One of the internet’s oddities is WHOIS, the online directory that contains information about the owners of domains. Standing in contrast and opposition to the Net’s prevailing culture of anonymity, WHOIS exposes to all the names, addresses, and telephone numbers of domain owners (unless, through a sketchy workaround, an owner pays a domain registrar to maintain ownership on his behalf). If an owner puts in false information, he can have his domain name registration cancelled.
For years now, WHOIS has been a battlefield between privacy advocates who want to change the system and commercial and law-enforcement interests who want to keep it as is. As Computerworld’s Jaikumar Vijayan explains:
Companies, intellectual property holders and law enforcement authorities have argued in favor of [continued] open access to the WHOIS database on the grounds that it helps them go after phishers, trademark infringers, copyright violators and other crooks. Privacy advocates, on the other hand, have opposed unrestricted WHOIS access on the grounds that it could expose individual domain registrants to spam and unwanted surveillance. They have for some time now wanted the information in the WHOIS database to be shielded from public access.
The Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the directory, has organized a series of committees and meetings in hopes of getting the two sides to hash out a compromise. But no real progress has been made. The most recent attempt, involving a large ICANN working group, ended in another and perhaps final impasse last week, as one of the group’s members, Syracuse University professor Milton Mueller, described in a blog post on August 22:
The ICANN Working Group that was trying to reconcile data protection and privacy principles with the domain name system’s legacy Whois directory, which publishes the name and full contact details of all domain name registrants, was finished today. “Finished off” might be a better term. Despite flirting with the kind of compromises and reforms that might actually reconcile privacy rights with identification needs, in the final weeks of the process trust and agreement among the parties broke down completely.
The working group’s specific charge was to render judgment about a proposal by internet registrars that, as Mueller writes, “would have shielded the registrant’s street address from public view, putting in its place a contact person that consolidated the role of administrative and technical contact in the old system.” Nothing else would have changed beyond the removal from public view of the registrant’s street address. But reaching a consensus on even this small concession to privacy proved impossible, writes Mueller:
It is hard to believe that such a miniscule change could generate three months of contentious work by nearly 60 people, ranging from representatives of each GNSO [Generic Names Supporting Organization] constituency to law enforcement agencies from the US, the Netherlands, and Canada; representatives of the banking and real estate industry; 5 or 6 intellectual property, hoteliers and software producers associations; not to mention a few companies that literally make their living collecting and selling Whois data. But it did.
What makes the WHOIS deadlock interesting is that it reveals, in microcosm, the great and ever widening divide that lies at the net’s heart – the divide between the network as a platform for commerce and the network as a forum for personal communication. The way that tension is resolved – or not resolved – will go a long way toward determining the ultimate identity and role of the internet.
Domain names (and routing table entries) are tangible property: literally very tiny pieces of storage within the authoritative databases. They abut other people’s tangible property and there is mutual influence between them. They are a rival property. Just as I want public records for deeds to land, so too for deeds to authoritiative names and numbers on the Internet.
Privacy advocates should concentrate on developing new technology — an overlay network that whose architecture does not include any reliance on host identities.
Right now, to perform a search, I format a message and say “Dear Internet, please deliver this to Google.” The infrastructure software, starting with my ISP, then “shops” for a route on my behalf.
Privacy advocates will be happier when we get to a an Internet where I format a message and say “Dear Internet, what is the result of applying the page rank algorithm to these search terms?” and the infrastructure responds by shopping for an economical provider that can run that program for me.
With an overlay network that is addressed by the generic name for the content or service you want, rather than by a particular host name where you think that content or service can be found, then host names just won’t matter so much to privacy.
-t
I really loved your “more private” network, based on cheap processing facilities, and pure algorithms as actions — first time I saw such an Internet. Would you have any context where things are use this way? I’d be interested in developing an utopian business model around that: ISPs turned into CPU farms swapping peta-cycles, anyone?
One compromise to the actual question that Icann has been facing (and Nick raising) could be reached by understanding the level of each demand:
* one wants to be able to have someone to refer to in case of an issue, the other not to have to bother;
* you can have issues with any one; you only are concerned about one’s privacy: yours;
* the commercial solution appears henceforth a systemic solution to a systemic problem; the privacy can be reached with staw-men located in areas with law respecting their secrecy.
That point could be turned around and was raised? Sorry. . .