From IP Watch:
http://www.ip-watch.org/weblog/index.php?p=352&res=1024_ff&print=0

6/7/2006


      Governments and Intellectual Property Community Fight For Open
      Whois Access

By Monika Ermert for /Intellectual Property Watch/

Should everybody who registers an Internet domain name be forced to 
publish his private address, email address and phone number on the 
Internet? A storm broke out over the question of the so-called Whois 
data at the meeting of the Internet Corporation for Assigned Names and 
Numbers <http://www.icann.org/> (ICANN) in Marrakesh last week.

ICANN is the technical coordination body for the Internet domain name 
system, and is headquartered in California and operating under an 
arrangement with the US Department of Commerce. Every domain name 
registrant is required to submit their contact information, known as 
Whois data, which is published publicly on the Internet. This has been 
useful to law enforcement and intellectual property right holders, but 
has concerned companies who sell domain names to end users and are 
required to collect accurate information, Internet service providers 
required to hold the data, and privacy advocates. It also has been seen 
as a feeding ground for spammers who send out mass unsolicited 
commercial emails, and has been found to have a high proportion of 
inaccurate data.

The open Whois has caused registrars in countries with strict data 
protection laws, for example those in the European Union, considerable 
headaches in recent years. European data protection officials have 
warned ICANN on several occasions to stay within EU data protection 
laws. Peter Schaar, Germany’s federal commissioner for data protection 
and freedom of information and currently head of the Article 29 group of 
European data protection officials, reiterated this warning at the end 
of the week.

The question is anything but new to domain name registrars, but an ICANN 
task force of the Generic Name Supporting Organisation (GNSO) that was 
dedicated to the Whois question has struggled for nearly six years to 
reach consensus between registrars and users on the one side and 
trademark and intellectual property representatives on the other.

After the GNSO Council decided in a split vote earlier this year that 
the purpose of the Whois service was strictly technical, governments and 
stakeholders from ICANN’s Intellectual Property Constituency and 
Business Constituency in ICANN joined forces in their claim that they 
must not be stripped of that source of information on domain name 
registrants.

A Critical Consumer Protection Tool

Representatives of the US Federal Trade Commission (FTC), the Dutch 
Telecommunications Regulatory Authority Opta and Japan’s 
Telecommunications Consumer Policy Division of the Japanese Ministry of 
Internal Affairs and Communications warned against limitations in access 
to personal data of domain name owners at a panel session of ICANN’s 
Government Advisory Committee (GAC) organized by Susanne Sene of the US 
Department of Commerce. FTC Commissioner Jon Leibowitz said: “If ICANN 
restricts the use of Whois data to technical proposes only, it will 
greatly impair the FTC’s abilities to identify Internet malefactors 
quickly.”

FTC investigators have relied heavily on information in the Whois 
database for the last decade to identify spammers and scammers, said 
Leibowitz. “Whois databases often are one of the first tools FTC 
investigators use to identify wrongdoers,” he said. “The FTC is 
concerned that any attempt to limit the Whois to this narrow purpose 
will put its ability to protect consumers and their privacy in peril.”

The head of Opta, Chris Fonteijn, and Hiroyo Hiramatsu of the Japanese 
communications ministry supported Leibowitz’ view, with Hiramatsu 
clearly addressing the violation of IP rights as a major problem that 
made an open Whois database necessary. According to the Japanese 
provider liability law (enacted in 2002) IP owners can ask Internet 
service providers (ISPs) take down material posted on the Internet when 
they see their rights violated. Without Whois access their 
investigations would be difficult, they said.

A group of domain name registrars reacted quickly to the concerns by 
confirming that they certainly would “continue to collect the data 
commonly known as Whois data” and also “continue to provide access to 
such data by law enforcement, intellectual property, ISPs and other 
legitimate users, through appropriate processes.” In fact, registrars 
that hold the main volume of Whois data were “open to improve those 
processes for more efficient access by legitimate users.” According to 
the registry-registrar agreement they would store more data for a period 
of three years after the end of the contract with a specific customer, 
and all this data was available to law enforcement, again “through 
appropriate processes.”

GNSO Council member Mawaki Chango, a Togolese academic who worked for 
the UN Educational, Scientific and Cultural Organization (UNESCO), said: 
“If I build a house, I don’t build it for the purpose of law 
enforcement. But if I do something bad, law enforcement entities can 
come in and search.” In that way, the whole debate on the purpose of the 
Whois data is a waste of time, he said.

The final report of the Whois task force would only be ready by the end 
of the year, he said. According to GNSO planning, the ICANN board shall 
decide on the future Whois in early 2007.

