Home / Blogs

dotMP Goes Mobile, Limits Access to WHOIS Data

Rod Dixon

During the 10th-century, Harald Bluetooth built bridges of communications through the might and power of a Viking King. Credited with uniting Denmark and Norway between 910-940 AD, Ericsson Mobile Communications acknowledged King Bluetooth's efforts by practically permanently linking the name Bluetooth (or, "Blåtand" as it was more commonly known) with the concept of building bridges of communications when it chose to erect a modern stone in the memory of Harald Bluetooth in Lund, Sweden, where the first concept of wireless communications now widely known as Bluetooth was created in 1994. Bluetooth, a wireless technology that connects electronic devices, has the potential to permanently free us of the use of cables and cords when using electronic devices. Cable and hands-free use of mobile phones is a popular use of Bluetooth already. These days, mobile technology seems to be a vector of innovative ideas.

The fact that the market for mobile phones that provide Internet access (aka "smart phones") is predicted to increase during the next several years, with global shipments growing to an impressive nearly 125 million units in 2009, means the competition for bridging mobile content and mobile phone use is likely to be keen. Indeed, dotMP already must face competition for registry services that will target mobile phone users. A few of the biggest names in information technology and mobile communications — led by Nokia and including Microsoft, Vodafone, HP, Orange, Samsung and Sun Microsystems are planning to wedge into the Top-level Domain name space (TLD) by supporting a new TLD registry for mobile web content focused on web pages built specifically for access by mobile devices like smart phones and handheld computers or Personal Digital Assistants (PDAs); apparently, the goal of the coalition is to grow broad-based and consistent end-user experience with mobile devices. The competition for a mobile phone TLD seems likely to be a reflection of growing recognition that in recent years global mobile phone use has been soaring. Worldwide sales of handset phones grew 20.5 percent in 2003 over 2002, according to a new IDC study, and, currently, Nokia dominates sales in mobile phones with an astounding 34.7 percent of the market.

Besides its size (and its location — dotMP operates the .mp TLD on behalf of Saipan, a part of the U.S. Commonwealth Of The Northern Mariana Islands whose inhabitants are U.S. citizens and where the best beaches in Micronesia are found), what may set dotMP apart from the technology giants led by Nokia, is a significant value added benefit to its domain name registration services; namely, dotMP intends to do what practically no other domain name registrar has been able to accomplish, it will protect the privacy of its registrants. For those unfamiliar with domain name registrations, a business that is NOT committed to protecting the privacy of its customers may seem foolhardy, but in the world of domain name registrations, privacy is not a common business objective. In part, this is due to the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN requires domain name registrars and registries to maintain and publicly display technical and personal information as well as contact details on nearly all individuals who register a domain name.

Since dotMP operates what ostensibly is a country-code suffix, rather than a generic suffix like .com, dotMP can ignore ICANN's demands more easily than many other registries and registrars. For the most part, country code suffixes belong to country designations, and ICANN has encountered greater resistance to its global mandates by country code suffix operators who assert claims of sovereignty when ICANN adopts undesirable policies. Ironically, the .mp suffix belongs to a Commonwealth of the United States, but, it too, seems legally capable of bucking ICANN's policies. There are several reasons why ICANN has been halting and languid in resolving the abuses to privacy that stem from its domain name registration policies, but dotMP is not waiting for ICANN to change course or to see the light; instead, dotMP has built its business model to overcome the undesirable impact of ICANN's public database policies — policies which are not anchored in historical necessity.

In Internet time, a long, long time ago a couple of technologists recognized the need to come up with a simple straightforward search retrieval tool that enabled network administrators to locate and repair bugs in the domain name system. They developed a simple database that listed information about those who had been assigned a domain name. Ostensibly, in due course, the originally straightforward purpose of that database — identified as "WHOIS" — expanded. WHOIS is a now database service that allows Internet users to look up a number of matters associated with domain names, including the full name of the owner of a domain name, the name of the domain name hosting service, the Internet Protocol or I.P. number(s) corresponding to the domain name, as well as personally identifying information on those who have registered domain names.

