“A working group set up by [ICANN] to thrash out differences over proposed privacy changes to the WHOIS database stopped work last week with little real agreement on how or even whether to implement the reforms†reports ComputerWorld.
The lack of agreement centres around the “group’s failure to come up with a proposal that could have been accepted by ICANN continues a long-standing stalemate on proposed reforms to the way WHOIS data is handled.â€
There were calls from Tim Ruiz, vice president of corporate development and policy at Go Daddy and a member of the 60 member working group, to end the debate, which has gone on for years, now.
Meanwhile, John Levine, writing in Circle ID, asks what is the problem? He answers the question himself saying there are two problems, these being “WHOIS privacy is not necessarily all it’s cracked up to be, and the other is that so far, nothing in the debate has given any of the parties any incentive to come to agreement.â€
Levine writes that problems in coming to agreement come from “some horror stories from people who claim to have been stalked or worse by people who got their contact info from WHOIS, and by privacy advocates who point out that if ICANN were in Europe, which it is not, privacy laws would regulate what WHOIS could say about individuals, a variety of proposals have been floated to redact or remove contact information from WHOIS. The privacy crowd considers the merit of these changes to be self-evident, but the rest of us are not so sure.â€
Levine notes that analogies for registering a domain name, and the information you have to provide, “somewhere between picking up a pencil to write a letter and registering a car.†Some people advocate completely anonymous registrations with no recourse to against registrants from a free speech perspective, while Levine leans towards “the car end of the spectrum; if you have a domain, you get definite benefits and gain the opportunity to do both good and bad things, and it is reasonable to expect some responsibility in return for them. I also happen to think that the argument that you need your own second level domain to speak effectively is silly.â€
Levine also says the vast majority of people will never register a domain name. And that the vast majority of “registrations are by businesses and organisations, rather than individuals. Most of the names registered by individuals are used for business purposes, which in the US at least suggests they should be treated as businesses.†He notes.name as an exception, so maybe this merits different policies.
The reason for the failure, says Levine, was “for most of the participants there was no incentive at all to agree, rather than stall and keep things the way they are now. For registrars and registries, OPOC adds a great deal of new work. Many registrars already offer proxy registration with a thin layer of privacy for free or close to it that provides most of the likely benefits of OPOC, with less hassle. … For law enforcement and the extensive web of formal and informal anti-abuse investigators at banks, ISPs, and other organizations subject to abuse, OPOC adds an extra layer of bureaucracy to fight through, with inevitable delays and screwups. … The Intellectual Property constituency, primarily trademark lawyers, see WHOIS as a primary source of information about who to sue.â€
In ComputerWorld, it’s noted, “There was also concern among the registrars about the cost implications of some of the proposed changes†said Lynn Goodendorf, vice president of information privacy protection at Intercontinental Hotels Group. ComputerWorld also notes there was some “disagreement over accountability issues under OPoC and the speed at which registrars would be required to respond to requests for access to shielded data†according to Eric Dierker, chairman of ICANN’s GNSO general assembly.
Towards the end Levine says the “main arguments I’ve heard for OPOC or other data removal are less than compelling. There’s the stalker horror stories, which even if you believe them, the current proxy registrations address as well as OPOC. Several people have pointed out that the current WHOIS doesn’t satisfy European privacy laws, to which a reasonable response is so what? ICANN isn’t in the EU, nor are the major registries, nor are the largest registrars. They’re in the US, which has no privacy laws at all. (Tucows is in Canada, which has a privacy law, but most of their customers are outside Canada, and the privacy commissioner has shown little inclination to enforce it on behalf of non-Canadians.) And what’s the EU going to do? Tell their registrars that they can’t register any more domains? So that’s why there was no possibility of consensus on OPOC or anything like it.â€
Levine also asks if ICANN should push through the Whois changes anyway, but says it would be inevitable there would be a lawsuit from one of losing factions “since we know from experience that suing ICANN is the most effective way of getting them to do what you want.â€
Levine doesn’t rule out changes eventually, but he’s not holding his breath waiting.
For more information, see: