What’s happening with Whois compliance activities?

by Stacy Burnette on October 31, 2008

Whois has been a complex issue within ICANN, and continues to receive attention at the policy level. While this important policy work goes on, ICANN still has the clear responsibility to enforce existing Whois provisions in the Registrar Accreditation Agreement (RAA), and to better understand the real world status of Whois accuracy and Whois related services (e.g. privacy and proxy registration services).

So, what is ICANN doing for Whois compliance? Here is a recent survey of activities:

1. A Whois Accuracy Study to Assess the Accuracy of Registrant Data in the Whois Database
Understanding the Whois environment is important. The GNSO is considering, and the GAC has called for, various Whois-related studies. You may or may not know that there has been study work underway, and some new work is just starting. There has been a long-running and challenging effort underway to statistically answer the question “How accurate is Whois data?” After multiple starts on such a study, an initial study/contract phase has just been completed with the National Opinion Research Center (associated with the University of Chicago) to design such a study. NORC recently provided ICANN with a proposed methodology for selecting a representative sample of domain names and a proposed methodology for verifying the accuracy of Whois data. ICANN is analyzing this information and we’re optimistic that this will turn into an executable study plan within the next few weeks.

2. A Registrar Privacy/Proxy Registration Services Study to Assess the Extent to Which Registrants Are Using Privacy/Proxy Registration Services
ICANN has initiated a study of Proxy/Privacy Registration Services. The purpose of this study is to determine the extent to which registrants are using privacy and proxy registration services and to obtain information regarding the business models used to provide such services. As part of this study, ICANN will send a survey to all ICANN-accredited registrars requesting that they provide, among other things, information regarding the number of registrations they manage that currently use privacy or proxy registration services. The survey is being finalized and it is anticipated that registrars will receive ICANN’s survey before the end of 2008.

3. ICANN’s Whois Data Problem Report System (WDPRS) is Undergoing a Redesign to Improve Functionality and Meet Community Needs
The Whois Data Problem Report System (WDPRS), implemented in 2002 to assist registrars in complying with their obligation to investigate Whois inaccuracy claims, is undergoing a system redesign. ICANN frequently receives thousands of Whois inaccuracy claims through this system per day. The redesigned software system (to be completed in November), will include components that allow for better, hands-on analysis of actual problem reports and processing of bulk Whois inaccuracy claims. I’m happy to note that there has been consultation with high volume submitters and representatives from the Intellectual Property and Registrar constituencies regarding the system redesign (these high volume submitters account for about 80% of inaccuracy complaints filed through the WDPRS.)

A demonstration of the redesigned WDPRS will be provided at the Cairo meeting as well as information regarding ICANN’s findings relative to our manual reviews of Whois inaccuracy claims. This work should result in quality improvements for users of the WDPRS and system improvements that allow ICANN to better monitor Whois accuracy compliance. Moreover, we anticipate the use of the redesigned WDPRS to lead to a better understanding of the environment: How long does it take to go from an inaccuracy complaint to resolution of that complaint? How many complaints are successfully resolved the first time?

4. Recent Whois-Related Enforcement Action – Notices of Breach
The community may have noted that in October two registrars, Joker.com and DNS.com.cn, were sent breach notices regarding insufficient follow-up on complaints of Whois inaccuracy. Inaccuracy investigation, per the RAA, is a requirement and it is important that this requirement be taken seriously.

ICANN analyzed both registrars’ responses to ICANN’s notices of breach and found that Joker.com appeared to take reasonable steps to investigate the Whois inaccuracy claims provided. Conversely, DNS.com.cn was found non-compliant, as it failed to take reasonable steps to investigate the Whois inaccuracies indentified by ICANN.

