Home / Blogs

Fixing WHOIS (and Some Other Stuff Too)

Phillip Hallam-Baker

The thread on WHOIS blocking does not surprise me. But the problem lies rather deeper than the failure of ICANN to enforce publication, indeed it is difficult to see how WHOIS publication requirements could now be enforced after a decade of failing to enforce them.

ICANN is the only institution with responsibility for the functioning of DNS. And so it is natural that when there is a DNS problem for people to expect ICANN to come up with the solution. But having the responsibility to act is not the same as having the ability. Like the IETF, ICANN appears to have been designed with the objective of achieving institutional paralysis. And this is not surprising since the first law of the Internet is 'You are so not in charge (for all values of you).

Running a global communications directory is inevitably political. One of the major reasons that the Internet worked and OSI did not is that everyone expected OSI to succeed and so the stakes were considerably higher. Deployment of the DNS was only possible in the first place because it was never considered a threat by the institutions that might have taken a political stance early on and insisted on protection of their particular interests. Deployment of the OSI X.500 directory on the other hand could only begin after the political stakeholders had realized that it was a failure.

DNS succeeded by punting on the hard questions. ICANN only came into being after the DNS was a fait accompli. It could come into existence only because the alternative of no ICANN was worse for all stakeholders who might have blocked it. It has been struggling with the resulting contradictions ever since.

The only unbreakable rule of ICANN politics is that no change can be made to the status quo without acquiescence of every stakeholder. While ICANN declares itself to be in charge, that declaration is not universally acknowledged. It is a creation of the US government which still exercises ultimate veto power. Any change that threatens to become a crisis could cause ICANN to come to a rather sudden end. The purpose of ICANN is not to exercise control, it is to prevent the emergence of any alternative entity that might actually try to.

If we wish to reform WHOIS we have to look at a much lower level, at the purposes the DNS performs, the role of WHOIS within those purposes and the business models that drive current and desired behavior.

A core objective of the current DNS infrastructure is inclusiveness. It should be possible for anyone to obtain a domain name at minimal cost. An inevitable consequence of meeting that objective is that the DNS name assignment process does not and cannot provide accountability of name owners. That objective has devolved to the SSL certificate issue process. The demands to enforce WHOIS registration are an attempt to force a measure of accountability into DNS name issue. It does not work because the registrars have no means of authenticating the WHOIS data.

Even if ICANN did attempt to enforce the publication rule, it can only do so in the domains it actually controls. ICANN does not control the country code domains, never did, never will and anybody who imagines otherwise is deluded.

The EU has a privacy directive. Forcing publication of people's names is a violation of that objective. If the .uk and .de registries insist that mandatory publication of WHOIS violates the privacy directive there is nothing ICANN can do to force them without a sizable probability of fracturing the root.

So why not abandon inclusiveness?

Well here we come to the crux of the matter. To be a first class citizen on the Internet you have to control your own name. You will always be a serf @aol.com, but the truth is that you will still be a serf @earthlink as well and even @gmail.com or .bloggered. As long as you are using a name controlled by someone else, you will not have switching power. Everything you do is subject to an ultimate possibility of veto.

Stopping Internet crime is a worthwhile objective that I believe in. I have even written a book about it (dotCrime Manifesto). But it is nowhere near as important as enabling every Internet user to be a first class citizen.

With that we have a statement of the constraints. How to address those constraints and implement a fix will have to wait for part 2.

By Phillip Hallam-Baker, Consultant, Author, Speaker. More blog posts from Phillip Hallam-Baker can also be read here.

Related topics: DNS, ICANN, Internet Governance, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

ICANN's Registry Audits Begin Next Week. Are You Prepared?

DotConnectAfrica on "CONNECTing the Dots: Options for Future Action" at UNESCO, Paris

IBCA Presentation to ICANN GAC on Protection of Geographic Names in New gTLDs

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

LogicBoxes Announces Automation Solutions for ccTLD

Video Interviews from ICANN 51 in Los Angeles

ICANN Los Angeles Recap Webinar

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Auctions Update: MMX Wins .law and .vip

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

Nominum Announces Future Ready DNS

DotConnectAfrica Trust Responds to ICANN 50 GAC Advice, Updates on .Africa Application IRP Status

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines


Sponsored by

DNS Security

Sponsored by


Sponsored by