Study Suggestion Number 6

[study-suggestion-response@xxxxxxxxx]

Submitted By:
[Redacted for privacy reasons]

Topic:
Experience of ccTLD registries with different Whois policies to find out what 
impact, if any, more restrictive data display policies have.

Hypothesis:
ccTLDs that shield some Whois data of natural persons produce no appreciable 
differences in the levels of cybercrime in the domain and do not impair 
enforcement efforts.

How the hypothesis could be falsified:
If you found a statistically significant correlation between more restrictive 
ccTLD whois policies and levels of abuse in a domain then the null hypothesis 
would be falsified.  


Utility:
Some legitimate groups support the status quo (open, unrestricted access to all 
whois data) because they fear that any restrictions on access to Whois data 
will produce increases in cyber-crime and insecurity. If experience proves that 
those fears are unfounded, then it could produce broader consensus on policies 
to shield some information  of natural persons.

Type of Study Needed:
Identify two or more ccTLDs with different and/or more restrictive Whois access 
than ICANN's gTLDs. Compare crime/abuse levels on a percentage basis across 
domains. compare security incident levels on a percentage basis across domains. 
Look for correlations between different registrant data display policies and 
certain kinds of problems (or prove statistically the absence of a correlation)


Data that needs to be collected:
Identify specific data elements for public display that differed between each 
ccTLD and gTLD WHOIS. 
Collect data on levels of cybercrime or domain related abuses in each TLD
Collect data on the speed and effectiveness of law enforcement in each domain


Population to be surveyed:
The "population" would be the total registrants of each of the TLDs studied. 
You may not need to "sample" you may be able to collect aggregate data on each. 
Wtihin each TLD, a sub-population of interest is the total number of 
registrants who are abusive, as well as the population which have attracted 
identification efforts from private actors and LEAs. 


Sample Size:
Aggregate data, if available, would be better than a sample.
The more ccTLDs that could be included, the more valid the results. But results 
from even one ccTLD could disprove the hypothesis that any shielding of Whois 
data will undermine law enforcement and accountability. 


Type of Analysis:
Look for correlations between different registrant data display policies and 
certain kinds of problems (or prove statistically the absence of a correlation)