IP Watch on WHOIS Issue
Robin Gross
robin at IPJUSTICE.ORG
Thu Jul 6 20:21:35 CEST 2006
From IP Watch:
http://www.ip-watch.org/weblog/index.php?p=352&res=1024_ff&print=0
6/7/2006
Governments and Intellectual Property Community Fight For Open
Whois Access
By Monika Ermert for /Intellectual Property Watch/
Should everybody who registers an Internet domain name be forced to
publish his private address, email address and phone number on the
Internet? A storm broke out over the question of the so-called Whois
data at the meeting of the Internet Corporation for Assigned Names and
Numbers <http://www.icann.org/> (ICANN) in Marrakesh last week.
ICANN is the technical coordination body for the Internet domain name
system, and is headquartered in California and operating under an
arrangement with the US Department of Commerce. Every domain name
registrant is required to submit their contact information, known as
Whois data, which is published publicly on the Internet. This has been
useful to law enforcement and intellectual property right holders, but
has concerned companies who sell domain names to end users and are
required to collect accurate information, Internet service providers
required to hold the data, and privacy advocates. It also has been seen
as a feeding ground for spammers who send out mass unsolicited
commercial emails, and has been found to have a high proportion of
inaccurate data.
The open Whois has caused registrars in countries with strict data
protection laws, for example those in the European Union, considerable
headaches in recent years. European data protection officials have
warned ICANN on several occasions to stay within EU data protection
laws. Peter Schaar, Germany’s federal commissioner for data protection
and freedom of information and currently head of the Article 29 group of
European data protection officials, reiterated this warning at the end
of the week.
The question is anything but new to domain name registrars, but an ICANN
task force of the Generic Name Supporting Organisation (GNSO) that was
dedicated to the Whois question has struggled for nearly six years to
reach consensus between registrars and users on the one side and
trademark and intellectual property representatives on the other.
After the GNSO Council decided in a split vote earlier this year that
the purpose of the Whois service was strictly technical, governments and
stakeholders from ICANN’s Intellectual Property Constituency and
Business Constituency in ICANN joined forces in their claim that they
must not be stripped of that source of information on domain name
registrants.
A Critical Consumer Protection Tool
Representatives of the US Federal Trade Commission (FTC), the Dutch
Telecommunications Regulatory Authority Opta and Japan’s
Telecommunications Consumer Policy Division of the Japanese Ministry of
Internal Affairs and Communications warned against limitations in access
to personal data of domain name owners at a panel session of ICANN’s
Government Advisory Committee (GAC) organized by Susanne Sene of the US
Department of Commerce. FTC Commissioner Jon Leibowitz said: “If ICANN
restricts the use of Whois data to technical proposes only, it will
greatly impair the FTC’s abilities to identify Internet malefactors
quickly.”
FTC investigators have relied heavily on information in the Whois
database for the last decade to identify spammers and scammers, said
Leibowitz. “Whois databases often are one of the first tools FTC
investigators use to identify wrongdoers,” he said. “The FTC is
concerned that any attempt to limit the Whois to this narrow purpose
will put its ability to protect consumers and their privacy in peril.”
The head of Opta, Chris Fonteijn, and Hiroyo Hiramatsu of the Japanese
communications ministry supported Leibowitz’ view, with Hiramatsu
clearly addressing the violation of IP rights as a major problem that
made an open Whois database necessary. According to the Japanese
provider liability law (enacted in 2002) IP owners can ask Internet
service providers (ISPs) take down material posted on the Internet when
they see their rights violated. Without Whois access their
investigations would be difficult, they said.
A group of domain name registrars reacted quickly to the concerns by
confirming that they certainly would “continue to collect the data
commonly known as Whois data” and also “continue to provide access to
such data by law enforcement, intellectual property, ISPs and other
legitimate users, through appropriate processes.” In fact, registrars
that hold the main volume of Whois data were “open to improve those
processes for more efficient access by legitimate users.” According to
the registry-registrar agreement they would store more data for a period
of three years after the end of the contract with a specific customer,
and all this data was available to law enforcement, again “through
appropriate processes.”
GNSO Council member Mawaki Chango, a Togolese academic who worked for
the UN Educational, Scientific and Cultural Organization (UNESCO), said:
“If I build a house, I don’t build it for the purpose of law
enforcement. But if I do something bad, law enforcement entities can
come in and search.” In that way, the whole debate on the purpose of the
Whois data is a waste of time, he said.