Making the Right Info Accessible to the Right People

In the end, the question comes down to what “appropriate procedures” for 
access mean and how the much-discussed concept of “tiered access” will 
be realized. Tiered access that will be technically perfected by a Whois 
follow-up system (a system currently being developed by the Internet 
Engineering Task Force under the title CRISP) means that only some 
information will be public, while the full data set will be only 
available through formal procedures. But formal procedures could slow 
down the speed of investigations and consume more time and cost, 
especially in cross-border investigations, officials said.

“We would need formal requests and would have to enforce them against 
registrars, which is a more complex process,” said Opta’s Fonteijn. 
“Research for historic data and patterns would become more difficult,” 
he said. “Spam enforcement internationally would become very difficult 
and the Internet could become a safe haven for abuse.”

Leibowitz said: “Where a registrar is located in a foreign jurisdiction, 
the FTC often has no other way to obtain the information it needs,” said 
Leibowitz. “The FTC cannot, in most cases, readily require a foreign 
entity to provide us with information.” The US Department of Justice at 
an ICANN meeting in Montreal in 2002 asked for a completely open Whois 
in order to allow the authorities to search Whois data without being 
identifiable as law enforcement or public investigators.

Leibowitz said in Marrakesh that not only governments but also normal 
users should have open Whois access. If users could start to look into 
the issues themselves it would also support public authorities. This 
demand was echoed by various members of the Business and IP Constituency 
of ICANN who want to investigate violations in IP and trademark rights.

Sunlight on Illegal Internet Behaviour

“The publicly available Whois provides sunlight in the battle against 
illegal and improper behaviour on the Internet", said Steve Metalitz of 
the ICANN Intellectual Property Constituency and a Washington lobbyist. 
“If we’re going to block that sunlight in some way through changes to 
the system, what are we going to do to bring light to these corners of 
the Internet?”

ICANN’s Non-Commercial Constituency representatives said they are weary 
of the alliance between government and IP interests and at Marrakesh 
they especially warned against a Whois policy that contradicts European 
data protection law.

Milton Mueller, a professor at the School of Information Studies at 
Syracuse University (US), asked the representatives of government 
agencies: “How do you protect us against spam by publishing contact data 
for every spammer that could be automatically harvested from the Whois 
database?”

Questions of Consistency with EU Law

Nigel Williams, administrator for the country-code top-level domain for 
Jersey (.je) and Guernsey (.gg), referred to the EU privacy directive 
and to Article 8 of the Convention on Human Rights of the Council of 
Europe. Both would be violated by a Government Advisory Committee 
decision to oblige people to have their personal data published online. 
“The law in 25 countries is pretty clear,” said Williams.

This was clearly confirmed by Schaar, the German federal commissioner of 
data protection and freedom of information. In answer to questions from 
/Intellectual Property Watch/, Schaar wrote: “The purpose of Whois 
databases is to ensure communication over the Net. It’s a technical 
purpose and it should be kept that narrow in the future, too.” Schaar 
said also that the scope of the data collected had to be reviewed carefully.

“The principle that data should only be collected and used as there is a 
need for them is a fundamental principle of European data protection 
law", said Schaar. General access should be basically restricted to 
technical information as identifying the provider of a domain and their 
contact data. “Above this only government agencies might be given 
accesss according to the law,” as long as they have data protection 
themselves.

“Should users not be allowed to protect themselves?” Kathy Kleiman, 
co-founder of the Noncommercial Users Constituency, asked ICANN in 
Marrakesh. Kleiman cited several cases of stalking of individuals from 
the public Whois database.

IP owners at the ICANN meeting said that they felt violated mainly from 
private “pirates". And Sarah Deutsch, vice president and associate 
general counsel at Internet service provider Verizon said: “Just because 
a person is an individual doesn’t mean that they should have the right 
to privacy necessarily. There’s no right of privacy to commit a crime, 
and we should not be in a situation where registrars are flooded with 
subpoenas for every single trademark or copyright.”

The GNSO Council reacted to the fierce debate offering that the Whois 
task force would take into account Government Advisory Committee and 
community considerations – so the battle goes on.

