ICANN/DNSO
DNSO Mailling lists archives

[nc-whois]


<<< Chronological Index >>>    <<< Thread Index >>>

[nc-whois] some basic remarks


Folks,

I believe that yesterday's phone conference demonstrated that we are 
currently mixing together "legitimate" applications of whois which  
should, in fact, be considered separately.

Remember: We are not just talking about some database which happens  
to be there and is looking for uses.  We're not talking about a  
handy-dandy phone directory for net.gods - that way of thinking 
about whois was appropriate when "home page" was spelled ~/.plan.

Today, we are talking about public access to a certain subset of 
registrars' databases which is mandated by ICANN.  Now, what does 
this mean for us?

 - We're talking about ICANN-imposed policy.  So the question is: 
   What part of this is inside ICANN's scope, and what's outside?

 - We're talking about imposing access conditions on registrars.  
   Ross told us yesterday that bulk access is a "pain in the butt". 
   In other words: We're causing costs for registrars.
  
 - Finally, we are talking about _mandatory_ public access to  
   personal data.  Once again, we're generating cost, this time for  
   everyone.  


With this in mind, the distinction between legitimate and  
illegitimate uses of WHOIS services is inappropriate.  Rather, we  
should ask the question which interests in and uses of registration 
data justify (1) ICANN policy-making, (2) costs to registrars (and 
registries), (3) costs to registrants.

Now, let's look at the various applications which come up all over 
the time:

 - A handy-dandy telephone book (one of our "legitimate  
   applications").  Bad enough, WHOIS isn't even the right tool for  
   this, except possibly in technical circles: The database only  
   contains an extremely small portion of those on the net.  Also,  
   if people want to be contacted, they'll find a way to make their  
   contact information public.  If they don't want to be contacted,  
   it's none of ICANN's business to force them into a "telephone 
   book".

 - As a special application for this, we're hearing about WHOIS  
   being used for resolving technical problems.  But is this really  
   about domain name whois, as opposed to IP address assignment  
   whois?  Don't you think that screwed up name servers will be  
   noticed rather quickly by those operating them?  And, once again,  
   isn't this something which can easier be solved by voluntary  
   services, as opposed to ICANN-mandated publication of data? 
   (Quite frankly, I don't think that ICANN has any business in 
   preventing administrators from shooting themselves into the foot.)

 - Identification of those you're doing business with.  Somehow, I 
   doubt that average customer John Q. Public is looking at whois 
   information, and I also doubt that the information he'll get will 
   be particularly helpful for his purposes.  
   
   Of course, in some cases, the entity behind a web site may be  
   entirely unclear, so WHOIS could at least give you an (easily  
   faked) business name.  But is this really ICANN's business?  Any  
   good online business will include contact information.  Consumers  
   can easily avoid businesses which don't give appropriate  
   information.  Law enforcement can handle those who give wrong  
   information.  Ultimately, this application certainly does not 
   justify public access to all this information.

 - Identification of those you're communicating with. Once again, 
   WHOIS isn't even the right tool for this.
 
 - Marketing.  WHOIS is clearly an excellent tool for this, but  
   somehow, I don't think that ICANN has any business at all in  
   regulating (or even enforcing!) marketers' access to registrars'  
   customer databases.  Why shouldn't this be left to the market?

In short: I do not think that any of these applications justify  
ICANN policy-making with the result that WHOIS data are made  
available to the public.  I'd really like to hear actual arguments  
(i.e., not just "is nice to have, we're used to it") to the 
contrary.

What remains?  On the one hand transfers - but in that case, we're  
talking about a well-defined set of parties who need access to data. 
This does not justify any kind of public access.

On the other hand, there is a variety of law enforcement  
applications, on all levels.  Most of this ultimately boils down 
into two categories:

 - Finding out whom to sue.
 - Collecting evidence.

Thus, the most important question we should look at is what is the  
kind of access _required_ (once again, as opposed to "nice to have") 
for these purposes.


Applying this to bulk access, I'm more and more in doubt that we  
need the kind of bulk access provisions which makes access available 
to just about everyone.  The law enforcement applications listed  
above need expanded search services?  Fine.  Let's make bulk data  
available to firms providing this kind of service.  Academic (or  
maybe even corporate) research needs this kind of bulk data?  Fine. 
Let's make it available.  For that purpose, under appropriate  
conditions.


I'm looking forward to your objections and comments. ;-)


Kind regards,
-- 
Thomas Roessler                        <roessler@does-not-exist.org>


<<< Chronological Index >>>    <<< Thread Index >>>