The final report of the Whois task force would only be ready by the end
of the year, he said. According to GNSO planning, the ICANN board shall
decide on the future Whois in early 2007.
Making the Right Info Accessible to the Right People
In the end, the question comes down to what “appropriate procedures” for
access mean and how the much-discussed concept of “tiered access” will
be realized. Tiered access that will be technically perfected by a Whois
follow-up system (a system currently being developed by the Internet
Engineering Task Force under the title CRISP) means that only some
information will be public, while the full data set will be only
available through formal procedures. But formal procedures could slow
down the speed of investigations and consume more time and cost,
especially in cross-border investigations, officials said.
“We would need formal requests and would have to enforce them against
registrars, which is a more complex process,” said Opta’s Fonteijn.
“Research for historic data and patterns would become more difficult,”
he said. “Spam enforcement internationally would become very difficult
and the Internet could become a safe haven for abuse.”
Leibowitz said: “Where a registrar is located in a foreign jurisdiction,
the FTC often has no other way to obtain the information it needs,” said
Leibowitz. “The FTC cannot, in most cases, readily require a foreign
entity to provide us with information.” The US Department of Justice at
an ICANN meeting in Montreal in 2002 asked for a completely open Whois
in order to allow the authorities to search Whois data without being
identifiable as law enforcement or public investigators.
Leibowitz said in Marrakesh that not only governments but also normal
users should have open Whois access. If users could start to look into
the issues themselves it would also support public authorities. This
demand was echoed by various members of the Business and IP Constituency
of ICANN who want to investigate violations in IP and trademark rights.
Sunlight on Illegal Internet Behaviour
“The publicly available Whois provides sunlight in the battle against
illegal and improper behaviour on the Internet", said Steve Metalitz of
the ICANN Intellectual Property Constituency and a Washington lobbyist.
“If we’re going to block that sunlight in some way through changes to
the system, what are we going to do to bring light to these corners of
the Internet?”
ICANN’s Non-Commercial Constituency representatives said they are weary
of the alliance between government and IP interests and at Marrakesh
they especially warned against a Whois policy that contradicts European
data protection law.
Milton Mueller, a professor at the School of Information Studies at
Syracuse University (US), asked the representatives of government
agencies: “How do you protect us against spam by publishing contact data
for every spammer that could be automatically harvested from the Whois
database?”
Questions of Consistency with EU Law
Nigel Williams, administrator for the country-code top-level domain for
Jersey (.je) and Guernsey (.gg), referred to the EU privacy directive
and to Article 8 of the Convention on Human Rights of the Council of
Europe. Both would be violated by a Government Advisory Committee
decision to oblige people to have their personal data published online.
“The law in 25 countries is pretty clear,” said Williams.
This was clearly confirmed by Schaar, the German federal commissioner of
data protection and freedom of information. In answer to questions from
/Intellectual Property Watch/, Schaar wrote: “The purpose of Whois
databases is to ensure communication over the Net. It’s a technical
purpose and it should be kept that narrow in the future, too.” Schaar
said also that the scope of the data collected had to be reviewed carefully.
“The principle that data should only be collected and used as there is a
need for them is a fundamental principle of European data protection
law", said Schaar. General access should be basically restricted to
technical information as identifying the provider of a domain and their
contact data. “Above this only government agencies might be given
accesss according to the law,” as long as they have data protection
themselves.
“Should users not be allowed to protect themselves?” Kathy Kleiman,
co-founder of the Noncommercial Users Constituency, asked ICANN in
Marrakesh. Kleiman cited several cases of stalking of individuals from
the public Whois database.
IP owners at the ICANN meeting said that they felt violated mainly from
private “pirates". And Sarah Deutsch, vice president and associate
general counsel at Internet service provider Verizon said: “Just because
a person is an individual doesn’t mean that they should have the right
to privacy necessarily. There’s no right of privacy to commit a crime,
and we should not be in a situation where registrars are flooded with
subpoenas for every single trademark or copyright.”
The GNSO Council reacted to the fierce debate offering that the Whois
task force would take into account Government Advisory Committee and
community considerations – so the battle goes on.
