15 October 2022
Whois was once a powerful brand protection tool
Whois used to be a tool that disclosed ownership of a domain name. Brand Protection agencies like brandsec would use it as the first port of call to discover data points on domain name abusers. Information from the whois was often used to track down, and in some cases incriminate, bad actors.
Even when false information was provided, it was enough evidence to have the domain name suspended and the content removed. Without the whois tool in its previous form Brand Protection and Law Enforcement agencies have lost a major weapon in the fight against fraudsters and domain name abusers.
The proposed Whois Disclosure System
To address this issue ICANN proposed a Whois Disclosure System, which is a mechanism that would allow Registrars, IP Lawyers, and Brand Protection agencies (and ICANN Account Holders) to request unredacted Whois data from registrars.
The system is to be built using retooled software from the current Centralised Zone Data Service, which acts as a hub for researchers who want to request zone files from gTLD registry operators.
The ICANN design paper defines the Whois Disclosure System as:
Just as in CZDS, a requestor navigates to the WHOIS Disclosure System web page, logs into their ICANN Account, and is presented with a user experience much like the current CZDS. In this experience, requestors can see pending and past requests as well as metadata (timestamps, status, etc.) associated with those requests. For a requestor’s pending requests, they can see all the information related to that request.
It will function as follows:
- Requests will be routed to the relevant registrar who will decide whether to deal with it or not.
- Registrars have the ultimate discretion.
- The system will be voluntary for both the Requesters and Registrars.
Not helpful in the fight against domain name abuse
The issue with this initiative is that it seems to be just a relay request tool that sends complaints from the complainant to the Registrar. Most Registrars have an abuse system in place so it’s questionable why a 3rd party tool is needed at all?
More unfortunate is that the tool is voluntary and there are no requirements for Registrars to provide the requested data. In most cases today the standard Registrar response to 3rd party whois data requests is “no” or ”get a subpoena”.
For $3M USD it seems like a lot of money, effort and time for not much gain and it’s doubtful the tool will significantly benefit brands, law enforcement agencies or Registrars in the fight against domain abuse.
It should also be noted that the WHOIS Disclosure System is not intended to provide nonpublic registration data for registrations that utilize proxy or privacy services.
Leadership is needed from ICANN to make this system work, but it seems that their legal risks, GDRP compliance issues, and concerns of possible abuse of the tool are of a bigger concern than protecting consumers from domain name abuse.
brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.