, unless a very convincing, specific case can be made which has to be followed by due process. This applies not only to marketing but to any purpose." In other words, no one has the right to fish through sensitive personal data just to see if they can find anything of interest. But a White List would grant this right to anyone who applied.

    4. The White List concept is unnecessary

    Under the proposals supported by registrars, NCUC, and ALAC, the concept of a known user with a known purpose making a request for each individual domain name she wants to investigate can give legitimate users and purposes access to the information they need without creating a centralized administrative entity and without violating privacy.

    Keep an eye on the Whois reform process for the next three weeks. A public comment period will follow on the release of the Task Force reports.

      ICANNWatch Login  


    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

      Related Links  
    · At Large Advisory Committee
    · NCUC
    · ICANN
    · revision of its Whois policy
    · More Privacy stories
    · Also by Mueller
    This discussion has been archived. No new comments can be posted.
    Whois: Watch out for that "White List" | Log in/Create an Account | Top | 26 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    Trademarks? That's kids stuff
    by jberryhill on Tuesday May 11 2004, @07:32PM (#13559)
    User #3013 Info
    In the meantime, if one does enough digging to find the un-named "Islamist Web Site" which posted the video of today's atrocity, one finds that the terrorists have diversified among ICANN-accredited registrars. For example, prior to 9/11 Network Solutions provided domain name registration services to the Taliban mission to the UN, even after they were determined by the US to be persona non-grata. Register.com had for years derived revenue from serving Saddam Hussein's State Company for Internet Services. Credit for the recent car-bombing in Saudi Arabia was taken by a proud customer of Enom.

    The rest is left as an exercise for the reader.

    [ Reply to This | Parent ]
  • 9 replies beneath your current threshold.

  • Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com