global description of the .nl whois and it's privacy aspects

[Maarten Simon <maarten.simon@xxxxxxx>]

.nl whois



As a ccTLD manager based in Europe SIDN is not subject to any obligation to 
provide any whois services on the .nl-domain at all. We do however still 
provide such services. Historically probably just because everyone did it and 
currently because it is in the interest of our local internet community.



The whois, what information we show and how you may obtain the information 
therein has been subject to extensive discussion with and within our local 
internet community. Until 12 January 2010 SIDN offered a full and open whois 
service, comparable to the gTLD's, but changed that after the last consultation 
with our stakeholders to our current form in order to better protect the 
privacy of the users.



In order to help the working group in their difficult (not to say impossible) 
task, I will try to give a short description of our current services underneath.



Be aware however that also in the Netherlands discussions with regard to the 
whois are always ongoing and what is today might not be there anymore tomorrow.



Secondly please note that a number of 'solutions' that we currently use are not 
exactly scalable to gTLD's. We make use of the fact that we are a country code 
TLD and for example only provide non-public whois details to Dutch law 
enforcement agencies and to Dutch based attorneys.



Further be aware that we have never received any approval (nor disapproval) of 
the Dutch Privacy Authority with regard to our current whois services. So 
please do not automatically assume that what we do is completely in line with 
the Dutch and/or European privacy laws.



Feel free to contact me for further information,



Maarten Simon,

SIDN





Description of the .nl whois



1.     We have split the whois in different forms for different users:

a.     Public whois web

b.     Public whois command line

c.     Whois for registrars

d.     Whois for law enforcement

e.     Whois for CA's



2.     The last three (1c - 1e) forms of whois still show all information that 
we provided before 2010 but they are only accessible to the groups that they 
were created for. (see further under 7  - 9)



3.     The two public available whois services provide limited information.



a.     via the command line we only show the status of the domain, the name and 
physical address of the registrar and the name server data.



b.     in the public whois on our website the information is limited to:

                                          i.    status if the domain

                                         ii.    name of registrant

                                        iii.    e-mail addresses of admin-c an 
d tech-c (protected so that they are not easy to copy)

                                        iv.    name and physical address 
registrar

                                         v.    name server data



c.     on our website we do not show:

                                          i.    Names of admin-c/tech-c

                                         ii.    Address details for 
registrant/admin-c/tech-c

                                        iii.    Telephone numbers



4.     The reason that we still provide the name of the registrant is because a 
name without any contact details is for most of the people not very troublesome 
and gives the registrant the opportunity to check if a domain is registered in 
the correct name.



5.     We do not, like for example .net or .uk, make any distinction between 
private and non-private persons as we think this will only lead to an extra 
complaint procedure. We might consider however to give registrants the 
opportunity to decide for themselves if they want us to publish their address 
and other non obligatory contact details.



6.     In order that .nl registrants can be contacted regarding legal matters, 
SIDN will make the address of a registrant available for that purpose to an 
attorney or court bailiff practicing in the Netherlands who makes an individual 
request for such information. A special manual procedure for processing 
requests has been set up.



7.     The whois for law enforcement is open for investigative and law 
enforcement authorities that have the statutory power to require SIDN to 
provide full details of a registration. These authorities may obtain automated 
access to the whois provided that certain (contractual) conditions are met.



8.     SIDN registrars can make use of a dedicated Registrar Whois service. 
Registrars need access to Whois data in order to undertake legitimate 
registration activities. So the full Whois dataset remains available to them. 
This is however subject to revision as we are currently not able to fully 
control that the information is only used for legitimate means.



9.     SIDN also allows Certification Authorities (CAs) access to the full 
whois dataset. The procedure for CAs with regard to the issuance of SSL 
Certificates usually includes checking whether the details provided by the 
certificate applicant are the same as the details that SIDN has on record for 
the relevant domain name. Since CAs make their enquiries at the request of the 
registrant itself, SIDN is willing to provide them the requested information.