On February 4, 2004, United States Congress held a hearing on a new proposed bill called the Fraudulent Online Identity Sanctions Act (FOISA). This bill will increase prison sentences by up to seven years in criminal cases if a domain owner provides "material and misleading false contact information to a domain name registrar, domain name registry, or other domain name registration authority."
What follows is a collection of commentaries made in response to this proposed bill:
Michael Mann, President, Buy Domains:
"Considering the extreme amount of unpunished crime on the Internet we think it is fine to publish correct owner info in whois so crooks can be found more easily. Whois is only the tip of the iceberg as far as dicey issues go.
The trademark laws in general don't make much sense when 20 companies can claim a valid trademark on the exact same generic term even when there is only one domain to fight over. The same word can be used as a trademark over and over as long as it is used for a non-competitive product or service and is not descriptive of the product or service being provided. Therefore traditional understandings of intellectual property don't apply perfectly to the new digitally linked world or whois. Also we think the proposed bill and penalties don't make much sense.
The government with help of Congress created this group ICANN after having funded the NSI monopoly since the beginning. ICANN is completely complicit with the longstanding Network Solutions/Verisign registration monopoly. Moreover there has been no enforcement of registry agreements or monopoly laws by the departments of Commerce and Justice, along with no help from the FTC so far. So I wouldn't count on anything logical resulting from this entire whois bill process. It's only a red herring that is distracting the people in power from really fixing things.
More importantly the government and banks generally ignore international thieves who steal credit cards and purchase digital based products like domains and software on the Internet. And hack or virus up systems. This is where the effort should be focused because US companies and consumers are harmed big time. Most of the thieves we have found are based in Nigeria and Indonesia, among many other places to a lesser degree."
(Related link: BuyDomains.com)
Mark Jeftovic, Co-Founder, easyDNS Technologies Inc.:
"...from what I gather it heavily favours the IP lobby, does not extend any additional privacy protections to the registrants and drops the cost of ensuring data accuracy on the registrars.
The first step in fixing "The Whois Mess" is to mandate stiffer penalties for the data miners and the spammers. As someone on the front lines of this issue (from my vantage point as a Registrar and having served briefly on one of the GNSO Whois Privacy Steering Committees), I can tell you from first-hand experience that most of the falsified data in the Whois database is put there by legitimate registrants trying to keep spammers, domain slammers and 419 scammers out of their lives, not by the fractional minority of registrants who are "infringing" on some trademark or perpetuating some sort of crime (and for those that are, there are other methods available to track them).
Solve the big one first: protect the Registrant's privacy. Think about your mother or grandmother registering a domain name for her knitting circle and calculate the fallout from that: after she gets mailbombed for guaranteed penis enlargement and blows your inheritance helping Prince Magdudu Mshihashubu, son of the former Minister of Finance for Swaziland retrieve an undisclosed amount of funds from a Swiss bank account....
Go after the real thieves and criminals first, the ones preying on the data in the Whois database, don't criminalize the registrants who are trying to protect themselves where nobody else will."
(Related link: easyDNS)
Wendy Seltzer, Staff Attorney with Electronic Frontier Foundation:
"Talk about false and misleading identification information, the recently introduced Fraudulent Online Identity Sanctions Act should really be called the "Slam the First Amendment Act." It bumps the penalties for trademark or copyright infringement to "willful" levels — that's up to $150,000 in statutory damages per copyright infringement — for the mere connection of the infringement to a domain name registered with false information. Never mind that using false information in the address or telephone number fields may be the only way for individuals to protect their privacy; or that the First Amendment rights to anononymous speech may depend on the ability to register a name with "false" pseudonymous contacts. Would Publius be slammed as a willful infringer if someone claimed that the Federalist Papers took a few too many quotations from other sources?"
(Related link: Wendy Seltzer)
Eric Goldman, Assistant Professor of Law:
"Like virtually every other Congressional regulation of Internet behavior, this proposed law lacks any credible evidence that it will reduce socially-harmful conduct. Congress has tried--and failed--to control Internet behavior through increased criminal sanctions and more powerful plaintiff rights in the past, yet Congress still hasn't learned that stiffer penalties don't positively change online behavior. Meanwhile, if Congress really is concerned about online fraud, isn't the logical next step to require eBay auction sellers to disclose accurate contact information for everyone in the world to see?"
