Study Suggestion Number 21

[study-suggestion-response@xxxxxxxxx]

Submitted By:
[Redacted for privacy reasons]

Topic:
To what extent is Whois data being misused for purposed not intended by those 
who drafted the policy? More specifically, to what extent are people, 
companies, and organizations using the Whois data in ways that have no 
relationship at all to DNS or the Internet?

Hypothesis:
That the public Whois databases are ready and often-used sources of personal 
data for those seeking to harrass, abuse or stalk individuals and 
organizations.  That the public Whois databases are being used and mined 
regularly by direct mail and related companies for their commercial benefit to 
compile personal data which they then use, combine, sell and distribute as part 
of massive lists and databases.

How the hypothesis could be falsified:
If the study found that the Whois is not being used to harrass, abuse or stalk 
individuals, companies or organizations, then the first hypothesis would be 
proven invalid. If the study showed that the Whois databases are not being used 
by direct mail and related companies for commercial benefit to find personal 
data to compile and sell credible lists for commercial benefit, then the 
hypothesis would be proven invalid. 

Utility:
A good study would provide data for assessing uses of the public Whois data 
unrelated to DNS. Should abuses be found, a full report would provide a basis 
for changes to the Whois that would provide Whois data for DNS purposes, 
without providing it for uses (and abuses) unrelated to the DNS. This data 
would provide a well-informed basis for offering changes to Whois policies 
adopted many years back for review by the Constituencies and adoption by 
consensus policy.

Type of Study Needed:
There are a number of potential sources for this study.  A range of comments 
received over many years by ICANN, the GNSO and the Whois Working Groups and 
Task Forces provide a number of specific examples of abuses, and could be 
compiled. In addition, registrars should be surveyed.  They are very familiar 
with the problems of registrants. Registrars should be suveyed for Whois 
misuses reported by registrants, or perhaps discovered independently by 
registrars.

Data that needs to be collected:
1. How is the Whois data supposed to be used?
2. How is Whois being used in ways that seem to have no bearing on the security 
and stability of the DNS? 
3. Does this use hurt or endanger individuals, companies or small businesses? 
4. Does it seem to provide commercial benefit to companies whose purpose is 
unrelated to DNS, e.g., direct marketing companies?


Population to be surveyed:
Top 25-30 registrars; top 20 human rights organizations in the world; library 
associations (experts in databases)

Sample Size:
Top 25-30 regitrars; top 20 human rights organizations; library associations 
(experts in databases)

Type of Analysis:
Tables, comparison by country or regions, analysis and assessment