Whois Changes -- Comment by ASIPI (Inter American Association of Intellectual Property)
The following comment is posted by the Inter American Association of Intellectual Property (ASIPI), a not-for-profit Association whose goals include the study, dissemination and development of intellectual property laws, and to coordinate and harmonize such laws in the Americas. Among its members are Intellectual Property (IP) practitioners and owners, members of academia, and IP related commissioners and officers. As the Internet has developed from a military tool to a project used in academia, to its current state as a primary source of information, commerce and advertising amongst others, measures have been developed to ensure that the general public is protected and able to rely on trusted sources, and to allow owners of IP assets to enforce their rights in a new trade channel. Requiring special attention and additional thought was the development of a proper mechanism for the registration of domain names to avoid disrupting the dynamics of the Internet while also providing fast solutions for cases were certain rights were violated. Within this context, a consensus was reached to continue having a swift and somewhat immediate process for the registration of domain names, and also create safeguards for those who felt that their rights were threatened to have a fast dispute resolution mechanism to handle their claims. The end result was the Uniform Dispute Resolution Policy (UDRP). Even though the UDRP was the consensus mechanism created, in many instances IP owners need to access alternate forums to enforce their rights, such as courts and administrative agencies. For all of these actions and processes, the need for information is critical. A basic tool in this information gathering process is the WHOIS query/response protocol. At this time, the information provided by a WHOIS query includes an address, and telephone and fax numbers of the individual or entity that appear as the registrant of a domain name. Additional information includes technical and administrative contacts, IP server addresses, and dates related to the creation and expiration of the domain name. In many cases, WHOIS serves as the only tool for a third party to obtain information regarding the ownership of a domain. Moreover, this information can be used by the public, IP owners, as well as law enforcement agencies looking to investigate illegal activities that may be associated with IP addresses linked to a particular domain. In turn, the freedom to access information regarding domain ownership is critical for the well being of the Internet as an instrument that carries the means to obtain massive amounts of information, provide services, and carry-out commercial transactions. Additionally, any restriction to the access of this information affects the ability of IP owners to act against those infringing their legal rights, as well as endanger public safety by curtailing the ability of law enforcement agencies to investigate and act against illegal activities taking place in the Internet. The WHOIS Task Force worked on a report that proposes changes to the current WHOIS system using as a benchmark the following definition recommended by the Generic Names Supporting Organization (GNSO): "the purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver." The Internet Corporation for Assigned Names and Numbers (ICANN) is now requesting public comments on the most recent GNSO WHOIS Task Force and Working Group (the Task Force) reports and recommendations. The core of the changes proposed by the Task Force calls for the creation of a new type of contact or operational point of contact (OPOC) that should correct current confusion with regards to the current roles of the technical, billing and administrative contacts within a WHOIS query result. The recommendation would also limit the amount of public information related to individual registrants including the address and contact information to only display information related to the Domain Name Service (DNS) servers and dates regarding the creation and expiration of the domain. In turn, the only contact person would be the individual or entity in the OPOC who may not be the domain registrant. Further, in the event that a third party, including consumers, IP owners, law enforcement agencies, etc., wish to access additional information, they would have to show the OPOC that they have an actionable harm. The OPOC would then decide whether such harm warrants the release of the requested information. We agree that the creation of OPOC can serve to eliminate current confusion with regards to the roles and limitation of the various contact information obtained through a WHOIS query. However, other recommendations have been made which exceeds the role of the OPOC not only as a "universal" contact information, but also in allowing for the release to the general public of selected information related to the registrant, which OPOC in its current form would curtail. Additionally, while some of the considerations for limiting the amount of information available through a WHOIS query relates to privacy issues and activities such as domain name renewal scams, data-mining, phishing, identity theft and others, these activities should be regulated via specific policies, but not by undermining the basic principle of information access which is intrinsic to the Internet. Moreover, the proposal to limit access to currently available WHOIS query information will severely hamper the ability of consumers, law enforcements agencies and IP owners to gain critical information on domain name ownership and source, parties responsible for criminal activities, and infringers of legal rights. In essence, the basic principles of the DNS would be compromised. In addition, the burden to show "actionable harm" to obtain the release of critical information is also too high a standard to satisfy (even in courts). It also raises questions as to why would a lay person such as an OPOC will have the power to decide what constitutes actionable harm, which has proven to be a difficult task even for trained lawyers and judges. Therefore, all Internet users MUST have the right to access domain ownership information related to the Internet spaces that they are reading, chatting, trading with, etc. This information is critical in a virtual world where individuals don't have the opportunity to have personal contact with the individual or entity with which they are dealing. The proposal as it stands would essentially eliminate the level of transparency of the Internet that the general public currently enjoys, and entails too high a price just to regulate specific acts and to correct certain confusions created by the current model. The WHOIS query/response protocol is not perfect, yet has proven to be an invaluable service to those in need of protecting their rights, consumers to confirm sources, and agencies searching for help in a highly complex virtual world. Data privacy issues, illegal acts such as phishing, identity theft and others should be addressed through alternate specialized mechanisms, and the WHOIS query/response protocol is not the appropriate tool to do so. The WHOIS protocol was designed as a mechanism for third parties to access information and curtailing such access would essentially destroy the WHOIS basic purpose. Replacing the WHOIS information access protocol with a system where decisions have to be made as to what is actionable harm would create new and far worse complexities than those in the current WHOIS protocol. In view of the foregoing, we urge the Committee to adopt Motion No. 2, to engage in a far more substantive analysis of the current WHOIS and to strengthen (not restricting) the system by requiring that registrars provide complete and accurate information, and for swift measures for those registrants that provide misleading or false information intended to deceive consumers, law enforcement agencies and limit the ability of IP owners to enforce their rights. Respectfully Submitted, Martin Michaus (President) presidente@xxxxxxxxx Fernando Triana (Second Vice President) vicepresidente2@xxxxxxxxx Juan Vanrell (Secretary) Secretaria@xxxxxxxxx Ricardo Fischer (Internet Committee) fischer.ricardo@xxxxxxxxxxxx IRS Circular 230 disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that, unless expressly stated otherwise, any U.S. federal tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.