IP Holders Press For Access To WHOIS Data

Stony Stevenson writes to tell us that the battle for access to whois data remains at a stalemate this week. "In a blog post on the Internet Governance Project's (IGP) Web site, Milton Mueller, Professor and Director of the Telecommunications Network Management Program at the Syracuse University School of Information Studies and a partner in the IGP, details the Final Outcomes Report of the WHOIS Working Group, published on Tuesday, and inability of the various stakeholders to reach any kind of consensus."

I can hear the rationale now...

[Red_Foreman (877991)]

I imagine the board meeting went like this:

"Clearly, Simmons, everyone who has an internet connection is a potential criminal, and we need to keep tabs on these potential criminals in case they, at some point, intentionally break international copyright law."

"Here, here!"

"So we need access to this data, and if anyone opposes it - they must be hiding something other than just a guilty conscience."

"Besides, we're doing it for the children."

Re:

[caluml (551744)]

I, a Briton, always assumed it was "Hear, hear", but as I've never seen it written down, I'm not sure. I see it written as "here here" more on here, but then again, I see "alot" of people "loosing" things on here too, so maybe I'm right.

Anyone know what's it's meant to be?

Re:

[bl8n8r (649187)]

This sounds much more effective if read in Monty Burns voice. Substitute Simmons for Smithers.

ICANN always insisted on "True Names"

[billstewart (78916)]

ICANN only cares about one kind of IP, and it's Intellectual Property, not Internet Protocol - that's really been its goal since the beginning and the IP Industry are who ICANN mainly works for. One of the things it has always insisted on, and to some extent even the Internet Ad-Hoc Committee that preceded it did this, is that domain registration information needs to be collected and published so that if there's a trademark dispute, the trademark owners can send a process server to the ICBM address of the

Article Summary

[David Chappell (671429)]

The article summary is vague to the point that one is unsure what the subject of the article is. The "IP holders" of the title are trademark registrants of companies which help trademark registrants identify possible infringement. The Whois data referred to is not the public data to which we all have access. Rather it is the names and addresses of the actually domain name registrants in those cases where the domain registrar is acting as a proxy and has placed its own contact information in the public Whois database. The dispute is about who should have access to this secret data and under what circumstances.

Re:Article Summary

[Overzeetop (214511)]

Personally, I think private domains should be illegal. A contact name and physical address, if not phone number and working email, should be required of every domain owner. If this "real estate" on the internet is so valuable, make the disclosure regulations match physical real estate.

Now get off my lawn...

Re:Article Summary

[Neil Watson (60859)]

I think domain owners deserve some privacy both from shady marketers and from Internet crack-pots.

Re:

[JasterBobaMereel (1102861)]

The usual problem here is the Internet is not in the USA it is global - so which Police, which Government should have access to this information?

Re:Article Summary

[IBBoard (1128019)]

I think that's taking it a bit too far. Personally, I think they should roll out something similar to UK domains across on to .coms as well.

With a .uk then you have to show your details unless you are a non-trading individual. If you are such an individual (like me, who run sites as hobbies) then you can opt out of having your details shown and it's free and done by Nominet, not the individual companies you buy domains from.

While I can see a reason for companies not to be able to hide their details (it gives you a definite address for them that you can then match to a trading location, assuming its real), I think individuals have a right to not have their details easily available on the 'net for anyone with a vigilante inclination to be able to find and abuse.

Re:

[ShieldW0lf (601553)]

Lack of transparency leads to fraud. It's not your personal little thing, its global publishing. It shouldn't be anonymous, there should be accountability, you should be able to know at all times who you're dealing with, and there should be no need to get the approval of a non-judiciary body on foreign soil before you do.

But then, I also think the world needs a lot more vigilante action. I'd probably engage in some myself.

Re:

[IBBoard (1128019)]

Lack of transparency leads to fraud....It shouldn't be anonymous, there should be accountability, you should be able to know at all times who you're dealing with,..

Which is why I think there's no real need to extend it to companies as well.

With my .uk domains, you still get to see my name on the registration, you just don't get to see my address. Assuming I live in the UK* (which I do) then why do you need to know whether I live in London or Manchester? And even worse, why do you need to know which number o

Re:

[the_womble (580291)]

.uk domains are actually open to any registrant from any country, but personally I think that's just an oversight of Nominet and that national domains should be for residents only

So a British citizen resident elsewhere who runs a UK oriented site (i.e. me), should not get a .uk domain?

