[WSIS CS-Plenary] ICANN is [not exactly] doing something right to fight fraud

Tue Oct 12 20:05:34 BST 2004

Nabil:
Here is the background story to this.

The contact information associated with your domain
is stored in a database known as the "Whois database."
This data is open to the public - anyone in the world can 
query the whois database and find out your name, phone 
number, physical address, etc. The open access to this
information violates the privacy directive of the EU and 
some national laws. 

It is true that Whois data can be used to track down
spammers and frauds. It is also true that Whois information 
can be obtained through anonymous  queries, with no 
traceability or accountability. As such, it can be abused by 
spammers, identity theft artists, and stalkers. Just
today, I received an annoying telephone call in my
university office from a company trying to sell me something;
they got my number from Whois. Sometimes this information
is automatically harvested by commercial information
services firms that sell it to trademark enforcement
law firms. It can also be harvested by spammers.

The main advocates of keeping that information publicly
accessible are intellectual property attorneys searching
for trademark and copyright violations on the web. 
Also law enforcement agencies. The law enforcement
agencies are legally able to get the information in other
ways (e.g., subpeonas), but prefer Whois because it 
is so cheap and fast. They don't care about due process
rights anymore.

Many people have pointed out to ICANN that a lot of
domain name registrants enter inaccurate data because
the data is not private. They enter false information to
protect themselves from potential abuse. Privacy 
advocates have pointed out that restricting access to
Whois data would encourage more people to enter
correct information. Legitimate law enforcement
needs could still be served by revealing the information
upon request. 

However, because it is so strongly influenced by
intellectual property interests, ICANN has moved to
strengthen the "accuracy" of Whois data, WITHOUT
yet making any effort to protect its privacy. The notice
you received is a product of that effort. 

However, ICANN's institutional capacity is still quite
weak. As you so keenly observed, some registrars
provide these notices and others don't. ICANN does not
seem to be doing anything to enforce the requirement.
Also, I know of people who have complained of inaccurate 
whois data, yet nothing has been done about it. 

The ICANN Noncommercial Users Constituency is
deeply involved in policy making around Whois at this
time. If you are interested in getting involved email
me back privately.

Milton Mueller
www.ncdnhc.org 

>>> webmaster at nilebasin.com 10/12/2004 1:01:07 PM >>>
May be it is by chance, but here is something that I have asked for a
little while ago being done to battle Internet fraud. My question is
why I
had only received this from just one of our two hosting/domain
registrar
agencies? I have removed just the material specific to our account.