On WHOIS accuracy and privacy

[John Nagle <nagle@xxxxxxxxxxxxx>]

   We at Sitetruth.com operate a system which attempts to evaluate the
legitimacy of the business behind business web sites. We do this by
attempting to link the web site to a real-world business, then obtaining
business background information from commercial sources.  We thus have
an interest in correct ownership data for web sites being easily available.

    ICANN proposes that "Domain name registrations involving P/P service
providers should be clearly labelled as such in WHOIS."
We agree, and add that the "clear labeling" should be easily
machine-parsable.  We would consider this a negative indicator when
evaluating business legitimacy.

As for the questions presented for public comment:

Q: "Should registrants  of domain names associated with commercial
activities and which are used for online financial transactions be
prohibited from  using, or continuing to use, P/P services?"

A: Yes. In many jurisdictions, a business must disclose the actual name
and address of the business behind a web site, or be guilty of a
criminal offense.  See California Business and Professions Code section
17538, which reads:

"Before accepting any payment or processing any debit or credit charge
or funds transfer, the vendor shall disclose to the buyer in writing or
by electronic means of communication ... the legal name under which the
business is conducted and, except as provided in paragraph (3), the
complete street address from which the business is actually conducted."
 Also see The European Electronic Commerce Directive (2000/31/EC), which
is even broader:

... Member States shall ensure that the service provider shall render
easily, directly and permanently accessible to the recipients of the
service and competent authorities, at least the following information:

(a) the name of the service provider;
(b) the geographic address at which the service provider is established;
(c) the details of the service provider, including his electronic mail
address, which allow him to be contacted rapidly and communicated with
in a direct and effective manner;
(d) where the service provider is registered in a trade or similar
public register, the trade register in which the service provider is
entered and his registration number, or equivalent means of
identification in that register;
(e) where the activity is subject to an authorisation scheme, the
particulars of the relevant supervisory authority"

The European Union's position is quite clear. While individuals have
privacy rights under the European Privacy Directive, businesses do not.
Online businesses are subject to stringent disclosure requirements.
ICANN should follow that model.


Q: "Do you think it would be useful to adopt a definition of
"commercial”  or “transactional” to define those domains for which P/P
service registrations should be disallowed? If so, what should the
definition(s) be?

A: The definition of "commercial" should be that used in the European
Directive on Electronic Commerce.  That definition works for the EU.
Any site which accepts payments, offers items for sale, or engages in
transactions of value should be considered commercial.  Whether
advertising-supported sites should be considered commercial remains an
open question.


Q: "Would it be necessary to make a distinction in the WHOIS data fields
to be displayed as a result of distinguishing between domain names used
for online financial transactions and domain names that are not?"

A: For a domain identified as "commercial" per the previous criteria,
the information listed as required by the European Directive on
Electronic Commerce should be publicly available.

        John Nagle
        Sitetruth.com