DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [nc-whois] some basic remarks


For the record I'd like to offer a few clarifications to your remarks
about my remarks. ;)

As a general note, all of my comments were prefaced with the fact that I
was fully engaged in exploring the scope of the issue and arriving at an
informed conclusion in light of industry and internet development as
well as the work of the Task Force. With the exception of our registrant
privacy statements
(http://www.dnso.org/clubpublic/registrars/Arc01/pdf00000.pdf), we do
not have a committed public position on Whois.

With that in mind, I'd also like to clarify some of my comments. First,
I did *not* make the statement that "Whois has outlived its usefulness".
My question to the TF was whether or not there had been any
consideration by the TF as to whether or not Whois was the appropriate
tool to solve the problems that were being dealt with. If Whois is not
this "appropriate tool", then it may indeed be the case (as discussions
elsewhere in the DNSO have indicated) that Whois is indeed past its

Secondly, and I'm not sure if this was clearly heard by all or not, but
in each instance where I mentioned cost, I explicitly referred to both
the economic and social cost of the solution. I recall that one of the
respondents to the survey indicated that their primary concern with the
whois was "...with having access to accurate information regarding the
registrants of business domain names." and that their principle harm due
to bad Whois data was that "...in a sample of 1,600 comercial web
sites,we were unable to identify 12% of the beneficial owners of the web
sites and determine if they were compliant in regard to their Federal
Tax obligations." (http://www.dnso.org/dnso/notes/resp-2150.html)

In this case, the direct economic costs are reasonably defined. But what
of the indirect economic and social costs - on both sides of the fence.
It is extremely clear from this, and other, responses, that the current
whois structure is inadequate. But, without a clear understanding of
what the actual problems are, it is impossible to determine what the
costs are and whether or not it is reasonable to develop new tools or
use the existing ones - which doesn't even go near the question of who
assumes the costs (to which I submit that the network will be forced to
bear the majority of the investment).

To some of your specific comments...

> But it is hard to argue that, with the growth of e-commerce, 
> the goals of transparency and accountability are LESS 
> important today than they were  "when 'home page' was spelled 
> ~/.plan" -- whatever that means.  

The question here is transparency and accountability for whom? The
argument for the rights of registrants is much easier to make and should
perhaps be the primary focus of this policy development track. What are
registrants and the community as a whole giving up to cede to the
undefined goals of "transparency and accountability"? 

> and why it was important.  As I recall, the single purpose 
> provided most often was "to find out the identity of a person 
> or organization who is responsible for a domain name or web 
> site."

I'm not sure that I understand this clearly - was this an indication
that a majority of whois users are of the belief that the domain name
whois system is an authoritative source of information concerning the
identity of individuals or entities responsible for host based services?
If this is the implication, then the problem just got a whole lot

Anyways, I did sincerely appreciate the time spent on the call
yesterday. It was extremely informative and hopefully everyone else
found it as useful in furthering their understanding of the issues as I

Thanks again,


"There's a fine line between fishing and standing on the shore like an
- Steven Wright

Got Blog? http://www.byte.org/blog

Please review our ICANN Reform Proposal:


