Whois Policy Reform Advances

The Associated Press reports this week on ICANN developments involving the Whois reform.  The Whois database, which displays domain name registrant information including names, addresses, phone numbers, postal and email addresses, has been the subject of years of debate within ICANN as many in the Internet community have expressed concerns about the mandatory disclosure of such personal information.  The GNSO has successfully pushed for reform, though it is uncertain how the ICANN board will respond.

Interestingly, the Canadian Internet Registration Authority, which manages the dot-ca domain, this week announced that it has completed its consultation on implementing whois reform in Canada.  The CIRA reforms would push Canada far ahead of ICANN, by removing the mandatory public disclosure of the personal information of individual registrants.  It would also include a unique system that would allow people to contact a registrant via CIRA without obtaining the registrant's personal information. This is a welcome development (I pushed for whois reform during my six years on the CIRA board) – CIRA says it expects to implement the reforms by the end of this year and the Canadian Internet community should hold the organization to that time frame.

Tags: / / /


  1. Public disclosure of domain ownership is a good thing, not a bad thing. Something as important to the free internet as domain ownership should rely 100% on a transparent process.

    Also, the fact that each domain listing provides a technical support contact has been immensely important when working out issues across networks. If we rely on ICANN to forward an email to some corporate owner, instead of being able to find out the name of the actual tech support contact responsible for the domain, many of these issues would never be resolved.

    This is an issue I would never expect a lawyer to fully understand, but my fellow front line technicians will tell you that open domain ownership disclosure has forwarded the internet’s functionality, reliability and usefulness far more then hindering it.

  2. Danny, what does the disclosure of personal information of the owner of the domain have to do with the discosure of a technical support contact? The exclusion of one does not lead to the exclusion of the other by necessity.

  3. Who would “anonomously” own a domain and then reveal their company info via the tech support channel in their company? While this is not always the case it is often the case that the technical contact is in the same company as the domain owner. Its like saying “You can’t have my phone number or business name, but here is my secretary’s phone number and business name.”

    You are right that A does not always lead to B, but A does lead to be in many cases.

    And there is still the matter of a transparent process. Domain name ownership is often the subject of contention, and rumors of favoratism abound. My point about technical considerations is definately secondary to my concern about a transparent process.

  4. Martin Laplante says:

    There is more to whois than domain names. There is definitely a need to disclose contact information for IP netblocks and most types of mail servers, but domain names themselves? Why do you need to contact me when I have a vanity lastname domain without equipment, existing only as an entry on someone else’s DNS server, but not if I run a host or subdomain on some other domain such as dyndns? There has got to be a way to resolve technical issues without subjecting everyone who has registered a domain name to gratuitous spam. Besides, providing correct information to the registrar seems to be optional. One of the reasons they invented SSL is to voluntarily make your identity verifiable.

    If CIRA can do this, I would rather they register and publish contacts for equipment that can be used to cut off abusers, and not focus on making every domain name registrant public.

  5. Techie my arse
    Danny A,

    First, the new whois policy if for individual registrants, not for corporate registrants. Do your homework.

    Second, publishing personal details for individual registrants is exactly what id theft *thrives* on. All that personal data is a gold mine!

    Third, if you and your “frontline techies” can’t figure out how to find the owner of ip blocks and networks, you aren’t techies after all. And if I want you to contact me, I would put my info on my domain’s site.

    Lastly, nice dig at lawyers. As a techie, I have to question you tech credentials.

  6. Those are good points and I didn’t realise it doesn’t apply to corporate accounts. Your points about ID theft make alot of sense.

    I would like to thank ONE of you for pointing out my misconceptions in a POLITE manner.

  7. Greg A. W. says:

    It seems to me that the new CIRA whois policy is bogus and mis-directed. Undoutably there are many hidden agendas behind it, in addition to the many misconceptions its authors seem to hold.

    The fact is that any individual relying upon CIRA to protect their personal details as a domain owner (or tech contact, etc.) has already lost the game of trying to protect their identity.

    Just as there are important reasons to have _reliable_ technical contact information always available from the registries for all network addresses and domains, there are similarly many very important reasons for full and open disclosure of domain and address owners.

    Sure, publishing the full owner and contact information, including but not limited to e-mail addresses, in a harvestable form can result in the related contacts being spammed a little more, but that’s not because it’s been publihed in a whois service. The true problem is that not enough information is published, and not enough e-mail protections are in place, to ensure that any spammers abusing those addresses will be identified and stopped.

    If some form of spam and identity theft protections are truly the only reasons behind reducing the amount of information published about any domain name and IP address owners, then the whole process has been flawed from the ground up and any resulting changes or policies are totally bogus from the get go.