"DNS WHOIS: Barking Up the Wrong Tree"

Frannie Wellings wellings at EPIC.ORG
Mon Jun 28 22:21:53 CEST 2004


DNS WHOIS: Barking Up the Wrong Tree
Jun 28, 2004 | From CircleID Privacy Matters
By Tom Cross

http://www.circleid.com/article/630_0_1_0_C/

  As the Internet has grown and matured, it has become obvious to
everyone involved that the DNS Whois system, as it currently exists,
is not a sustainable way to share contact information for resolving
network problems. ICANN, in an attempt to save DNS Whois, has plunged
head long into the process of developing new policies aimed at fixing
it. While I respect all of the hard work that has gone into this
process, the results thus far have only made it clearer that this
system faces intractable problems. ICANN should see DNS Whois for
what it is, a relic of a simpler time, and focus instead on the IP
address Whois systems, where their efforts might reap meaningful
results.

A quagmire of diametrically opposed interests

On the one hand, intellectual property interests make a compelling
case for accountability on the Internet. When a crime is being
committed, we all have an interest in ensuring that the proper
authorities have the tools that they require to investigate and, if
necessary, to prosecute. IP interests present that an open, accurate
DNS Whois system is the right solution to that problem, and they
defend this position with incredible zeal.

For example, in response to the suggestion by privacy advocates that
people would be more disposed to provide accurate contact information
if better privacy protections existed, the International Trademark
Association "queries whether accuracy of Whois data would really
improve if access is limited. People who are predisposed to give
inaccurate Whois information may well be likely to continue to do so.
It may be worth exploring alternative means to ensure accurate data,
e.g. imposing penalties for providing false information or rewards
for providing verifiably accurate information."

On the other hand, political speakers on the Internet have a
legitimate need to protect their identities. The Internet presently
supports a vibrant ecology of political websites and weblogs of every
flavor and prejudice. Together they constitute a meaningful discourse
on nearly every issue of the day. A large portion of these sites
employ WHOIS proxies or publish limited contact information. It is
easy, even in the United States, to find examples of individuals who
have been the target of violent retaliation because they have
expressed their political views.

The Supreme Court of the United States eloquently defended anonymous
speech in McIntyre V. Ohio Elections Commission (1995):

"Under our Constitution, anonymous pamphleteering is not a
pernicious, fraudulent practice, but an honorable tradition of
advocacy and of dissent. Anonymity is a shield from the tyranny of
the majority. It thus exemplifies the purpose behind the Bill of
Rights, and of the First Amendment in particular: to protect
unpopular individuals from retaliation--and their ideas from
suppression--at the hand of an intolerant society. The right to
remain anonymous may be abused when it shields fraudulent conduct.
But political speech by its nature will sometimes have unpalatable
consequences, and, in general, our society accords greater weight to
the value of free speech than to the dangers of its misuse."
It is not important, in this context, which side of the debate you
fall on. The objective question we must ask ourselves is whether
ICANN is properly equipped to balance these interests at all. It's
hard to see a middle ground here. Either information is collected, or
it is not. Either the information is made available, or it is not.
How does ICANN plan to sort out who is and is not a legitimate
consumer of collected contact information in a tiered access system?

These are fundamental questions about freedom of speech and
accountability which the governments of all nations struggle with at
the highest levels. With very few exceptions, national governments
have deliberative processes which are far more mature than those of
ICANN, and their sovereignty in such basic questions is far more
legitimate. This debate seems a bit outside of ICANN's jurisdiction.

A way out

Lost in this debate are the purely technical stability, reliability,
and security issues that ICANN is responsible for and equipped to
address. There is a legitimate need to contact network operators in
the event of a technical problem. People have traditionally relied on
the DNS Whois system for obtaining this contact information because
people tend to think about networks in terms of domain names.
However, technical issues are related to Internet traffic, and
Internet traffic comes from IP addresses, not domain names. In fact,
IP addresses frequently aren't associated with domain names at all.
As the Internet matures the IP address Whois systems are increasingly
more valuable for contacting network operators then the DNS Whois
system.

Problems you can actually solve

Of course, there are significant problems with the IP address Whois
systems. IP address Whois usually doesn't contain information about
networks that have less then 8,192 IPv4 addresses (/19). Also, the
data in these systems is often inaccurate or out of date. Unlike
similar problems with DNS Whois, improving on this situation seems
within the realm of possibility.

In order to address the timeliness and accuracy of DNS Whois data
you've got to develop an enforcement mechanism that ensures
compliance from millions of people, many of whom are private
individuals and not businesses. The universe of ISPs is smaller by an
order of magnitude or more, and in almost every case ISPs are
organizations that can afford to implement compliance processes. This
problem is much less complex.

If we were to require that all organizations which provide network
service to third parties register in the IP address Whois system
(instead of just the medium and large networks) and require that
contact information be renewed on a regular basis, we will have made
significant progress toward ensuring that every IP address on the
Internet can be quickly associated with technical contact information
for the network providing service to that address.

Separating legal issues from technical issues

But what about our friends at the International Trademark Association
and their accountability interests? It's important to understand that
the intellectual property interests do not have technical concerns.
They are interested in content, and whether or not that content is
legal.

If ICANN can ensure that every IP address is properly associated with
the network that provides service for it, the ITA will be able to
contact those network providers when they have a problem with an
Internet site (or the DNS registrar if the domain name itself is the
problem). These organizations know their customers, because they have
to bill them, and often run cables to them. Furthermore, these
organizations have ultimate control over the customer's access to the
network. Whether the ITA can get the customer's personal contact
information from the ISP will depend on the rules of the government
of the jurisdiction in question.

The United States Government has the right to develop its own rules
and regulations for handling these situations and balancing the
interests involved. The Government of Canada has the same right. The
rules in the United States may differ from the rules in Canada,
reflecting the structure and values of each individual society. This
is a correct and proper way to handle these problems. The legality of
content is a legal question, and it is properly resolved within the
domain of national governments, and not within international
technical and regulatory standards bodies.

In conclusion

Creating an open DNS Whois system with enforced data accuracy is
neither practical, nor is it just. It would prevent democratic
governments from developing their own policies that balance the
various interests involved in Internet content. Furthermore, as many
Internet addresses are not associated with domain names, no DNS Whois
system will ever be a comprehensive solution to the problem of
accountability. ICANN would be well served to focus its energies on
the IP address Whois systems instead, were they can make real
progress toward a sustainable solution for Internet management
without having to unilaterally resolve fundamental questions about
freedom of speech.

--

-----------------------------------------------------------------
Frannie Wellings
Policy Analyst, Electronic Privacy Information Center
Coordinator, The Public Voice
1718 Connecticut Ave. N.W., Suite 200
Washington, D.C.  20009   USA
wellings at epic.org
+1 202 483 1140 extension 107 (telephone)
+1 202 483 1248 (fax)
http://www.epic.org
http://www.thepublicvoice.org
-----------------------------------------------------------------



More information about the Ncuc-discuss mailing list