Policy Issue Brief - gTLD WHOIS
This is a basic introduction to WHOIS, an important area of Internet policy development that is being addressed currently by the ICANN community's bottom-up, consensus-based policy making structure. This introduction is designed to accommodate newcomers to ICANN, as well as ICANN community veterans who may be unfamiliar with WHOIS policy. Whether a newcomer or veteran, we encourage you to go beyond this introduction and learn more about the work of the ICANN community. We have included URLs to additional information on WHOIS, as well as other topics referenced by this policy issue brief.
We also invite you to receive regular updates on ICANN policy development activities via e-mail by subscribing to the monthly ICANN Policy Update. To subscribe, simply visit the ICANN subscriptions page at http://www.icann.org/newsletter/, enter your e-mail address, and click on the ICANN Policy Update.
International participation and collaboration are essential to the success and effectiveness of ICANN's policy development activities; continued success is not possible without the commitment of volunteers like you from around the world. Whether you represent the Internet interests of a nation, a group of individual Internet users, a company, or an organization that would like to become more involved in the issues, there is a place for you at ICANN where you can help shape the future of the Internet.
Thank you for your interest and participation.
What is WHOIS?
Every year, millions of individuals, large and small businesses, media organizations, non-profit groups, public interest organizations, political and religious organizations, and other entities register domain names for use by web sites, e-mail, newsgroups, and various Internet media. During the domain name registration process, each registrant is required to provide information that is made available to the public by WHOIS services.
ICANN requires public disclosure of gTLD domain name registrant contact information (e.g., mailing address, phone number and e-mail address), administrative and technical contacts, and other information. This information, often referred to as "WHOIS data," is made accessible to the public to satisfy many stakeholder needs, including:
- To allow network administrators to find and fix system problems and to generally maintain the stability of the Internet
- To determine the availability of domain names
- To help combat inappropriate uses of the Internet such as spam or fraud
- To facilitate the identification of trademark infringement
- To enhance accountability of domain name registrants
The extent of WHOIS data collected at the time of registration, and the ways such data can be accessed, are specified in agreements established by ICANN for domain names registered in generic top-level domains (gTLDs).
What are the gTLD WHOIS policy concerns?
WHOIS has been the subject of intense policy development interest for many years. The original purpose of WHOIS data and the WHOIS query protocol and web services created to deliver public access to that data was largely technical.
Over time, WHOIS data has been increasingly used for other constructive and beneficial purposes; for example, WHOIS data is sometimes used to track down and identify registrants who may be posting illegal content or engaging in phishing scams. However, some WHOIS data uses that have emerged are viewed as potentially negative; for example, WHOIS data has been harvested and used to send unwanted spam and fraudulent email solicitations.
Unrestricted online access to domain name registrant contact information has caused concern among privacy advocates and some individual registrants. Concerns have also been raised that WHOIS requirements in the Registrar Accreditation Agreement (RAA) and in registry agreements may conflict with privacy laws in various countries that protect personal information from being revealed publicly. As time passed, concerns have grown about WHOIS data accuracy and usability, as well as WHOIS ability to meet new technical requirements such as support for internationalized domain names.
How does ICANN address gTLD WHOIS policy concerns?
ICANN's Generic Names Supporting Organization (GNSO) Council works to address these and other gTLD WHOIS data and access issues by refining related policies.
For example, the GNSO continually evaluates and documents the importance of WHOIS to stakeholders. In 2006, a GNSO task force re-examined the purpose of WHOIS, detailing intended and actual uses of registrant contact information. Based on that work, ICANN approved recommendations to improve WHOIS usage notification and consent. At the same time, the RAA (the agreement ICANN has with its accredited registrars) was amended to require registrars to restrict bulk access to WHOIS data for marketing.
The GNSO also takes steps to improve WHOIS accuracy. For example, a policy was added to require registrars to provide each registrant at least annually with an opportunity to review and correct their domain name's WHOIS data, accompanied by a reminder that false data can be grounds for registration cancellation. In addition, registrants that submit false data or fail to respond to registrar inquiries were given a grace period during which the domain name is temporarily held by the registrar until the registrant provides updated WHOIS data. Contractual compliance efforts to improve WHOIS data accuracy and accessibility are also underway, based in part on the findings of ICANN-sponsored studies which measured WHOIS data inaccuracies and trends.
ICANN continues to work to address concerns regarding potential conflicts between privacy laws or regulations and provisions of ICANN contracts relating to the collection, display and distribution of personal data via the gTLD WHOIS service. For example, ICANN adopted a procedure which details how it will respond to any situation where a registrar/registry can demonstrate that it is legally prevented by privacy laws or regulations from complying with the aforementioned contract requirements.
Recognizing concerns that the current WHOIS service might decrease in reliability and usefulness over time, the GNSO Council compiled a comprehensive set of technical requirements for WHOIS intended to address both known deficiencies in the current service and possible enhancements that may be needed to support various on-going policy initiatives. This inventory does not suggest policies or operational rules, but instead provides technical guidance to standards bodies and other organizations such as ARIN that are currently working on possible WHOIS successor protocols and services.
Currently, ICANN is considering RAA amendments in the global public interest with the twin goals of registrant protection and stability in mind. Several proposed amendments deal with WHOIS data, including registration process PCI compliance, service level agreements for WHOIS availability, circumstances requiring registration cancellation for false WHOIS data, a verification process registrars might be required to undertake after receiving report of false WHOIS data, and requirements for a WHOIS data problem reporting system. In addition, several proposed amendments would define policies for Privacy and Proxy services – services currently used by some domain name registrants to avoid publishing their own contact information and/or identity in WHOIS data.
What is the purpose of WHOIS studies?
At the request of the GNSO Council, ICANN has initiated a series of WHOIS studies. These studies resulted from lengthy policy debate about introducing an intermediary Operational Point of Contact (OPOC) to improve privacy aspects of WHOIS for natural persons and the ability of legitimate parties to respond in a timely manner against fraud and other illegal acts by registrants acting in bad faith. In rejecting the OPOC proposal, the GNSO Council decided instead to initiate fact-based studies of WHOIS to provide a foundation for further policy-making.
WHOIS studies now underway were selected by the Council as topical areas that would benefit the most from thorough data gathering and analysis prior to further policy development. Currently-approved WHOIS studies include:
- WHOIS Misuse -- This study examines the extent to which public WHOIS data is misused to address harmful communications such a phishing or identity theft.
- WHOIS Registrant Identification -- This study uses WHOIS data and content associated with domain names to classify entities that register gTLD domain names, including natural persons, legal persons, and Privacy and Proxy service providers.
- WHOIS Privacy and Proxy Services Abuse -- This study examines the extent to which gTLD domain names used to conduct alleged illegal or harmful Internet activities are registered via Privacy or Proxy services to obscure the perpetrator's identity.
- WHOIS Privacy and Proxy Relay and Reveal -- A survey is underway to assess the feasibility of conducting an in-depth study into communication Relay and identity Reveal requests sent for gTLD domain names registered using Proxy and Privacy services.
It is hoped that results from these WHOIS studies will provide current, factual data to inform future community discussions regarding WHOIS policy.
Want to Learn More?
For a complete list of WHOIS policy activities and related documents, please visit http://gnso.icann.org/issues/WHOIS/. Information regarding studies now underway to provide current, factual information about WHOIS usage can be found at http://gnso.icann.org/issues/WHOIS/studies.