Close this menu

Where to go with WHOIS

After three months of work, the ICANN WHOIS Working Group has issued its report, but it does little to resolve the controversy surrounding WHOIS and personal privacy. While I am disappointed at the Working Group’s failure to get its arms around the issue, I take some comfort in knowing that I am not alone in being frustrated by the seemingly endless WHOIS debate.

For many years privacy advocates have argued that the WHOIS database facilitates spam and violates the privacy of website owners. The free market has already responded to those concerns. Leading registrars now offer “proxy” registrations that provide complete privacy protection for thousands of registrants, while still allowing appropriate access to the underlying data for law enforcement, consumer protection, and IP protection.

But, as simple and effective as proxy registration has proven to be, it has failed to satisfy hard core privacy advocates. They continue to push for a more complicated privacy protection scheme called Operational Point of Contact (OPOC). But those who demand  change have failed to show that there would be any real harm in simply leaving things as they are. They haven’t demonstrated that the current system is unable to address whatever privacy problems may arise. They haven’t shown that OPOC would actually solve any of those problems. And they haven’t offered any evidence that the changes they propose will be worth what it would cost to implement them.

Nevertheless, the WHOIS Working Group set out to put some meat on the bones of the OPOC proposal. Unfortunately, they ended up delivering an incoherent hamburger helper of conflicting priorities. Hardly an adequate basis for seriously considering OPOC implementation.

The Working Group did suggest four feasibility studies — one looking into the costs associated with OPOC implementation, another examining the use and misuse of WHOIS data, and two more looking at ways to select and authenticate those who would be authorized to access the WHOIS database under OPOC.

Studying whether privacy is really a problem would be a good idea. So would taking a close look at how much it would cost to fix something that probably isn’t broken in the first place. But, if the privacy problem is small and the cost to fix it turns out to be high, why bother with the other two studies at all?

I wish the ICANN staff good luck as they try to make sense of the Working Group report and urge ICANN not to bother with OPOC unless these additional studies suggest that the WHOIS privacy problem is serious enough to justify the high cost and unintended consequences of fixing it.