[AfrICANN-discuss] Statu Quo sur le WHOIS -

Anne-Rachel Inné annerachel at gmail.com
Thu Aug 30 17:17:09 SAST 2007


Le groupe de travail mis en place par l'ICANN depuis 4 ans sur les
règles d'accès aux données privées du WHOIS n'a pas trouvé de réelles
 La question de l'accès aux données du WHOIS, largement débattu  lors
du dernier meeting ICANN, oppose deux camps : ceux qui souhaitent
protéger leurs données personnels et militent pour un accès limité à
ces données et ceux qui votent pour un accès libre aux données WHOIS.

Les 60 personnes regroupées au sein du groupe de travail initié par
l'ICANN et qui devaient plancher sur ces règles ont rendu  leur
rapport  la semaine dernière.

Sur plus de 80 pages le document détaille les discussions entamées et
les propositions du groupe.

L'enjeu était notamment de définir les circonstances de plein accès
aux données WHOIS pour les demandeurs légitimes.

Autres points litigieux : les frais associés à cette réforme, l'impact
de cette réforme sur les services d'anonymisation de WHOIS et la
difficulté à différencier ces titulaires ayant enregistré un nom à but
commercial des autres.


ICANN's Whois privacy reforms stalled again
Jaikumar Vijayan


August 28, 2007 (Computerworld) A working group set up by the Internet
Corporation for Assigned Names and Numbers (ICANN) to thrash out
differences over proposed privacy changes to the WHOIS database
stopped work last week with little real agreement on how or even
whether to implement the reforms.

The group's failure to come up with a proposal that could have been
accepted by ICANN continues a long-standing stalemate on efforts to
reform the way WHOIS data is handled. The group's findings were
summarized in a final outcomes document released Aug. 20. (Download

"The WHOIS debate has gone on for years, and [ICANN] needs to call an
end to it for now," said Tim Ruiz , vice president of corporate
development and policy at The Go Daddy Group Inc., a Scottsdale,
Ariz.-based domain name services provider. "It's been clear for some
time that unanimity, or even consensus, on any changes is not

Ruiz was a member of the 60-person working group. Other members
included user representatives, as well as representatives of service
providers, registrars and law enforcement authorities.

The WHOIS registry is the domain name systems' legacy database; it
contains names and contact information of all those who register
Internet domains. The contents of the database have been publicly
accessible to anyone who wanted it.

Companies, intellectual property holders and law enforcement
authorities have argued in favor of such open access to the WHOIS
database on the grounds that it helps them go after phishers,
trademark infringers, copyright violators and other crooks. Privacy
advocates, on the other hand, have opposed unrestricted WHOIS access
on the grounds that it could expose individual domain registrants to
spam and unwanted surveillance. They have for some time now wanted the
information in the WHOIS database to be shielded from public access.

"It's a basic disagreement about the relative rights of a tiny
minority of Internet users versus all of the Internet users who have
to deal with the mischief" that some domain registrants do, said John
Levine, co-founder of the Domain Assurance Council, a standards body
for e-mail certification.

According to Levine, only a small percentage of domain registrants are
individuals rather than businesses. And while there is a need to
address privacy concerns, "it is absurd to cripple all of WHOIS for
the putative interests of this tiny group," said Levine, who was a
member of the WHOIS working group.

A WHOIS task force set up by ICANN has been working for more than four
years to address the needs of the competing sides and recently came
out with a proposal called the Operational Point of Contact (OPoC).
Under OPoC, domain name registrars would have been able to continue
collecting contact information from all those who wanted to register
domains. But they would have been required to keep the street level of
the addresses of domain registrants shielded from public access,
except in cases where law enforcement authorities and other entities
could demonstrate a valid need for it.

The OPoC proposal, however, failed to gain broad support within ICANN
because of, among other things, concerns over how the exceptions
process would be handled, said Milton Mueller, a professor at Syracuse
University's school of information studies and a partner in the
Internet Governance Project.

The concerns related to who should have access to shielded WHOIS data,
when they should have it and under what circumstances, said Mueller.

The ICANN working group was set up five months ago to address that
issue and came up with several ideas for structuring access to WHOIS
data, Mueller said. One of the most significant was a proposal to
shield the contact information of individual domain registrants while
making that of commercial registrants publicly accessible. There were
also suggestions on how access to shielded WHOIS information could be
provided on a one-time basis or on an as-needed basis to those who
could demonstrate a valid reason for access to the information, he

However, the proposals failed to gain broad support for a variety of
reasons, Mueller said. Representatives from commercial entities and
intellectual property holders, for instance, tried to whittle down the
privacy protections and make information available only to individuals
whose Internet activities were completely noncommercial in nature.
Along with the law enforcement and banking interests, this group also
wanted backdoor processes for gaining access to the shielded
information on any domain based purely on their assertions that they
needed it for valid reasons, he said.

There was also concern among the registrars about the cost
implications of some of the proposed changes, said Lynn Goodendorf,
vice president of information privacy protection at Intercontinental
Hotels Group, the Atlanta-based owner of hotel brands such as Holiday
Inn and Crowne Plaza.

For instance, if the proposal to shield contact data of individual
registrants had been accepted, it would have required registrars to
implement an authentication process to ensure that registrants were
indeed individuals and not commercial entities, she said. "The
implication was that it would cost money to implement solutions to
improve the security and accuracy of WHOIS data and improve it in a
way it can't be abused," Goodendorf said. Most registrars appear to be
unwilling to pass these costs onto their customers, she added.

Registrars today also sell proxy services that allow registrants to
hide their identities and contact information from WHOIS queries. "If
there is no reform, they can continue to sell privacy to their users
using proxy registrations, making profits that far exceed those they
make on normal domain name registrations," Mueller explained.
Therefore, she said, "they bailed out."

In addition to those issues, there was some disagreement over
accountability issues under OPoC and the speed at which registrars
would be required to respond to requests for access to shielded data,
said Eric Dierker, chairman of the general assembly of ICANN's Generic
Names Supporting Organization. The GNSO is the body responsible for
developing policy for the domain name system.

According to Dierker, who was a working group member, the final
outcomes report released last week downplays some of the disagreements
among members. One area in particular that appears to have been
glossed over is the concern registrars expressed over the potential
costs of the proposed changes. "The one thing that we were agreed on
is that something needs to be done to fix the current situation,"
Dierker said.

Ultimately, Mueller said, implementing any of the proposed changes
would have meant less access to the WHOIS information that has been
freely available for a long time. For those used to getting that
information for free, that appears to have been more than they were
willing to concede, he said

"Despite flirting with the kind of compromises and reforms that might
actually reconcile privacy rights with identification needs, in the
final weeks of the process, trust and agreement among the parties
broke down completely," Mueller said in a blog post.

More information about the AfrICANN mailing list