Today, the purpose of WHOIS has been extended far beyond its original purpose. Although few know about ICANN, and fewer know what ICANN really does, it is quite likely that every Internet user one day may have personal data recorded in one of ICANN's databases as result of owning a domain name. ICANN has jurisdiction over the assignment of most second-level domain names and, as a part of that authority, ICANN is poised to mandate that personal consumer information collected from individuals and businesses with registered second-level domain names be stored in publicly accessible databases called "WHOIS" databases. ICANN's WHOIS database policy aids trademark holders fight cybersquatters by providing, among other constraints, strict enforcement against the inclusion of "false" or inaccurate information in the WHOIS database. False information listed in WHOIS can be grounds for cancellation of a domain name registration. ICANN maintains indirect responsibility for the content and access to WHOIS. By most accounts, WHOIS has not been a well-managed resource. ICANN seems set to improve management of the resource, but has not shown evidence of genuine consideration of whether WHOIS should be abolished in its existing form or substantially modified to serve the original limited technical purposes of IP number coordination. Instead, WHOIS is likely to remain largely as it is or, worse, with increased public access and continued abuse of the privacy interests of those for whom the database exists.

Oddly, the database is viewed by a growing number of Internet stakeholders as a panacea of troubles ranging from consumer protection issues and law enforcement matters to the self-policing of trademark and copyright disputes. As is true of many original intentions, the shifting uses of WHOIS for purposes far beyond its original scope comes with a number of serious harms; first and foremost among them, the compelled disclosure of a person's private information to whomever is able to complete a couple of mouse clicks and do so with access the Internet.

Fortunately, dotMP represents a rising new hope that may restore the boundaries of "propriety and decency" in the use of personal information provided by Internet users who register domain names. Aware of the increasingly harmful privacy risks that ICANN's policy imposes on individuals, dotMP has developed a business model that offers domain name consumers privacy protections that are unavailable under ICANN's current WHOIS database policy. If dotMP succeeds, there may be increased pressure for ICANN to genuinely take the privacy concerns of individual domain name holders into account. But, dotMP may have to overcome significant obstacles beforehand. Aside from the competitive pressures that may come to bear from Nokia's coalition, there are a number of policy questions (and, perhaps, legal questions) that seem pertinent, such as whether the United States will allow Saipan to pursue its .mp objectives even if they run counter to Congressional and Executive branch instructions to ICANN that WHOIS be maintained strictly as a public database. On the other hand, a domain name registration service may prefer Congressional legislation on WHOIS since that ultimately may shed clear light on the property question and the potential takings issue that arises under American law and may underlie the mandatory nature of WHOIS. Of course, a more fundamental question arises as well; namely, whether ICANN's WHOIS policies (or, its TLD policies, more generally) are irrational, unprincipled, and anti-competitive, if the policies are easily and effectively undermined by ccTLDs — all-the-while, keeping registry and registrar operators of gTLDs in a logjam.

Although a domain name registrar clearly needs to collect personal information from its customers to process payment for registration services, there is no legitimate reason to disclose this personal information to everyone in the world as is done by WHOIS. In nearly all other contexts, it is difficult to imagine a business that would freely provide public access to a database of the names and addresses of its customers. Quite the contrary, business interests, rightly or wrongly, often consider data on its customer or client-base to be a trade secret. Yet, ICANN ostensibly deprives registrars of this property interest, which, potentially, raises interesting legal questions to the extent that WHOIS is perceived by registrars as an obligatory legislative mandate.

Nonetheless, existing registries and registrars have been generally reluctant to challenge the conventional wisdom about WHOIS, and the dark hole of lost privacy has been expanding as new gTLDs come online and even more come under consideration. Bucking the trend of relegating the privacy interests of domain name holders to a backwater status, dotMP seems to have taken a novel approach by viewing the problem with protecting privacy in WHOIS as a business opportunity.