------------------------------------------------------------------------

/This work is licensed under a Creative Commons License 
<http://creativecommons.org/licenses/by-nc-sa/2.0/>. All of the news 
articles and features on Intellectual Property Watch are also subject to 
a Creative Commons License 
<http://creativecommons.org/licenses/by-nc-sa/2.0/> which makes them 
available for widescale, free, non-commercial reproduction and translation./

/Monika Ermert, the author of this post, may be reached at 
[log in to unmask] <mailto:[log in to unmask]>./



    6/7/2006


      Governments and Intellectual Property Community Fight For Open
      Whois Access

By Monika Ermert for /Intellectual Property Watch/

Should everybody who registers an Internet domain name be forced to 
publish his private address, email address and phone number on the 
Internet? A storm broke out over the question of the so-called Whois 
data at the meeting of the Internet Corporation for Assigned Names and 
Numbers <http://www.icann.org/> (ICANN) in Marrakesh last week.

ICANN is the technical coordination body for the Internet domain name 
system, and is headquartered in California and operating under an 
arrangement with the US Department of Commerce. Every domain name 
registrant is required to submit their contact information, known as 
Whois data, which is published publicly on the Internet. This has been 
useful to law enforcement and intellectual property right holders, but 
has concerned companies who sell domain names to end users and are 
required to collect accurate information, Internet service providers 
required to hold the data, and privacy advocates. It also has been seen 
as a feeding ground for spammers who send out mass unsolicited 
commercial emails, and has been found to have a high proportion of 
inaccurate data.

The open Whois has caused registrars in countries with strict data 
protection laws, for example those in the European Union, considerable 
headaches in recent years. European data protection officials have 
warned ICANN on several occasions to stay within EU data protection 
laws. Peter Schaar, Germany’s federal commissioner for data protection 
and freedom of information and currently head of the Article 29 group of 
European data protection officials, reiterated this warning at the end 
of the week.

The question is anything but new to domain name registrars, but an ICANN 
task force of the Generic Name Supporting Organisation (GNSO) that was 
dedicated to the Whois question has struggled for nearly six years to 
reach consensus between registrars and users on the one side and 
trademark and intellectual property representatives on the other.

After the GNSO Council decided in a split vote earlier this year that 
the purpose of the Whois service was strictly technical, governments and 
stakeholders from ICANN’s Intellectual Property Constituency and 
Business Constituency in ICANN joined forces in their claim that they 
must not be stripped of that source of information on domain name 
registrants.

A Critical Consumer Protection Tool

Representatives of the US Federal Trade Commission (FTC), the Dutch 
Telecommunications Regulatory Authority Opta and Japan’s 
Telecommunications Consumer Policy Division of the Japanese Ministry of 
Internal Affairs and Communications warned against limitations in access 
to personal data of domain name owners at a panel session of ICANN’s 
Government Advisory Committee (GAC) organized by Susanne Sene of the US 
Department of Commerce. FTC Commissioner Jon Leibowitz said: “If ICANN 
restricts the use of Whois data to technical proposes only, it will 
greatly impair the FTC’s abilities to identify Internet malefactors 
quickly.”

FTC investigators have relied heavily on information in the Whois 
database for the last decade to identify spammers and scammers, said 
Leibowitz. “Whois databases often are one of the first tools FTC 
investigators use to identify wrongdoers,” he said. “The FTC is 
concerned that any attempt to limit the Whois to this narrow purpose 
will put its ability to protect consumers and their privacy in peril.”

The head of Opta, Chris Fonteijn, and Hiroyo Hiramatsu of the Japanese 
communications ministry supported Leibowitz’ view, with Hiramatsu 
clearly addressing the violation of IP rights as a major problem that 
made an open Whois database necessary. According to the Japanese 
provider liability law (enacted in 2002) IP owners can ask Internet 
service providers (ISPs) take down material posted on the Internet when 
they see their rights violated. Without Whois access their 
investigations would be difficult, they said.

A group of domain name registrars reacted quickly to the concerns by 
confirming that they certainly would “continue to collect the data 
commonly known as Whois data” and also “continue to provide access to 
such data by law enforcement, intellectual property, ISPs and other 
legitimate users, through appropriate processes.” In fact, registrars 
that hold the main volume of Whois data were “open to improve those 
processes for more efficient access by legitimate users.” According to 
the registry-registrar agreement they would store more data for a period 
of three years after the end of the contract with a specific customer, 
and all this data was available to law enforcement, again “through 
appropriate processes.”

GNSO Council member Mawaki Chango, a Togolese academic who worked for 
the UN Educational, Scientific and Cultural Organization (UNESCO), said: 
“If I build a house, I don’t build it for the purpose of law 
enforcement. But if I do something bad, law enforcement entities can 
come in and search.” In that way, the whole debate on the purpose of the 
Whois data is a waste of time, he said.

The final report of the Whois task force would only be ready by the end 
of the year, he said. According to GNSO planning, the ICANN board shall 
decide on the future Whois in early 2007.