------------------------------------------------------------------------
/This work is licensed under a Creative Commons License
<http://creativecommons.org/licenses/by-nc-sa/2.0/>. All of the news
articles and features on Intellectual Property Watch are also subject to
a Creative Commons License
<http://creativecommons.org/licenses/by-nc-sa/2.0/> which makes them
available for widescale, free, non-commercial reproduction and translation./
/Monika Ermert, the author of this post, may be reached at
info at ip-watch.ch <mailto:info at ip-watch.ch>./
6/7/2006
Governments and Intellectual Property Community Fight For Open
Whois Access
By Monika Ermert for /Intellectual Property Watch/
Should everybody who registers an Internet domain name be forced to
publish his private address, email address and phone number on the
Internet? A storm broke out over the question of the so-called Whois
data at the meeting of the Internet Corporation for Assigned Names and
Numbers <http://www.icann.org/> (ICANN) in Marrakesh last week.
ICANN is the technical coordination body for the Internet domain name
system, and is headquartered in California and operating under an
arrangement with the US Department of Commerce. Every domain name
registrant is required to submit their contact information, known as
Whois data, which is published publicly on the Internet. This has been
useful to law enforcement and intellectual property right holders, but
has concerned companies who sell domain names to end users and are
required to collect accurate information, Internet service providers
required to hold the data, and privacy advocates. It also has been seen
as a feeding ground for spammers who send out mass unsolicited
commercial emails, and has been found to have a high proportion of
inaccurate data.
The open Whois has caused registrars in countries with strict data
protection laws, for example those in the European Union, considerable
headaches in recent years. European data protection officials have
warned ICANN on several occasions to stay within EU data protection
laws. Peter Schaar, Germany’s federal commissioner for data protection
and freedom of information and currently head of the Article 29 group of
European data protection officials, reiterated this warning at the end
of the week.
The question is anything but new to domain name registrars, but an ICANN
task force of the Generic Name Supporting Organisation (GNSO) that was
dedicated to the Whois question has struggled for nearly six years to
reach consensus between registrars and users on the one side and
trademark and intellectual property representatives on the other.
After the GNSO Council decided in a split vote earlier this year that
the purpose of the Whois service was strictly technical, governments and
stakeholders from ICANN’s Intellectual Property Constituency and
Business Constituency in ICANN joined forces in their claim that they
must not be stripped of that source of information on domain name
registrants.
A Critical Consumer Protection Tool
Representatives of the US Federal Trade Commission (FTC), the Dutch
Telecommunications Regulatory Authority Opta and Japan’s
Telecommunications Consumer Policy Division of the Japanese Ministry of
Internal Affairs and Communications warned against limitations in access
to personal data of domain name owners at a panel session of ICANN’s
Government Advisory Committee (GAC) organized by Susanne Sene of the US
Department of Commerce. FTC Commissioner Jon Leibowitz said: “If ICANN
restricts the use of Whois data to technical proposes only, it will
greatly impair the FTC’s abilities to identify Internet malefactors
quickly.”
FTC investigators have relied heavily on information in the Whois
database for the last decade to identify spammers and scammers, said
Leibowitz. “Whois databases often are one of the first tools FTC
investigators use to identify wrongdoers,” he said. “The FTC is
concerned that any attempt to limit the Whois to this narrow purpose
will put its ability to protect consumers and their privacy in peril.”
The head of Opta, Chris Fonteijn, and Hiroyo Hiramatsu of the Japanese
communications ministry supported Leibowitz’ view, with Hiramatsu
clearly addressing the violation of IP rights as a major problem that
made an open Whois database necessary. According to the Japanese
provider liability law (enacted in 2002) IP owners can ask Internet
service providers (ISPs) take down material posted on the Internet when
they see their rights violated. Without Whois access their
investigations would be difficult, they said.
A group of domain name registrars reacted quickly to the concerns by
confirming that they certainly would “continue to collect the data
commonly known as Whois data” and also “continue to provide access to
such data by law enforcement, intellectual property, ISPs and other
legitimate users, through appropriate processes.” In fact, registrars
that hold the main volume of Whois data were “open to improve those
processes for more efficient access by legitimate users.” According to
the registry-registrar agreement they would store more data for a period
of three years after the end of the contract with a specific customer,
and all this data was available to law enforcement, again “through
appropriate processes.”
GNSO Council member Mawaki Chango, a Togolese academic who worked for
the UN Educational, Scientific and Cultural Organization (UNESCO), said:
“If I build a house, I don’t build it for the purpose of law
enforcement. But if I do something bad, law enforcement entities can
come in and search.” In that way, the whole debate on the purpose of the
Whois data is a waste of time, he said.
The final report of the Whois task force would only be ready by the end
of the year, he said. According to GNSO planning, the ICANN board shall
decide on the future Whois in early 2007.
