|
ICANN’s GNSO council had WHOIS on its agenda for today. The options on the table: (1) Accepting the outcome of years of policy development processes; (2) rejecting that outcome (again?), but calling for some kind of fact-gathering to feed into future policy work, in order to keep the space occupied; (3) acknowledging that there is broad dissent in the Internet community, and calling for a sunset on the WHOIS clauses in current agreements, as these clauses are not backed by community consensus any more.
Not very surprisingly, motions (1) and (3) failed; (2) was accepted; all that after lengthy discussion, with lots of procedural bells and whistles.
In practical terms, this means that the ICANN community’s attempt to come to consensus about WHOIS is over for now. It is pretty clear that there is indeed no WHOIS policy that that community can agree on without a change to the political environment that it is operating in; it is also clear that this is not due to a lack of factual knowledge or background research, but because of deeply divergent views on the issues. Maybe taking time out would help. Nevertheless, the GNSO (and ICANN as a whole) also suffers horror vacui: ICANN is, after all, the organization tasked with coming to consensus about these kinds of issues, and ICANN giving up means a big opening for others to step in.
Therefore, ICANN is now trying the “fact finding” excuse: We’ll hear that ICANN recognizes the importance of WHOIS policy making and the challenges ahead in this area, and hopes that new models in policy making (which look a bit like a return to very old models for policy making) and more gathering of factual information will help future policy development to yield results where none could be found before.
ICANN staff will be charged with the unenviable task of engaging on this fact-finding mission, again; similar missions happened ca 2001/2002 (anybody remember the WHOIS study?) and 2003/2004 (fond memories of using the ombudsman to get a meeting with staff). Staff will produce a report (I’d guess with some delay), which will then lead to terms of reference which will look a bit like the ones we wrote in summer 2003. The process will then restart. I don’t envy those who will be part of this particular round. I’m glad I’m out of this particular rathole.
For some more commentary and links, see Wendy Seltzer’s take in Deja Vu Day.
Sponsored byRadix
Sponsored byCSC
Sponsored byVerisign
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byDNIB.com
So whois remains in status quo? Full whois, with the addition of weird and wonderful fakery, domain cloaking etc?
Well, better the mess you know than the mess you dont.
It is a state of affairs that neither the privacy tinfoil hatters (including the rabid ones like Milton) nor the enforcement or bust IP lawyers will like.
And that, I guess, is a very good outcome indeed.
To anybody who confidently expect results from this or any other icann meeting ..
1. There is no consensus and that is obvious
2. No consensus means you wont get a sunset clause coming in. All you will get is just what you got, a call for “further study” and pushing the issue way onto the back burner, with status quo maintained.
Color me completely unsurprised, and not very disappointed at all.
One outcome I expect from this is that private, unsanctioned privacy schemes will grow even faster. The biggest registrars all offer them; I bet before too long we start seeing price competition on them. My own registrar (pairnic) will only hide your e-mail address, but that’s most of what I want, to make it a little harder for me to get spammed.
Suresh, is this the mess you know or something else?
Larry Seltzer said:
A very well known mess indeed. Some registrars are a favorite with spammers and also offer anonymous whois.
The media’s latched onto this - but not much I can find about this from a spam or security viewpoint other than this one:
http://www.silicon.com/research/specialreports/thespamreport/0,39025001,39155545,00.htm
The spam standpoint is that if my e-mail address is in whois someone’s going to harvest it and spam me. Consider what Network Solutions does instead; use a long complicated forwarding address and change it periodically so that it can’t have any life span in a spam database. Why can’t this be allowed as part of the ICANN rules, even required?
If not from whois it will get harvested from somewhere else. There’s various opinions on how best to secure public posting addresses - expiring mail, web contact forms with captcha etc .. none of them are foolproof.
And none of them do much against the problem of active fakery of whois data for malicious / spam domains.