Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Privacy Watchdog To ICANN: Law Enforcement WHOIS Demands "Unlawful"

Posted by timothy on from the whois-you-to-make-these-demands? dept.

First time accepted submitter benyacrick writes "WHOIS was invented as an address book for sysadmins. These days, it's more likely to be used by Law Enforcement to identify a perpetrator or victim of an online crime. With ICANN's own study showing that 29% of WHOIS data is junk, it's no surprise that Law Enforcement have been lobbying ICANN hard to improve WHOIS accuracy. The EU's privacy watchdog, the Article 29 Data Protection Working Party, has stepped into the fray with a letter claiming that two of Law Enforcement's twelve asks are "unlawful" (PDF). The problem proposals are data retention — where registrant details will be kept for up to two years after a domain has expired — and re-verification, where a registrant's phone number and e-mail will be checked annually and published in the WHOIS database. The community consultation takes place at ICANN 45 in Toronto on October 15th."

4 of 81 comments (clear)

  1. Working phone number in whois by bobbutts · · Score: 5, Insightful

    That would be a problem for me. I have hundreds of domains with a made up phone number. The last thing I wanted was calls from robo-dialers mining the whois db to a real number.

    1. Re:Working phone number in whois by sjames · · Score: 4, Insightful

      That would be a work-around, but it's more reasonable to recognize that it's not reasonable to force someone to publish their phone number to every pointy-headed moron in the world that thinks I owe them my time so they can make a sales pitch in my home.

      If 'Law Enforcement' would care to actually pursue said morons when they violate the do not call list or commit various frauds AND they would care to narrow the exceptions to the DNC list, people might not be so resistant to give a real phone number.

      It's not like whois is the only hope to track down a domain owner. IF they have a sufficient reason to track them down they can follow the IP address to a provider and present a warrant for the account information OR they can present the warrant to the domain registrar. If they don't have good enough reason to get a warrant, they shouldn't be pursuing it in the first place.

    2. Re:Working phone number in whois by sjames · · Score: 3, Insightful

      A side point is that law enforcement loves for corporations to have have lots of information on individuals that is legally mandated to be correct so they can 'ask' for it without a warrant from a judge. That seems to be their angle here.

  2. "Law Enforcement?" by Anonymous Coward · · Score: 2, Insightful

    I didn't RTFA, but who exactly is "Law Enforcement?" The capitalization makes it seem like it's the proper name of some organization.