Whois Identity Theft
Please provide a challenge mechanism to allow correction of Whois identity theft, whereby someone who is not the domain owner and has nothing to do with a domain is falsely listed as the owner or other contact in the Whois record. All registrars must be required upon notification to immediately remove the personally identifiable information of identity theft victims. This serious problem occurred repeatedly when Registerfly made false Whois changes, and cannot currently be fixed through normal mechanisms because both the actual owner and the identity theft victim likely will become permanently locked out of the account that needs correction, especially with complex Whois errors, such as when the also erroneous e-mail address listed in the Whois record belongs to neither the actual domain owner nor the identity theft victim whose name and address falsely appears in the Whois record. With an erroneous Whois record and without backup of prior correct data, the current domain registrar (GoDaddy in these examples) may not be able to readily determine how to correct the record. Such Whois identity theft is potentially very serious, as, for example, it can prevent continued operation and renewal of the domain, damage the reputation of the identity theft victim and the domain's actual owner, cause the actual owner's business to fail, cause the actual owner and others to falsely believe that the identity theft victim is a criminal attempting to steal the domain, or can cause the identity theft victim to be subject to false arrest or litigation should they be mistakenly accused of stealing the domain, or should a domain with incorrect Whois information listed be associated with criminal activity. The entire journaled history of all Whois databases must be archived and retained by ICANN and be available to allow erroneous updates to be undone. When an identity theft involving the Whois database is reported, absent reliable information to make a final correction, the removed information should be immediately replaced by the Whois listing just prior to the successfully challenged erroneous current listing. Anyone who is falsely listed in any field(s) of a Whois record must have the ability to challenge the erroneous listing, and have their online personally identifiable information immediately removed from the Whois database. |