overview
generics
new gTLDs
nations
territories
2LDs
alternatives?
values
managers
industry
squatting
slamming
monetising
disputes
WHOIS
related
Guides:
Networks
Metrics
related
Profiles:
auDA &
dot-au
ICANN
dot-nz
DNS sizes
trademarks
reputations
|
WHOIS
This page looks at databases about domain name registrations.
It covers -
introduction
Conceptualisation of cyberspace - or merely domain names
- as a form of real
estate has been reflected in expectations that there
will be some form of comprehensive publicly-accessible
'land register' or 'titles register', a database that
supplies details of
- who
registered a particular domain
-
when that registration took place
- where
to contact the registrant.
It has also been reflected in disputes about the use -
or abuse - of that data, with competing registrars for
example using registrant contact details to market their
services and spammers harvesting registrant information
for everything from phishing expeditions to offers of
miracle cures.
Privacy advocates have sought restrictions on what information
is made publicly available.
Intellectual property owners, entities that have been
defamed or are otherwise
aggrieved, and law enforcement bodies have sought ready
access to registration information as the basis for lititigation
or for determining responsibility.
what is a WHOIS
A WHOIS database contains contact information supplied
by the domain name registrant, ie the entity responsible
for registering the domain name - sometimes characterised
as the "domain name owner".
The information typically includes the full name of one
or more individuals, fax and voice numbers, an email address
and a postal address. It may include other information,
including a national business identification number.
In discussing the domain name system (DNS) we have noted
debate about privacy aspects of WHOIS databases for gTLDs
(eg dot-com) and ccTLDs (eg dot-au and dot-nz).
During the first years of the internet WHOIS information
was primarily used by network administrators. With the
proliferation of sites and the emergence of cybersquatting
such contact details came to be of interest to both those
engaged in litigation and those who wanted to harvest
information for direct marketing, eg for spam.
ICANN, in discussing gTLD WHOIS, commented
The
WHOIS service dates back at least to 1985 and, as defined
in RFC 954, provides a "directory service to Internet
users". Today the WHOIS "directory" includes
contact information for tens of millions of domain names,
and is used for a wide variety of purposes by network
operators, business of all kinds, law enforcement, consumer
protection agencies, and members of the public. Through
its contracts, ICANN requires registries and registrars
to gather and display both technical information and
contact details for all registrants. As an increasingly
diverse range of both registrants and WHOIS data users
have begun making use of the domain name system in recent
years, situations have arisen where a registrant's
contact information may be considered sensitive, and
calls have been made for better privacy protections
within the WHOIS system
who owns the WHOIS
In discussing the global information infrastructure (GII)
we have noted that network operators, rather than network
users, own the addresses on those networks. An individual,
for example, does not 'own' a telephone number or a domain
name but instead is licensed to use that address, generally
on the basis of ongoing renewal in perpetuity (subject
to provisos such as payment of fees to the network operator).
The OECD's 2002 paper (PDF)
on Cybersquatting: The OECD's Experience & The
Problems It Illustrates With Registrar Practices And The
WHOIS system and Milton Mueller's Ruling the Root
(Cambridge: MIT Press 2002) highlight some concerns regarding
use - or misuse - of WHOIS information.
In decrying ICANN's closeness to government and intellectual
property interests Mueller charged that
copyright
interests now view expanded WHOIS functionality as a
way to identify and serve process upon the owners of
allegedly infringing Web sites ... 'technical coordination'
of the domain name system is already being leveraged
to police the content of Web sites as well as their
domain names. Moreover, public law enforcement agencies,
notably the US Federal Bureau of Investigation, have
become deeply interested in the use of WHOIS to supplement
their law enforcement activities. Ultimately, the intent
seems to be to make a domain name the cyberspace equivalent
of a driver's license. Only, unlike the driver's licenses
database, this one would be publicly accessible to anyone
and everyone to rummage through as they pleased.
accuracy
Questions about the accuracy of WHOIS databases involve
consideration of what information is meant to be collected,
the stringency with which that information is collected
(eg whether it is verified prior to inclusion on a particular
database) and what information is publicly accessible.