Consistent with RAA requirements, DNS.com.cn cured the cited breach within 15 days to avoid termination by ICANN. However, in an effort to ensure that DNS.com.cn complies with the registrar Whois accuracy requirements set forth in Section 3.7.8 of the RAA, ICANN developed a remediation plan that requires DNS.com.cn to provide monthly reports identifying, among other things, exactly what steps were taken to investigate each Whois inaccuracy claim sent to DNS.com.cn via the WDPRS. DNS.com.cn has agreed to remain on ICANN’s remediation plan for six months.

5. Whois Data Inaccuracy Audit – Ongoing
ICANN has conducted a Whois Data Inaccuracy Investigation Audit, and will continue to do this in the future. Thirty ICANN-accredited registrars were part of the audit. Each of these 30 registrars was asked to provide specific information on 10 domain names randomly selected from the WDPRS. From the selected sample, 187 domain names were included in the audit. Registrars took action on 89 of them, and as of 12 June 2008, registrars report they are currently investigating an additional 26 domain names.

6. Whois Data Reminder Policy Audit – Ongoing
The Whois Data Reminder Policy Compliance Audit has been ongoing. In the first half of 2008, reports showed 850 of 901 registrars responded, and 98% of responders were found in compliance. (Follow-up action has been taken with non-respondants.) This means that the vast majority of gTLD registrants are contacted at least annually regarding updating their Whois records.

Conclusion
ICANN will continue to broaden its efforts to enforce the Whois provisions of the RAA and study trends that impact Whois accuracy, but I thought it would be useful to review the plans for future Whois compliance action and the Whois compliance actions underway right now.

For current information regarding ICANN’s Whois-related compliance activities, community members are encouraged to read and subscribe to the monthly ICANN Compliance Newsletter (see
http://www.icann.org/en/compliance/newsletter/). In almost every issue, you’ll find some update on Whois compliance actions.

{ 5 comments… read them below or add one }

Maxime 11.03.08 at 12:57 pm

Hello, thank you for your precious information.
As a company, We would be glad to know what are are the required documents that are needed to prove that we are the owner of the domain names, in case of ICANN verification procedure or in case of any third party law suits. We are asking this question as we seeing that many people do not have the exact and the same answer.
Thanks for your help
Max

bob bruen 11.14.08 at 4:02 am

I am concerned about the statistical approach to the study of whois data accuracy. We all know that a small number of registrars have the vast majority of bad actors. The problem is somewhat concentrated, so a broad study will dilute the results.

The study will still be useful because no one really knows the extent of the accuracy problem, but a study of the known problem registrars also needs to be done.

Maxime 11.17.08 at 6:24 am

none is replying to my question?
I am wondering if I don’t find answer on official blog of Icann where would I get it

P. Chaney 11.17.08 at 8:13 am

As an investigator of a non-governmental agency (which works hand-in-hand with government agencies), I would like to know why it is so difficult for a government agency to obtain information from “domain(s) by proxy” companies.

I would also request a better understanding as to why businesses are allowed to hide their identities, when it should be required that a business be “transparent” over the internet.

We have found that most of the companies operating as “scams” are hiding their information behind a “proxy” name, which makes it that much more difficult for government agencies to take a fraudulent website off the internet.

William A. McKelligott 03.04.09 at 7:41 am

Response to the questions posed by P. Chaney:

“As an investigator of a non-governmental agency (which works hand-in-hand with government agencies), I would like to know why it is so difficult for a government agency to obtain information from “domain(s) by proxy” companies.”

Response from the Contractual Compliance Team: Government agencies have the ability to subpoena records, data, and any other information needed to conduct an investigation.

“I would also request a better understanding as to why businesses are allowed to hide their identities, when it should be required that business be “transparent” over the internet.”

Response from the Contractual Compliance Team: This is a policy question. As of June 2009, any official ICANN stakeholder group can initiate a Policy Development Process (PDP).

“We have found that most of the companies operating as “scams” are
hiding their information behind a “proxy” name, which makes it that much more difficult for government agencies to take a fraudulent website off the internet.”

Response from the Contractual Compliance Team: Thank you for sharing your observation. Again, we encourage you to participate in the ICANN PDP.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image