[nc-whois] Progress & Outcome

["Abel Wisman" <abel@able-towers.com>]

Members and Chairs of the task force,

Trying to deal with the task of workgroup 3 has given me some thoughts
on the process we are currently going through and the subsequent
consequences of this method. It is the outcome of those thoughts I would
like to share with you and have some feedback on.

In order to obtain more accuracy, better search ability and stay
somewhat in focus to the outcome of the questionnaire the info search
(outreach) we are currently undertaking is a good thing.
I for one would love to hear from Nominet (.uk registry) on how they are
thinking of overcoming the hurdle that their promise for wider
information to ICANN has been crossed by the UK Law on privacy (UK
Privacy act) and to me it is a sign on the wall that for instance the
.ca registry will never be able to provide a whois conform the model
currently in use for the com/net/org TLD's.

From the survey we can (this one was one of the easy ones) easily draw
the conclusion that privacy is on most users concern list.

Law developments around the world, EU in front and USA following slowly,
show us that more and more the tendency is to restrict or not provide
whois info based upon privacy laws.

From Q 5 of the questionnaire we can conclude a number of things that
are in line with what we are doing, but not where we "seem" to go.

Let us take a quick, closer look at Q 5 and it's outcome, after all this
was the question directly related to search ability of the whois and the
importance of certain data in that database.

On reason one (availability) except for gov. organizations, more then
60% of the answers say that whois search is important to very important
for this type of search.

This type of search does not require a "full" whois as is exists today.

On reason 2 "to determine if there are similar names already in use"
around 50 % finds it some to very important. Again a "limited" whois
would suffice.

On reason 3 "to identify and verify online merchants" on average 33%
deems it of some importance. Furthermore "site-certificates" are already
a form of this verification and again this is no reason for full
disclosure of all currently exposed data.

On reason 4. "to identify online infringers for enforcement of
intellectual property rights"; only about 15% attaches some for of
importance to this and therefore (besides the fact that this is a
"industry responsibility") it is no reason for ...etc.

On reason 5. "to source unsolicited email" about 18% deems this
important, however this is a faulty reasoning, since the domain-owner
not only does not have to be responsible for the spam, with current
techniques he might definitely be without any knowledge at all. The
hosting server is most important here (open relays, allowed bulk etc)
and therefore a dns search combined with ip-registry search would be far
better. Again no reason to maintain current whois.

On reason 6. "to identify contacts in the investigation of illegal
activity" we have varying answers and besides the 60% from the gov, on
average 40% attaches some importance to this, again, this is "industry
responsibility" seeing as there are easily made exceptions to the
"original" database with data on the registrant where lawful research
can be done, there is no need for public display of all the given data.

What does this learn us? We can safely conclude that with the exception
for the IP and Law congregation, no one is "really" interested in what
the address is or what the email address is of the domain owner.
For trouble shooting many discussions have already shown that whois is
the least likely way to go to solve them, after all besides "owning" the
domain the "owner" is not likely to have control over the DNS servers,
the webserver, the mailserver or any part of the technical operation of
the domain on the internet.

If we combine this outcome with world-wide trends, then we can safely
say that a restricted whois, with only pertinent data such as name, dns
and some dates is a more then sufficient "open" database for the usage
as is most advocated.
Law agencies have the law on their side and will always be able to
obtain data, in the same manner they are now obtaining data on subjects
resident or non-resident.
The IP community will also have to revert to "old-fashioned" methods of
obtaining the data they think they need, meaning slightly (or a lot)
longer processes, but then again, what are they doing on non i-net
relater problems at the moment? And pls don't say that no infringements
on protected IP are made outside of the internet.

In searchability the restricted data would be far easier to maintain,
and even use cross databases (taking small parts from existing
databases) will be possible, a search engine will easily "grab" the info
and display it.

This method would also solve for the largest part the privacy laws all
over the world, so the "cross-constituency" availability will become
reality, since every Registry can keep control over their own database,
providing some small technical requirements, the availability will grow
even further.

It is my opinion that for the whois as a whole this would be a good way
forward, instead of trying to do something that will be caught up in a
short time (relatively) by privacy acts around the globe.

Please share your thoughts on this.

Kind regards

Abel Wisman
 

Now this would make