[At-Large] [NA-Discuss] Community Input Requested on Two Draft Statements from ALAC to the ICANN Board

Derek Smythe derek at aa419.org
Sun Apr 6 18:29:00 EDT 2008 

   Wendy Seltzer wrote:

> Trade WHOIS accuracy for WHOIS privacy. When inaccuracy is the way to
> preserve privacy, it's better than forced accuracy.
...
...
> 
>     * WHOIS Accuracy and Reporting. We all know that WHOIS is very
> inaccurate. This is a very serious problem and considerable effort needs
> to be made to improve this situation. Multiplying the number of gTLDs as
> is proposed when the existing database is inaccurate is just asking to
> make a big problem worse – and the existing reporting system is already
> not fit for purpose. ICANN is not living up to its obligations with
> respect to WHOIS – fixing this should be a headline compliance activity
> in the Operational Plan for 2008/2009. Whilst we are limiting our
> comments here to compliance activities related to the operational
> planning cycle, this should not be understood to mean that our concerns
> related to WHOIS are limited to data accuracy. Our previous statements
> on the policy aspects of WHOIS remain valid.
> 
Wendy

I respectfully disagree. Whois accuracy severely impacts end users in 
enforcing their legal rights and hampers effective .

I am also sticking my neck out here, but not all inaccurate whois is 
submitted in an attempt at pure privacy. Many domains that are abused 
to spam, scam and phish etc end users, have fake whois. This is by 
design. This issue is also briefly mentioned in ICANN advisory dated 3 
April 2003, http://www.icann.org/announcements/advisory-03apr03.htm , 
which is sadly hardly ever enforced.

I have a lot of evidence of how existing WHOIS privacy mechanisms are 
being abused to simply prolong a fraudulent domain's existence 
endangering more clueless end users. Under the privacy protection we 
find more fake whois details fort many domains. WHOIS privacy is a 
very sharp two sided sword.

As an example of why we need whois details currently: Right now a big 
corporate is giving away free domains. At AA419.org we noticed a 
disproportionate large number of registrants from small towns across 
America shown in domains spoofing banks, government agencies and other 
businesses. We contacted numerous of these registrants who in turn had 
no knowledge of these domains; 4X year old teachers, estate agents 
etc. We have contacted the big corporate and registrar in an attempt 
to address this issue. The domains are "disabled" in the corporate's 
system. However the result of the ID theft is clearly visible in WHOIS 
without the victims' permission. Without verifiable whois this problem 
would have been denied (as was originally attempted) and the problem 
invisible. This situation is still ongoing. I am talking far in excess 
of a thousand domains in a year! Yet this is just the tip of the 
iceberg ...

To really represent end users, current issues and procedures should be 
fixed first. If not, the problem is merely disguised and we would all 
be worse off at the end of the day. It is a sad fact that much more 
money is lost due to internet fraud and abuse than merely WHOIS being 
visible.

Long term I would love general WHOIS privacy, however not at the price 
of partially disarming those currently doing what they do to make the 
Internet a safer place - it is not only LEA's I am referring to, 
though they would have the same problem.

Personally I have numerous domains with whois protection, but my whois 
details are 100% correct for those domains and I am using an available 
acknowledged privacy mechanism. I accept responsibility for them. 
These mechanisms are available to other users as well, if privacy is a 
concern to them - with the exception of the initially much abused .us 
TLD. However nobody is forced to use a .us domain. We do have choices.

In a nutshell, there is also a reason why whois is sometimes not 
accurate on many domains: To evade responsibility illegal activities. 
How do you protect against that?

To fix, we have to fully understand the implications of each action. 
Sadly not all internet registrants are as honorable as we would wish. 
Whatever WHOIS system emerges has to acknowledge this fact.

Best regards,

Derek Smythe
http://www.aa419.org

More information about the At-large mailing list