US and EU Clash Over Whois Data

← Back to Stories (view on slashdot.org)

US and EU Clash Over Whois Data

Posted by Soulskill on Wednesday October 10, 2012 @09:03AM from the not-going-to-spark-world-war-3 dept.

itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually — moves that are applauded by David Vladeck, director of the FTC's Bureau of Consumer Protection. The E.U.'s Article 29 Working Group is markedly less enthusiastic, saying ICANN's plans trample on citizens' right to privacy."

46 of 67 comments (clear)

Min score:

Reason:

Sort:

Solution by Anonymous Coward · 2012-10-10 09:06 · Score: 5, Insightful

Well, I guess I'll have to get a temporary phone number, address AND anonymous "gift card" credit card now for my domain now
1. Re:Solution by Nrrqshrr · 2012-10-10 09:26 · Score: 1
  
  Track your purchases and credit flow, I guess..
2. Re:Solution by NJRoadfan · 2012-10-10 11:01 · Score: 1
  
  What the many folks who use Paypal? I have a feeling registrars are going to push back big on this one.
3. Re:Solution by Mr+Europe · 2012-10-10 17:09 · Score: 2
  
  Credit card seems to be the identification certificate in the US.
4. Re:Solution by gl4ss · 2012-10-10 19:31 · Score: 1
  
  Well, I guess I'll have to get a temporary phone number, address AND anonymous "gift card" credit card now for my domain now
  What do they need a credit card for anyways?
  what do you need it for? to buy stuff, doh. budgets are being cut etc.
  
  --
  world was created 5 seconds before this post as it is.
5. Re:Solution by TheSpoom · 2012-10-11 02:52 · Score: 1
  
  Gandi includes private whois with all registrations. There are a number of other registrars who will do it for a fee.
  (Solely in my opinion) you should stay away from GoDaddy though. They charge $20 every time they discover that your whois information is fake, probably to get you to buy their private registration service. Instead, I transferred all my domains to Gandi. Everybody wins, right?
  
  --
  It's better to vote for what you want and not get it than to vote for what you don't want and get it.
  - E. Debs
Time for the anti UN comments... by xaxa · 2012-10-10 09:13 · Score: 4, Insightful

Time for the anti UN comments, as usual around here. But how can you defend the USA on this case?
(My .uk domain's public whois looks like this:
Registrant:
[My real name]
Registrant type:
UK Individual
Registrant's address:
The registrant is a non-trading individual who has opted to have their
address omitted from the WHOIS service.
And that's the way I like it!)
1. Re:Time for the anti UN comments... by Anonymous Coward · 2012-10-10 09:26 · Score: 1
  
  Mine is something to the effect of -
  Registrant: WHOIS PRIVACY DEFENDER
  Registrant Type: WHOIS PRIVACY DEFENDER
  Registrants...
  Why show anything when you don't have to?
2. Re:Time for the anti UN comments... by Hentes · 2012-10-10 09:34 · Score: 2
  
  Care to explain how does the UN come into this? This is between the USA and the EU.
3. Re:Time for the anti UN comments... by xaxa · 2012-10-10 10:05 · Score: 2
  
  Care to explain how does the UN come into this? This is between the USA and the EU.
  My apologies, I read the article but had already assumed it was another item from the ITU meeting.
  There were two articles earlier today mentioning the ITU:
  http://politics.slashdot.org/story/12/10/10/1855223/is-mobile-broadband-a-luxury-or-a-human-right
  http://tech.slashdot.org/story/12/10/10/1330218/following-huawei-report-us-rejects-un-telecom-proposals
4. Re:Time for the anti UN comments... by Hentes · 2012-10-10 11:03 · Score: 2
  
  But unless the UN indicates that it will respect whois privacy there is no reason to believe they would be better.
5. Re:Time for the anti UN comments... by Anonymous Coward · 2012-10-10 11:19 · Score: 1
  
  "Hope you're not hosting a site or sending mail from that domain with the expectation that everyone will be able to see / receive it without trouble."
  Not my experience. I own a (Whois Privacy Protection Service, Inc.) domain and host my own mail server since around 2000; not a single problem that I know of yet.
6. Re:Time for the anti UN comments... by Stalks · 2012-10-10 18:34 · Score: 1
  
  That's FUD. I've also hosted a mail server with domains using the WHOIS privacy feature for 10+ years and not had a single problem in sending or receiving mail.
Won't "private registrations" still continue? by hawguy · 2012-10-10 09:15 · Score: 2