> -----Original Message-----
> From: Steve Metalitz [mailto:metalitz@iipa.com] 
> Sent: Wednesday, September 04, 2002 9:17 AM
> To: 'Thomas Roessler'; nc-whois@dnso.org
> Cc: Ross Wm. Rader; Rick Wesson
> Subject: RE: [nc-whois] some basic remarks
> I can tell from this posting that when one of our registrar 
> colleagues told us yesterday that "Whois has outlived its 
> usefulness," and another indicated that even if 3% of all 
> Whois data were inaccurate it could be a problem not worth 
> fixing, they were preaching to the choir for at least one 
> member of the Task Force.  
> It is revealing that in the list of entities upon which the 
> current Whois system imposes "costs," according to Thomas, 
> 99% of humanity, and the vast majority of Internet users, are 
> omitted.  There is a strong general public interest in 
> maintaining transparency and accountability on the Internet, 
> and publicly accessible Whois helps to do that.  Of course it 
> would do that job better if it were more accurate, and of 
> course it is not the only mechanism for pursuing this goal.  
> But it is hard to argue that, with the growth of e-commerce, 
> the goals of transparency and accountability are LESS 
> important today than they were  "when 'home page' was spelled 
> ~/.plan" -- whatever that means.  
> I seem to recall that we spent most of the last year 
> analyzing, in excruciating detail, the results of an online 
> survey in which 3000+ people told us what they use Whois for 
> and why it was important.  As I recall, the single purpose 
> provided most often was "to find out the identity of a person 
> or organization who is responsible for a domain name or web 
> site." Intellectual property and consumer protection, which 
> overlap substantially with the first category, were also 
> commonly cited.  The majority of respondents in nearly every 
> category cited one of these two purposes (identity or 
> consumer/IP) as their main reason for using Whois.  But I 
> guess John Q. Public did not respond to our survey, so we can 
> now feel free to ignore it.  After all, we are smarter than 
> all those other people put
> together -- aren't we?    
> Of course the current Whois system can and should be 
> improved.  The recommendations of the Task Force so far focus 
> on four areas where that improvement is needed.  Banning 
> public access to Whois data is not -- and should not be -- 
> among them.  
> Steve Metalitz
> -----Original Message-----
> From: Thomas Roessler [mailto:roessler@does-not-exist.org]
> Sent: Wednesday, September 04, 2002 5:54 AM
> To: nc-whois@dnso.org
> Cc: Ross Wm. Rader; Rick Wesson
> Subject: [nc-whois] some basic remarks
> Folks,
> I believe that yesterday's phone conference demonstrated that we are 
> currently mixing together "legitimate" applications of whois which  
> should, in fact, be considered separately.
> Remember: We are not just talking about some database which happens  
> to be there and is looking for uses.  We're not talking about a  
> handy-dandy phone directory for net.gods - that way of thinking 
> about whois was appropriate when "home page" was spelled ~/.plan.
> Today, we are talking about public access to a certain subset of 
> registrars' databases which is mandated by ICANN.  Now, what does 
> this mean for us?
>  - We're talking about ICANN-imposed policy.  So the question is: 
>    What part of this is inside ICANN's scope, and what's outside?
>  - We're talking about imposing access conditions on registrars.  
>    Ross told us yesterday that bulk access is a "pain in the butt". 
>    In other words: We're causing costs for registrars.
>  - Finally, we are talking about _mandatory_ public access to  
>    personal data.  Once again, we're generating cost, this time for  
>    everyone.  
> With this in mind, the distinction between legitimate and  
> illegitimate uses of WHOIS services is inappropriate.  Rather, we  
> should ask the question which interests in and uses of registration 
> data justify (1) ICANN policy-making, (2) costs to registrars (and 
> registries), (3) costs to registrants.
> Now, let's look at the various applications which come up all over 
> the time:
>  - A handy-dandy telephone book (one of our "legitimate  
>    applications").  Bad enough, WHOIS isn't even the right tool for  
>    this, except possibly in technical circles: The database only  
>    contains an extremely small portion of those on the net.  Also,  
>    if people want to be contacted, they'll find a way to make their  
>    contact information public.  If they don't want to be contacted,  
>    it's none of ICANN's business to force them into a "telephone 
>    book".
>  - As a special application for this, we're hearing about WHOIS  
>    being used for resolving technical problems.  But is this really  
>    about domain name whois, as opposed to IP address assignment  
>    whois?  Don't you think that screwed up name servers will be  
>    noticed rather quickly by those operating them?  And, once again,  
>    isn't this something which can easier be solved by voluntary  
>    services, as opposed to ICANN-mandated publication of data? 
>    (Quite frankly, I don't think that ICANN has any business in 
>    preventing administrators from shooting themselves into the foot.)
>  - Identification of those you're doing business with.  Somehow, I 
>    doubt that average customer John Q. Public is looking at whois 
>    information, and I also doubt that the information he'll get will 
>    be particularly helpful for his purposes.  
>    Of course, in some cases, the entity behind a web site may be  
>    entirely unclear, so WHOIS could at least give you an (easily  
>    faked) business name.  But is this really ICANN's business?  Any  
>    good online business will include contact information.  Consumers  
>    can easily avoid businesses which don't give appropriate  
>    information.  Law enforcement can handle those who give wrong  
>    information.  Ultimately, this application certainly does not 
>    justify public access to all this information.
>  - Identification of those you're communicating with. Once again, 
>    WHOIS isn't even the right tool for this.
>  - Marketing.  WHOIS is clearly an excellent tool for this, but  
>    somehow, I don't think that ICANN has any business at all in  
>    regulating (or even enforcing!) marketers' access to registrars'  
>    customer databases.  Why shouldn't this be left to the market?
> In short: I do not think that any of these applications justify  
> ICANN policy-making with the result that WHOIS data are made  
> available to the public.  I'd really like to hear actual arguments  
> (i.e., not just "is nice to have, we're used to it") to the 
> contrary.
> What remains?  On the one hand transfers - but in that case, we're  
> talking about a well-defined set of parties who need access to data. 
> This does not justify any kind of public access.
> On the other hand, there is a variety of law enforcement  
> applications, on all levels.  Most of this ultimately boils down 
> into two categories:
>  - Finding out whom to sue.
>  - Collecting evidence.
> Thus, the most important question we should look at is what is the  
> kind of access _required_ (once again, as opposed to "nice to have") 
> for these purposes.
> Applying this to bulk access, I'm more and more in doubt that we  
> need the kind of bulk access provisions which makes access available 
> to just about everyone.  The law enforcement applications listed  
> above need expanded search services?  Fine.  Let's make bulk data  
> available to firms providing this kind of service.  Academic (or  
> maybe even corporate) research needs this kind of bulk data?  Fine. 
> Let's make it available.  For that purpose, under appropriate  
> conditions.
> I'm looking forward to your objections and comments. ;-)
> Kind regards,
> -- 
> Thomas Roessler                        <roessler@does-not-exist.org>

<<< Chronological Index >>>    <<< Thread Index >>>