False Whois

Revision as of 21:21, 15 April 2015 by Jackie Treiber (talk | contribs) (10th DNS Seal wiki article.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

False Whois refers to providing incorrect or inaccurate data to the Whois database.[1] Whois data is publicly available[2] and includes information about a domain's registrant, such as "contact information (e.g., mailing address, phone number and e-mail address), administrative and technical contacts, and other information."[3] This information is collected by the registrar and is meant to provide a means of contacting a website's registrant if there are technical difficulties with the site or if illegal activity has occurred.[4] However, it can also be used by unscrupulous people trying to steal the registrant's personal information.[4] A recent study released by Carnegie Mellon University found that "there is a statistically significant occurrence of WHOIS misuse affecting Registrants’ email addresses, postal addresses, and phone numbers" with 44% of registrants experiencing these types of Whois misuse.[5]

Public Perception

Public perception on using false Whois information is mixed. People tend to be skeptical of how and who uses Whois data, especially with the risk of identity theft.[4] Additionally, there is concern that Whois data could compromise people's safety by requiring a physical address.[6] As for paying for a privacy or a proxy service, it can be expensive when compared to simply using false data. The dark side of false Whois information, such as using false credentials to engage in illegal or criminal activity, also remains a large concern. People want the Internet to be an open and public forum but they do not want to be taken advantage of or put at risk.

Outcome

The outcome of false whois data is that it conceals the identity of registrants and makes it difficult to contact the registrant if problems occur. Motivations for this activity may be criminal or completely innocuous.

Historical Use

  • False Whois data can be used for a number of reasons, namely to conceal the identity or contact information of a registrant without using a registrar's privacy policy or a proxy service. The reasoning behind this misinformation varies. Sometimes people seek to conceal their information because their website is involved in illegal activity while others are concerned that their public Whois data compromises their private identity and will be used by spammers, scammers, or phishers.[4] To address the concern of improper Whois use, ICANN and the GNSO are currently sponsoring and conducting research on how the Whois database is being used.[2] The Whois database is believed to contribute to phishing, spam, domain slamming, and fake renewal notices.

ICANN Policy

  • Whois Restored Names Accuracy Policy: this policy, enacted in 2004 states that once a name is deleted because of false or inaccurate "contact data, or there was no response to requests for information, the name must remain on hold until the registrant provides updated and accurate WHOIS data."[7]
  • Whois Data Reminder Policy (WDRP): this policy, enacted by ICANN in 2003 requires that once a year registrars send out WDRP notices that ask for changes or updates to the registrant's current Whois information.[8] This policy is aimed at having correct and up-to-date Whois data; if there are no changes in Whois information, no response is required.[8][4]
  • 2013 Registrar Accreditation Agreement (RAA): in the new RAA, registrars are required to validate a large amount of the personal information supplied by registrants in addition to actively verifying their phone number or email address.[9][10] Falsifying the Whois information provided to registrars results in a 15 day period where the registrant is asked to correct the errors; if the registrant does not respond, it can "constitute a material breach of the Registered Name Holder-registrar contract and be a basis for cancellation of the Registered Name registration"[9]
    • Some limitations associated with these ICANN policies are that registrars possibly have disincentives to delete registrations even if deadlines are missed and that different registrars may have individual policies when it comes to privacy or proxy services and dealing with Whois complaints.[6]
  • ICANN released a Draft Implementation Plan that would create a Whois program to report the accuracy of Whois information.[11][12] The report is available for public comment until April 1.[11] The next step in implementing this program is an ICANN request for an official proposal.[11]
    • This plan is based on an experimental study performed by NORC and SSAC recommendations.[12]
    • ICANN would sample Whois information in gTLDs rating them on this scale: "No Failure, Minimal Failure, Limited Failure, Substantial Failure, and Complete Failure."[12]
    • Whois entries would be judged in three major categories: syntactic accuracy, operational accuracy, and identity.[12] Syntactic accuracy would involve validating that all the fields are filled out and in the correct format. Operational accuracy would address whether or not the information is "applicable," and the identity category refers to validating that the Whois information "can be used to confirm the identity of the registrant."[12]
    • ICANN would also notify registrars with false or inaccurate Whois information.[12]
  • An Expert Working Group (EWG) is also working on a proposal to replace the current Whois system with the Registration Directory System (RDS).[13] The RDS would hopefully better protect registrant data and could possibly lead to less inaccurate registrations.[13]

Legislation

  • There is currently no legislation that directly addresses false Whois information.
  • In 2004, the Fraudulent Online Identity Sanctions Act (FOISA) was introduced in Congress.[14] The act would have increased penalties for people who used false Whois information in order to facilitate criminal activity on the Internet, such as trademark violations like cybersquatting or typosquatting.[15] FOISA would have amended the Trademark Act of 1946; however, it was never passed.[14]

Additional Resources

Relating Articles

References

  1. False whois data (September 1, 2005), MattCutts.com
  2. 2.0 2.1 Current Information About GNSO-Approved gTLD Whois Studies (March 19, 2014), Internet Corporation for Assigned Names and Numbers (ICANN)
  3. Policy Issue Brief - gTLD WHOIS, Internet Corporation for Assigned Names and Numbers (ICANN)
  4. 4.0 4.1 4.2 4.3 4.4 Question / Answers, Internet Corporation for Assigned Names and Numbers (ICANN)
  5. Whois Misuse Study Draft Report (PDF), ICANN
  6. 6.0 6.1 ICANN's Rolling Controversy: Verification of WHOIS Registration Data by Brian Prince (November 30, 2012), SecurityWeek.com (Wired Business Media)
  7. History of WHOIS, Internet Corporation for Assigned Names and Numbers (ICANN)
  8. 8.0 8.1 Whois Data Reminder Policy, ICANN
  9. 9.0 9.1 2013 Registrar Accreditation Agreement: WHOIS ACCURACY PROGRAM SPECIFICATION, Internet Corporation for Assigned Names and Numbers (ICANN)
  10. Registrars and ICANN hit impasse on new RAA by Kevin Murphy (March 8, 2013), Domain Incite
  11. 11.0 11.1 11.2 Draft Implementation Plan for the WHOIS Online Accuracy and Reporting System, Internet Corporation for Assigned Names and Numbers (ICANN)
  12. 12.0 12.1 12.2 12.3 12.4 12.5 WHOIS Online Accuracy Reporting System Implementation Plan: Section III: Document and Resource Links (PDF), ICANN
  13. 13.0 13.1 Exploring Replacements for WHOIS - The Next Generation Directory Services (March 2014), ICANN
  14. 14.0 14.1 H.R. 3754 (108th): Fraudulent Online Identity Sanctions Act, Govtrack (Civic Impulse, LLC)
  15. Federal Computer Crime Laws by Maxim May (June 1, 2004), SANS Institute