What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details? If the "owner" of the domain has to have their real contact info on file with the domain, then for customers that want to remain private GoDaddy and other registrars can "own" the domain with a contract giving exclusive use of the domain to whoever paid for the domain.
1. Re:Won't "private registrations" still continue? by mysidia · 2012-10-10 12:12 · Score: 3, Informative
  
  What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details?
  Are you aware of the requirements that apply to domain registrars, including ones that implement that function?
  Every domain registrar is Required to retain the WHOIS data, and all the pertinent details for all their customers, and make all that information available to organizations designated by ICANN.
  Buying a private registration gets you a public WHOIS listing, but all your information is still available.
  Unless you have a 3rd party registrar-unaffiliated proxy service, register the domain, own the domain in place of you, and provide their information to the registrar, instead of yours.
  Then there's a risk, however, if the proxy service goes bankrupt: ownership of the domain could get included in the proxy services' assets and liquidated to pay creditors of the proxy service.
2. Re:Won't "private registrations" still continue? by mrbester · 2012-10-10 13:06 · Score: 1, Informative
  
  GANDI.NET doesn't charge. They provide a tick box to remove your details from public WHOIS and even encourage you to tick it. To hell with the nickel and dimers gouging you for basic functionality.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
3. Re:Won't "private registrations" still continue? by slashmojo · 2012-10-10 19:55 · Score: 1
  
  often for a significant fee
  Actually these days it is often provided free with the domain registration. See namecheap.com and internetbs.net for example.
Why would this get rid of spam? by Anonymous+Brave+Guy · 2012-10-10 09:18 · Score: 5, Insightful

That makes no sense, because many people can and routinely do send e-mail from the same domain.
This move is fairly directly contrary to the basic rules of privacy in the EU, and after the negative press that European governments have had over things like airline passenger and banking information recently, I don't see this getting very far. There's no compelling "fear the terrorists" or "catch the tax evaders" kind of argument with popular appeal here. The US authorities have no need to know my credit card number, and certainly no need to keep it for years, assuming it's even still valid by that time.

--
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Re:Want to get rid of spam or not? by ilsaloving · 2012-10-10 09:19 · Score: 4, Insightful

How could this possibly stop spam? Most spam comes from botnets anyway, which are going through their companies and/or ISPs mail server. The last thing a spammer would do is use a proper domain.
Re:Want to get rid of spam or not? by Kaenneth · 2012-10-10 09:20 · Score: 2

You don't need a DNS entry to spam or even host a website (it probably helps though...)
Make It Private by Anonymous Coward · 2012-10-10 09:20 · Score: 3, Insightful

I personally don't mind having legitimate data associated to domains I own, but I don't like that my name, address, phone number, and email address is visible to everyone. I don't really think ICANN needs my credit card number, but it seems like just making only, say, the name, available publicly would be a better first step.
1. Re:Make It Private by Alain+Williams · 2012-10-10 10:44 · Score: 2
  
  Mod parent up I wonder who has lent on ICANN to ask for this ? Time for ICANN to be truly independent of any government.
Credit Card Information? by Jason+Levine · 2012-10-10 09:26 · Score: 4, Informative

Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year). If the credit card information was in there as well, what would stop shady organizations from using that information for other scams? WHOIS certainly doesn't keep my physical address safe from scammers.

--
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
1. Re:Credit Card Information? by MtHuurne · 2012-10-10 09:59 · Score: 1
  
  There is no need at all to have a credit card associated with a domain. For example, I don't pay for my .org domain by credit card. In fact, here in the Netherlands a lot of people don't even have a credit card, since we have other payment systems that are cheaper and buying stuff on credit is not as common as in the US or UK.
2. Re:Credit Card Information? by WaffleMonster · 2012-10-10 10:06 · Score: 5, Informative
  
  Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year).
  This is just another intentionally misleading headline. Card data is not going into whois.
  The issue is requiring registrars to hang on to CC data so that governments would be able to "lawfully" request from the registrar if that registrar is operating within jurisdiction of said goverment.
  Rather than addressing data retention standards with legislation as decided by each countries government...such as thru a billing passed by congress and signed by the president they are essentially attempting an end run around democractic process to get a desired outcome.
  None if it is defensible...both ICANN and FTC are in the wrong regardless of what you feel about the issue of data retention.
Visa rules by OldGunner · 2012-10-10 09:28 · Score: 4, Informative

I believe storing consumer credit/debit card data over 90 days is a direct violation of Visa International rules. I've been away for that stuff for a couple of years now, so I could be wrong.

