The thread on WHOIS blocking does not surprise me. But the problem lies rather deeper than the failure of ICANN to enforce publication, indeed it is difficult to see how WHOIS publication requirements could now be enforced after a decade of failing to enforce them.
ICANN is the only institution with responsibility for the functioning of DNS. And so it is natural that when there is a DNS problem for people to expect ICANN to come up with the solution. But having the responsibility to act is not the same as having the ability. Like the IETF, ICANN appears to have been designed with the objective of achieving institutional paralysis. And this is not surprising since the first law of the Internet is 'You are so not in charge (for all values of you).
Running a global communications directory is inevitably political. One of the major reasons that the Internet worked and OSI did not is that everyone expected OSI to succeed and so the stakes were considerably higher. Deployment of the DNS was only possible in the first place because it was never considered a threat by the institutions that might have taken a political stance early on and insisted on protection of their particular interests. Deployment of the OSI X.500 directory on the other hand could only begin after the political stakeholders had realized that it was a failure.
DNS succeeded by punting on the hard questions. ICANN only came into being after the DNS was a fait accompli. It could come into existence only because the alternative of no ICANN was worse for all stakeholders who might have blocked it. It has been struggling with the resulting contradictions ever since.
The only unbreakable rule of ICANN politics is that no change can be made to the status quo without acquiescence of every stakeholder. While ICANN declares itself to be in charge, that declaration is not universally acknowledged. It is a creation of the US government which still exercises ultimate veto power. Any change that threatens to become a crisis could cause ICANN to come to a rather sudden end. The purpose of ICANN is not to exercise control, it is to prevent the emergence of any alternative entity that might actually try to.
If we wish to reform WHOIS we have to look at a much lower level, at the purposes the DNS performs, the role of WHOIS within those purposes and the business models that drive current and desired behavior.
A core objective of the current DNS infrastructure is inclusiveness. It should be possible for anyone to obtain a domain name at minimal cost. An inevitable consequence of meeting that objective is that the DNS name assignment process does not and cannot provide accountability of name owners. That objective has devolved to the SSL certificate issue process. The demands to enforce WHOIS registration are an attempt to force a measure of accountability into DNS name issue. It does not work because the registrars have no means of authenticating the WHOIS data.
Even if ICANN did attempt to enforce the publication rule, it can only do so in the domains it actually controls. ICANN does not control the country code domains, never did, never will and anybody who imagines otherwise is deluded.
The EU has a privacy directive. Forcing publication of people's names is a violation of that objective. If the .uk and .de registries insist that mandatory publication of WHOIS violates the privacy directive there is nothing ICANN can do to force them without a sizable probability of fracturing the root.
So why not abandon inclusiveness?
Well here we come to the crux of the matter. To be a first class citizen on the Internet you have to control your own name. You will always be a serf @aol.com, but the truth is that you will still be a serf @earthlink as well and even @gmail.com or .bloggered. As long as you are using a name controlled by someone else, you will not have switching power. Everything you do is subject to an ultimate possibility of veto.
Stopping Internet crime is a worthwhile objective that I believe in. I have even written a book about it (dotCrime Manifesto). But it is nowhere near as important as enabling every Internet user to be a first class citizen.
With that we have a statement of the constraints. How to address those constraints and implement a fix will have to wait for part 2.
|Data Center||Policy & Regulation|
|DNS Security||Regional Registries|
|Domain Names||Registry Services|
|Intellectual Property||Top-Level Domains|
|Internet of Things||Web|
|Internet Protocol||White Space|
Afilias - Mobile & Web Services
.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»