Who is behind the Whois? Part 2

We can be glad that the debate on the conditions of the processing of personal data in the Whois is launched, just as we can worry about the solution that seems to be, at least in the group of experts.

This centralizing proposal, which goes hand against the fundamentally decentralized nature of the Internet, carries the seeds of a new monopoly, the data mining on data from the Whois.
The economic model of what now is called the “Big Data” enables financial analysts to announce the potential of tens of billions of dollars in this market sector. One can legitimately question the reasons why to put on the table today a WHOIS data centralization solution that truly outweighs any advantage in protecting user privacy.
Many people have asked us to AFNIC, our position on this Copernican revolution proposed by the group of experts. We will, before taking a position, interact with them and hear their arguments. This was the case in Durban which is why AFNIC submitted last week an official commentary on the dedicated page of ICANN. I would strongly encourage those of you who are interested in issues of protection of privacy and, more generally, to the domain name industry, you will also participate in this consultation.

AFNIC, both as registration as Office .fr, and this pioneering title to respect for private life with the introduction of the anonymization of personal information relating to individuals, and as a technique for 17 new gTLDs operator, said in substance that the proposal deserved to be fully reworked and depth before being subjected to conventional procedures “PDP” (policy development process) of ICANN. The argument can be found here.

We bet that we will not be the only ones to alert ICANN on the need for further work and take the time to analyze all the economic, social and political such a radical change in the management of Whois.

Who is behind the Whois?

This question, it can arise in either direction. If I do a whois query is to find out who is behind a particular domain name. If I have a domain name, I want to know who manages the Whois, according to what rules, under what conditions.

For years, the “base Whois” allows for each top-level Internet extension, identify the holder of a name by accessing a range of technical and personal data, which for many of them are personal .

Historically, how to manage this database and the access rights attached ranged from generic extensions (.com, .net ….) And extensions related to country code (.fr, .de …)

The large Whois evening, which would be replaced by something better, starting from the assumption that the current version does not work, is a classic of ICANN. For years we discussed in it, but also for what concerns the evolution of the Whois protocol in the IETF. The CEO of ICANN, Fadi Chéhadé, true to form to move quickly to deny that subjects rotting in endless discussions (which is to his credit) therefore decided last December to set up a group of experts with the task of proposing a “new whois”.

While it is important to remember that the proposals in this group solely for the time that he himself, and that they apply a priori generic extensions, not the extensions related to country code like .fr the report raises a number of important issues that certainly deserve some attention a little.

And the two major innovations proposed in this document are:

Define a general policy of access to Whois data conferring different rights depending on the quality of the information the applicant and the type of data that research;

Set up a central database retrieving information of all registers and aspiring for sort of the one-stop whois requests.

Hence the question, who is behind this Whois one? In other words, who will be able to define a global policy for applicants classification and requests for access to Whois data? Who will decide to treat differently (or not), a request from a leading university research program on the location of registrants, the request of a federal agency, that of a Chinese government agency?

Which will guarantee to all registers generic extensions that the data they provide to the central database are protected, they can be exploited without the explicit consent of the holder , they may be used by organizations that have no right to know the personal data of the holders of a particular country?
That will ensure compliance with the various laws protecting personal data, and apply these laws, from a centralized basis, data of the owner, depending on the legal framework which is supposed be applied to them?
Does the law of the country that will host this basis will apply to that base, as is now generally the case, the central database or she will benefit from an innovative status internationally?
How much it will pay to develop this new data layer, which is added to that already maintained by the records themselves, and who will pay?
These are among other issues today which have been raised by many participants at the recent meeting in Durban.