<<<
Chronological Index
>>> <<<
Thread Index
>>>
Study Suggestion Number 1
- To: study-suggestions@xxxxxxxxxxxxxxxxxxxx
- Subject: Study Suggestion Number 1
- From: study-suggestion-response@xxxxxxxxx
- Date: Tue, 8 Jan 2008 21:25:21 -0800
Submitted By:
[Redacted for privacy reasons]
Topic:
Documented misuse of Whois data
Hypothesis:
Public access to Whois data is responsible for a material number of cases of
misuse that have caused harm to natural persons whose websites do not have a
commercial purpose.
How the hypothesis could be falsified:
This hypothesis could be falsified if the data do not document a material
number of cases of harm to individuals arising from public access to their
Whois data.
Utility:
If a significant number of misuse cases involve receipt of unwanted email
(spam), ICANN could modify its policies to reduce automated harvesting of email
addresses from Whois. For instance, ICANN could require that registrars use
data protection measures (e.g. captcha) on all Whois inquiry services.
ICANN might also modify policies governing entities and processes for bulk
retrieval of Whois data.
Type of Study Needed:
ICANNâ??s Security and Stability Advisory Committee (SSAC) has already studied
email spam arising from Whois data, including an analysis of data protection
measures used by ICANN-accredited registrars. See â??Is the WHOIS service a
source for email addresses for spammers?â?? at
http://gnso.icann.org/correspondence/ssac-whois-study-27oct07.pdf
Some consumer protection bureaus and other entities may maintain data on misuse
incidents reported by registrants. While this wonâ??t indicate the proportion
of registrants who have had incidents, it might give us other useful insights
about whether public access to Whois data has been a cause of individual harm.
Most likely, we will need to conduct a survey of registrants to learn about
specific incidents of misuse. Data should be gathered for relevant samples of
registrants in each gTLD and in selected ccTLDs. While the survey should not
be open to the public, responses might be solicited via emails to registrants,
who could update a web-based survey form. Survey questions should be carefully
phrased to avoid a biased response, since those who feel their data has been
misused are more likely to respond than those who have no incidents to report.
Data that needs to be collected:
The listof data elements below presumes that each record would document an
actual instance of Whois data misuse. To the extent that survey of registrants
is used for data collection, we should also collect and compile records for
registrants that reported no misuse of their Whois data.
Data element/Suggested source/Anticipated challenges
Purpose of Website (personal, commercial, etc.)
Survey of registrants
Is your information publicly available in places other than Whois?
Survey of registrants
Type of misuse (e.g., spam; unwanted phone contact, harassment)
Consumer protection agencies; survey of registrants
Date of incident
Consumer protection agencies; survey of registrants
Description of incident
Consumer protection agencies; survey of registrants
Domain name
Consumer protection agencies; survey of registrants
Whois data elements (at time of misuse incident)
Consumer protection agencies; survey of registrants
Type of registrant (legal person or natural person)
Consumer protection agencies; survey of registrants
Does the registrantâ??s website have a commercial purpose?
Consumer protection agencies; survey of registrants
Registrar (at time of misuse incident)
Consumer protection agencies; survey of registrants
Type of entity that misused the Whois data
Consumer protection agencies; survey of registrants
Name of entity that misused the Whois data
Consumer protection agencies; survey of registrants
National law or regulation that was violated by misuse incident
Consumer protection agencies; survey of registrants
Adverse consequences to registrant arising from the misuse incident
Consumer protection agencies; survey of registrants
Population to be surveyed:
Survey of registrants in each of the gTLDs and in selected ccTLDs.
Sample Size:
For a 95% confidence level and a 5% margin of error, you would need a sample
size of around 400 randomly selected respondents in the major gTLDs. Sample
sizes would be reduced for smaller gTLDs and ccTLDs.
Type of Analysis:
It would be important to analyze not only the frequency of abuse but the type
and severity of that misuse of Whois data. With an understanding of the
characteristics of the abusers, the type of abuse and the most likely targets
for abuse, effective policy recommendations may become evident.
In any analysis of misuse, it is critical to determine whether the data was, or
could easily have been obtained from a source other than Whois.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|