Comments regarding ICANN WHOIS Review Team RFC

[Neil Schwartzman <neil@xxxxxxxxxxxx>]

To whom it may concern,

Thank-you for the opportunity to comment to the ICANN WHOIS Review Team.


Usability of WHOIS service
I use WHOIS as a critical component of my work in the security realm.  Not only 
should it be possible to obtain registration information for any DNS domain or 
network assignment, but that information should be available in a standard 
form, with a consistent set of parameters reported about each entity, as 
“thick” WHOIS service does.  At present, the content of a WHOIS reply from a 
“thin” WHOIS does not report a consistent set of fields using a consistent 
format, making use of the data by automated entities difficult. Moreover, 
queries from a single customer are often rate-limited, preventing any automated 
use of the system for registrant assessment. MAAWG recommends that ICANN 
require all registries transition to a “thick” WHOIS service, which provides 
reliable service and standardized report formats.

Access to WHOIS
I firmly oppose any proposal allowing only law enforcement agencies access to 
WHOIS, or a subset thereof. The vast majority of the abuse on the Internet, be 
it spam, phishing, malware hosting, copyright violations, denial-of-service 
attacks and so on are not dealt with by law enforcement, who must allocate 
their precious resources to only the most egregious of cases. Many of these 
issues are outside the scope of law enforcement in some jurisdictions. For 
example, only recently did Spain pass a law dealing with botnets. Prior to 
that, they were entirely legal. The fact of the matter is that these issues are 
dealt with by security and systems administration professionals, in cooperation 
with but often independently of them. WHOIS is a critical component to our 
ability to make the Internet a safer place for end-users.

 Ensuring accuracy and reliability of WHOIS service
I believe un-obfuscated WHOIS must be as robust and highly available as the 
DNS, and certain data-points must be openly available to security-related 
assessment systems. This should be considered a mandatory minimum for 
implementations, registrars and registrants, and ICANN must enforce compliance 
with the rules for them to be meaningful.  I understand the need for privacy of 
some individual (non-commercial) registrants, but the casual overuse of privacy 
proxies by commercial and criminal actors impairs the ability of security 
systems to make accurate assessments of incoming data to protect end-users. I 
work, on a daily basis, to protect the privacy rights of end-users, and fail to 
see how the (often falsely) asserted privacy rights of a commercial enterprise 
can trump them.

Improvement of WDPRS
When missing or inaccurate whois information is detected, users have the option 
of reporting that inaccuracy via the Whois Data Problem Reporting System 
(http://wdprs.internic.net/). Unfortunately that system is operationally 
cumbersome, requiring domain-by-domain reporting via a web form, followed by 
email confirmations, even in cases where hundreds or thousands of domains share 
the same inaccuracies. I understand that an authenticated bulk interface is in 
use by a small number of reporters, and recommend that it be made available to 
the public under reasonable and nondiscriminatory conditions.

In the spirit of operational transparency, ICANN should also provide quarterly 
reports summarizing the number of WDPRS reports received, the registrars those 
reports pertain to, the nature of the inaccuracies, and the disposition of 
those reports as reported in the WDPRS follow-up surveys that are solicited.


Abuse of WHOIS service
The WHOIS Policy Team has as its focus the erosion of trust in the WHOIS 
service, as the publication of identifying data means it can be abused.  I 
agree, but single-use email addresses or a similar technical means is an 
appropriate way to limit spam to WHOIS points of contact; obfuscating or making 
inaccessible WHOIS is throwing the baby out with the bathwater.

Lastly, there has been little emphasis placed on technological improvement to 
the WHOIS service, something that is sorely needed. We hope that the WHOIS 
Review Team will take improvements, such as those made by ARIN, into 
consideration in their final report.

 

Sincerely,


Neil Schwartzman
Montreal, CANADA