Whois Service Comes Under Fire

Article Updated

According to a recent AP article, the Whois service, a series of databases with information about the individuals that register domains, has come under fire from privacy advocates and a new proposal seeks to do away with the service altogether.

Such a move would be a tremendous blow to law enforcement, lawyers and researchers that regularly use the database. However, it may also alleviate some of the spam and privacy concerns that come with the database in its current format.

No matter what is decided this Wednesday when a committee from the Internet Corporation for Assigned Names and Numbers (ICANN) meets, this will be a major issue to follow and one that will have a major impact on both the structure of the Internet and how Webmasters protect their content.

What Is Whois

When someone registers a domain such a .com or a .net, they provide a set of information including their name, email, address and phone number. This information is placed into a Whois database, which each domain registrar keeps, and is then searchable by using a Whois lookup tool, such as the one found on Domain Tools.

This means that, if you register a domain, anyone can look up the information that you provided for it. If you gave your personal information, that could include your home phone and address.

To alleviate these privacy concerns, Whois protection services such as Domains By Proxy have sprung up to keep Whois information secret. These services work as forwarders, letting you use their address as your own and forwarding you email sent to the anonymous account they created for you. They can also be compelled to give up your actual registration info in certain events, including legal matters.

However, such steps have done little to alleviate the concerns of some privacy advocates. They worry about the requirement of posting personal information in a public space in order to obtain a domain and want better protection for Webmasters.

To make matters even worse, spammers have seized on the service, using it to harvest thousands of addresses and send out bulk mail, often relating to domain names.

On the other hand, law enforcement uses Whois to track down criminals. Consumer watchdogs use it to spot scammers. Also, lawyers use it to locate copyright and trademark infringers and anti-spam groups use it to track and monitor spammers.

In short, it is a very powerful tool with both great limitations and serious drawbacks.

Fixing Whois

The problems with Whois are well-documented.

Beyond that above mentioned privacy issues, it is too easy to supply false information to the database. There is nothing to stop a scammer from just putting garbage into his Whois information and avoid detection.

You can report invalid Whois information but action is unlikely and slow. It is also, generally, limited to the revoking of the domain and does little to actually identify the person behind the site.

This has resulted in a great deal of inaccurate information in the Whois databases and that, in turn, has limited the usefulness of the tool. Because of that, ICAAN has started looking at ways to improve the tool and the organization is actively looking at proposals for fixing it.

However, most of the proposals are much more mild than the “sunset” proposal that has caused such a stir and would do away with Whois by the end of 2008. According to the AP article, a proposal encouraging more study of Whois abuse and the extent of personal registration is much more likely to pass.

But no matter what happens tomorrow when the committee meets, what is clear is that this will be an issue to watch and follow as the outcome of what is decided could drastically change the Web and how we identify the people behind the sites.

What it Means to Us

The good news for Webmasters dealing with copyright issues is that the Whois service is not the tool to use when locating the host of a site. Other tools, such as DNS and IP Whois, are much more valuable in gleaning that information.

However, while that is great for copyright holders that favor contacting hosts and sending DMCA notices, such as myself, it doesn’t bode well for those who prefer to contact the infringer directly. In many cases, the Whois database is the only source for that information as it is not always posted on the site itself.

If the Whois service does disappear, I expect the following things to happen in the realm of content theft.

1. DMCA Notices Will Become Much More Popular: Expect more and more Webmasters to turn to DMCA notices and other host contacts as the methods of contacting infringers directly become more limited.
2. More Subpoenas: Though the information would not be a in public database, the registrar would still have all of the pertinent information, especially if the individual paid with a credit card. Lawyers might not simply be able to look up who owns a domain, but they certainly could subpoena the information if needed.
3. Less Enforcement By Novice Webmasters: The Whois service is popular for tracking down plagiarists because it is very simple to use. You punch in a domain and out comes the information associated with it. Novice Webmasters often lack the knowledge to use more advanced networking tools and, without the Whois database, would have almost no recourse.

In short, veterans of dealing with content theft will likely barely notice the disappearance of the Whois service but less experienced Webmasters may find themselves lost without it.

Conclusions

The Whois service is a powerful tool that has some very large problems and raises some very serious concerns. There is little doubt that the service is both riddled with problems and has attracted unwanted attention from the dark side of the net.

However, that does not mean that one can simply ignore all of the good that it does and the potential uses for the Whois service. Proposing to kill off Whois because of its flaws is an extreme overreaction, especially when the depth of these flaws and the possibilities for remedy are not fully understood.

In the end, I have to agree that further study of the problem is needed before anything is decided, especially something as drastic as eliminating the service altogether. The problems that face Whois are great but trying to shut it down is just another non-answer, a way to avoid dealing with the issues.

Whois needs an overhaul, that much is very clear, but shutting it down and walking away not only does more harm than good, but fails to address the issues adequately and, instead, just shuffles them onto the individual registrars.

We, the Internet-using public, entrust ICANN to deal with the tough issues and not run away from them. Shutting down Whois, at this phase, would be exactly that.

We can only hope that ICANN will see this and do what is right, take a more measured approach to the problem and learn more about the issues at hand before leaping off the veritable cliff.

Related: Mashable

Update: The committee voted 17-7 to keep the Whois database as it is right now and shot down a proposal to allow “natural persons” to designate a third party agent. The “sunset” proposal was defeated 13-10. ICANN is instead comissioning additional studies on the issue and will likely be coming back to it in the coming years. With the closer margin on the sunset option, it appears more likely than previously thought.