Policy On Personal Data For Website Owners Debated At ICANN

Luxembourg City–Among the many issues arising at this week’s meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) is how to improve the accuracy and privacy of the database of contact information about Internet website owners.

The so-called Whois database is the collection of names and addresses of people who register websites, made public under ICANN rules. For several years, it has been a subject of debate as rights holders and law enforcement complain about high levels of inaccuracy and privacy advocates push for the data to be removed from public view.

“Defining appropriate uses for the consumer data collected into the Whois database is one of the most controversial issues at the ICANN meeting this week,” said Robin Gross, representative of the Non-Commercial Users Constituency to the ICANN Generic Names Support Organisation Policy Council.

ICANN is the private, non-profit organisation based near Los Angeles that oversees the Internet naming and addressing system. ICANN rules require that registrars offering domain names obtain contact information including full name of individual or organisation, postal address, e-mail address, voice telephone number, and fax number. Names must be provided for administrative, billing, and technical issues, and all information must be updated regularly. The information is made public on the Internet.

In October 2003, ICANN established three task forces to study aspects of the Whois database. The task forces looked at ensuring the data is not used for data mining, how to handle privacy concerns, and how to improve accuracy. The first two groups were merged along the way, and now the third group has joined them so that there is one group.

The third group (on accuracy) made recommendations in late 2004, but these were rejected by the Internet registrars group. Some recommendations from that group are still being considered by the new task force, however. At the June meeting of the cross-cutting ICANN Generic Names Support Organisation (GNSO), new terms of reference were agreed to for the task force.

The GNSO asked various ICANN constituencies for their views by 21 July on Whois issues such as the definition of the purpose of the Whois data, the definition of the categories of contacts, such as administrative, technical or domain holder, how registrars can better inform those registering domain names that their data is inaccurate, and how to address concerns of those registering names that the requirements conflict with their national or community law as has happened in Europe. One other item is to determine what data should be made public and consider how to access data that is not accessible.

A pre-existing task force on domain name transfers defined administrative contact as a person who one can contact for any basic, non-technical information, according to Jordyn Buchanan of Register.com, a domain name registrar. The transfer task force defined domain holder as the person who has the rights, entered into contract, may not actually own it. The technical contact was defined as responsible for technical operation of domain names, he said.

Internet users’ representatives have raised concerns about efforts to increase access to personal information for accuracy and security reasons. “Large IP holders want unlimited access to the personal information, and law enforcement is lobbying for unlimited access to the personal information,” Gross said. “Large IP holders and law enforcement claim it is too much of a hassle to have to go through traditional legal channels in order to obtain personal information about who has registered a website.”

“But consumers have due process and privacy rights regarding access to and use of their personal info,” Gross said. “Law enforcement has always contended that it is too burdensome to have to go to court and convince a judge they have a case against a person before their personal information can be released, so it’s not a new argument – it’s brought out every time there is opportunity to obtain personal info without respecting due process rights.”

Human rights issues also have been raised in the past related to inaccuracy as there are cases of activist websites in less open countries that fear to make their contact information known. These issues have come up in hearings in the U.S. Congress and elsewhere.

Intellectual property rights holders are concerned that the new terms excluded that upfront verification be required for registrants, which they felt would improve the quality of the information. The provision lost in a narrow vote in the GNSO, according to participants.

Steve Metalitz, executive vice president of the Intellectual Property Constituency, said the group is reviewing drafts of a constituency report on several of the topics of the new terms of reference. These include the definitions and resolving conflicts with local laws.