Currently, the Internet Coalition for Assigned Names and Numbers (ICANN) broadly requires that such details be made publicly available through the "Whois" directories. That policy enables spammers, direct marketers and identity thieves to loot the directory for personal information about domain name owners, the coalition's draft letter to ICANN charges.
"The main purpose of the Whois database should be stick to the original purpose for which the Whois database was created, which is to resolve network issues," said Cedric Laurant, policy counsel at the Electronic Privacy Information Center and one of the drafters of the letter. "The database should not be used by spammers and bulk e-mailers for purposes of direct marketing."
The draft letter to ICANN president Paul Twomey has been signed by about 50 nonprofit groups so far, Laurant said, and represents 21 countries on six continents. Signers include the American Library Association, the U.S. Association for Computing Machinery, the Australian Council for Civil Liberties, Electronic Frontier Finland, Privacy Ukraine, and the United Kingdom's Foundation for Information Policy Research.
The coalition's effort comes as ICANN tries to decide how to balance domain name owners' privacy with accountability--a priority of law enforcement agencies and trademark owners who are seeking to unmask suspected infringers. In September, the Bush administration ordered ICANN to improve the "accuracy of Whois data."
That should not come at the expense of privacy and anonymity, the draft letter argues: "The WHOIS database was originally intended to allow network administrators to find and fix problems to maintain the stability of the Internet...Anyone with Internet access can now have access to WHOIS data, and that includes stalkers, governments that restrict dissidents' activities, law enforcement agents without legal authority, and spammers. The original purpose for WHOIS should be reestablished."
In a Sept. 18 announcement, ICANN's Twomey noted that the group, which oversees domain name governance, already had convened a Whois workshop in June in an attempt to "advance work on Whois in a coordinated and cooperative manner." At its meeting this week in Carthage, Tunisia, ICANN is scheduled to assemble on Wednesday to discuss "address accuracy and privacy issues, including data collection and verification measures, complaint procedures and investigatory methods for false information."
Another factor ICANN may consider is whether the current Whois practice runs afoul of privacy laws. A June 2003 report (PDF) from a European Commission working group said data protection rules--outlined in the European Data Protection Directive--cover the Whois directory.
The report does not go as far as do Laurant and the privacy advocates at EPIC, who argue that anonymous domain purchases should be allowed. But it does say that only the domain name registrar needs to know the identity of someone who's buying a domain for individual use: "There is no legal ground justifying the mandatory publication of personal data referring to this person."
ICANN's formal agreement with domain name registrars says customers must provide "accurate and reliable contact details and promptly correct and update them during the term of the...registration" or risk losing their domain.
Some registrars such as Go Daddy Software offer "private registrations" that cloak customers' home addresses and phone numbers for an additional fee of about US$9 a year per domain name.
Under the US government endorsement of ICANN it is part of the foundation agreement that the whois data is published.
In my opinion the registrars have been lobbying NGO's to support a regime that is less intensive for the Registrars to comply with. Currently there are an enormous number of domains that are registered with fake details. If you are a member of the public and are doing business with an entity that is operating under a fake domain address you may have a serious problem if the transaction breaks down. How do you find out who you are dealing with if this information is removed or incorrect? As stated in my submissions to auDA on the review of the whois policy privacy issues do not justify removal of whois data as there are other legal issues that are more important in the on-line environment.
The Au. Domain Name Administration Limited has ignored public and government submissions and has prevented public consultation on this issue for the economic benefit of the registrars.
Further, auDA has just moved to pass a resolution at the upcoming AGM to prevent an increase in membership. If any person or business wishes to have a say in the way the .au Domain space is run then they need to apply for membership prior to the AGM in November 2003.