Home / Blogs

WHOIS Review and Beyond 3.7.8

Garth Bruen

We have posted our support of the WHOIS Policy Review Team Report with two important comments. First, on page 79 of the report it is confirmed that the RAA is unenforceable on WHOIS inaccuracy (we wrote about this while at the last ICANN meeting) because the language of RAA 3.7.8 has no enforcement provision. It is now time for ICANN to confirm this problem officially. ICANN, governments, and private researchers have poured resources into addressing the inaccuracy problem but the issue is ultimately unfixable under the existing contract. This issue cannot be understated; 3.7.8 is the crossroads of public participation. At the moment enforceability is completely at the discretion of the sponsoring Registrar, outside of ICANN even. The failure of 3.7.8 precludes the goal of ensuring accountability, transparency and the interests of global Internet users so cherished in the Affirmation of Commitments as it robs the community of meaningful grievance process.

However, the real problem with the contract is even more insidious. One only needs to view the ICANN Compliance "workflow" to see a kind of Sisyphean pattern. There is no "enforcement" end to the loop; the only terminating points in the "ICANN Compliance Program for Registries and Registrars” are dismissal or closure of the complaint. Issuing of breach notices is not part of the process and contracted parties are only mentioned in passing. The process, as it is, only provides a potentially endless cycle of a complainant submitting "additional information." If this flowchart is a true representation of the duties of Compliance, it exists only to shuffle paper.

We end with two major problems. First the contract is unenforceable on WHOIS accuracy which is the foundation of trust between ICANN and the Internet user. Second, there is apparently no capacity within the organization to enforce the other portions of the contract: contractual and organizational failure. We will be publishing nine case studies which demonstrate the systemic breakdown of Internet enforcement next week. RAA 378 is the crossroads of public participation: the ability of actual Internet consumers to bring grievances to the operators of the Domain Name System. Is this an Internet we all participate in or an Internet which is imposed on us? As long as 378 is a phantom we are living with an imposed Internet.

By Garth Bruen, Internet Fraud Analyst and Policy Developer. More blog posts from Garth Bruen can also be read here.

Related topics: Cybercrime, DNS, Domain Names, ICANN, Internet Governance, Law, Policy & Regulation, Spam, Whois


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


So long as registrars can implement "Privacy Charles Christopher  –  Jun 19, 2012 8:30 AM PDT

So long as registrars can implement "Privacy Whois" everything else is moot.

There first must be a requirement that the whois actually be "correct", versus hidden, before an enforcement policy becomes a meaningful tool.

I think you missed something... Garth Bruen  –  Jun 19, 2012 8:45 AM PDT

There IS no enforcement, privacy or otherwise. The case studies will show it, and this is by design. See the Compliance workflow. Our case studies were not geared at proxy/privacy.

And if there were enforcement a registrar Charles Christopher  –  Jun 19, 2012 9:10 AM PDT

And if there were enforcement a registrar could have their TOS include a privacy whois requirement. Thus the enforcement policy would have no meaning.

I'm not trying to argue against you Garth, I'm just trying to point out that allowing privacy whois makes the entire issue worse that presented.

In fact even the REQUIRED ICANN Whois Escrow allows Privacy Whois to be escrowed, thus making the entire process meaningless.

In my view the start is to require whois to be correct in the first place, privacy whois not being allowed.

I hear you! Garth Bruen  –  Jun 19, 2012 9:18 AM PDT

Just want to make sure the point of this particular work is about what happens after inaccuracies are reported. There is an internal failure of procedure and function. The case studies are even less about WHOIS and more on ICANN not working.

>after inaccuracies are reported.Sure. But it's worth Charles Christopher  –  Jun 19, 2012 9:48 AM PDT

>after inaccuracies are reported.

Sure. But it's worth noting such a report can't even be made for privacy (meaningless, but procedurally acceptable) whois.

So, and this is a thought experiment here, if you succeed in your approach and you raise my (a registrar) overhead / cost of operations, then I start returning privacy whois for EVERY DOMAIN. You solve nothing. And as we both know, my thought experiment will play out for some "bad" registrars.

>The case studies are even less about WHOIS and more on ICANN not working.

Which is my point as well, regarding whois.

There will never be a perfect solution, but there is enormous room for improvement.

I recall a very long time ago when accurate whois was believed to be LAW .... And the idea of returning privacy whois was believed to be something that would get your creds terminated .... Then someone tried it, there was no ICANN response, and the entire "false whois" problem just got worse. I think history has some value here.

Of course... Garth Bruen  –  Jun 19, 2012 10:21 AM PDT

That's why the WIRT is moving to a clear definition of privacy/proxy as well as certification/accreditation for these services with requirements for responsiveness and conditions for reveals.

Registrars make money from PP and mandating such a service drives customers to competition. This also increases responsibility, liability and work for the sponsor. It's too much of an assumption that they in fact would want to do that.

Update! Garth Bruen  –  Jun 19, 2012 11:50 AM PDT

Apparently in response to the discussion ICANN has removed the Compliance flowchart. It just says "coming soon"

I have preserved a copy here: http://www.knujon.com/compliance-flowchart.gif

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Domain Registrations Reach 331.9 Million, 6.7 Million Growth Year over Year

.brands Spotlight: Banking and Finance Industries

Google Buys Business.Site Domain for 'Google My Business'

Radix Announces Global Web Design Contest, F3.space

Global Domain Name Registrations Reach 330.6 Million, 1.3 Million Growth in First Quarter of 2017

.TECH Gets Its Big Hollywood Break

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

UDRP: Better Late than Never - ICA Applauds WIPO for Removing Misguided 'Retroactive Bad Faith'

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition