Commerce Dept. Orders NSI to Open "Whois" Database

Sawmill writes "The US Commerce Department has ordered NSI to open the "whois" database to companies. This is either really good (free the information!) or really bad (SPAM hell). " Either way, it looks like NSI has been stepping on an awful lot of toes lately. Something's got to change over there.

toes

what's the deal with them? they went for almost 3 days without updating the database last week.

in any case, i don't think this can be a bad thing; i've never had good dealings with internic and the less i have to do through them the better.

Re:toes

[DAVEO]

good point, daveo a full 3 days ago has registerd a new domain name on saturday. he was then sent an e-mail that said the registration could'nt be prosessed automatically. then they said they would manauly do it. well, sure enoguh the nsi's faq says 24 hours, but daveo's experince has been far more than that,m with now notice so far, and it is not expected to be done this week, if ever.

is any-one in the /. readers aware of how long a manual prosessing would take, and do business days count in it by themselves, or should the time be counted from the day it is registered, no matter when?

Again, what's the fuss all about ?

First off, the USCD only warned to open...blah... You should really read that article.

Now, I personally think this whole discussion is obsolete, since you CAN get any information you want if you take a closer look to their database.

What makes (all what's left of) my hair stand is, that NSI wants to create pages, where you can more or less just copy&paste all information from. THAT will make it a bloody lot easier for potential SPAMmers to get the info they want ...

No, I don't like that at all !

Re:Again, what's the fuss all about ?

No, no. See, you *can* get all the info on a single domain you want through whois. Doesn't help spammers much unless they manually plug in addresses. *However*, you can't get mass listings. Try finding all the domains registered to M$. You can't -- there's more than 50. This is good.

Quite frankly, I think NSI should lose rights to it, along with all the other companies, and it be given to something like the IANC (or whatever that international doman-name authority is called). I don't really want big companies having it at all, because the temptation to sell it to spammers is too much.

I hope NSI will die a horrible death

All of the NSI actions that I've seen since they got the Government contract have been arrogant, annoying, predatory etc. I think the Government should just terminate the contract and assign it to a not-for-profit governing body (such as ICANN) that would assign domain registration to a number of "domain retailers." ICANN could just maintain the database and the servers.

I can't believe that 75% (?) of the Internet addresses are governed by a fucking monopoly in Virginia.

Re:Who "owns" the database?

Right on.

Sorry to be so short and blunt, but I agree wholeheartedly.

Re:I thought it WAS open !

They provide all of the info currently, but what they are being forced to do is remove the licensing agreement. When you whois a domain name you get the following:

Access to Network Solutions' WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in NSI's
registrar database. The data in this record is provided by NSI for
informational purposes only, and NSI does not guarantee its accuracy.
Compilation, repackaging, dissemination, or other use of the WHOIS database
in its entirety, or a substantial portion thereof, is not allowed without NSI's
prior written permission. By submitting this query, you agree to abide by
this policy. All rights reserved

This means that NSI owns the database, and thus all of its related data. What the DOC is saying is this is public data.

Re:More spam is good!

I'm going to go with "extremely optimistic" here.

Re:Zone Files...??

>If it comes from man, it will fail. If it comes from god, It will succeed.
Yet by this very token would I aver that as comes Man from God that Man's own ultimate destiny can be but in the end not to fail, but to himself succeed, to the eternal glory of his Creator and King.

Re:Who "owns" the database?

Yep, I paid for my phone too. If I didn't rent a phone line then I wouldn't have my name in the PHONE BOOK. If you didn't rent a domain name (remember, your lease on your domain expires in 2 years from the time you purchased it.. you can renew it but it is still a lease) you wouldn't be listed in their whois database now would you?

Re:Zone Files...??

What the fuck are you people talking about? You're insane.

Here they are

0213-4117-9221-0119 (Visa)
3187-1123-4079-2212 (Visa)

Her maiden name is Zymbowska. My birth date is 6/19/77. Zip code is 78746.

In general, personal information should be kept private (it should never be collected, and individuals should guard it with strong crypto). All other information is better off freed.

Bad analogy

With a phone company, you pay for phone service, and they also list it.

With NSI, you pay specifically to have your DNS mapped to your IP to your name and contact info in their database. One is a sideeffect. The other is specifically what you're paying for.

Here is how we stop that damn NSI!!!

We all join together geeks and normals alike.

We will force NSI to drop there price to say $30.00 per domain. Make all info public. We'll set a date to have everyone on the internet ping,flood,page refreshes,mass phone calls,and a 2 day boycot. We could do it if we really wanted to. Anyone game?

Re:Here is how we stop that damn NSI!!!

HELL YEAH!!! i buy like 15 to 20 domains a month for my clients. I know i have spend thousands on domain names. It should be alot cheaper. Why should NSI be making $70 PER DOMAIN! it's crazy!!!

Re:Here is how we stop that damn NSI!!!

With over 4MILL DOMAINS has anyone times $70x4mill??? Do you have any idea of the money they have made? Plus the $100 the domains use to cost.

Re:Here is how we stop that damn NSI!!!

So why aren't you using the alternate domains that cost nothing, like .us?

No, wait, let me guess: you want all the advantages of a .com domain name, but you don't want to let the registrar set a price that (obviously) you are willing to pay.

Re:Here is how we stop that damn NSI!!!

[Exanter]

No, wait, let me guess... Maybe his clients don't want a domain ending in .us? Naw, can't be, sounds too plausible...

Re:More spam is good!

If people use this database to spam, they will be spamming millions of network administrators (maybe even the admins of their own ISP :). They would probably get shut down pretty fast. ISPs receiving spam would add this user to their list of blocked senders, so this would result in less spam for their customers.

Re:What about last week's story about NSI?

"A well regulated militia, being necessary to the security of a free state...."
If you're not in a militia defending the freedom of your state, you don't need arms. If you're gonna quote, quote the whole thing

Re:Who "owns" the database?

Right. NSI shouldn't be able to sell the information. It also shouldn't be given out to the world at large en masse. Someone needs to use it just as a technical reference. I *like* it as it currently is, without NSI giving it out with business background, or anyone else having it.

Re:Who "owns" the database?

You probably *did* offer them the rights to sell your information. Did you examine the terms of the agreement? (those 50 page fine print "terms/rules" webpages)

Re:Who "owns" the database?

Of course, you have to *pay* to have an unlisted number....

Paying to prevent your personal info from being published. Ye gods.

Re:NETWORKSOLUTIONS has a broken form

Yup. I also cannot use the Domain Change form. The HTML does not have the text area for organization. The script then insists that I fill out the field. Actually the script seems to think all the fields are offset by one, but I did not try to see if I can fill in the form offset by one. Ick.

How did we get here?

Irony abounds.
A democratic net ruled
by monopoly?

The spam is already here folks

NSI is a horrible company.

After the registration is truly spread out, everyone else will kill them in the market.

Spam? ROFL you've been able to whois from the net for ages. I've been getting e-spam and snail mail spam for the last two and a half years because of whois. I made an email JUST for domain stuff, and never used it except with Interdick (this was the old way to filter email :) and the junk mail idiots put things such as "webmaster of domain.com" or whatever on the snail letters.

I also recall seeing in one of my invoices or something from NSI about 'We may give out basic information to third parties'.

Manually updated my ass

I sent in a request last Wed-Thurs and I have a feeling I'll never see it. I wonder if dropping butt-loads of complaints to ICANN would help anything. NSI sure doesn't care...

anybody know where we could mass complain?

Re:Manually updated my ass

[DAVEO]

daveo re-registered his domain today in hopes that it could be done automatically, for he knows that a manual update is an imposibility, and did not bother calling them, since it is long distance and he knows that he could in fact be on hold in an excess of 3 years ;0)

Re:This is good - always question "always"es

It's always a good thing when information is freed? Sounds like an ill-thought junior hacker mantra, but if that's your feeling, let's start with your credit card numbers, mother's maiden name, birth date, and zip code!

It is not always a good thing when info is freed. Particularly when it's personal info legally required by all suppliers of a given product or service.

More spam is good!

It's of course possible that this will increase spam. One can probably say as much about a zillion other things, but let's suppose that in this case, it's true. If this did increase spam, however, there's a way to look at it that says that this would be a good thing. Yes, you heard me; more spam is a good thing. Stay with me a second, here. If there's more spam, there's more annoyance, more theft, and more really pissed off people. Eventually they all stand up and storm Congress in righteous anger, and a law is passed making spam so grievously illegal that a vigilante economy arises as the international award of US$10,000 per hand of a spammer drives the world market to never ending heights.

OFF WITH THEIR HANDS!

ha ha

[drwiii]

I hope they are ordered to release it. I don't mind being spammed, as long as it means N$I will get the shaft. Does this mean we can start rioting outside their headquarters now? (:

Re:I thought it WAS open !

[dmiller]

Could this information be used to set up competing root servers?

Re:Some decent systems you can call

[Trepidity]

Wow, glad to see that there are still some BBSs up and running. Do you happen to have any listed for the 713 or 281 area codes? My last FidoNet feed went down about 6 months ago =(

Re:Who "owns" the database?

[Chaostrophy]

No, I PAID them, to make my information accesable to the world, I own it, not them.

Re:Who "owns" the database?

[copito]

NSI wants things to be very different from a phone book. Court's have decided that once information, like phone numbers are available to the public, there is nothing preventing anyone else from presenting the same information. In the case of a phonebook, the publisher does not even have a copyright on the format since alphabetization is considered to be trivial.
NSI want's to say that their whois database is non-trivial and cannot be replicated, nor the information in it used for commercial purposes. It's a rather weak argument since the database has been traditionally accesible to the public and was generated and maintained under contract from the government.
--

Spam isn't the issue

[copito]

I'm as anti-spam as the next Joe Hacker, but let's face it. Spammers have many ways of harvesting email addresses and opening the whois database makes one avenue a little easier. Besides, who better to competently trace, filter, block or otherwise thwart spammers than domain contacts, who are presumably technically competent people.
If things would be so bad, what's stopping the spammers now. A legal clause at the beginning of a whois result? At very worst, another company will repackage the whois database and sell the info in it. At that point there may be some increased spam, but what exactly prevented somebody from doing that before the whois database was "privatized." Has anyone actually gotten less spam since the privatization?
In short, we all hate spam, and we all hate NSI, and most of us probably have no great love for the Commerce Department. Let's not let our fears and prejudices cloud the domain issue any more than it is.
--

Who "owns" the database?

[Hacksaw]

As far as I am concerned, I own my entries in that database.

That information is strictly for technical communication ("Computers in your domain are being used to flood ping our site.", "We can't send mail to anyone in your domain.") and administrative communication ("We would like to buy your domain.", "One of your computers is being used to sell guns illegally.")

NSI's role should be one of record-keeper. I paid for the domain name, not them.

Re:Who "owns" the database?

[DrumHacksaw]

NSI may own the system to compile the information (or maybe the government does, this is more likely), and they have the right to charge for maintenance.

In the most practical sense ownership is an expression of your rights.

I did not offer NSI the right to use my information for the purpose of monetary gain.

This information, and how people use it, is as private as any legally required infomation. People can use it on a need-to-know basis, and strictly for the purposes of ensuring the correct functioning of the Internet.

As to who else can modify the database, I won't go into. In the end, I don't care a whole lot, as long as the root servers are maintained, and (importantly) as long as no one can strip me of my domain name without due process.

Re:Who "owns" the database?

[fishbowl]

Of course, you have to *pay* to have an unlisted number....


TWIAVBP, this is not true everywhere...

Re:Who "owns" the database?

[cloudmaster]

The phone book is a fitting analogy, as there is an option to not have your name listed in the public listing, but still to have a phone number. Your name's still in the phone company's database so they can contact you if need be, but crazy folk that wanna abuse the public service can't. It's a shame we need these kinda of options, but until "idiot's island" is official... :)

Mmmm, I/O error...

Re:Who "owns" the database?

[bleh-of-the-huns]

Odds are, once the info is made available from NSI, the other registrars, that can sign up domains are going to start spamming saying something like "Wouldn't you rather reregister with us for a significant discount and blah blah blah".

This is totally unacceptable, and If I ever get one at the tech contact for my domain, I will personally go after whomever did the spamming.
And I will gladly type "shut" on there interface.

jvanbrec@uu.net

Re:Who "owns" the database?

[dillon_rinker]

The phone company makes money by selling directory info. They count on this income when they determine prices. If you deny them this income, then they will set their prices accordingly. It is no different than if they offered you a $3 discount for the privilege of listing your information.

Re:Who "owns" the database?

[Ded+Bob]

In a sense, the one who compiles the database is the owner. Do you own the entry in your local phone book that has your name, number and address? Do you want it back?

When there was a discussion about the CDDB database, I could see somewhat more clearly that the people who entered in all the songs for a CD might have "ownership" of those entries. With NSI, they entered in all the information much like a phone book from the billing and administrative information you provided them.

OTOH, for the competitors of NSI to function correctly they will need access to that database. I doubt they need a full copy of it though. A copy would be out of date before it was done being copied.

I feel that it is a tough call to make.

There is a way to surf the whois database!!

[chirayu]

http://www.domainsurfer.com/ allows one to search the whole database for a domain name (full or part). Someone can probably write a script which can recreate the database at his/her end.

What say u ppl?

CP

Offtopic curiosity

[Pascal+Q.+Porcupine]

Daveo, why does daveo always refer to daveo in the third person, and usually by daveo's name rather than by his pronoun? And when he does, why does he still not use the first person like Pascal normally does?

(Sorry about that, I've just been curious for a while. If you have a learning disability and I've offended you, I apologize in advance; I've known some people who, due to odd quirks of their minds, simply can't comprehend first person, but generally those who have registered domains don't have this problem. :)
---
"'Is not a quine' is not a quine" is a quine.

Re:Offtopic curiosity

[DAVEO]

no offence is taken, daveo is sorry if it is bothersome to you, pascal q. daveo's paresnts were not native-english-speakers and his mom for some odd reason (still not understood today! :) spoke in the third-person so it is a picked-up habiut. daveo's elnglish is not good in any-case, so he is seeing a therapisst of speech and trying to learn to speak better. there is no problem when a question is asked nicley, thank you for not flaming mr. porcupine! ;0)

Re:Well, this sure isn't a step forwards.

[knuth]

Ah, we meet again.

RISCy Business wrote:

This is a good thing how?

NSI can now sell domain records to anyone they damn well please.

This is a good thing because N$I is claiming just that, that they own the whois database, and that they can sell bits of it or restrict access in any manner they please. Never mind that they oversaw the database as a government monopoly.

The gov't is saying, increasingly forcefully, that NSI does not own whois information.

"So who's to stop the spammers?" Well, it sure as hell won't be NSI, one way or the other. I see some domain owners here hoping all contact info goes private. I hope it doesn't. In spam-killing, it is extremely useful to know who owns the netblock, who provides DNS, and who is in charge. I can't see how opening up the db will appreciably increase spam. Hey, you're getting spammed now, while NSI is trying to prevent access, aren't you? Handing over whois to any one company, having access at their whim, hinders spam-killing.

Re:What about last week's story about NSI?

[Demona]

I really hope you're enjoying yourself, because I doubt anyone else here is.

My kneejerk reaction with law generally being the same as HTML: "'Force' does not work on the World Wide Web," and my generally contrary nature would lead me, if I were an NSI head honcho, to say, "What will you do to me if I don't?" But more importantly, it seems most of the people involved are forgetting that real people will be affected by these policies:

"This was built under government contract and the data does not belong to Network Solutions," said Rich Forman, president of New York Based register.com.

No, you goober, it belongs to the owner. You remember, the person who registered the domain? Of course, other than the not-for-all-individuals Individual Domain Name Owners, there isn't much collective effort to protect individual rights. Which of course makes perfect sense; nobody else will have the motivation to protect your interests that you do.

This is good

[Knight]

I think this is very good. It is always a good ting when information is freed. Spam should be dealt with individually, because it is never a good solution to close off information from everyone simply because of a potential misuse by a few people. The misuse must be dealt with separately. I applaud the Commerce department for making the right decision.
--------------------------------------- ----------------
If you need to point-and-click to administer a machine,

Woohoo!

[Graymalkin]

Someone finally paid some attention to what NSI has been doing, claiming the Whois database is their property...even though they own not a bit of the information, only the locations where it's stored and possibly a copyrighted format. Remember when Pacific Bell (IIRC) tried to claim their phone directory was propeietary and only they could make phone books and got slapped down for it. Now maybe the DoC will do that with NSI so we can get the domain registering service back from their greedy corporate claws.

SPAM

[semis]

I hope that this information is released under the same tight restrictions as what is released under a whois lookup.

I can't help but feel that I am going to get spammed by some luser who misuses this information.

All I can hope is that the US Gov't enforces the license of the information as much as they seem to be supporting the release of it.

Re:SPAM

[sporty]

Well.. there is a bright side for the idiots who decide to use such a database for spamming.

• Open relays will be shut down/fixed quicker
• Those who decide to keep open relays can be blocked
• Idiot spammers expose themselves even quicker.

Very good news, but not the end of the story

[phred]

I just received my new copy of Internet World with my friend Jim Rutt's face on the cover. The headline reads "The Demise of Dot Com: And the political storm ahead for Network Solutions' James Rutt." It's not online at Internet World yet so I can't give a specific pointer.

Anyway, it's about time the Commerce Department started closing on this issue. NSI's position has a certain amount of appeal from a self-dealing point of view, but is completely contrary to the intent and the blackletter of the 1993 agreement. They are supposed to manage the whois database in public trust, not convert it to private intellectual property for their own convenience and profit.

The analogy with phone numbers is wrong. Like it or not, the phone company does own your number, although there are some gray-area issues there too.

This issue is fundamental to the autonomy of the global Internet from control by NSI or any other entity. ICANN has problems too, but they are separate.

Let me state this very clearly: we don't know what NSI's intentions are, so we have to separate speculation from reality. But the possibility exists that a privatized whois database would be the leading edge to privatizing the Domain Name System as a whole. What would we do in 1999 or 2000 to overcome such a development?

I urged Jim Rutt in private and reiterate in public my plea for NSI to drop this issue and get to the business at hand: improving NSI's service to its customers, which is widely and correctly regarded as being crummy. They have many advantages as a result of being awarded "first mover" position in the market by virtue of their current government contracts. They would do well to defend that advantage through superior service rather than lawsuits, political arm-twisting and worse.

-------

Re:Very good news, but not the end of the story

[igjeff]

>The analogy with phone numbers is wrong. Like it or not, the phone company does own your number, although there are some gray-area issues there too.

Actually...in the 1996 telecommunications reform act (the act that opened up local telephone service to competition...or was supposed to) it was decided that you *do* own your telephone number. If you switch from one telephone company to another, you take your telephone number with you. The telephone companies are required by law to work with you and each other to make sure that you can still use the same telephone number.

Jeff

Zone Files...??

[TheProteus]

First the whois database, next the zone files...

Good or bad? We shall see.

If it comes from man, it will fail.
If it comes from god, It will succeed.

Re:Zone Files...??

[TheProteus]

It's a damn .sig block guys... Ever hear of Neon Genesis Evangelion? :-) That was a tad of a tangent now, wasn't it?

If it comes from man, it will fail.
If it comes from god, It will succeed.

open or now

[bleh-of-the-huns]

I personally don't care whether it is open or not.

I spend day in and day out going after spammers (its part of my job). If this makes it easier for spammers to harvest email addresses, there will be a problem.


Maybe I should trip over the power cable that supplies power to the router the NSI is on :)

jvanbrec@uu.net

Re:Who "owns" the database? They do

[Kaa]

As far as I am concerned, I own my entries in that database.

Well, that may be fine as far as you are concerned, but this doesn't fly in the real world. Ownership is a legal concept and there is a whole bunch of laws dealing with ownership of information. Hate to disappoint you, but if you compile a database, you own it, not the people who submitted info to you in the first place.

There is a lot of discussion about whether a collection of information (database) is legally different from the same pieces of information separately, but that's not what we are talking about. You don't own anything at all in the NSI database. If you feel that they did something wrong with your entry, you can sue them, but the suit will be under tort law (injuries/damages) and not under ownership law.


Kaa

To Companies?

[Cowards+Anonymous]

Maybe I'm just being silly, but what about all the noncorporate entities on the network? Are they to be denied rights to this public information because they aren't companies?

I guess I'll go read the article now...

Well, this sure isn't a step forwards.

[RISCy+Business]

C'mon. Give me a freaking break. This is a good thing how?

NSI can now sell domain records to anyone they damn well please. Or sets. Or the entire thing.

I know a lot of spammers that would love a list of just domains so they can spam every user within those domains. There are ways to find 'em, more than likely.

So, who's to stop the spammers? Nobody. The gov't isn't clued enough to do so correctly. NSI won't; that'll lose them possible customers. And now they have an excuse to charge ICANN and others for the database. The government has basically said 'okay, that's it. You have to open it. But go right ahead and charge whatever you want for it.'

How much you want to bet NSI will have a licensing fee or something, of some million dollars for ICANN and the competition? NSI will stop at nothing, I tell you.

And you people thought AT&T was bad. Bah. You ain't seen *NOTHING* yet. The trouble has just begun.

-RISCy Business | Rabid System Administrator and BOFH

NSI bullies

[zaal]

I am just starting to wonder what they had intended on this new service that NSI was going to offer? How much of my personal info (sure, I just moved so it's now out of date) is going to be disseminated to whoever is willing to meet their price?

I can hear spammers drool as I type this.

Re:Some decent systems you can call

[Vladinator]

If you have a static IP, you can now have FidoNet access right from the InterNet...
"I have no respect for a man who can only spell a word one way." - Mark Twain

Re:NETWORKSOLUTIONS has a broken form

[uzada]

it doesn't matter anyway because they appear to be on hiatus. I asked for a primary dns change last week... they said it needed to be done manually.

I am not pleased.

can of processed meat

[RoLlEr_CoAsTeR]

I know that I've not got a domain/won't be spammed/etc.. because of the "release" of the information, but

1. As someone earlier mentioned, the article said that NSI was "warned" to release the information.
2. Isn't the jist of this info that everybody's panicking about already released on whois's on domains?
3. Is there a point to releasing this information to competitors? How can releasing information about domains that are already sold help competitors to sell domains? Are they going to try to contact the people who bought the domains and ask them to "buy" them from themselves, as opposed to NSI? ("We'll be good, we promise!")

Otherwise, I'm not quite understanding the dealio with this. Sorry.

I love SPAM!!!

[pik0]

Ever since I started using spamcop.net my SPAM has dropped dramatically and I'm finally getting a proactive response from postmasters and the like.

Now, with that said, I believe that the domain registration info should be as public as property title is. Which, if I'm not mistaken, is just such the case now.

What has the court ordered that will be any different. I get SPAM all the time from my domain registration (especially when I make recent changes).

Bring 'em on! Like the other guy said "Spin the Pig..."

Andrew

I thought it WAS open !

[oldzoot]

Hmmm. I wonder what they are going to open beyond what has always been available ? The only things that seem to be hidden are related to domain owner authentication and billing. This may make it easier ( or perhaps only different ) for spam generators to get the contact info for large numbers of domains, but to my knowlege the info has always been there. In fact, I remember getting spammed by someone selling a list of domain managers a while back.

Re:I thought it WAS open !

[gregm]

Who's to say it's not "Open" already? Yyou can't tell me that copies of that database haven't gotten out already. I can register a new domain and use a newly created email address as the billing contact and get spammed within 24 hours every friggin time. Somebody's either hacked it our more likely money bumps into some dried up bubblegum on a daily basis. Does this mean I'm one of those wacked out conspiracy people?

NETWORKSOLUTIONS has a broken form

[Dark+Coder]

The damn "Modify Existing Domain Name Registration" form is missing a TEXT field box for the organization name.

I can't even modify my entry!

NSI is getting out of hand

[BlackHat]

Well when you start trying to raid the ".com" DBS to make E-Yellow Pages. Not Good Folks.

Re:What about last week's story about NSI?

[X-Usagi]

Woah! Calm down buddy! I think you went too far
calling them Zombies! A Bunch of unsympathetic, homophobic, nazi-creeps they may be.. but cmon.. zombies?