The internet's Middle East problem: Who is going to do something about Whois?

The issue of what to do about Whois – the registration data for domain names – has reared its ugly head yet again, as it has over and over for the past 15 years.

In the latest twist, the Electronic Frontier Foundation (EFF) has sent a terse note to domain overseer ICANN over its latest effort to review the Whois service and written a blog post for good measure, complaining that the organization "can't seem to wrap its head around why privacy matters when it comes to domain registration services."

Meanwhile, ICANN's chair, Steve Crocker, continues to badger the working group looking at the organization's accountability, insisting that the formal review of Whois that was part of its agreement with the US government should not be added to its bylaws.

Subsequent to our story about Crocker's public meltdown over the issue, he emailed the group complaining that the current review process "embodies the assumption that the architecture of the existing gTLD directory system that uses the Whois protocol is appropriate and that improvement is merely a matter of enforcement. I do not believe it is that simple."

Meanwhile, following the second-largest ever public comment period that ICANN has run, in which just under 12,000 people emailed ICANN to complain, none other than Google finally held up its arm and yelled "Enough!"

"The ICANN community has been debating Whois-related topics for many years with very little to show for the time and energy expended," the search giant's senior trademark counsel, Andy Abrams, wrote [PDF] via email in July. "As a result, we believe it may be more productive to focus this energy on topics that affect the security of the DNS and are more likely to generate community consensus."

He added: "...we believe that the effort to reform Whois is stalled."

Parting of the Red Sea

This latest reform effort was started back at ICANN's Toronto meeting in October 2012 by the organization's then-new CEO, Fadi Chehade. In his opening ceremony speech, Chehade took on Whois – seemingly the most intractable policy issue that exists within the domain name world – saying, "I think right next to the Middle East problem, this has got to be the longest problem on the planet."

He went on: "Ten years of back and forth and back – this is remarkable. And it's everywhere. I hate to tell you, it's like cancer. Every agreement I look at, 'Oh, my God, we're stuck on Whois.' We don't even have agreement why the heck are we doing this."

He then vowed to fix the issue quick smart: "Guys, it's 12 years on! Let's think about this! This is not difficult! The Middle East problem is difficult. This is not difficult!"

Three years on, it turns out that it is in fact difficult. Having studiously ignored the first Whois review in 2012 – which gave some practical pointers for improvement – ICANN's management decided a complete overhaul was needed, something that has achieved little other than renewed bickering.

An "expert group" was created in December 2012 and it produced a final report in June 2014 that proposed a complete rethink of Whois. But every component of that plan has simply caused further controversy.

What progress was made appeared to have been achieved by ignoring privacy concerns, as the only privacy advocate on the group was prevented from publishing a dissenting opinion. That turned out to be a classic case of short-term gain and long-term loss when privacy advocates landed heavily on the subsequent plan to force domain owners of "commercial" websites to publish their private information.

This time!

But despite highly negative coverage of ICANN's efforts in the media, the EFF's warnings and advocacy, and Google's pleas to leave the issue alone, ICANN's Crocker remains certain that his overhaul approach will work.

It won't, and the reasons why highlight all the problems that exist with ICANN. There are two things at the heart of the matter: intellectual property laywers and domain name registrars.

IP lawyers are very influential within the US-centric ICANN, especially when they get fired up. And they want access to the Whois data so they can figure out who is registering domain names that infringe their clients' trademarks and send them legal threats.

Meanwhile, domain registrars provide ICANN with most of its budget, thanks to an ICANN fee of 20 cents on every domain sold. As such, they also hold a lot of sway. Registrars see any change to the current system as costing them time and money and so are opposed to just about every change. They are especially unhappy about the idea of careful checking of Whois data to make sure it is accurate, as this would add cost and time and reduce the number of domains sold.

Those two factors are the core of the problem. You then have civil society, which is determined to make sure there are some privacy protections so people's home addresses and telephone numbers aren’t made readily available on the internet.

You also have law enforcement, which wants both access to the Whois data and for the data to be accurate, so it can track down people who use the DNS to break the law.

Tied in with that is the concern that in some countries, law enforcement would use the system to limit people's freedom of speech – by tracking down, for example, owners of websites who say things that the country's government may not like. This does not sit well with the First Amendment-advocating US citizens that dominate ICANN.

Finally, you have ICANN itself, its staff and its board. ICANN simply doesn't want to be under any legal obligation to make sure the Whois data for the domains from which it makes all its money is accurate. That legal fear has led to a compliance department that is constantly under-resourced and hamstrung internally, which in turn has fed the attitude behind Crocker's vigorous denial that "improvement is merely a matter of enforcement."

Time to look in the mirror

The reality is that the problem is not so much Whois as it is ICANN itself. As a US company funded by the domain name industry, it is hopelessly compromised on this issue and so unable to make progress. Due to its enormous levels of self-importance, ICANN has never even considered handing over control of this issue to another organization. The result has been more than 15 years of argument with literally nothing but reports and angry transcripts to show for it.

Google is right: when no progress can be made, why not spend that time and effort working on something that can be done? But that's not how ICANN works. Better to keep butting heads than to face the fact that its own make-up and model is flawed. ®