Making the Right Info Accessible to the Right People

In the end, the question comes down to what “appropriate procedures” for 
access mean and how the much-discussed concept of “tiered access” will 
be realized. Tiered access that will be technically perfected by a Whois 
follow-up system (a system currently being developed by the Internet 
Engineering Task Force under the title CRISP) means that only some 
information will be public, while the full data set will be only 
available through formal procedures. But formal procedures could slow 
down the speed of investigations and consume more time and cost, 
especially in cross-border investigations, officials said.

“We would need formal requests and would have to enforce them against 
registrars, which is a more complex process,” said Opta’s Fonteijn. 
“Research for historic data and patterns would become more difficult,” 
he said. “Spam enforcement internationally would become very difficult 
and the Internet could become a safe haven for abuse.”

Leibowitz said: “Where a registrar is located in a foreign jurisdiction, 
the FTC often has no other way to obtain the information it needs,” said 
Leibowitz. “The FTC cannot, in most cases, readily require a foreign 
entity to provide us with information.” The US Department of Justice at 
an ICANN meeting in Montreal in 2002 asked for a completely open Whois 
in order to allow the authorities to search Whois data without being 
identifiable as law enforcement or public investigators.

Leibowitz said in Marrakesh that not only governments but also normal 
users should have open Whois access. If users could start to look into 
the issues themselves it would also support public authorities. This 
demand was echoed by various members of the Business and IP Constituency 
of ICANN who want to investigate violations in IP and trademark rights.

Sunlight on Illegal Internet Behaviour

“The publicly available Whois provides sunlight in the battle against 
illegal and improper behaviour on the Internet", said Steve Metalitz of 
the ICANN Intellectual Property Constituency and a Washington lobbyist. 
“If we’re going to block that sunlight in some way through changes to 
the system, what are we going to do to bring light to these corners of 
the Internet?”

ICANN’s Non-Commercial Constituency representatives said they are weary 
of the alliance between government and IP interests and at Marrakesh 
they especially warned against a Whois policy that contradicts European 
data protection law.

Milton Mueller, a professor at the School of Information Studies at 
Syracuse University (US), asked the representatives of government 
agencies: “How do you protect us against spam by publishing contact data 
for every spammer that could be automatically harvested from the Whois 
database?”

Questions of Consistency with EU Law

Nigel Williams, administrator for the country-code top-level domain for 
Jersey (.je) and Guernsey (.gg), referred to the EU privacy directive 
and to Article 8 of the Convention on Human Rights of the Council of 
Europe. Both would be violated by a Government Advisory Committee 
decision to oblige people to have their personal data published online. 
“The law in 25 countries is pretty clear,” said Williams.

This was clearly confirmed by Schaar, the German federal commissioner of 
data protection and freedom of information. In answer to questions from 
/Intellectual Property Watch/, Schaar wrote: “The purpose of Whois 
databases is to ensure communication over the Net. It’s a technical 
purpose and it should be kept that narrow in the future, too.” Schaar 
said also that the scope of the data collected had to be reviewed carefully.

“The principle that data should only be collected and used as there is a 
need for them is a fundamental principle of European data protection 
law", said Schaar. General access should be basically restricted to 
technical information as identifying the provider of a domain and their 
contact data. “Above this only government agencies might be given 
accesss according to the law,” as long as they have data protection 
themselves.

“Should users not be allowed to protect themselves?” Kathy Kleiman, 
co-founder of the Noncommercial Users Constituency, asked ICANN in 
Marrakesh. Kleiman cited several cases of stalking of individuals from 
the public Whois database.

IP owners at the ICANN meeting said that they felt violated mainly from 
private “pirates". And Sarah Deutsch, vice president and associate 
general counsel at Internet service provider Verizon said: “Just because 
a person is an individual doesn’t mean that they should have the right 
to privacy necessarily. There’s no right of privacy to commit a crime, 
and we should not be in a situation where registrars are flooded with 
subpoenas for every single trademark or copyright.”

The GNSO Council reacted to the fierce debate offering that the Whois 
task force would take into account Government Advisory Committee and 
community considerations – so the battle goes on.

------------------------------------------------------------------------

/This work is licensed under a Creative Commons License 
<http://creativecommons.org/licenses/by-nc-sa/2.0/>. All of the news 
articles and features on Intellectual Property Watch are also subject to 
a Creative Commons License 
<http://creativecommons.org/licenses/by-nc-sa/2.0/> which makes them 
available for widescale, free, non-commercial reproduction and translation./

/Monika Ermert, the author of this post, may be reached at 
[log in to unmask] <mailto:[log in to unmask]>./