What happens if someone with a .uk domain ceases to be resident in the UK? (me again).

Would you also ban people setting up British companies (which is quick and cheap) purely to own a bunch of .uk domains?

Residence qua

Re:

[IBBoard (1128019)]

There's always borderline cases, but from a quick skim of their rules then I think Canada has it right. As long as you've got a presence in the country (citizen or company) then you have a reason to have a domain. I had an old domain that got snapped up by an American from New Jersey, though. Why would they have need to have a .uk presence? Surely a .com or even (logic forbid) a .us would be more applicable.

I could agree that citizenship would be difficult to enforce (although I guess the Canadians do it so

Re:

[the_womble (580291)]

Given that there are millions (the last number I saw was over 5m) British citizens living abroad there are going to be a lot of borderline cases, and a lot of unfairness in using residence as a criterion. If you use citizenship as the requirement, you will create a lot of paperwork.

As for abusive registrations, these are largely done by professional domain squatters who would simply set up a UK front company (the UK economy is big enough for it to be worth it).

Re:

[IBBoard (1128019)]

Perhaps they would, but that still doesn't explain why any old resident of France, Russia, Iraq, Jamaica, Papa New Guinea or Mongolia would need to get a .uk. Without huge amounts of paper work then there's never going to be any way that you can stop all registrations that aren't applicable under a rule set, but you can certainly reduce it by making it more effort to dissuade the lazier registrants.

Also, there may be 5m 'ex-pats', but how many of them want to own .uk domains? and how many are more elderly p

Re:

[IBBoard (1128019)]

Just realised that first sentence doesn't make sense.

Which is why I think that companies should show information but individuals should still be allowed to obfuscate it.

makes more sense and is what I meant.

Re:

[jcnnghm (538570)]

Spoken like someone who doesn't receive fake renewal notices for tens of domains a month from shady vendors, all gleaned from the whois records. I wish private records had existed when I first started registering domains, they won't do me any good at this point. What is unacceptable about contact via proxy?

Same standard as corporations would be fine.

[raehl (609729)]

In most US states, each corporation is only required to maintain a registered agent address on file with the state, so anyone who needs to contact your organization can do so. The registered agent can be anyone, so for example, you might have your lawyer be your registered agent, and anyone who wants to know who owns the company has to go through him.

We've currently got the same system with domain names - your registrar can act as your registered agent, serving as a barrier between the public and you. If someone has a legitimate need to contact you, they can do so through your registrar. If not, they can't. I don't see any reason to change this.

Re:

[f1055man (951955)]

Incorrect. Most states that aren't tax dodges (I'm looking at you Delaware) also require some combination of annual reports, corporate bylaws, and pincipals (often just managing partner). Of course access is limited to these documents due to the nature of government IT. Some states provide net access to scanned corporate filings, others have paper indexes.

Corporations have to disclose more than that

[Animats (122034)]

Incorrect. Most states that aren't tax dodges (I'm looking at you Delaware) also require some combination of annual reports, corporate bylaws, and principals (often just managing partner).

Yes. I've been data-mining that data for SiteTruth [sitetruth.com], and it's amusing. No two states have the same format, although there's some similarity. Delaware provides less free info than most states. Some states have deliberate weaknesses in their data. Nevada, for example, doesn't require that changes in corporate officer

Re:

[Jeff DeMaagd (2015)]

I don't think the comparison to real estate is very apt. There are enough differences such that we can't randomly apply parts of the real estate paradigm to it without thinking it through. This type of "real estate" doesn't have clearly defined neighbors, aaa.com can be a gawdy site and still not hurt aab.com because almost nobody would think to assocate the two as neighbors.

I also think that while being anonymous has some problems, having your information out there where anyone can get it can invite trou

Re:

[Stanislav_J (947290)]

There already are legal procedures in place to balance personal privacy and security (keeping any miscellaneous yahoo from accessing your info for wrongdoing) with the needs of law enforcement. If someone has sufficient evidence that a particular domain holder is up to no good, then they can go before a judge and get a court order for the information to be released. That is how it is SUPPOSED to work in our system. If they don't have sufficient evidence to start with, then it is the proverbial fishing exped

Re:

[macdaddy (38372)]

I tend to agree with part of this sentiment. However I strongly believe that non-private WHOIS details makes it significantly easier for domains to be hijacked. With a domain owner's name, address, and telephone records is would be fairly easy for a cracker to social engineer control of the domain away from the real owner through the registrar. Think that never happens? Just as the original owner of sex.com. It's a real problem without a real solution. The only work around right now is to not give out

Vagueness

[benhocking (724439)]

The article summary is vague to the point that one is unsure what the subject of the article is.

