Ross Rader wrote:
I'm simply saying that the public interest will be better served if the questions are asked in terms of identifying the problems that exist and then looking for solutions to them as part of the policy development process. Your original note identified a very limited and prescriptive set of solutions which may or may not be helpful in dealing with the problems that I think you are identifying.
The high-level problem has always been fairly easy to identify: bad actors go out of their way to obscure, hide or fake contact information so that they cannot be held accountable for their actions. Please correct me if this core assumption is incorrect. While the contractual contact information between registrant and registrar is most likely accurate (to protect the registrar), it is confidential to the transaction between them and does not serve the public good. It is WHOIS -- the direct interface between name owner and the public -- that is being obscured, hidden and faked. Of course there are privacy issues at hand, but some reasonable proposals -- such as allowing personal registrants to keep their information protected by escrow, but still accurate and accessible by the legal system -- have attempted to address this. There seems to me to be no good reason *not* to verify and enforce the accuracy of WHOIS data. We can debate about who has access to it if the owner has a privacy concern, but there is absolutely no excuse for the data itself to be wrong or missing. One could argue that, since registrars already have accurate contact information, they have the ability to keep WHOIS accurate even if the registrant themselves do not. The case is being made that registrars should thus bear at least partial responsibility for ensuring that WHOIS data is accurate. The issue of who has access to this WHOIS data, in case of a legitimate need for privacy, is different from the need to at least have accurate data *somewhere*. (IMO if the cost to do all this is passed down from registrar to registrant -- even if it doubles the price of domains -- this would not bother me. Registrants who own a handful of domains for their own identity would not be heavily impacted, but domain speculators would. And that's fine with me....) There may be other ways of enabling the public to identify and track down bad actors, and I for one would love to hear them. But enforcing WHOIS accuracy requires no new technical protocols, is already within ICANN's mandate, and is doable should the will exist.
If you want to harp on whois accuracy, that's fine - I'm not going to stand in your way, but I think if you are serious about getting something done, you will need to open up the discussion to what is likely going to be a larger range of solutions than the ones you described in your note earlier this morning.
I'm all ears. If not accurate WHOIS, then what? IMO, enforcing WHOIS accuracy may not solve all problems in tracking down bad actors, but it seems to me to be an extremely good -- and comparitively easy to implement -- start. - Evan