|
The ICANN Board has approved the community recommendation that “the provision of Thick Whois services should become a requirement for all gTLD registries, both existing and future.” We have long supported the migration from ‘thin’ to ‘thick’ Whois, which will improve both quality and ease of access to Whois data, thereby further facilitating intellectual property enforcement online.
The ICANN community has debated the merits of migration from ‘thin’ to ‘thick’ Whois for years, as part of the larger Whois Review process. A ‘thick’ Whois, which is currently required of all new gTLDs, and will now be required of all existing gTLDs as well, provides domain name information and registrant information in one place, with the authoritative database for all information stored at the Registry level. By contrast, the few remaining ‘thin’ Whois registry information models (including .COM, where the majority of domain registrations lie, and consequently the most abuse occurs), separate the data by registrar and registry, with the former holding registrant information and the latter holding domain name registration data.
The ICANN Board resolution adopted the recommendations made by the Thick Whois Policy Development Process Working Group in its Initial Report, released in June of last year. The findings, with which MarkMonitor and other leaders in the intellectual property protection community agree, are as follows:
Requiring a Thick Whois would, among other things:
For brand owners, the benefits are simple. Easier, quicker access to stable and consistent Whois information means quicker responses to and resolution of disputes involving websites which contain the sale of counterfeit goods and pirated copyrighted materials, the distribution of phishing, malware and destructively operating botnets, and content which infringes on trademarks.
MarkMonitor will continue to participate in and monitor the implementation plan for migration from ‘thin’ to ‘thick’ Whois, which will affect over 120 million domain name registrations. However, we are pleased to note that the Thick Whois Policy Development Process Working Group fully examined the issue, and found no significant possibility of detrimental effects.
Sponsored byRadix
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byIPv4.Global
I’ve been a huge fan of so-called “thick” WHOIS data provisioning for ALL gTLDs and I had always wondered why this model was not adopted when VeriSign moved the COM and NET registries to EPP protocol (from the previous protocol, whose name escapes me, so perhaps if you knew what that was, that would be appreciated) in the mid-2000s. Unfortunately, it seems the COM and NET registries were still required to only display “thin” information upon looking up a domain name, forcing us to use third-party “WHOIS aggregation services” or go directly to that particular registrar’s WHOIS database. This problem was compounded last year when GoDaddy.com, the largest domain name registrar, started displaying only registry-level information on its own WHOIS database, potentially in breach of its registrar accreditation agreement.
I’d like to see ALL of the gTLD registry operators add the best CAPTCHA technology to the registry-level databases, for enhanced security of personal information and to prevent “scraping” or “harvesting” by “spambots”.
A “thick” WHOIS model, as you said, has many benefits, the primary one being enhanced access to registrant data supposedly held in escrow. Registrars, as I understand it, are supposedly required to escrow all of their data with a third-party so that, in the event of their failure, ICANN can reach out to the appropriate customers and transfer them to an alternative registrars. The problem is: can we trust what data the registrant is placing in escrow is reliable and done regularly? Are multiple revisions of that data kept? One question I have, for those customers using WHOIS privacy services, is the the underlying data of the registrants required to be held in escrow still?
Finally, when do you expect VeriSign to adopt the “thick” WHOIS model?
Cheers,
Doug M.
P.S. Also, why won’t CIRA adopt the “thick” WHOIS model?
The previous protocol was RRP: https://tools.ietf.org/html/rfc2832
No, that’s a bad idea. CAPTCHA is not the solution. Any system that attempts to prevent abuse will be gamed when there is enough value at stake.
If registrars want to keep their accreditation, then it would seem they are obliged to escrow. Of course this assumes that someone is patrolling that data, and only ICANN knows that.
That probably depends on the escrow service. You would think that each revision would be kept.
Yes. Same for whois proxy, at least according to the latest RAA.
Sincerely,
Anthony Eden
P.S. Because CIRA doesn’t need to adopt it and maybe doesn’t want to centralize such a significant amount of valuable personal data?
Ah, yes, RRP. I remember that now. Thanks, Anthony! :)
Well, the registrars’ WHOIS databases already use CAPTCHA technology (or, rather, largely they do), what’s wrong with adopting this at the registry level, at least until a better technological solution comes along? GoDaddy.com has already stopped displaying its own formatted registrar-level WHOIS in favour of data from the registry. The problem is, VeriSign’s COM and NET gTLD registries don’t yet display all of the data. In absence of a “better” solution, I’d still argue we need to adopt CAPTCHA technology at the registry level now. :)
That’s exactly what I’m questioning. Does ICANN not regularly review the accuracy of data stored in escrow and whether multiple revisions are being kept? In particular, especially in terms of underlying data held in escrow from the WHOIS privacy services, does ICANN review this data accuracy at all? It’s easy to say, “if registrars want to keep their accreditation, they’ll do x,” but as a former customer of the RegisterFly mess and eNom’s role in the whole debacle of not taking action sooner against their reseller, registrars have a particularly shoddy history at WHOIS data accuracy. ;)
Cheers,
Doug
Sounds good! :) Cheers, Doug
I used to support ccTLD registry autonomy in decision making, but one thing I don’t like about CIRA’s governance in particular is their complete lack of transparency. Sure, they may offer online voting and yes I am a CIRA member, but where they gain points for that, they lose them in their complete lack of disclosure in terms of policy discussions at the board level and WHOIS accessibility. Intellectual property holders should have a right to find out when someone is using a second-level domain .CA domain name in contravention of their rights. The general public should have a right to look up who owns a .CA second-level name, a key Canadian strategic digital asset. Everyone should have a right to find out who .CA domain squatters are. Plain and simple. I’m not certain how anyone could argue against these views. Anything else is tantamount to less democratic regimes, like China, holding Internet data private. :(
That said, I am in generally in favour of WHOIS privacy services for those that wish to protect their WHOIS data, at a nominal cost, provided the underlying data is escrowed and that escrowed data is periodically reviewed by registry-appointed auditors, presumably, on a “random sample” basis.
It’s for the above-noted reasons CIRA gets, at best, a C in overall transparency and governance and one of the reasons I’d like to see IANA (which is currently managed by ICANN under contract, or another body) given additional broad powers to set master ccTLD registry policies and a “framework” that is a sort of minimally-accepted standards by which ALL ccTLD registries must operate or risk losing their registry operation contracts. The governments would retain their right to appoint a new registry operator, of course, but IANA (or that other body) would act as a “ccTLD arbiter” of sorts of when a ccTLD registry operator is acting in contravention of that framework and, after x number of warnings, ICANN could essentially suspend/terminate its ability to act as a ccTLD registry operator, forcing the country’s government to appoint a new operator. Registry operators would be, of course, free to set their own registry and registrar policies, as long as they achieve the minimum stated aims of the “global ccTLD registry framework”.
I realize it takes away some country autonomy, but the gains in standardization in terms of governance and transparency on a global level, more than outweight any losses in country autonomy over its namespace, don’t you think? As we’ve seen time and again, countries (including Canada) don’t make the best decisions vis a vis its strategic digital assets. ;)
Cheers,
Doug