Home / Blogs

DNS WHOIS: Barking Up the Wrong Tree

As the Internet has grown and matured, it has become obvious to everyone involved that the DNS Whois system, as it currently exists, is not a sustainable way to share contact information for resolving network problems. ICANN, in an attempt to save DNS Whois, has plunged head long into the process of developing new policies aimed at fixing it. While I respect all of the hard work that has gone into this process, the results thus far have only made it clearer that this system faces intractable problems. ICANN should see DNS Whois for what it is, a relic of a simpler time, and focus instead on the IP address Whois systems, where their efforts might reap meaningful results.

A quagmire of diametrically opposed interests

On the one hand, intellectual property interests make a compelling case for accountability on the Internet. When a crime is being committed, we all have an interest in ensuring that the proper authorities have the tools that they require to investigate and, if necessary, to prosecute. IP interests present that an open, accurate DNS Whois system is the right solution to that problem, and they defend this position with incredible zeal.

For example, in response to the suggestion by privacy advocates that people would be more disposed to provide accurate contact information if better privacy protections existed, the International Trademark Association "queries whether accuracy of Whois data would really improve if access is limited. People who are predisposed to give inaccurate Whois information may well be likely to continue to do so. It may be worth exploring alternative means to ensure accurate data, e.g. imposing penalties for providing false information or rewards for providing verifiably accurate information."

On the other hand, political speakers on the Internet have a legitimate need to protect their identities. The Internet presently supports a vibrant ecology of political websites and weblogs of every flavor and prejudice. Together they constitute a meaningful discourse on nearly every issue of the day. A large portion of these sites employ WHOIS proxies or publish limited contact information. It is easy, even in the United States, to find examples of individuals who have been the target of violent retaliation because they have expressed their political views.

The Supreme Court of the United States eloquently defended anonymous speech in McIntyre V. Ohio Elections Commission (1995):

"Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority. It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation--and their ideas from suppression--at the hand of an intolerant society. The right to remain anonymous may be abused when it shields fraudulent conduct. But political speech by its nature will sometimes have unpalatable consequences, and, in general, our society accords greater weight to the value of free speech than to the dangers of its misuse."

It is not important, in this context, which side of the debate you fall on. The objective question we must ask ourselves is whether ICANN is properly equipped to balance these interests at all. It's hard to see a middle ground here. Either information is collected, or it is not. Either the information is made available, or it is not. How does ICANN plan to sort out who is and is not a legitimate consumer of collected contact information in a tiered access system?

These are fundamental questions about freedom of speech and accountability which the governments of all nations struggle with at the highest levels. With very few exceptions, national governments have deliberative processes which are far more mature than those of ICANN, and their sovereignty in such basic questions is far more legitimate. This debate seems a bit outside of ICANN's jurisdiction.

A way out

Lost in this debate are the purely technical stability, reliability, and security issues that ICANN is responsible for and equipped to address. There is a legitimate need to contact network operators in the event of a technical problem. People have traditionally relied on the DNS Whois system for obtaining this contact information because people tend to think about networks in terms of domain names. However, technical issues are related to Internet traffic, and Internet traffic comes from IP addresses, not domain names. In fact, IP addresses frequently aren't associated with domain names at all. As the Internet matures the IP address Whois systems are increasingly more valuable for contacting network operators then the DNS Whois system.

Problems you can actually solve

Of course, there are significant problems with the IP address Whois systems. IP address Whois usually doesn't contain information about networks that have less then 8,192 IPv4 addresses (/19). Also, the data in these systems is often inaccurate or out of date. Unlike similar problems with DNS Whois, improving on this situation seems within the realm of possibility.

In order to address the timeliness and accuracy of DNS Whois data you've got to develop an enforcement mechanism that ensures compliance from millions of people, many of whom are private individuals and not businesses. The universe of ISPs is smaller by an order of magnitude or more, and in almost every case ISPs are organizations that can afford to implement compliance processes. This problem is much less complex.

If we were to require that all organizations which provide network service to third parties register in the IP address Whois system (instead of just the medium and large networks) and require that contact information be renewed on a regular basis, we will have made significant progress toward ensuring that every IP address on the Internet can be quickly associated with technical contact information for the network providing service to that address.

Separating legal issues from technical issues

But what about our friends at the International Trademark Association and their accountability interests? It's important to understand that the intellectual property interests do not have technical concerns. They are interested in content, and whether or not that content is legal.

If ICANN can ensure that every IP address is properly associated with the network that provides service for it, the ITA will be able to contact those network providers when they have a problem with an Internet site (or the DNS registrar if the domain name itself is the problem). These organizations know their customers, because they have to bill them, and often run cables to them. Furthermore, these organizations have ultimate control over the customer's access to the network. Whether the ITA can get the customer's personal contact information from the ISP will depend on the rules of the government of the jurisdiction in question.

The United States Government has the right to develop its own rules and regulations for handling these situations and balancing the interests involved. The Government of Canada has the same right. The rules in the United States may differ from the rules in Canada, reflecting the structure and values of each individual society. This is a correct and proper way to handle these problems. The legality of content is a legal question, and it is properly resolved within the domain of national governments, and not within international technical and regulatory standards bodies.

In conclusion

Creating an open DNS Whois system with enforced data accuracy is neither practical, nor is it just. It would prevent democratic governments from developing their own policies that balance the various interests involved in Internet content. Furthermore, as many Internet addresses are not associated with domain names, no DNS Whois system will ever be a comprehensive solution to the problem of accountability. ICANN would be well served to focus its energies on the IP address Whois systems instead, were they can make real progress toward a sustainable solution for Internet management without having to unilaterally resolve fundamental questions about freedom of speech.

By Tom Cross, Director of Security Research

Related topics: DNS, Domain Names, ICANN, IP Addressing, Policy & Regulation, Privacy, Security, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: DNS WHOIS: Barking Up the Wrong Tree Mike O'Donnell  –  Jul 06, 2004 6:30 AM PDT

We need a lot more thinking in this style. We naturally wish to defend methods that were very agreeable in the good old days. But not all of those methods continue to serve in a much larger and more diverse community. In many cases we can meet the same needs with different mechanisms, particularly when a single system bundles disparate functions, as DNS/Whois do.

The augmented IP/Whois appears to provide important contacts between network admins without many of the social conflicts inherent in DNS/Whois.

Mike O'Donnell

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

New .ORGANIC Top-Level Domain Opens to Serve the Organic Community

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

Independent Endorsement of Dot Chinese Online & Dot Chinese Website by by FiarWinds Partners

New gTLDs and Best Practices for Domain Management Policies (Video)

.Host Announces Top Global Players As Pioneer Partners

Public Interest Registry Releases Bi-Annual Report, .Org Domain Registrations Pass 10.4 Million

Public Interest Registry to Speak About Upcoming Launch of .ngo and .ong Domains for NPOs

Nominum Announces Future Ready DNS

DotConnectAfrica Trust Responds to ICANN 50 GAC Advice, Updates on .Africa Application IRP Status

New .ORGANIC Domain Sunrise Begins, Creating Verified Space 
for Organic Products and Services

Non-English "IDN Email" Addresses Are Finally Working!

TLD Registry to Speak at Inaugural World Domain Day India

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Independent Endorsement of Dot Chinese Online & Dot Chinese Website

ICANN London Recap Webinar

Four Reasons to Move from .COM to Your .BRAND Domain

Sponsored Topics