My first thought was that the holders of internet protocol addresses wanted access to all of the data stored about them in the WHOIS database. I had to actually RTFA (the horror!) to figure out that IP meant intellectual property and not internet protocol.

BS

[wytcld (179112)]

"If there is no reform they can continue to sell privacy to their users using proxy registrations, making profits that far exceed those they make on normal domain name registrations," said Mueller.

The registrars I've used charge nothing to substitute their own details for the registrants in the public WHOIS response. And their "profits far in excess"? On the $15-a-year fees, they're welcome to any profit they can take.

Why do people like Mueller always lie?

Re:

[morgan_greywolf (835522)]

The registrars I've used charge nothing to substitute their own details for the registrants in the public WHOIS response. And their "profits far in excess"? On the $15-a-year fees, they're welcome to any profit they can take.

Ditto. One site I maintain currently is using shared hosting, and the hosting provider [drak.net] (blatant plug for ya, Jen!) charges like somewhere around $15 a year for domains that they maintain (bundled with the account, so there's no separate charge), and like $8.75 a year for domains that you maintain. They charge nothing to use their own details for the registrants in WHOIS. There are companies that have formed businesses around selling unlisted domains [hostsite.com], but their fees aren't much different than that $15.00

Re:BS

[value_added (719364)]

The registrars I've used charge nothing to substitute their own details for the registrants in the public WHOIS response. And their "profits far in excess"? On the $15-a-year fees, they're welcome to any profit they can take.

Well, I'm sure there's sellers on eBay that don't charge for shipping, but the ones I've dealt with always do. ;-) Godaddy charges $6.99 [godaddy.com] per year for private registation.

As a side note, people on DSL (cable?) connections may want to a whois lookup on their own address. I was miffed when I discovered my personal info published. Asking my provider to mask the private information required a formal request, but unlike some registars, they did it for free.

Not just for IP.

[bladel (104002)]

While I consider myself anti-authoritarian, I recognize that there are some situations in which law enforcement and other parties have a legitimate right to pierce the anonymity of private registrations. If someone is operating a site hosting child porn or other illegal materials, the registrar should be required to give up the registrant.

Also, consider the case where a domain / site has been hijacked (or reverse-hijacked) by a thief hiding behind proxy services at a different registrar. The victim and victim's registrar cannot reliably identify them, and the Registry Operator won't get involved outside of invoking arbitration.

So keep the lawyers out, but establish some authority (Internet version of a FISA court) that can pierce anonymous registrations.

Re:

[OdinOdin_ (266277)]

This is a poor way to achieve that goal. It would be much better for a private registry to be available to government by all responsible parties managing IP addresses to be able to tie each and every IP address back to the bill payer.

I think law enforcement agencies should have the right to lookup the current bill payer information 24x7 for any active IP address within a matter of minutes, this doesn't necessarly mean that the general public should have access to this facility, they can keep the current sy

Re:Not just for IP.

[autocracy (192714)]

I just wanted to comment that you are truly insane, and that there should be no urgency for the government to request "real" details of an IP that can't be handled by means of a warrant. There's a reason for that concept.

Re:

[IBBoard (1128019)]

Exactly. If there's a reason why someone wants your contact details when you don't have them public (or have opted out of showing them if you're an individual with a .uk domain) then what's wrong with proving they have a reason before they can get them?

Okay, maybe it doesn't need to go quite as far as a full police warrant, but some degree of arbitration and complaints with the registrar that complies with a code of conduct should be a reasonable compromise. In theory.

Re:

[damn_registrars (1103043)]

If someone is operating a site hosting child porn or other illegal materials, the registrar should be required to give up the registrant.

Unfortunately, one problem with this comes down to defining "illegal materials". By who's laws should that be dictated? There are some countries where child porn is considered more or less acceptable, and plenty of countries where the age of consent is something other than what it is here. All that the owner would have to do to claim that they are not in violation of the law is either have their registered domain or their hosting in a country where whatever they are doing is OK.

