Internet administrators in dispute over data protection for domain owners

New studies of the use and misuse of Whois data about the owners of internet domains are essential. This at least is the thinking of the Internet Corporation for Assigned Names and Numbers (ICANN)’s Governmental Advisory Committee (GAC). At a meeting shortly before the private network administration officially went into session, a US government representative, Suzanne Sene, said the GAC wanted ICANN to organize these studies and pay for them. Providing more security for the Whois databases, which list the owners of domains, has for years been a bone of contention between rights holders and the data-protection authorities. Even governments have not yet been able to agree on a Whois model.

Representatives of US crime-fighting authorities, supported by some of their European counterparts, have frequently stated their opinion that full access to Whois data should be granted to those having a "justified interest". They claim that only completely free access to the databases, without the knowledge of the parties involved and even without a court order, would make it possible for criminal prosecutors to investigate online swindlers and spammers. One consequence in the USA was the appearance of a variety of proxy servers, whose data are recorded in Whois instead of those of clients.

The DeNIC de-registry some years ago introduced some barriers to the publication of extensive information about domain owners, as a result of which the British Nominet is able to allow private users, as an opt-out, to remove all of their personal data from the publicly accessible Whois database. After many disputes, EU registrars who register generic Top Level Domains (gTLDs) like .info and .com now benefit from a derogation from the ICANN regulations. But to get it they have to submit a clear request on the part of their own authorities, something that has not so far been done successfully.

Once again, a storm on this topic is now raging within the GNSO, the ICANN committee responsible for gTLDs. Many GNSO members say that further studies, as now demanded by the GAC, would alter none of the entrenched political viewpoints, and the GNSO should therefore finally notify the ICANN board that no consensus was possible. In the view of Robin Gross, who heads the IPJustice organization, this would have one advantage: it would let the board permit the current Whois regulation to expire, since ICANN is only obliged to implement rules when there is a consensus of its committees.

Negotiations about the future Whois model would then be essential. Tom Keller of 1&1 considers that, as TLD registries become established outside the USA, or where stricter data-protection regulations apply, there will no longer be a unified Whois model in any case. On the contrary, new registries will have to comply with national laws – regardless of how much pressure the US Congress applies in order to improve control over Whois data. He points out that in coming years individual registries may also move over to the new Whois CRISP protocol, which provides more options for the administration of access rights.

Sene, the US representative, protested against accusations that the GAC was not all that interested in data protection. Sene said this was far from the case and that GAC had, in fact, passed on its own list of questions about Whois to the ICANN, and would like them to be answered. While these questions relate, for instance, to the quality of database entries and the exploitation of an open Whois as a spam database, the GNSO would rather, if anything, investigate whether proxy services have in practice effected an improvement in data protection.

(Monika Ermert)

(trk)