Comments on "Domain Names Registered Using a Privacy or Proxy Service "

[Patrick Mevzek <contact@xxxxxxxxxxxx>]

Following the ICANN announcement at
http://www.icann.org/en/announcements/announcement-3-01oct09-en.htm
please find below my comments related to the proxy services report at
http://www.icann.org/en/compliance/reports/privacy-proxy-registration-services-study-28sep09-en.pdf


About the report provided I do not think there is a lot to discuss
anyway as conclusions based on a ~0.02% (100*2400/~11000000)
of domain names do not seem to be very useful to me, even more when 4
of 5 of the registries are in the USA, no comparisons are attempted
with ccTLDs, and no study is made asking registrant why they choose
to use a proxy service. Classification should be attempted also among
proxy services, some are just hidding the email, some all postal
data, some are done by the registrar itself, some by third parties,
some are free, some are not, etc. Any study done should take into
account which registrar is managing the domain name, since some are
enabling proxy service by default, even without explicit registrant
knowledge/approval. The registrar main address, and specifically its
country should be considered (as national laws do vary regarding
personal information), as well as the true registrant country info.

Now, about the core problem, that is the whois and what is found in
it.
In short, it is a mess.

It is a mess because technically it is under specificed since the
beginning, which created a lot of real life differences.
It is a mess because sometimes all content is at registry, sometimes
not, and sometimes these 2 contents disagree, for example on renewal
dates.
It is a mess because end users do not understand its purpose, and
often use it to verify domain names availability (leading afterwards
to horror stories about websites registering domain names on their
behalf just because of a website whois query)
It is a mess because IP lobbyists do not understand that the owner of
a domain name is not necessarily the editor/responsible for the
website on the domain name, because Internet is not (just) the web. One can
register a domain name and not use it for a public website, but just 
for its email, or other uses. The fact that other types of whois
server exist (such as those provided by RIRs) does not simplify
things for the public, nor the fact that whois is historically a
command line protocol (tcp stream over port 43), with now web
interface on top of it.

It is a mess because it does not fit anymore the current state of
laws in many countries regarding the protection of personal
information.

And it is not new, 10 years ago, in 1999, ICANN said:
"The introduction of the SRS has resulted in the reformulation of
Whois service for the .com, .net, and .org TLDs. Partly because these
changes have not been understood by the Internet user community,
significant confusion has resulted. [..] ICANN does not believe
that this is a satisfactory long-term solution [..]
ICANN plans to provide more detailed information in a later memo."
(pasted from document archived at
http://www.icann.org/en/registrars/update-14jun99.htm )

After that, many many processes and discusions inside ICANN, a lot of
work at Verisign (to spend the millions of dollars in R&D as required
to do so) and IETF to build IRIS, which should technically
replace whois, the situation seem not better by an inch than then.

Unfortunately the saddest consequences is probably the de facto
standard of thick whois without questions, and the bad reputation
given to "proxy services".

Proxy services are a tool. As any other tool it can be misused.
But proponents of its ban (and those asking to give all personal
information basically to anyone just to have the right to register a
domain name) should be advised to better understand that
1) it does serve valid purposes (fighting against spam, 
2) even if it is suddenly banned, people currently misusing it, will
very easily find other ways to still abuse the whois and the domain
names market, for example by using other user valid data


I think that there is no point now studying proxy services and such,
as the whois problem should be taken globally and various aspects of
its current shortcomings should be dealt with at the same time since
they are related.
It also has consequences in data escrow, even if it started to be
taken into account in new RAAs, not all registrars signed it, nor
does it solve all problems.
It even has consequences in EPP, where the part dealing with personal
information disclosure preferences was loosely modeled on P3P but not
in the end widely used as basically all ccTLDs needing it created
specific extensions.

-- 
Patrick Mevzek
Dot and Co <http://www.dotandco.com/> <http://www.dotandco.net/>
<http://www.dotandco.net/ressources/icann_registrars/prices>
<http://icann-registrars-life.dotandco.net/>