Whois data: winning back the Net

I’ve written a piece for The Register which went up this morning about [tag]Nominet[/tag] having to deal with a US company surreptiously data-mining the Whois details for .uk domains to use in their products.

It’s an interesting story in that it highlights something that most people are really very unaware of, plus helps outline the risks we face in not building sufficient privacy laws with digital technology. Nominet is a rare example of a main Net registry that provides a minimum of Whois information about domain owners and also has an opt-in to remove all information except your name.

This system about thanks to two Australian con-men a few years ago taking the entire [tag]Whois[/tag] for .uk domains and then using it to send people letters telling them they had to pay extension fees to keep their domains. It was a scam, but one that 50,000 Nominet customers were fooled by.

That isn’t my main point however. My main point is that while under European law, the Whois data is copyright and therefore protected, under [tag]ICANN[/tag] rules, all global top-level domains – which means all dotcoms, dotnets, dotorgs etc – have to make all people’s contact details publicly available, and that means home address and telephone number and email address.

I’ve always liked this because as a journalist I’ve been able to get in touch with domain owners very easily and quicky, but for years these easily accessible details were the databases that spammers used to make everyone’s lives a misery. And alot of the scammers. These databases are still out there and are still used.

Fortunately, registrars started putting protections on accessing this information. With most Whois databases now, you are given a wobbly representation of numbers and letters to manually type in to get the information, thereby preventing automated scripts from simply dragging the information of the servers.

But (and I’ve been meaning to blog about this for a month), the GNSO part of ICANN voted in a new definition for what the Whois can be used for in March, which will restrict the information that will be displayed to just the name and maybe the email address – with home address and telephone numbers pulled out.

It has still to get past the ICANN Board, but it has been a long, lengthy and drawn-out battle in the Internet community – three years in fact – to finally get there, despite massive privacy concerns from day one.

Milestone

I believe the change is much more significant than just the Whois though. What it represents is the Internet hitting another milestone in its maturity as a medium. The Whois rules as they currently exist came about thanks to the unusual history of the Net. When all the rules for how it would work were being decided, it was a pretty scrappy discussion. But there was one group that was highly organised, highly focussed and, well, aggressive and overbearing.

They were, of course, lawyers. Intellectual Property lawyers. As a result this group managed to distort a huge number of basic Net rules in their favour, including the frankly ridiculous rule that a person’s entire contact details for a domain name be made freely and publicly available.

Well, it’s all turning back now. The Net is of such importance that these bad rules are being written out. The medium has become integral to our lives and the mini-powerbrokers’ era is over. The Whois is one important step on that path.

The biggest and most important step is still to come however. And that will be reform of the domain name arbritration rules. That will be a big battle. But I for one will be at the front waving years of stories about how utterly corrupt the [tag]UDRP[/tag] rules are, with WIPO the online equivalent of the Spanish Inquisition.

People probably won’t notice when that day comes, in much the same way that they won’t notice when the Whois changes, but these are the things going on under the surface that are making the Internet the great global medium it is.

[I’m only glad I don’t live in the US – where big business is shamefully trying to turn the Internet in a controlled space. Somewhat ironic. But I will write more of net neutrality later. If you are interested, the best source of information I would say was Susan Crawford – check out her blog.]

  1. Changing the amount of data published in whois may not be a bad idea, though I would have reservations about taking too much information out, as it makes tracking down abuse and other matters hard work. The current whois data is known to be inaccurate anyway, so it’s a bit of a moot point.

  2. > The current whois data is known to be inaccurate anyway, so it’s a bit of a moot point.

    I don’t agree Michele. I think many people have resorted to giving false details because the Whois details are so public. And the ironic result is that the people that are honest and provide their details are the ones that are penalised.

    Many registrars have started offering an anonymising “service”, which they charge quite a lot for where they put in their details and keep the owners details private. There is nothing to stop the police contacting registrars and getting the owner information that way, and there is nothing to stop the authorities shutting down sites if they break the law – so why exactly are we allowing all these details of ordinary people to be made available publicly, widely and for free?

    Kieren

Comments are closed.