The WHOIS database should be abolished or its public services considerably reduced; the database in its current form undermines the effective enforcement of any strong policy favoring the protection of privacy; that notwithstanding, there is a ray of new hope — a hope that many registrars will do like dotMP, and adopt or develop innovative privacy-based solutions that may be very appealing to individual domain name registrants.

By Rod Dixon, Attorney
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: dotMP Goes Mobile, Limits Access to WHOIS Data Thomas Barrett  –  Nov 23, 2004 8:23 AM PDT

Way to go dotMP!

dotMp's restrictive Whois policy is a good example of how giving consumers more than one alternative will help spur innovation in the marketplace.

As the first round of new ICANN tld's have demonstrated, even with millions of dollars of investment, it will take years before new tld's are sustainable and profitable.

And you can bet that every new tld approved by ICANN will have a competitor in the ccTLD space.

The competitive advantage of re-purposed ccTLD's will be their business model.  They have none of the up-front capital costs that ICANN imposes on them.  As a result, they can be more patient in establishing a customer base without the pressures of shareholders that need to see results next quarter.

Tom Barrett
EnCirca, Inc.

Re: dotMP Goes Mobile, Limits Access to WHOIS Data Jim Harper  –  Nov 23, 2004 8:56 AM PDT

In the event that the holder of a dotMP address violates the rights of others (copyright, trademark, defamation, what-have-you), what does dotMP contemplate doing? A public, accurate WHOIS allows disputants to deal directly with one another and analogizes to public records in land ownership. (But it's a weak analogy: land title records mostly serve liquidity in land markets, not dispute resolution.) By withholding information about second-level domain owners, isn't dotMP inviting liability onto itself - or at least a heck of a lot of legal actions to reveal domain holders' information?

Re: dotMP Goes Mobile, Limits Access to WHOIS Data Rod Dixon  –  Nov 26, 2004 1:10 PM PDT

Jim - I suggest the better question is why should a purported copyright interest trump a genuine interest in privacy? Your question makes that assumption once you accept the notion that WHOIS should be public for the purposes that you cite. Imagine requiring mp3 device makers APPLE, DELL, and HP (but, not, perhaps, SAMSUNG, PIONEER, or SONY - they are arbitrarily treated differently) to publish a list of names and addresses of all of their clients/customers in a public database simply because an overwrought third-party finds access to this public database lowers their transaction costs in potential intellectual property litigation: would most folks feel warm and fuzzy about the third-party in complete disregard of the interests of APPLE, DELL, HP and, most importantly, their customers? I suspect most would think not. Why should the domain name business be treated differently?

- Rod Dixon
(Author)

Re: dotMP Goes Mobile, Limits Access to WHOIS Data Daniel R. Tobias  –  Nov 30, 2004 7:46 AM PDT

Their site says that ".mp is the only Internet top-level domain (TLD) designated exclusively as the mobile address." This seems like misleading marketing hype to me, given that .mp is not officially designated as anything other than the country code domain for Saipan.

Re: dotMP Goes Mobile, Limits Access to WHOIS Data Jim Harper  –  Nov 30, 2004 4:07 PM PDT

Thanks for your reply, Rod.

In answer to your question: Law enforcement, both private and public, trumps privacy interests all the time. Indeed, investigation of purported law violations trump privacy. There is copyright law, so investigation of copyright infringement trumps privacy. That's not meant to be an anti-privacy statement or a pro-copyright statement. It's just the way it is.

A registry/ar is different from a seller of goods. A domain name is a license to associate a character string with an IP address. A seller of goods (like electronics) might be a reliable source of purchasers' identities, but it is not a reliable source of users' identities (especially of commodities like electronics). A seller has no power to affect the post-sale use of the good. There is no ongoing commercial relationship between buyers and sellers as there is between licensors and licensees.

My question wasn't meant to be normative. I just wonder: In the absence of a published WHOIS, the only source for the identity of the alleged law-violator is dotMP. What does dotMP plan to do when a pile of subpoenas land on its desk(top)? Fight every one? Review each on the merits and comply or move to quash selectively? Pass them on to clients and comply after a set period without response? These are all possibilities, but they seem rather expensive compared to stepping out from between litigants by publishing a WHOIS. I didn't suggest a requirement that it publish a WHOIS, but it might find itself really badly wanting to when its legal staff is larger than its technical staff.

