RE: [nc-whois] some basic remarks

[Steve Metalitz <metalitz@iipa.com>]

I can tell from this posting that when one of our registrar colleagues told
us yesterday that "Whois has outlived its usefulness," and another indicated
that even if 3% of all Whois data were inaccurate it could be a problem not
worth fixing, they were preaching to the choir for at least one member of
the Task Force.  

It is revealing that in the list of entities upon which the current Whois
system imposes "costs," according to Thomas, 99% of humanity, and the vast
majority of Internet users, are omitted.  There is a strong general public
interest in maintaining transparency and accountability on the Internet, and
publicly accessible Whois helps to do that.  Of course it would do that job
better if it were more accurate, and of course it is not the only mechanism
for pursuing this goal.  But it is hard to argue that, with the growth of
e-commerce, the goals of transparency and accountability are LESS important
today than they were  "when 'home page' was spelled ~/.plan" -- whatever
that means.  

I seem to recall that we spent most of the last year analyzing, in
excruciating detail, the results of an online survey in which 3000+ people
told us what they use Whois for and why it was important.  As I recall, the
single purpose provided most often was "to find out the identity of a person
or organization who is responsible for a domain name or web site."
Intellectual property and consumer protection, which overlap substantially
with the first category, were also commonly cited.  The majority of
respondents in nearly every category cited one of these two purposes
(identity or consumer/IP) as their main reason for using Whois.  But I guess
John Q. Public did not respond to our survey, so we can now feel free to
ignore it.  After all, we are smarter than all those other people put
together -- aren't we?    

Of course the current Whois system can and should be improved.  The
recommendations of the Task Force so far focus on four areas where that
improvement is needed.  Banning public access to Whois data is not -- and
should not be -- among them.  

Steve Metalitz

 

    

-----Original Message-----
From: Thomas Roessler [mailto:roessler@does-not-exist.org]
Sent: Wednesday, September 04, 2002 5:54 AM
To: nc-whois@dnso.org
Cc: Ross Wm. Rader; Rick Wesson
Subject: [nc-whois] some basic remarks


Folks,

I believe that yesterday's phone conference demonstrated that we are 
currently mixing together "legitimate" applications of whois which  
should, in fact, be considered separately.

Remember: We are not just talking about some database which happens  
to be there and is looking for uses.  We're not talking about a  
handy-dandy phone directory for net.gods - that way of thinking 
about whois was appropriate when "home page" was spelled ~/.plan.

Today, we are talking about public access to a certain subset of 
registrars' databases which is mandated by ICANN.  Now, what does 
this mean for us?

 - We're talking about ICANN-imposed policy.  So the question is: 
   What part of this is inside ICANN's scope, and what's outside?

 - We're talking about imposing access conditions on registrars.  
   Ross told us yesterday that bulk access is a "pain in the butt". 
   In other words: We're causing costs for registrars.
  
 - Finally, we are talking about _mandatory_ public access to  
   personal data.  Once again, we're generating cost, this time for  
   everyone.  


With this in mind, the distinction between legitimate and  
illegitimate uses of WHOIS services is inappropriate.  Rather, we  
should ask the question which interests in and uses of registration 
data justify (1) ICANN policy-making, (2) costs to registrars (and 
registries), (3) costs to registrants.

Now, let's look at the various applications which come up all over 
the time:

 - A handy-dandy telephone book (one of our "legitimate  
   applications").  Bad enough, WHOIS isn't even the right tool for  
   this, except possibly in technical circles: The database only  
   contains an extremely small portion of those on the net.  Also,  
   if people want to be contacted, they'll find a way to make their  
   contact information public.  If they don't want to be contacted,  
   it's none of ICANN's business to force them into a "telephone 
   book".

 - As a special application for this, we're hearing about WHOIS  
   being used for resolving technical problems.  But is this really  
   about domain name whois, as opposed to IP address assignment  
   whois?  Don't you think that screwed up name servers will be  
   noticed rather quickly by those operating them?  And, once again,  
   isn't this something which can easier be solved by voluntary  
   services, as opposed to ICANN-mandated publication of data? 
   (Quite frankly, I don't think that ICANN has any business in 
   preventing administrators from shooting themselves into the foot.)

 - Identification of those you're doing business with.  Somehow, I 
   doubt that average customer John Q. Public is looking at whois 
   information, and I also doubt that the information he'll get will 
   be particularly helpful for his purposes.  
   
   Of course, in some cases, the entity behind a web site may be  
   entirely unclear, so WHOIS could at least give you an (easily  
   faked) business name.  But is this really ICANN's business?  Any  
   good online business will include contact information.  Consumers  
   can easily avoid businesses which don't give appropriate  
   information.  Law enforcement can handle those who give wrong  
   information.  Ultimately, this application certainly does not 
   justify public access to all this information.

 - Identification of those you're communicating with. Once again, 
   WHOIS isn't even the right tool for this.
 
 - Marketing.  WHOIS is clearly an excellent tool for this, but  
   somehow, I don't think that ICANN has any business at all in  
   regulating (or even enforcing!) marketers' access to registrars'  
   customer databases.  Why shouldn't this be left to the market?

In short: I do not think that any of these applications justify  
ICANN policy-making with the result that WHOIS data are made  
available to the public.  I'd really like to hear actual arguments  
(i.e., not just "is nice to have, we're used to it") to the 
contrary.

What remains?  On the one hand transfers - but in that case, we're  
talking about a well-defined set of parties who need access to data. 
This does not justify any kind of public access.

On the other hand, there is a variety of law enforcement  
applications, on all levels.  Most of this ultimately boils down 
into two categories:

 - Finding out whom to sue.
 - Collecting evidence.

Thus, the most important question we should look at is what is the  
kind of access _required_ (once again, as opposed to "nice to have") 
for these purposes.


Applying this to bulk access, I'm more and more in doubt that we  
need the kind of bulk access provisions which makes access available 
to just about everyone.  The law enforcement applications listed  
above need expanded search services?  Fine.  Let's make bulk data  
available to firms providing this kind of service.  Academic (or  
maybe even corporate) research needs this kind of bulk data?  Fine. 
Let's make it available.  For that purpose, under appropriate  
conditions.


I'm looking forward to your objections and comments. ;-)


Kind regards,
-- 
Thomas Roessler                        <roessler@does-not-exist.org>