(Related link: Eric Goldman)
Rick Wesson, CEO, Alice's Registry:
"We launched the service Fraudit, as in "Fraud-Audit", for registrars to increase their data accuracy at the 2002 ICANN meeting in Shanghai, China. To our surprise registrars were somewhat angered to learn that someone had come up with a solution to the Whois data accuracy problem.
Registrars appeared to believe that as long as no solution existed, there was no good reason audit their registrant data. In fact the only time they preformed self-audits is when the registrar was faced with a financial loss. Registrars have been hit hard with credit card fraud. One large registrar had a rather embarrassing incident by nearly loosing their merchant account, removing their ability to take credit cards over the Internet, because of fraud. Although all registrars experience some credit card fraud and most have invested in mitigating that risk, they have not attempted, nor invested in, an ability to prevent the introduction of fraudulent registrant data – as long as the domain is paid for and the registrar is not hit with a credit card charge back there is no business reason to prevent invalid registrant data in the Whois system. My ultimate realization that ICANN, gTLD registries and accredited registrars had no intention, desire, or incentive to audit their registrant data caused us to withdraw the product from the registrar Whois accuracy space."
(Related links: Alice's Registry, U.S. House of Representatives)
Ross Rader, Random Bytes:
"There are better ways for IP interests to get at the data they need. For instance, stepping back a bit and working with ISPs instead of trodding on them would be a good start. Getting a handle on how some of this technology works would be useful as well. I've found Traceroute and ARIN to be far more useful in tracking down hosts and owners than Domain Whois ever was."
(Related link: Random Bytes)
Declan McCullagh, CNET News.com's Washington, D.C., Correspondent:
"By bowing to corporate special interests, Washington politicians are heading in the wrong direction. They're ignoring the real problem, which is that Whois is broken. Like the Internet mail protocols that were drafted during a more innocent era and are now being exploited by spammers, the Whois database was not intended to be melded into the shape preferred by copyright and trademark lobbyists.
The origins of today's domain name system can be found in standards RFC 1034 and RFC 1035, published in November 1987, when the Internet was still young and commercial traffic would not officially be encouraged for another five years. Back then, before individuals started to buy their own domain names, a public Whois database was necessary to permit network administrators to fix problems and maintain the stability of the Internet.
Today, however, the open nature of the Whois database is no longer a boon to people who own domain names. If you buy a domain name, current regulations created by the Internet Corporation for Assigned Names and Numbers (ICANN) say you must make public "accurate and reliable contact details and promptly correct and update them during the term of the...registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number."
Who wants to make that kind of personal information public for the benefit of spammers, direct marketers and snoops? You shouldn't have to publish your home address--and other personal details--to everyone in the world just to own a domain name. And if you decide to lie by typing in "1 Nowhere Road," I don't see why you should be punished for attempting to protect your and your family's privacy.
There are plenty of legitimate reasons why domain name holders might leave their address blank. As an international coalition of civil liberties groups said in letter to ICANN in October: "Anyone with Internet access can now have access to Whois data, and that includes stalkers, governments that restrict dissidents' activities, law enforcement agents without legal authority, and spammers...Many domain name registrants--and particularly noncommercial users--do not wish to make public the information that they furnished to registrars. Some of them may have legitimate reasons to conceal their actual identities or to register domain names anonymously." (The coalition also suggested ways for ICANN to fix Whois.)"
(Related link: CNET News.com)
Roger Collins, President, Afternic.com:
"Policy is an important feature on which web hosts, registrars, ISPs, telcos, and other service providers compete. The methods and levels of effort on policing, verification, privacy, dispute resolution, etc. - these are difficult decisions that should not be left to the whims of the political market. Legislators should put their pens down and let the free market do its magic."
(Editor's Note: Quote added on Feb. 16, 04)
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines
Neustar DNS Services
Neustar DDoS Protection