Comments on the WHOIS Policy Draft

[<Oren.David@xxxxxxx>]

Dear ICANN and the Review Team,

First, congratulations for taking the challenge and for publishing an initial 
draft for public review.
It's a welcome move that can lead meaningful effects.

I would like to point some issues that in my point of view are crucial in order 
to make this change effective:


1.       The recommendations and conclusions in some points are not decisive, 
and leave room for interpretations. That's exactly the problem of the 
regulations today - they're more a 'spirit' rather than compelling rules.

2.       The report discusses mainly the gTLDs space and consistently overlooks 
the ccTLDs space. We must remember that this phenomena of false WHOIS records 
is not limited to the gTLDs space and also very common in ccTLDs. Omitting the 
regional registries from the equation will eternalize a great deal of the 
phenomena.
A good example of a combination of remarks number (1) and (2) can be found in 
clause #18 of chapter 8: "The working group should aim for consistency of 
approach across the gTLD and - on a voluntary basis - the ccTLD space."
The nature of this sentence is less than a recommendation and I tend to believe 
that many registries will simply ignore it.

3.       The report contains some very focused instructions and defines a more 
solid terminology (like clause #10 of chapter 8 - superb! I hope it will be 
fully adopted). One thing that is missing, and in my opinion should be 
incorporated in the main core of this report, is a set of concrete guidelines 
on how to deal with false WHOIS entries:

a.       Enforce registrars to enable the option to claim false records in 
every registrar using a web interface and/or by mail

b.      Outline an escalation procedure in case of no action/response from the 
registrar

c.       Define penalties and sanctions against: (1) the registrant who 
submitted the false data; (2) the registrar who failed to resolve the issue
etc.

4.       Although this report clearly deals with WHOIS policy for domain 
registration, I'd like to support the comments of Russ from Network-Tools.com 
regarding the IP addresses whois lookups. Besides the technical obstacles 
described in Russ' comments, there is also a disarray in the records formats - 
each RIR administers its own set of rules and terminology for objects which 
makes a 'jungle' of whois formats. In addition, there is also a diversity of 
formats (probably old and new versions) within each RIR which makes the problem 
even bigger.
Combining with the fact that a subscriber of an IP block (even a decent ISP) 
can mask itself using different names and not obligated to provide confirmed 
contact details - it's a safe ground for cybercriminals to strike roots while 
the authority is overlooking. It's like a gang of criminals will found a 
fortress in the town square with a legal permission of the city council.

As said, the report as suggested is a good basis for change and I hope you will 
incorporate the essence of the comments in your final report in order to make 
this maneuver successful.
And again, thank you for giving us the opportunity to influence.


Regards,
Oren David

Oren David | AFCC Operations Manager | Online Threats Managed Services (OTMS) | 
RSΛ, The Security Division of EMC