The exploitation noted above - including alleged substantial
misuse by some domain name registrars - has resulted in
restrictions on publicly-accessible information in some
spaces, with suppression of some information or barriers
to automated harvesting.
Such restrictions have coincided with - and often followed
- registrant provision of spoof contact details, such
as registration by Santa Claus, Mickey Mouse or Idi Amin
of 1 Nowhere Street in Somewhereville.
privacy
Restrictions on access to WHOIS data vary from jurisdiction
to jurisdiction, reflecting the shape of national privacy
law and sensitivity to potential abuses.
A 2006 ICANN report noted
concerns regarding privacy aspects of gTLD WHOIS databases.
Canadian academic Michael Geist for example noted that
Canadian privacy legislation "prohibits the mandatory
disclosure of personal information not strictly necessary
to provide the service" and commented that Whois
potentially creates "a chilling effect on Internet
speech by mandating the disclosure of personal information
in connection with criticism or whistleblower sites".
Mikki Barry of the Domain Name Rights Coalition noted
the effect of Whois on bloggers and political dissidents,
commenting that she had "personally received postal
mail threats and been stalked"
using Whois information.
Another activist claimed that Whois impacts on bloggers
who
live
where they work, at home. Providing that kind of contact
information publicly is a way of setting them up for
identity theft, stalking, stupid lawsuits, and the fear
of never knowing when some net kook is going to show
up on one's doorstep ... anonymity doesn't reflect a
desire to be serious. It really is a question of safety.
Danny
Younger asserted that corporate executives should not
be allowed to hide behind corporate registrations, instead
being subject to the publication of their personal data
so that they could be exposed to "the probability
of identity theft, stalking and netizen rage".
Gadfly Karl Auerbach characterised an ICANN proposal as
little
more than an overt raid by select commercial interests
to bypass established and proper legal means of obtaining
information
and
referred to "an abuse of process" in describing
an attorney for a large media group who "uses whois
data to send automated cease-and-desist letters to anyone
who registers a domain name that has any semblance to
hiscompany's marks".
VeriSign's
terms for use of its WHOIS for example specifies that
- users
are not authorized to access or query the database through
the use of electronic processes that are high-volume
and automated except as reasonably necessary to register
domain names or modify existing registrations
-
the database is provided for information purposes only,
and to assist persons in obtaining information about
or related to a domain name registration record, with
no guarantee of accuracy.
-
the database may only be used for lawful purposes, with
specific restrictions on use of WHOIS data to "allow,
enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations
via e-mail, telephone, or facsimile".
-
compilation, repackaging, dissemination or other use
of the data is expressly prohibited without prior written
consent
- there
is a restriction on use of "electronic processes
that are automated and high-volume to access or query
the Whois database except as reasonably necessary to
register domain names or modify existing registrations".
global searching
There is no single integrated global WHOIS (ie one covering
all TLDs) and no service enabling a comprehensive single
search of all registries. Development of such a service
does not appear to be underway.
That is unsurprising, given the large number of gTLDs
and ccTLDs (some 240 ccTLDs for nations and territories),
many with quite different rules on registration, separate
WHOI databases and varying rules on access to WHOIS data.
Australia (dot-au) for example
has a more restrictive WHOIS, relative to dot-com, given
the Australian privacy
regime and local concerns about spamming.
We are periodically asked whether it is possible to quickly
determine registrants on a global basis. For example a
2006 query was
Is
there a service out there that can search all the domain
registries by owner? For instance, is it possible to
search for "Joe Blogs" and see what domains
he owns. If not, how might this service be possible?
In
principle, for a comprehensive search one would need to
search each of the registries.
In practice one could search the major registries, on
a registry by registry basis, as a particular individual
or organisation will not have a domain registration in
each/every ccTLD/gTLD, given restrictions (such as nationality)
highlighted in preceding pages of this profile. An individual
thus could not have a domain in each of the Timor-Leste,
Saudi Arabia, Ghana, Peru and Vatican City spaces.
::
|
|
blaw