Liz Gasster Q&A on Whois Abuse

Liz Gasster is a Senior Policy Counselor at ICANN, and commendably she is always eager to engage in discussion with domain registrants. Liz has over 27 years of experience in technology and Internet-related marketing, public policy and advocacy. Most recently, Liz was General Counsel of the Cyber Security Industry Alliance. Previously she was with AT&T in Washington D.C. from 1979–2006.

Q: What is the Whois system, who runs it and where is the data stored?

A: Created in the 1970s, Whois began as a service that Internet operators could use to identify and contact individuals or entities responsible for the operation of a computer on the Internet. Since then, the Whois service has evolved into a tool used for many purposes, such as determining whether a domain name is available for registration, identifying the source of spam e-mail, enforcing intellectual property rights, and identifying and verifying online merchants, to name a few.

ICANN requires registrars to provide public access to data on registered names through the Registrar Accreditation Agreement (RAA). Specifically, the current RAA requires that “At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD in which it is accredited.” (ICANN 2009 RAA 3.3.1)

ICANN also has agreements with generic top-level domain (gTLD) registries, specifying Whois service requirements. Different registries have different type of agreements, often characterized as either “thin” or “thick” Whois. With a thin registry, Whois records merely include data sufficient to identify the sponsoring registrar, status of the registration, and creation and expiration dates for each registration. An example of a thin registry is .COM. Most registries are required to provide “thick” Whois, which includes registrant’s contact information and designated administrative and technical contacts, in addition to the information supplied by a thin registry.

Q: What are forms of Whois misuse?

A: Whois misuse refers to harmful acts that exploit contact information obtained from Whois. Those harmful acts may include generation of spam, abuse of personal data, intellectual property theft, loss of reputation or identity theft, loss of data, phishing and other cybercrime-related exploits, harassment, stalking, or other activity with negative personal or economic consequences.

Q: What studies is ICANN conducting regarding Whois misuse and when will findings be reported?

A: ICANN’s GNSO policy council is considering several studies of Whois, to provide a factual foundation for future policy making. Whois “misuse” is one of several areas of study we are examining. The Misuse study will assess the extent of misuse of public Whois data to generate spam or for other illegal or undesirable activities. One Misuse study will survey registrants about specific acts they have experienced that they believe occurred using Whois contact data; survey registrars about how Whois can be queried, and survey others about reported incidents from cybercrime, research and law enforcement organizations. A second Misuse study will measure a variety of harmful acts by classifying messages sent to unpublished test domain names registered specifically for the study using a representative sample of registrars. The study will compare harmful acts associated with public vs. non-public addresses and examine impact of public Whois and anti-harvesting measures.

The GNSO Council is also considering a “Whois Registrant Identification” Study, which will look at how registrants are identified in Whois and study the extent to which domains used by legal persons (commercial entities) or for commercial purposes are: 1) not clearly identified as commercial entities in Whois (perhaps their identity is obscured or suggests that the registrant is a non-commercial entity); and 2) are correlated to use of privacy and proxy services.

A third study area, still in the initial evaluation stage, will look more closely at proxy and privacy services from two perspectives:

1) whether domain names used to conduct illegal or harmful Internet activities are registered via proxy and privacy services to obscure the perpetrator’s identity; and 2) the extent to which proxy and privacy services impede or delay timely identification of perpetrators. More information about these studies will be available in the coming weeks.

For all of these studies, ICANN’s policy staff are still at the initial stage of gathering costs and feasibility to provide to the GNSO Council, then the Council and staff will decide which studies to conduct. Studies would be initiated after the Council decides what to do, and would likely take a number of months to complete.

ICANN’s compliance department is also conducting studies of Whois. More information may be found at: http://www.icann.org/en/compliance/

Q: For IDN domain owners, are there available Whois tools that allow one to easily look up an IDN.com?

There are several . . . Domaintools.com is [a] source (www.domaintools.com).

Q: What improvements to the Whois system can domain name owners look forward to?

A: Information provided by future studies of Whois will provide a factual foundation for further policy making on Whois. In addition, there are two other initiatives that may result in changes to Whois in the longer term.

The first is a working group on Internationalized Registration Data that is currently underway. Currently, no standards or guidelines define how Domain Registration Data should be composed and displayed. As volumes of registrations increase from around the world, it will be increasingly hard for those who use WHOIS contact data today to “read” contact information displayed in different non-US ASCII language character sets. This technical group was recently convened to study the feasibility and suitability of introducing display specifications to deal with the internationalization of Registration Data. The initial set of goals of the group is to gain an understanding of, and achieve consensus on, the types, kinds, and encodings of registration data that contracted parties would collect, display and maintain. This group’s work is just beginning at this time.

Staff is also compiling an inventory of Whois features and requirements based on current requirements and capabilities suggested in previous policy discussions. This inventory, once complete, is intended to provide a foundation for considering significant changes to Whois in the future, including a possible replacement to the current Whois protocol.

More information about policy development activities at ICANN may be found at: http://www.icann.org/en/policy/.

You can subscribe to a monthly policy update at: http://www.icann.org/en/topics/policy/.

(This post is sponsored by website data security)