ICANN Logo

GNR Proposal to Proposal to Modify Appendix O (Whois Data)

(9 November 2002)

GNR Proposal to Proposal to Modify Appendix O (Whois Data)

The Global Name Registry Limited has met or spoken with various members of the global Internet community, including the intellectual property community, registrars, registries and the Whois Task Force within the DNSO, the law enforcement community, ISPs, the privacy advocacy community and the technical community to discuss the public availability of personal information about .name registrants. Based on input from representatives of these groups, Global Name Registry proposes to modify the .name Whois Specification to address personal privacy concerns without compromising the ability of others to protect their rights, respond to customer requests for registration services, and prevent crime.

Background

Global Name Registry began resolving addresses in the .name top-level domain on January 15, 2002. As Global Name Registry's application for the .name space stated: "The .name TLD is intended for individuals and for personal use. . . . All Registrants will be required to certify their bona fide interest in registering a domain name for personal use and they may be required to produce evidence of this interest in the event of a dispute."

As a personal name space, the .name registry has tried to be responsive to personal privacy concerns. Moreover, the .name registry is located in the UK and subject to the requirements of the UK's Data Protection Act 1998. As a result, the .name Whois Specification permits the registry to protect a registrant's telephone number and e-mail address in its web-based and Port 43 Whois service ("Public Whois"). Information is provided in either Standard, Summary or Detailed format. Additionally, searchers who certify that their use of the Whois database is (1) lawful, (2) undertaken for the purpose of protecting legal rights, and (3) does not include marketing or unlawful uses may receive information, including registrant telephone number and e-mail address, in Extensive format via e-mail.

Issues

In the time that the .name registry has been operating, several problems related to the public availability of Whois data have come to light. Specifically, although name and e-mail address data in the registrant information fields is suppressed, technical, administrative, and billing contact information is required. This makes sense where the registrant is a large corporation where these roles would not be fulfilled by a single individual, but in a top level domain designed for individual use these roles are usually filled by the same person – the registrant. As a practical result, protected registrant information may be publicly available as technical, administrative, and billing contact information. This is a source of great concern to individual .name registrants, as well as to corporate entities with which Global Name Registry is negotiating long-term partnerships related to the creation of secure consumer digital identities. In addition to personal privacy issues, these potential partners are concerned about the disclosure of their customer base through Whois.

Proposal

This proposal incorporates certain solutions, taking into account suggestions made by many stakeholders with whom Global Name Registry consulted. Global Name Registry's objective, in proposing these changes, is to create a readily available and administratively simple process that facilitates legitimate uses of the .name Whois databases, while creating "speed bumps" designed to deter those who would use Whois data for marketing and other inappropriate or illegal purposes.

Whois II

1. Public Whois.

Global Name Registry would continue to provide a public Whois database with the following characteristics:

  • Output: web and port 43 access.
  • Summary and Standard Whois data.
    • Search functions would remain unchanged.
    • Available to general public at no cost.
    • Summary Whois query returns the most basic information – whether or not a particular .name registration exists.
  • Standard Whois query returns more information, but no personally identifiable data relating to the registrant (i.e. name and contact information of registrant are protected).
    • Included in the results are: registrar ID, admin ID, technical ID, billing ID, Nameserver, Creation Date, Expiration Date.
  • These functions are useful in searches to check whether a .name exists, whether there is a similar .name, etc.

2. Password Protected Detailed and Extensive Whois

Global Name Registry would replace existing search and e-mail services with direct, password-protected access to the Whois database. The Detailed and Extensive Whois services would have the following characteristics:

  • Output: web and port 43 access.
  • Detailed Whois would be available behind a firewall and available to the general public through use of a password valid for 24 hours.
    • Detailed Whois would include only registrant contact information (not including phone number and e-mail address) unless the admin, tech or billing contacts were different.
  • Extensive Whois would be available behind a firewall and accessible by password, renewable annually, only.
    • Passwords would be provided to searchers willing to abide by a standard agreement that includes an undertaking that the information will be used for specified purposes only, not including marketing.
  • Passwords can be accessed in two ways (and will be issued to requestors by e-mail), depending on the type of search desired:
    • Detailed Whois: application through www.name ("Public Application"):
      • Application process open to the public.
      • Fee of $2 per application (paid by credit card or PayPal), or similar authentication steps.
        • The fee is intended to deter marketing and illegal activities by those who would not want to create a trail by using a credit card.
        • Global Name Registry may substitute credit card authentication requirement for $2 fee.
        • Profits, if any, generated by fee to be shared with registrars.
        • Users can avoid the fee by entering into Extensive Agreement (described below).
      • Public Application. Global Name Registry would modify the existing Extensive Whois application to require additional information to ensure that the requestor is accountable for any misuse of Whois data.
      • Each requestor would be assigned five (5) passwords.
        • All passwords would be valid for 24 hours.
        • Each password would be valid for only one (1) Whois search.
    • Extensive Whois: Agreement with Global Name Registry (the "Extensive Agreement") for persistent password:
      • Requestors enter into a simple agreement with Global Name Registry to gain unlimited password access.
        • Representations and undertakings in such an agreement would relate to uses of the Whois information. The requestor would be required to use the password only:
          • for specified purposes in pursuit of legal rights not including marketing;
          • for law enforcement;
          • for consumer protection;
          • to combat fraud or prevent crime;
          • to confirm legitimate uses of domains (for purposes of transfers between registrars, etc.); or
          • for other specified legitimate uses.
      • Password renewed annually upon re-certification by password holder.
      • No fee.
      • See Extensive Agreement for further detail.
  • Once password is issued, requestor may use that password within the Whois database interface to get behind the firewall.
    • This is the case for either Detailed or Extensive Whois – no e-mails containing Whois results will be sent.

3. Messenger Service

  • If a requestor prefers not to enter into the Extensive Agreement or to use the Public Application to gain one-time access to Detailed Whois, requestor will have the opportunity to send an e-mail through Global Name Registry.
  • There will be a web interface on www.name where a requestor can type in a domain name and fill in a message field, which will then be forwarded to the domain name registrant.
  • This is useful in cases of voluntary transfer, and even in situations where requestors simply do not want to pay the fee or file the Public Application.

4. Telephone Hotline

  • Global Name Registry will provide a 24/7 telephone hotline, as well as an e-mail address, to assist members of the Internet technical community (e.g., ISPs, DNS server operators, and other Internet transport providers) in responding to requests for technical contact information urgently needed to resolve address resolution or other technical issues. Global Name Registry will also provide an e-mail address for such queries, but shall not be liable for failing to act on information contained in undelivered or delayed e-mails.

5. Miscellaneous Provisions

  • Global Name Registry will implement various measures to streamline the contracting process.
  • Global Name Registry will enhance the quality of (i) required registrar disclosure to registrants of the circumstances under which personally identifiable information will be available, and (ii) registrant consent to and release for Global Name Registry's disclosure of personally identifiable information under such circumstances.
  • The Global Name Registry Whois service will respond to search requests directly at www.name and also those referred from ICANN registrar sites.
Comments concerning the layout, construction and functionality of this site
should be sent to webmaster@icann.org.

Page Updated 25-Nov-2002
©2002 The Internet Corporation for Assigned Names and Numbers. All rights reserved.