I still oppose anonymous registration

[damn_registrars (1103043)]

I've said this before, and I'll say it again. Registrars are a big part of the spam problem. And the fact that they will sell (or provide freely) registration obfuscation services to withhold meaningful registrant contact data shows that many registrars are still in bed with the criminal spammers.

Come on, if you really have some reason to keep your registration data private, there are better ways to do it than letting your registrar do it for you. You could just as well get a PO box and use a free email account somewhere, which would accomplish the same thing but still have some degree of accountability. As it is, registrars have been able to withhold the contact information for their clients and there's been no accountability anywhere.

Re:

[by Anonymous Coward]

And the fact that they will sell (or provide freely) registration obfuscation services to withhold meaningful registrant contact data shows that many registrars are still in bed with the criminal spammers.

Much better that they give away the information to anyone and everyone who asks so you can get all sorts of junkmail and spam.

You could just as well get a PO box and use a free email account somewhere

So in other words, if I don't want spam, I have to go out of my way not to get it. Thanks, buddy, for a wh

Re:I still oppose anonymous registration

[IBBoard (1128019)]

You could just as well get a PO box...

Taking my former blog site as an example:

I run a private little website as a hobby.
I pay $25 per year for hosting (reasonable quality host, 75MB disk space and 3GB monthly bandwidth, email, the lot).
I pay £3.69 per year (~$7-$8) for a .co.uk domain or $9 per year for a .com.

Total normally: about $35 per year, tops.

The Registrars follow your "must show details" and I suddenly have to pay £58 per year (~$120) to get a PO Box, or twice that if I don't want to have to keep checking it but instead have it delivered to my real address? (UK PO Box prices [royalmail.com])

Total with PO Box: at least $150 to $250!

I think the only thing I can say there is "WTF? Hell, no!" That's a ridiculous amount of expense compared to the website itself.

Re:

[IBBoard (1128019)]

As I mentioned in another comment, I'm all for companies having their details published but not individuals. Companies have a need to be accountable. Individuals can be traced through their registrar for legal issues, but aren't accountable in the same way.

Profit is a bit of a bad example, though. Anything that is the face of a company or other such sales person is more reasonable. Something along those lines covers the spammed drugs sites and the like, but allows for bloggers and individuals to 'make a pro

Re:

[Sancho (17056)]

I keep my registration information private to avoid spammers (both the e- variety and the snail- variety.) There is a noticeable volume of e-spam that I get to the published technical contact address for one of my domains--an address which I don't use for anything else.

The thing is, generally speaking, there's no reason for random people to need that information. If the government needs it, they can get it. If someone wants to contact me for legitimate reasons, my registrar will let me know. Otherwise,

Re:

[Sancho (17056)]

There are lots of issues in this world where we have to weigh privacy and individual rights against larger problems facing the world. I, like many others, tend to err on the side of privacy and individual rights. In this case, I feel stronger about it than in many, since spam, while an annoyance, is certainly not life-threatening in 99.9% of cases.

If there were no spammers, stalkers, or other problems on the Internet, I would have less of a problem with giving out my address. So I guess it works both way

Re:

[Sancho (17056)]

Actually, I think my disagreement with you on that statement is probably the root of our disagreement on the issue itself. The bulk of spam that I receive is attempting to sell prescription drugs at a discount over the internet.

That's pretty interesting. I've gone through my spam folder (I archive all of it) and I can categorize it thusly:
36% viruses
32% stock spam
20% drug spam
5% Bayesian poisoning
7% unknown

So perhaps we're both applying preconceptions unfairly.

First, assuming that the drugs are what they claim to be, there is inherent danger in selling them without a prescription. If the purchaser were to use them incorrectly, or if they were to go for sale elsewhere afterwards, they could cause life-threatening problems.

But this is a risk that the buyer takes upon himself. If they re-sell them, they are committing another crime, which ought to be punished as such. But to me, that seems irrelevant, anyway, because on legal issues, the government can get the WHOIS information that you'

Re:

[Sancho (17056)]

As an example, much of the spam I see points to domains that are registered to an individual who alternately claims to live in Tahiti or Finland. Its rather difficult to get either countries' law enforcement to care when there's only a certain set of data to even suggest this person lives there, and the registrars are willing to cover this person's trail continuously.

