Task force report looks at accuracy of Whois data

It’s a question that continues to plague the Internet Corporation for Assigned Names and Numbers (ICANN), domain name registrars, and government: How best to ensure the accuracy of Whois data?

And it doesn’t look as though there will be an answer anytime soon.

The Domain Name Supporting Organization’s (DNSO) Whois Task Force issued a report offering policy recommendations late in November to ensure the accuracy of information contained in the Whois database, the directory that lists names and contact information of people who register domain names. The DNSO advises ICANN, the organization that oversees the Internet’s addressing system, on policy issues related to the domain name system.

Although the report addresses how best to rapidly correct data determined to be inaccurate after a complaint is lodged, it doesn’t address proactive measures that could be used to screen out incorrect data during the registration process.

That issue, according to Marilyn Cade, co-chair of the task force, is something that needs to be addressed, given the growth of “spoofed” Web sites that have been used to try and defraud people online.

Despite repeated prodding by federal officials, who say successfully fighting fraud on the Internet depends on the accuracy of the Whois database’s registration information, most registrars have not hit on a way to ensure the information provided by a registrant is accurate.

Registering a domain name is currently done on the honour system – a registrant only needs to fill out an online form and a domain name is automatically reserved for him. As such, the process is ideal for cybersquatters or other scammers looking to defraud businesses or consumers.

While ICANN requires that registrants provide accurate contact data, it doesn’t force registrars to verify contact details at the time of registration. (Such a policy may be developed by ICANN in the future.)

ICANN Vice-President Louis Touton said there is no feasible way right now to ensure the accuracy of Whois data on the front end.

Thomas D’Alleva, a spokesperson for Baltimore-based BulkRegister.com Inc., implied that registrars shouldn’t be held accountable for checking the accuracy of data provided by people who register domain names.

“We’re like a department of motor vehicles,” he said. “If you give false information to a DMV, they’ll still give you a driver’s license even thought the information is false.”

In a Sept. 22 conference call between registrars and members of the Whois Task Force, Tim Ruiz, project manager at GoDaddy Software Inc., a Scottsdale, Ariz.-based registrar, said, “We would feel that proactive measures to make data accurate would not be affordable or useful.”

A spokesperson for VeriSign Inc., a Mountain View Calif.-based registrar, provided information to Computerworld (U.S.) that indicated that the company had implemented a real-time validation process that would detect “lazy” keyboard typing, in a form’s address field, such as listing 123-123-1234 as a contact telephone number. This practice of entering dummy data is often used by people trying to perpetrate a fraud.

Despite this technology, a scammer who on Nov. 11 set up a spoof eBay Web site was allowed to register the domain name ebaylogin.com with VeriSign using 555-555-5555 as his fax number. The site has since been taken down.

Alec French, an aide to Rep. Howard Berman, (D-Calif.), the ranking member of the U.S. Judiciary Committee’s Subcommittee on Courts and Intellectual Property, said his boss had filed a bill in the U.S. House of Representatives that would make it a criminal offence, punishable by a fine and/or imprisonment of not more than five years, for anyone to knowingly provide false contact data to a domain name registrar.

Despite warning ICANN last year that it should move to verify the contact information of its customers or face Congressional action, Berman has not yet pushed his bill, French said.

Maneesha Mithal, a spokesperson for the U.S. Federal Trade Commission, said that agency has met with ICANN and the registrars to discuss how to weed out fraudulent registration while still protecting the privacy of individuals setting up legitimate Web sites.

But the Whois Task Force doesn’t advocate government intervention, said Cade.

“The registrars need to understand that a little bit of self-governance will prevent a large amount of governance by government,” she said.