Making the Right Info Accessible to the Right People
In the end, the question comes down to what “appropriate procedures” for
access mean and how the much-discussed concept of “tiered access” will
be realized. Tiered access that will be technically perfected by a Whois
follow-up system (a system currently being developed by the Internet
Engineering Task Force under the title CRISP) means that only some
information will be public, while the full data set will be only
available through formal procedures. But formal procedures could slow
down the speed of investigations and consume more time and cost,
especially in cross-border investigations, officials said.
“We would need formal requests and would have to enforce them against
registrars, which is a more complex process,” said Opta’s Fonteijn.
“Research for historic data and patterns would become more difficult,”
he said. “Spam enforcement internationally would become very difficult
and the Internet could become a safe haven for abuse.”
Leibowitz said: “Where a registrar is located in a foreign jurisdiction,
the FTC often has no other way to obtain the information it needs,” said
Leibowitz. “The FTC cannot, in most cases, readily require a foreign
entity to provide us with information.” The US Department of Justice at
an ICANN meeting in Montreal in 2002 asked for a completely open Whois
in order to allow the authorities to search Whois data without being
identifiable as law enforcement or public investigators.
Leibowitz said in Marrakesh that not only governments but also normal
users should have open Whois access. If users could start to look into
the issues themselves it would also support public authorities. This
demand was echoed by various members of the Business and IP Constituency
of ICANN who want to investigate violations in IP and trademark rights.
Sunlight on Illegal Internet Behaviour
“The publicly available Whois provides sunlight in the battle against
illegal and improper behaviour on the Internet", said Steve Metalitz of
the ICANN Intellectual Property Constituency and a Washington lobbyist.
“If we’re going to block that sunlight in some way through changes to
the system, what are we going to do to bring light to these corners of
the Internet?”
ICANN’s Non-Commercial Constituency representatives said they are weary
of the alliance between government and IP interests and at Marrakesh
they especially warned against a Whois policy that contradicts European
data protection law.
Milton Mueller, a professor at the School of Information Studies at
Syracuse University (US), asked the representatives of government
agencies: “How do you protect us against spam by publishing contact data
for every spammer that could be automatically harvested from the Whois
database?”
Questions of Consistency with EU Law
Nigel Williams, administrator for the country-code top-level domain for
Jersey (.je) and Guernsey (.gg), referred to the EU privacy directive
and to Article 8 of the Convention on Human Rights of the Council of
Europe. Both would be violated by a Government Advisory Committee
decision to oblige people to have their personal data published online.
“The law in 25 countries is pretty clear,” said Williams.
This was clearly confirmed by Schaar, the German federal commissioner of
data protection and freedom of information. In answer to questions from
/Intellectual Property Watch/, Schaar wrote: “The purpose of Whois
databases is to ensure communication over the Net. It’s a technical
purpose and it should be kept that narrow in the future, too.” Schaar
said also that the scope of the data collected had to be reviewed carefully.
“The principle that data should only be collected and used as there is a
need for them is a fundamental principle of European data protection
law", said Schaar. General access should be basically restricted to
technical information as identifying the provider of a domain and their
contact data. “Above this only government agencies might be given
accesss according to the law,” as long as they have data protection
themselves.
“Should users not be allowed to protect themselves?” Kathy Kleiman,
co-founder of the Noncommercial Users Constituency, asked ICANN in
Marrakesh. Kleiman cited several cases of stalking of individuals from
the public Whois database.
IP owners at the ICANN meeting said that they felt violated mainly from
private “pirates". And Sarah Deutsch, vice president and associate
general counsel at Internet service provider Verizon said: “Just because
a person is an individual doesn’t mean that they should have the right
to privacy necessarily. There’s no right of privacy to commit a crime,
and we should not be in a situation where registrars are flooded with
subpoenas for every single trademark or copyright.”
The GNSO Council reacted to the fierce debate offering that the Whois
task force would take into account Government Advisory Committee and
community considerations – so the battle goes on.
------------------------------------------------------------------------
/This work is licensed under a Creative Commons License
<http://creativecommons.org/licenses/by-nc-sa/2.0/>. All of the news
articles and features on Intellectual Property Watch are also subject to
a Creative Commons License
<http://creativecommons.org/licenses/by-nc-sa/2.0/> which makes them
available for widescale, free, non-commercial reproduction and translation./
/Monika Ermert, the author of this post, may be reached at
info at ip-watch.ch <mailto:info at ip-watch.ch>./
More information about the Ncuc-discuss
mailing list