The cynic in me doubts that having real information would get much more accomplished. I guess there's probably a bit more paperwork involved in getting the real information, and if the registrar is in another country, it may be impossible. I can give you that. But I'm not convinced that the problem it solves (and the few people that the problem affects) is worth the loss of legitimate anonymity. I guess that on this point, we'll have to agree to disagree (to use an overused expression.)

Thanks for not b

Re:

[Ajehals (947354)]

Because domain holders are not necessary businesses.

Using your logic unlisted phone numbers would presumably also need to be scrapped as they are something businesses have.

Companies should have their information available to the public, but individuals should be able to do whatever they wish.

Re:

[Ajehals (947354)]

I would stick to my first definition, any site run by an organisation should identify itself as such, any site run by an individual should be free to use an agent or other organisation to handle communications for them. That way you have some transparency. (Although you could still abuse the system by claiming a corporate site is personal, it is a compromise I would accept.)

they need to stop the WHOIS spam first...

[by Anonymous Coward]

I use unique email addresses for almost everything online (slashdot.org@mydomainname, etc) so that I can track and block spam effectively. 99% of my spam (about 3000 per month that makes it to my spam folder in Gmail) is sent to technicalContact@mydomainname or administrativeContact@mydomainname or something similar that I have used in registering domains.

I'd be happy if they could just keep my email address private without charging extra for that.

Why change what already works?

[WalkingBear (555474)]

There is a perfectly good system in place (at least in the US) for people who have a legal right to access the private information of a domain registrant. It's called due process.

If you think someone is infringing on your trademark, committing fraud, or some other illegal or actionable offense, then you go before a judge and request the court issue a demand for that information.

Yes, it's expensive. Yes, it's a pain in the posterior. Yes, that is as it should be. The more difficult you make it to pierce the rightful barrier of privacy of an individual, the stronger that barrier is and the less capricious that piercing can be.

The courts are the place to go to acquire this information. The Markets make it profitable for legitimate companies to not hide that information.

Seems that's a pretty good system to me.

I don't know....

[kaitou (789825)]

As someone who owns a few relatively popular sites (+20k uniques daily) there have been times when people take a disliking to the sites and decide to harass me using my personal information, as I do not use whois protection (didn't use it in the beginning, and with whois history being easily accessible, it's rather pointless to start now), but a situation I am in right now is making me thing that the ownership information should be public. At least for .com, .net, .org and so on. .name which I believe is 'm

That's not an anonymity problem.

[Animats (122034)]

That's not an anonymity problem. That's an authentication problem.

One of the problems with all this "domaining" is that there are far too many domain transactions. The registrars that are "domain-tasting friendly" are worst about this. GoDaddy and ENom, with their multiple pseudo-registrars and affiliates, are heavily into domain-churning sideline businesses [clubdrop.com]. They also have EULA terms much worse than the more legitimate registrars.

This isn't a WHOIS problem. It's a bottom-feeder registrar problem.

Re:

[Reaperducer (871695)]

Ah, good. I'm glad you've sorted it out then. All he had to do is tell GoDaddy that it's an authentication problem, and everything will be magically better and the world will be filled up rainbows and unicorns.

Prig.

Where's the summary?

[HockeyPuck (141947)]

Gimme a break. In the summary:

"In a blog post on the Internet Governance Project's (IGP) Web site, Milton Mueller, Professor and Director of the Telecommunications Network Management Program at the Syracuse University School of Information Studies and a partner in the IGP, details the Final Outcomes Report of the WHOIS Working Group, published on Tuesday, and inability of the various stakeholders to reach any kind of consensus."

So the best you could do is to spend the Entire quote putting in this guy's title? This isn't the SCO case, whereby all /. readers know what's going on. How about actually mentioning something about his opinion. You could have just said,

"Milton Muelle, a partner on the Internet Governance Project weighs in on the ability of the various stakeholders to reach any kind of consensus. [Include what the IGP is...]"

If there is demand, someone will sell it.

[Kaenneth (82978)]

If the registation companies are no longer allowed to provide obfuscation, then numerous 3rd party services will open, most run by the same people who run the registrars.

Re:

[razorh (853659)]

I hate you! and so does my cat! don't you snookems? yes you do, you know you do, you're a good little kitty aren't you?