ICANN: What is Whois?

June 19th, 2003
By Elana Broitman

At the Internet Corporation for Assigned Names and Numbers' (ICANN) meeting in Montreal later this month, a task force will be formed to review the privacy issues surrounding the management of the Whois database, and the technical solutions for improving privacy protection.

Essentially, the Whois is a database of contact information about domain name registrants. It is accessed through the websites of registrars or registries, as well as through technical means by the registrars and registries, themselves. The current structure of Whois allows for variations among different registries - the operators that maintain the list of available domain names within their extension - and registrars - the organisations, such as Register.com, that maintain contact with the registrant, such as invoicing and client service, and act as the technical interface to the registry on the registrant's behalf.

Currently for the generic top-level domains (gTLDs) .com and .net, the registry - VeriSign - holds a 'thin' Whois, which has a limited subset of the Whois information in the registrars' Whois database. The registrar for each domain name will hold the 'thick' Whois, which contains more detailed information. For example, a Whois lookup at the .com registry, VeriSign (nsiregistry.com), for the domain name register.com will result in 'thin' information - registrar name, name servers and expiry date. A lookup for the same name at the registrar, in this case Register.com, will also include details of the registrant, administrative and technical contacts.

In the case of the country code top-level domains (ccTLDs) such as .uk for the United Kingdom and .de for Germany, and the new gTLDs such as .biz and .info, both the registries and registrars generally hold the 'thick' Whois. However, the level of detail kept by the registries will vary. Some ccTLDs hold full information, such as .de, while others have no information immediately available, such as .to for Tonga.

Over the last couple of years there has been a debate within ICANN and among other interested parties over the accessibility of Whois information, with intellectual property owners on one side arguing for all registrars to provide full Whois details all of the time, and those who want to restrict such information in the name of privacy on the other side. Full and accessible Whois details are important to IP owners for monitoring trademark infringements and to determine whether a particular registrant has developed a pattern of cybersquatting activities. Consumers have become more concerned about privacy from a number of different aspects, including the annoyance of spam to the misleading and sometimes fraudulent emails sent out by those who mine the Whois contacts, as well as the occasional case of the stalker accessing victims' phones and addresses through the Whois.

Whilst National and international authorities such as the European Commission and Nominet - the registry operator for .uk - have become increasingly vigilant about online privacy, the Whois requirements for gTLDs still lag behind. In response, there has been an increase in identity proxy solutions offered by registrars, whereby a registrant's details within the Whois may be disguised. Large corporations also use this technique, for example when registering new websites for forthcoming product launches or re-branding exercises.

These solutions are no doubt useful, but they are not the ultimate answer. Long-term solutions that do not impede on privacy, but also increase accuracy, are required. Among those proposed, a good interim solution might be to provide 'tiered access', whereby different sets of requestors are allowed access into different sets of data. For example, most requestors may be allowed to see only 'thin' Whois data, whereas authorised users such as vetted IP interests, are allowed to see 'thick' data. Additionally, registrants might be provided with a 'credit report' of who asked for their data, when, and for what purpose. This would additionally allow registrants to protect themselves from unwarranted infringement.

In addition to the privacy issues surrounding the Whois database, ICANN's requirement that registrars sell access to copies of their customers' Whois data for a fee has often been questioned as outmoded. This is known as 'Bulk Whois', and at ICANN's meeting in Rio de Janeiro at the end of March, ICANN's board passed a resolution authorising the staff to eliminate Bulk Whois for marketing purposes. This resolution maintained, however, a Bulk Whois requirement for other purposes, which provides a loophole for potential spammers. Registrars subsequently voted for the wholesale elimination of Bulk Whois licensing requirements.

The broad interest in Whois, particularly privacy protection, has prompted a policy development process, the first step of which was for ICANN's counsel to write a report regarding the issues and processes surrounding Whois and privacy. The Generic Names Supporting Organisation (GNSO) Council reviewed the report and voted to launch a task force, which is to begin around the time of the ICANN meeting in Montreal, 22-26 June 2003. The goal of the process is to flush out the experiences and interests of the relevant stakeholders - providers, users, and consumers - and arrive at a technical and policy solution that balances these interests and concerns.

Additionally during the Montreal meeting, ICANN with the Government Advisory Committee (GAC) and other stakeholders like registrars and IP interests, are holding a workshop on Whois. An informal and open group representing the various GNSO and other groups has begun a dialogue via list servs and conference calls regarding these issues and solutions. The results and "learnings" from these processes can feed into the formal policy development process, helping to broaden participation and hasten a solution.

--------------------------

Elana Broitman is Director of Policy at Register.com, examines ICANN's Whois policy review and the implications for consumers and the domain name industry.