The Whois Task Force of the Domain Name Supporting Organization (DNSO) has been consulting with registrars over the past few months on the Whois accuracy issue for law enforcement. The Task Force has enumerated three primary areas of interest: accuracy, uniformity, and better searching capabilities. When the registrars met with the Task Force in Shanghai, a fourth area of interest was also brought forward and advocated by many of the registrars at the meeting as paramount to the other three areas. This fourth area of interest was privacy.

Most registrars at the meeting agreed that there are two factors that encourage registrants to submit false or inaccurate data: (1) a lack of preventive measures with respect to data mining; and (2) privacy concerns. Some registrars have registered domains with addresses never used before and observed the number of times SPAM/UCE (Unsolicited Commercial Email) and postal mail was received; the empirical data has suggested that the Whois data was indeed harvested and used for unauthorized purposes.

Most registrants detest SPAM/UCE and postal advertisements they receive from aggressive marketers using contact information readily available from the Whois data bank. Hence, proper means of protecting registrants’ privacy is an area ICANN must devote sufficient attention to in order to reduce data mining and enhance domain owners’ confidence. It should also be noted that all stakeholders, including registrants, are able to voice their opinions to the Whois Task Force by emailing .(JavaScript must be enabled to view this email address)

Accuracy

Accuracy is difficult to define when talking about global addressing. For instance, is it acceptable to list your cell phone from one country and your postal address from another when registering a domain name? How about determining the accuracy of a phone number, given the fact that many countries define their numbers in varying lengths?

Every element of a registrant’s contact information poses a difficult task for validation. While for a registrar in the UK, local postal code verification is a simple algorithm, a registrar in the US would need to consult a database of over 10GB to validate a simple five-digit postal code. These vastly different addressing verification methods require a significant engineering effort that many registrars may not be able to cope with. Add in 184 more varying country postal addressing and telephone dialing schemes, and verification becomes a pie-in-the-sky concept instead of something that is easily implemented.

Extensible Provisioning Protocol

The Extensible Provisioning Protocol, or EPP, is a product of the IETF working group called Provisioning Registry Protocol and used by the new gTLD registries to provision domain names. The protocol is nearly complete and the IESG is about to call for the protocol to be published as an RFC. One last item on the working group’s list of items to complete is what was recently proposed as the ‘last-verified-date.’ The idea behind ‘last-verified-date’ is that registrars will eventually be able to verify their registrants’ data and date-stamp the day and time the information was last verified. Given the fact that in October the Whois protocol, and most likely a significant portion of its data, turned 17 years old, this may indeed be a good thing!

Registrar Commitment

Whois accuracy is not a new concept to Registrars. Presentations last year by House Representative Howard Berman in Marina del Rey and his subsequent statement on The Whois Database: Privacy and Intellectual Property Issues, certainly educated registrars regarding issues that intellectual property enforcement agencies have with the Whois data. Registrars have expressed their commitment to publishing data as accurately as the data can be collected. Many registrars recently discussed accuracy of the Whois data with the Federal Trade Commission and other representatives of the law enforcement and intellectual property communities. Registrars are now preparing for publishing more accurate information and implementing techniques to detect and deter fraudulent domain registrations though active participation with the DNSO’s Whois Task Force. However, many registrars still feel that the main issues that encourage inaccuracies in the registration process are registrants’ attempts to deter their data from being harvested and used by unscrupulous marketing companies. Registrants’ right to privacy cannot be ignored.

A service called Fraudit that helps registrars identify inaccuracies during domain name registrations has recently been introduced by Alice’s Registry. The service uses information collected from more than 186 countries to validate postal codes, email addresses, telephone numbers, and email deliverability. This evaluation process takes place within seconds through an automated process and can act as a valuable tool for deterring fraud and ensuring data accuracy. Many registrars have already started to deploy the service in order to verify and validate their entire portfolio of domain registrations.