WHOIS is a crucial tool for intellectual property professionals in determining exactly who is responsible for a domain name or IP address when it comes to protecting clients’ assets. Despite this high level of reliance, the system is far from watertight with respect to the accuracy and quality control of the data it provides. The framework for deciding whether a next-generation gTLD Registration Directory Service (RDS) is needed to effectively address these issues may finally be decided this year.
Background
WHOIS was created by ARPANET network operators in the 1980s as a means to identify and contact individuals or entities involved with the network. As ARPANET developed into the Internet of today, the users of WHOIS diversified hugely. Now individuals, law enforcement agencies, intellectual property owners, businesses and registrants with largely varying interests are all part of the same system. Since its formation in 1998 the Internet Corporation for Assigned Names and Numbers (ICANN) has used its agreements with registrars and registries to try and improve the WHOIS service but despite this, and over a decade of task forces, working groups and studies, fundamental issues remain.
Why isn’t it working?
Purpose – A consensus on the purposes for collecting, storing and providing registration data has not been attained since the inception of WHOIS.
Data accuracy – The 2013 Registrar Accreditation Agreement, a bilateral agreement between ICANN and ICANN accredited registrars, requires limited data verification/validation and fails to directly impose consequences on a Registrant for the provision of inaccurate WHOIS information.
Accessibility – Contact information is not in a single common language.
Privacy/proxy services – The number of ‘typosquatting’ domains and domains subject to UDRP using a privacy or proxy service is significantly above average.
Data misuse – Email, postal addresses and phone numbers published on WHOIS are targeted by spam, phishing and identity theft.
What could change?
The Expert Working Group on gTLD Registration Directory Services (EWG) has recommended, though not unanimously, that a completely new RDS be created.
Some of the key features of the recommendations include:
Gated data access – An end to anonymous access by everyone to everything. A minimal amount of data would be accessible to the ‘public’. All other data would only be accessible to authenticated RDS users (with a Requestor ID) who can assert a permissible purpose for requiring access to the ‘gated’ data. The data returned in response to the query will only be that deemed permitted for the stated purpose.
Data elements – Only accredited requestors will be able to obtain the name of Registrants. Data will be displayed in local languages.
Data validation – Standard validation would occur at time of collection of contact data and on a periodical basis. Users will also be able to see when data was last validated. Pre-validation of blocks of data will be available, by ‘Validators’, for reuse in multiple domain name registrations. Identity validation of contact data applicants would be optional, utilising e.g. post offices, ccTLD managers, tax offices, telephone companies etc, as a higher level of validation for entities that want to benefit from potentially greater consumer confidence in domain names registered on an identity validation basis.
Accredited Privacy/Proxy service – All Registrants would have to assume responsibility for the domain names they register unless registered via accredited Privacy/Proxy service providers. As a minimum requirement, accredited providers would be required to disclose contact information for the party they act for within seven days of receipt of reasonable evidence of actionable harm.
Next steps – the significance of 2016
The EWG report is now with the Generic Names Supporting Organization (GNSO) Council for its consideration. The GNSO Council will now finalise the framework for a Policy Development Process (PDP) Working Group to define, amongst other things, if and why a next-generation Registration Directory Service (RDS) is needed to replace WHOIS and the requisite policies, coexistence and implementation guidance to meet those requirements of the decision taken.
You can access the in depth reports forming the basis of this article here and here.