Originally created 11/16/00

Questions arise about Internet's public records



MARINA DEL REY, Calif. - As more individuals build their own Web sites, some privacy advocates now question requirements that the site owners disclose their personal contact information.

Names, e-mail addresses, postal addresses and telephone numbers for more than 24 million domain names are stored in databases called Whois. The information is available to anyone with an Internet connection.

It's like a global phone directory - without the option for an unlisted number.

"Sacrificing your privacy should not be a condition of access to the domain space," said Alan Davidson, staff counsel with the Center for Democracy and Technology.

Most people may not care and would list their contact information anyway, just like most telephone customers now list their numbers.

But Davidson said Internet users ought to have a choice - for instance, they may want to stay anonymous if they are human rights advocates and other dissidents fearful of repercussion from oppressive governments.

Ellen Rony, author of the Domain Name Handbook, said she knew of someone stalked based on information from the databases.

On the other hand, she said, the tool proves helpful for researchers to gauge the origins and veracity of Web sites, and the stalking incident appears an aberration.

"I can see both sides," she said. "Historically, Whois is always public."

The Internet Corporation for Assigned Names and Numbers, which oversees the master record keeper of Web addresses and the domain registration companies, currently requires disclosure of contact information for holders of .com, .net and .org names.

Andrew McLaughlin, ICANN's chief policy officer, said the organization may have to revisit Whois policies next year, but it is not on the agenda for its annual meeting this week.

Part of the drive comes from the European Union, which passed a law prohibiting the transfer of data to the United States and other non-EU countries that don't meet EU standards for protecting personal information.

Back in the 1980s, when the Whois database was developed, Internet privacy wasn't a big deal. The Internet was mostly a research tool for government and universities.

"We all knew each other," said Karl Auerbach, a longtime Internet user who was recently elected to ICANN.

But these days, Auerbach said, that same Whois database creates unwanted e-mail and unsolicited phone calls.

Davidson said times have changed, and the Internet must change as well.

"Now, you have regular people using it and there's a much greater need to protect privacy," he said.

Registration companies offer access to the databases in order to let users determine whether the domain names they want are available. But when a name is taken, the registrar often links to the records for that name as well.

The idea is to help users contact the name's owner for possible purchase, even though the databases originally helped computer administrators contact one another when networks go awry.

Lawyers also use the databases to check on names that may tread on their clients' trademark rights. Steven J. Metalitz, vice president for the International Intellectual Property Alliance, said such open access is important to deter abusers.

At VeriSign Global Registry Services, which runs the databases for .com, .net and .org, Vice President Chuck Gomes said technology may settle the issue in the next year or two.

New tools, he said, could help meet the needs of law enforcement officials and trademark owners while protecting privacy for individuals in other circumstances.

In the meantime, the records remain open, and many of the proposals for new domain suffixes call for open Whois databases as well.

"It's the model that's out there," said John Kane, head of a marketing task force for Afilias, which is seeking a .web suffix. "It's a public resource. You don't own a domain name. You own the right to use it."

On the Net:

ICANN: http://www.icann.org

Auerbach's site: http://cavebear.com

Domain Name Handbook: http://domainhandbook.com