--
Vietnam Veteran / Former Postal Worker -- Use Caution When Taunting!
Read the truth about ICANN and the DNS by Anonymous Coward · 2012-10-10 09:28 · Score: 1

The rotten and corrupt Domain Name System.
It's a ruse by damn_registrars · 2012-10-10 09:29 · Score: 3, Informative

ICANN doesn't give a rat's ass about the validity of data in WHOIS, and hasn't for a long time. Someone (perhaps in law enforcement?) probably put a little pressure on them something recently and now they are putting on a show. It will blow over soon enough and we'll be back to business as usual, with ever-increasingly-more-meaningless WHOIS data.

From my own experience I would say at least 80% of the records I have looked up in the past several months for extant domain names have had obfuscated information, protected by registrars who don't give a damn that their customers are conducting illegal activities (fraud, selling drugs, selling pirated software, sending spam, etc) through the domains that they sold them. ICANN doesn't give a shit about "protected" obfuscated domain names, and doesn't care about ones with blatantly false data, either.

ICANN just wants to make money. They'll either find a way to make more money with this, or - more likely - they will give it up once the pressure is off.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:It's a ruse by tlhIngan · 2012-10-10 09:41 · Score: 1
  
  ICANN doesn't give a rat's ass about the validity of data in WHOIS, and hasn't for a long time. Someone (perhaps in law enforcement?) probably put a little pressure on them something recently and now they are putting on a show.
  Not law enforcement - they don't really care because if they need to, they can just ask and most registrars will just gladly hand it over. May take a warrant or so.
  No, this would be for those who want that information but cannot obtain it like that - think the **AAs for that. Find a domain that if you follow this sort of path here through to this other site and this new host, eventually points to a 1 second sample of something that maybe possibly could be a piece of music - piracy! Just look up the contact information in WHOIS and sue them for copyright infringement!
  No law enforcement needed - makes it all much easier and cheaper.
  Plus think of who owns those pesky domains like "thepiratebay" or "wikileaks" - just have to make them do something that'll force them to turn over their domains...
2. Re:It's a ruse by damn_registrars · 2012-10-11 14:32 · Score: 1
  
  Not law enforcement - they don't really care because if they need to, they can just ask and most registrars will just gladly hand it over. May take a warrant or so.
  I disagree with you on this one. Registrars don't fear warrants from law enforcement in most cases, because in most cases the registrars who sell domains to people who are out to do things that violate (for example) US laws will be set up in countries where such laws do not exist. If the registrar is located in, say, China, and the warrant comes from the US, it goes right into the trash. Interpol doesn't give a damn either, they have bigger fish to fry.
  
  A great example is the "Canadian Pharmacy" scam that we see all the time. The domains are usually .com, registered to an address in Russia (if the address isn't obfuscated by a service), by way of a registrar in Asia. The ISP for the IP address is generally in another former soviet country. Sure, they are breaking American laws (and probably laws in many other countries, too), but the American warrant doesn't mean shit to the registrar, ISP, or the owner of the web site.
  
  Likely some group in law enforcement wants to see if there are any illegal domains that are registered to American addresses, so ICANN is pretending to care about the problem for a little while. By the end of the month they'll be back to their old game.
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Stupid Question by vga_init · 2012-10-10 09:31 · Score: 1

But isn't it technically possible for people to set up a free DNS or functionally equivalent service of their own, without any government or private regulations, and without necessarily charging [exorbitant] fees to use it? Everything else related to the web is open source...
1. Re:Stupid Question by silas_moeckel · 2012-10-10 09:34 · Score: 2
  
  Yup it's trivially easy to do on the technical side getting people to use it is another matter.
  
  --
  No sir I dont like it.
ICANN going batshit just in time for halloween by WaffleMonster · 2012-10-10 09:42 · Score: 1

I love ICANN.. They require real contact information be stored in a public database or else your domain can be taken and resold and oh by the way registrars get to charge extra just to keep your identity in the public database safe.
All they are doing to address the sespool of automated domain capture, phishing and extortion activities upon expiration is truely amazing and inspiring.
I'm having trouble finding the words to express my appreciation for their infinite TLD program which has opened up new and exciting opportunities for name protection extortion, phishing and additional layers of government involvement.
ICANN is the only Internet body who consistantly errors on the side of unmitigated greed and selling out to governments. It has no soul and does not deserve to exist.
Re:Want to get rid of spam or not? by epyT-R · 2012-10-10 10:06 · Score: 1

Actually, neither the right to privacy (unless you count 'secure in your person' in the 4th amendment) nor the right to not get spam are defined.. given a choice, I'd rather get spam than lose my privacy..and if marketing was opt in in the first place, spam would hardly be a problem in the first place.
Insecure by Alioth · 2012-10-10 10:09 · Score: 1

Credit cards are fundamentally insecure (the fact you can get money off one by merely knowing the number on the front and the expiry date and a couple of other trivially easy to find bits of information - all of which will be in the whois database). ICANN should think hard - do they really want to be held responsible when the inevitable breach occurs? Do they really want to have to implement PCI-DSS for the networks and systems holding whois data? The decision to hold credit card data in whois is likely to be something that is regretted fairly quickly.

--
Oolite: Elite-like game. For Mac, Linux and Windows
Real Solution? by bobbied · 2012-10-10 10:16 · Score: 1

If you really don't want to give up all this data to the whois directory, just forgo having a domain... Simple as that.
If you really *must* have a domain and you are worried about privacy, prepaid credit cards, prepaid phones, a P.O. box and throw away E-mail account are pretty easy to obtain these days, but that is only necessary if you don't trust who you buy the domain from and they refuse to be the whois contacts for you.
If anybody really is still worried about their privacy, I'll be happy to proxy their registrations for costs plus a fee and if you want I can arrange to accept cash and/or money orders. Of course, I'll have to know who you are and I'll be the one who officially owns the domain....

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
1. Re:Real Solution? by Gonoff · 2012-10-10 11:07 · Score: 1
  
  If you really don't want to give up all this data to the whois directory, just forgo having a domain... Simple as that
  Or alternatively, use a registrar in Europe. Not proof against a warrant. That is fine. Just a little less of my info where the spammers MAFIAA and other criminal organisations can easily see it. No doubt, there is still plenty out there but "every little helps".
  
  --
  I'll see your Constitution and raise you a Queen.
2. Re:Real Solution? by bobbied · 2012-10-11 01:28 · Score: 1
  
  Doesn't SeaLand register domains?
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
3. Re:Real Solution? by Gonoff · 2012-10-11 06:24 · Score: 1
  
  They be undergoing national mourning. Their king just died...
  
  --
  I'll see your Constitution and raise you a Queen.
Re:ICANN't stand USA take over the internet by bobbied · 2012-10-10 10:30 · Score: 1

This answers why EU wants less control of USA over the internet. EU cares (more) about privacy that USA.
Privacy on the internet? You can't be serious.... If you expect privacy on the internet you are fooling yourself. Data passes though too many hands and too many servers and too many countries to remain private every time you expect it. You can encrypt the payloads and use proxies to make it hard to track you, but the information is still bouncing around out there and somebody could, if they wanted too bad enough, find you or decrypt your data.
Privacy online is an illusion, even if a law claims privacy online is a right.

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
WhoCares by PPH · 2012-10-10 10:46 · Score: 1

All the domains are owned (on behalf of their customers) by GoDaddy anyway.

--
Have gnu, will travel.
Well screw them.... by 3seas · 2012-10-10 12:15 · Score: 1

... for I can think... Therefor I AM! And that is who is I.
Re:Want to get rid of spam or not? by rs79 · 2012-10-10 18:04 · Score: 3, Informative

It's nothing to do with spam. It's so the intellectual property crowd can sue the right person.
Think! Who else in the domain ecosystem needs to know exactly who you are?

--
Need Mercedes parts ?
Re:Want to get rid of spam or not? by Joce640k · 2012-10-10 18:19 · Score: 2

Not the senders, the receivers. Many people regard the whois database as a big list of email addresses to spam.

--
No sig today...
Re:holding credit card by gl4ss · 2012-10-10 19:39 · Score: 1

isn't holding credit card number after transaction a violation of ifc? or something?
isn't that what cause sony to apologize to milions?
what is this uselss idea?
yeah. but why do you think ftc is aware of such?

--
world was created 5 seconds before this post as it is.
The most hacked database on earth by Big+Hairy+Ian · 2012-10-10 22:05 · Score: 1

Do we really want it holding CC details when best practices are not to store them unless you are the bank involved in the transaction!!

--
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.