All registrars of domain names in the generic top-level domain (including .com, .net, and .org) are required by the Internet Corporation for Assigned Names and Numbers (ICANN) to provide a publicly accessible, searchable online database of domain name owners’ names and postal addresses. This database, Whois, is used by trademark owners, law enforcement officials, consumers and others for a wide variety of purposes.
A common problem with Whois is that domain name owners – particularly those with fraudulent intentions – do not provide accurate information when registering a domain name. Others submit incomplete or inaccurate information because they believe that there should be an inherent right to keep one’s identity private. Such controversies have swirled around Whois issues for several years, and ICANN, the U.S. Congress and other nations are now taking a closer look.
In August 2004, ICANN announced two new Whois policies, both effective on November 12, 2004. First, the Restored Names Accuracy Policy requires that a domain name that was deleted due to the submission of false contact data or lack of response to a registrar’s inquiries and is subsequently restored during the redemption grace period (the 30-day period following deletion of a domain name during which the owner may reclaim it) must be placed on hold until the registrant has provided updated and accurate Whois information. However, the policy does not require registrars to verify the accuracy of the newly submitted Whois data, and thus the impact of this policy remains to be seen.
Second, the Whois Marketing Restriction Policy requires registrars’ bulk access agreements (whereby their entire Whois database is made available for download to those who pay for the service) to prohibit two activities – the use of Whois data to allow, enable, or otherwise support any marketing activities, and the redistribution of Whois data unless it has been incorporated into a value-added product or service that does not permit extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties.
ICANN also formed three Whois Task Forces, each examining separate issues. Task Force One was created to study how to limit access to Whois or otherwise prevent data mining for marketing purposes. Task Force Two’s mission was to study the type of data collected by registrars and how that information is presented to the public. Task Force Three is focused on improving the accuracy of information in the Whois database.
Preliminary reports of each Task Force were issued in May 2004. Final reports have not yet been released. Among the issues being studied by the Task Forces are:
- “Tiered access” to Whois data, whereby some requesters would receive less information than others
- Providing notice to a domain name registrant each time a Whois inquiry is made
- Whether access to Whois data should continue to be made available via Port 43 (which allows automated computer-to- computer access to the Whois database)
- Whether registrars should be excused from some ICANN- mandated disclosure requirements due to local privacy laws
- How domain name “proxy services” can be used to protect privacy
- The development of a “best practices” guideline for registrars to verify the accuracy of the Whois data provided to them
- Whether registrars should be required to verify Whois data for a domain name that was put on hold or cancelled due to the submission of false data
- Whether all domains owned by a party who submits false Whois data should be suspended or cancelled, or just those that are the subject of a complaint
- The development of a greater range of sanctions that ICANN could impose against registrants and registrars who do not live up to their Whois obligations
The U.S. Congress has taken notice of Whois issues as well. Pending legislation, the Fraudulent Online Identity Sanctions Act, H.R. 3754, would create a rebuttable presumption that an online violation of the Trademark Act is willful if the violator knowingly provided materially false contact information when registering the domain. The bill passed the House of Representatives on September 21 and is now before the Senate.
In Europe, the rollout of the new .eu top-level domain in the next year or so brings with it a host of Whois issues. INTA will work with EURid, the presumptive administrator of the .eu domain, to make Whois as effective a tool as possible for trademark owners within the framework of the European Data Protection Directive. The Canadian Internet Registry Association is also in the midst of a review of its Whois policies. Many other countries also have unique Whois policies for their individual country-code domains.
Whatever happens to Whois, one thing is clear – trademark owners should be working to ensure that they have access to reliable ownership information when investigating online infringement, fraud, or other violations of law. In the meantime, trademark owners who become aware of inaccurate data in the Whois database can use the Whois Data Problem Report System to report it to ICANN, which will forward the information to the appropriate registrar for investigation (see http://wdprs.internic.net/). Registrars are required to take “reasonable steps” to correct the inaccuracy, pursuant to their accreditation agreement with ICANN. While some questions remain about what is “reasonable,” the system at least provides a venue for filing a complaint and monitoring a registrar’s response.
Although every effort has been made to verify the accuracy of items carried in the INTA Bulletin, readers are urged to check independently on matters of specific concern or interest.