How to solve the Whois problem?

Stéphane Van Gelder, Registry Relations and Strategy Director for NetNames reports on the latest developments in Internet governance

At last week's regional ICANN meeting in Amsterdam I was invited to speak on a panel entitled "Whois and Privacy Issues". As a leading domain name registrar, NetNames is constantly struggling with Whois-related issues simply because our customers are too.

As the database of domain registrants, Whois is like the Internet's census. And just like the census, although most people agree it's necessary, no-one is really happy with the way it's done.

What was

Whois has been around for over 25 years now and in that time, it's hardly changed. In technological terms, that's astounding. Imagine if mobile phones had shown so little progress. Those lovely apps on our smartphones would still be real "clicky" buttons that we would use to… call someone!

Just like many of the Internet's key protocols, Whois wasn't made for a world with more than 630 million websites, 250 million registered domain names and nearly 2.5 billion Internet users.

Not surprisingly, Whois is outdated. Individuals don't feel comfortable with having to feed sensitive personal data into a public database to register a domain name, law enforcement is unhappy with the amount of unverified data in Whois, and registrars face a massive headache navigating around the different Whois formats.

What is

ICANN has been looking at the Whois problem for as long as anyone remembers. Up until late 2012, when I stopped chairing the GNSO, ICANN's policy-making body for gTLDs had several Whois-related active work streams eating up resources without conclusive results.

Other groups have also looked at Whois, but results remain limited. Incoming ICANN CEO Fadi Chehadé has identified the problem and made it one of his top priorities. He recently announced the creation of an "Expert Working Group on gTLD Directory Services" as a first step towards the creation of a new Whois policy.

The WG has a mandate to:

  1. define the purpose of collecting and maintaining gTLD registration data, and consider how to safeguard the data, and

  2. provide a proposed model for managing gTLD directory services that addresses related data accuracy and access issues, while taking into account safeguards for protecting data.

It also has a very ambitious timeline. Although the group is not formed yet, work is supposed to end in April so that results can be presented at the next ICANN International meeting in Beijing!

What might be

So what would an improved Whois look like?

First, with two different types of Whois currently existing in the gTLD space alone (thick and thin), and many different formats used in the ccTLD space, a uniform Whois would be a major step forward.

It would make Whois simpler to use for registrants, registrars and registries and would also make it clearer, which might in turn help data accuracy.

But the major hurdle to overcome is how to match the requirement of individuals not to have their personal information broadcast to the world with those of the law enforcement community to have an effective tool to fight crime.

Some technical solutions have been suggested. One is a tiered access Whois database where the public view would not show detailed registrant data, but this would still be collected. "Accredited" parties such as law enforcement agencies would have access to it under certain conditions.

Can solutions like these help solve the Whois problem? Watch this space in April for our post ICANN Beijing analysis.

Written by Stéphane Van Gelder, Registry Relations and Strategy Director for NetNames

27 January 2013