ICANN/DNSO
DNSO Mailling lists archives

[nc-whois]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [nc-whois] Contribution Of Globally, Publicly Accessible WHOIS Information To Identity Theft And Other Fraud


If a registrar is in compliance with its obligations under the RAA, it is advising its registrants "who is collecting the information, why the information is being collected, and how it is going to be used."  I have posted the RAA citations previously to this list.  

 

"The global, public accessibility of WHOIS data contradict[s] FTC's advice"  -- I think this would come as news to the FTC, which has strongly supported public access to Whois and which submitted a response to our Task Force's survey to that effect. 

 

If this is intended as a statement of the FTC's position or approach to Whois then I believe we should have the FTC review it.  If it is intended as the interpretation by one Task Force member of how FTC positions on other aspects of privacy ought to be applied to Whois  --i.e., as a critique of the FTC's actual Whois position - then that is certainly another story, but I am not sure why a critique of alleged inconsistency by the FTC belongs in the issues report of this Task Force.    

 

I am also concerned about the suggestion that "the enforcement of the accuracy of Whois data" is an innovative or novel suggestion of this Task Force.  These obligations regarding accuracy have been on the books for years and have been "enforced" a number of times, whether in the sense of registrants losing their registrations for willful submission of false data or in terms of ICANN action to enforce the obligation of registrars to respond to complaints of false Whois data. 

 

Steve Metalitz

 

-----Original Message-----
From: Ruchika Agrawal [mailto:agrawal@epic.org]
Sent: Friday, March 07, 2003 2:01 PM
To: Cade,Marilyn S - LGCRP; NC-WHOIS (E-mail)
Subject: [nc-whois] Contribution Of Globally, Publicly Accessible WHOIS Information To Identity Theft And Other Fraud

 

Dear All:

Here are the paragraphs on the contribution of globally, publicly accessible WHOIS information to identity theft and other fraud:

The U.S. Federal Trade Commission (FTC) plays a critical role both in the investigation of consumer fraud and in the protection of consumers from fraud.  According to the FTC's website, "The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them." [See, for example, http://www.ftc.gov/bcp/conline/pubs/online/dontharvest.htm]


In this vein, the FTC advises consumers not to disclose personal information, and if consumers choose to disclose personal information, they should know who is collecting the information, why the information is being collected, and how it is going to be used.   Not only does the global, public accessibility of WHOIS data contradict FTC's advice, but the consumer, as a domain name registrant, is stripped of these abilities, as the registrant has no way of knowing who collected his/her WHOIS data, why the information was collected, and how the collector intends to use the information.   Further yet, with the enforcement of the accuracy of WHOIS data, as is recommended by the WHOIS Task Force, consumers will not even have a choice on whether to disclose their personal information.  The alternative to relinquish a domain name is not giving consumers a genuine choice, and instead infringes on Internet free speech.


The global, public accessibility of WHOIS data imposes risks on domain name registrants, and may contribute to identify theft as well as other fraud.  The FTC's guidelines in their effort to safeguard consumer privacy are applicable to the protection of domain name registrants; these safeguards should be appropriately enforced.

Regards,
Ruchika



<<< Chronological Index >>>    <<< Thread Index >>>