[At-Large] Issue Report on Thick Whois

Lutz Donnerhacke lutz at iks-jena.de
Tue Nov 22 16:15:56 UTC 2011


In iks.lists.icann.at-large, you wrote:
> On 22 November 2011 03:25, Lutz Donnerhacke <lutz at iks-jena.de> wrote:
>> I'd strongly suggest to move to thin WHOIS approaches whererver possible.
>> Thick WHOIS services requires privacy violations as well as violations of
>> various local laws by transfering personal data outside of the jursidiction
>> of the domain name holder.
>
> I disagree strongly.

So, let's agree to disagree.

> Thin WHOIS allows domain owners to hide from people who may have been
> harmed by actions on their site(s).

No, thin WHOIS provides you the chain of responsibility down to the reseller
which has the real contract with the domain owner. If there is a fraudulent
player in the chain you obtain the next responsible partner and the nature
of the contract from the thin WHOIS approach.

With thick WHOIS, you only have an invalidate record in the database. You
have to speak to compliance, which in term speak with the registry in order
to find out, which registrar might be responsible for validating the data
from the reseller backend better ...

> Internet domains are, by their nature, public instruments to be used to
> help people find Internet content. This is one area in which privacy, by
> and large is the realm of people hiding from (what I believe to be)
> legitimate investigation. I do not believe that, in this case, the public
> should be denied information available to law enforcement.

Law enforcement is a big problem with thick WHOIS: They are often not even
allowed to access the data, but use WHOIS services to circumvent the
national laws which should restrict themself. OTOH if the crime investigated
is major, why do you believe that the WHOIS data is correct? It would be
more than silly for a criminal to use the correct information in preparing a
crime.

So LAE reports, that they can't use WHOIS services for real crime at all.
They even have to assume, that the registar in question is run/paid by the
criminals. LAE love to use WHOIS services for very low level crime, but in
this case they bypass the international accepted rules for cooperation.

So please let me state, tha especially Law enforcement is one of the real
non-users of WHOIS services (if they would work according local law).

> I would remind that At-Large is charged with protecting the interests of
> Internet end users, not registrants. Registrants have an interest in being
> able to hide. End users have an interest in domain owner accountability and
> transparency.

You deny end users the right to take part in the Internet. You define end
users to fulfill the role of a sole customer only.

I do disagree with this classification.



More information about the At-Large mailing list