Re: dotMP Goes Mobile, Limits Access to WHOIS Data Rod Dixon  –  Dec 01, 2004 3:35 PM PDT

Jim - in the first paragraph of your response, there is a flaw in your argument, and it turns on a mistaken assumption about the relationship between privacy interests and the countervailing interests of law enforcement or intellectual property interests. Simply put, there is no reason to believe that the privacy interests of domain name registrants should recede and fade away by the simple fact that someone has asserted a need to investigate the identity of an owner of a specific domain name.  Indeed, it seems quite absurd to even suggest that an individual need to investigate specified facts could warrant the requirement of a public database that trammels upon the privacy rights of thousands - - dare I say, perhaps, millions - - of domain name registrants. 

One need look no further than the content of American law to find analogic instances of how privacy rights and law enforcement interests are balanced so that you do not have the result ICANN supports for WHOIS.  The Privacy Act, for example, prohibits certain disclosures by the Federal government of data stored in otherwise public databases.  Similarly, the Electronic Communication Privacy Act sets forth privacy-enhancing procedures that law enforcement must follow when intercepting certain communications.

There are countless other examples of how interests are balanced.  ICANN's WHOIS policy, on the other hand, presently reflects no such balancing, and the proposals for the future do not look much better.

As for your last point about dotMP, may I suggest that you visit their website (http://get.mp) to see how the dotMP folks invision responding to the parade of horribles you identify. Or, visit other registrars who have adopted similarly interesting policies that are supportive of the privacy interests of their customers.

The questions you raise illuminate a problem with the focus in the current and previous debates about WHOIS.  Far too many accept as correct the unstated proposition that - - a public WHOIS is an integral part of ICANN's management of the domain name space.

If the assumption was to the contrary, then questions like a few you raised, at best, would seem odd as soon as they were articulated. To build upon this pont, imagine asking the same questions you raised concerning a claim of copyright infringement in a different context, for instance, you would ask what does COMCAST/AOL/HARVARD/IBM "plan to do when a pile of subpoenas land on [its] desk(top)? Fight every one?"

I suspect you may have a number of answers to that question(s), but I doubt any answer would be the same as requiring a public database. In other words, assuming that a lawyer is having some difficulty easily identifying a copyright infringer, could you select one potential recipient and explain why a public database containing personal indentifying information about its clients is the right rational pertinent public policy choice?

- Rod

Re: dotMP Goes Mobile, Limits Access to WHOIS Data Jim Harper  –  Dec 02, 2004 1:58 PM PDT

Thanks again, Rod. I went and found the relevant language on dotMP's site, which I should have done in the first place.

dotMP's "Dispute Policy," a part of its Terms of Use, says:

"You acknowledge and agree that certain individuals or organizations may attempt to exploit the terms of this Dispute Policy and may request Customer Data in bad faith and that Saipan DataCom is not capable of determining and will not attempt to determine the validity or nature of requests for Customer Data. You acknowledge and agree that Saipan DataCom may be served with subpoenas demanding your Customer Data and that we will comply with such subpoenas provided that such subpoenas have been issued by a court of competent jurisdiction and provided that such subpoenas has been properly served on us. You acknowledge and agree that Saipan DataCom may, but is in no way obligated to, provide you with notification of a subpoena(s) for your Customer Data, including but not limited to providing you with a copy of such subpoena(s) via e-mail."

Key points: No obligation to protect privacy when served with a subpoena. Not even an obligation to notify the user.

So, yes, people with dotMP domains have privacy in their administrative contact information when it doesn't matter all that much (my opinion - not interested in debating that here). When the chips are actually down, privacy goes away.

I'll refrain from joining in the big-picture debates that you're fixed on. I never once talked about requiring a published WHOIS. But I think it's advisable to think through what happens with alternatives like this one.

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias