US and EU Clash Over Whois Data

← Back to Stories (view on slashdot.org)

US and EU Clash Over Whois Data

Posted by Soulskill on Wednesday October 10, 2012 @09:03AM from the not-going-to-spark-world-war-3 dept.

itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually — moves that are applauded by David Vladeck, director of the FTC's Bureau of Consumer Protection. The E.U.'s Article 29 Working Group is markedly less enthusiastic, saying ICANN's plans trample on citizens' right to privacy."

20 of 67 comments (clear)

Min score:

Reason:

Sort:

Solution by Anonymous Coward · 2012-10-10 09:06 · Score: 5, Insightful

Well, I guess I'll have to get a temporary phone number, address AND anonymous "gift card" credit card now for my domain now
1. Re:Solution by Mr+Europe · 2012-10-10 17:09 · Score: 2
  
  Credit card seems to be the identification certificate in the US.
Time for the anti UN comments... by xaxa · 2012-10-10 09:13 · Score: 4, Insightful

Time for the anti UN comments, as usual around here. But how can you defend the USA on this case?
(My .uk domain's public whois looks like this:
Registrant:
[My real name]
Registrant type:
UK Individual
Registrant's address:
The registrant is a non-trading individual who has opted to have their
address omitted from the WHOIS service.
And that's the way I like it!)
1. Re:Time for the anti UN comments... by Hentes · 2012-10-10 09:34 · Score: 2
  
  Care to explain how does the UN come into this? This is between the USA and the EU.
2. Re:Time for the anti UN comments... by xaxa · 2012-10-10 10:05 · Score: 2
  
  Care to explain how does the UN come into this? This is between the USA and the EU.
  My apologies, I read the article but had already assumed it was another item from the ITU meeting.
  There were two articles earlier today mentioning the ITU:
  http://politics.slashdot.org/story/12/10/10/1855223/is-mobile-broadband-a-luxury-or-a-human-right
  http://tech.slashdot.org/story/12/10/10/1330218/following-huawei-report-us-rejects-un-telecom-proposals
3. Re:Time for the anti UN comments... by Hentes · 2012-10-10 11:03 · Score: 2
  
  But unless the UN indicates that it will respect whois privacy there is no reason to believe they would be better.
Won't "private registrations" still continue? by hawguy · 2012-10-10 09:15 · Score: 2

What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details? If the "owner" of the domain has to have their real contact info on file with the domain, then for customers that want to remain private GoDaddy and other registrars can "own" the domain with a contract giving exclusive use of the domain to whoever paid for the domain.
1. Re:Won't "private registrations" still continue? by mysidia · 2012-10-10 12:12 · Score: 3, Informative
  
  What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details?
  Are you aware of the requirements that apply to domain registrars, including ones that implement that function?
  Every domain registrar is Required to retain the WHOIS data, and all the pertinent details for all their customers, and make all that information available to organizations designated by ICANN.
  Buying a private registration gets you a public WHOIS listing, but all your information is still available.
  Unless you have a 3rd party registrar-unaffiliated proxy service, register the domain, own the domain in place of you, and provide their information to the registrar, instead of yours.
  Then there's a risk, however, if the proxy service goes bankrupt: ownership of the domain could get included in the proxy services' assets and liquidated to pay creditors of the proxy service.
Why would this get rid of spam? by Anonymous+Brave+Guy · 2012-10-10 09:18 · Score: 5, Insightful

That makes no sense, because many people can and routinely do send e-mail from the same domain.
This move is fairly directly contrary to the basic rules of privacy in the EU, and after the negative press that European governments have had over things like airline passenger and banking information recently, I don't see this getting very far. There's no compelling "fear the terrorists" or "catch the tax evaders" kind of argument with popular appeal here. The US authorities have no need to know my credit card number, and certainly no need to keep it for years, assuming it's even still valid by that time.

--
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Re:Want to get rid of spam or not? by ilsaloving · 2012-10-10 09:19 · Score: 4, Insightful

How could this possibly stop spam? Most spam comes from botnets anyway, which are going through their companies and/or ISPs mail server. The last thing a spammer would do is use a proper domain.
Re:Want to get rid of spam or not? by Kaenneth · 2012-10-10 09:20 · Score: 2

You don't need a DNS entry to spam or even host a website (it probably helps though...)
Make It Private by Anonymous Coward · 2012-10-10 09:20 · Score: 3, Insightful

I personally don't mind having legitimate data associated to domains I own, but I don't like that my name, address, phone number, and email address is visible to everyone. I don't really think ICANN needs my credit card number, but it seems like just making only, say, the name, available publicly would be a better first step.
1. Re:Make It Private by Alain+Williams · 2012-10-10 10:44 · Score: 2
  
  Mod parent up I wonder who has lent on ICANN to ask for this ? Time for ICANN to be truly independent of any government.
Credit Card Information? by Jason+Levine · 2012-10-10 09:26 · Score: 4, Informative

Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year). If the credit card information was in there as well, what would stop shady organizations from using that information for other scams? WHOIS certainly doesn't keep my physical address safe from scammers.

--
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
1. Re:Credit Card Information? by WaffleMonster · 2012-10-10 10:06 · Score: 5, Informative
  
  Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year).
  This is just another intentionally misleading headline. Card data is not going into whois.
  The issue is requiring registrars to hang on to CC data so that governments would be able to "lawfully" request from the registrar if that registrar is operating within jurisdiction of said goverment.
  Rather than addressing data retention standards with legislation as decided by each countries government...such as thru a billing passed by congress and signed by the president they are essentially attempting an end run around democractic process to get a desired outcome.
  None if it is defensible...both ICANN and FTC are in the wrong regardless of what you feel about the issue of data retention.
Visa rules by OldGunner · 2012-10-10 09:28 · Score: 4, Informative

I believe storing consumer credit/debit card data over 90 days is a direct violation of Visa International rules. I've been away for that stuff for a couple of years now, so I could be wrong.

--
Vietnam Veteran / Former Postal Worker -- Use Caution When Taunting!
It's a ruse by damn_registrars · 2012-10-10 09:29 · Score: 3, Informative

ICANN doesn't give a rat's ass about the validity of data in WHOIS, and hasn't for a long time. Someone (perhaps in law enforcement?) probably put a little pressure on them something recently and now they are putting on a show. It will blow over soon enough and we'll be back to business as usual, with ever-increasingly-more-meaningless WHOIS data.

From my own experience I would say at least 80% of the records I have looked up in the past several months for extant domain names have had obfuscated information, protected by registrars who don't give a damn that their customers are conducting illegal activities (fraud, selling drugs, selling pirated software, sending spam, etc) through the domains that they sold them. ICANN doesn't give a shit about "protected" obfuscated domain names, and doesn't care about ones with blatantly false data, either.

ICANN just wants to make money. They'll either find a way to make more money with this, or - more likely - they will give it up once the pressure is off.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Re:Stupid Question by silas_moeckel · 2012-10-10 09:34 · Score: 2

Yup it's trivially easy to do on the technical side getting people to use it is another matter.

--
No sir I dont like it.
Re:Want to get rid of spam or not? by rs79 · 2012-10-10 18:04 · Score: 3, Informative

It's nothing to do with spam. It's so the intellectual property crowd can sue the right person.
Think! Who else in the domain ecosystem needs to know exactly who you are?

--
Need Mercedes parts ?
Re:Want to get rid of spam or not? by Joce640k · 2012-10-10 18:19 · Score: 2

Not the senders, the receivers. Many people regard the whois database as a big list of email addresses to spam.

--
No sig today...