The Canadian Internet Registration Authority has proposed making public only limited information about dot-ca domain-name holders for privacy’s sake, yet some argue this may open the door to precisely the sort of scam artists the policy
aims to shut out.
The catalyst for the draft policy has been a need to align policies under the Personal Information Protection and Electronic Documents Act (PIPEDA), said Mark Jeftovic, co-founder of Toronto-based hosting service, EasyDNS, and a director of CIRA’s board who’s also a member of its WHOIS committee.
“”WHOIS has had serious problems from the word go,”” he said, referring to a publicly searchable database maintained by registrars containing personal information about domain-name registrations.
Typically, a WHOIS directory will include the registrant’s name, job title, the domain name, address, phone and fax numbers and email address, plus Web-hosting information.
A lack of privacy has allowed domain-name registrants to be hit by everything from spam, viruses, spyware and slanderous content, said Jeftovic.
“”As a registrar, I’m really conflicted between the privacy concerns that people have for protecting their data, and the responsibility that comes with having a domain-name and plugging computers into the Internet and being part of this big cooperative structure.””
CIRA’s WHOIS policy, which the public is invited to respond to until Jan. 12, 2005, will collect personal information on registrants but aims to list only the domain name, registrar’s name, registration date, the “”last change”” date, notice regarding changes in status of the domain name and server IP numbers/names.
According to CIRA, it’s already received about 50 submissions from Canadians, 80 per cent of who support the approach.
Although this protective policy primarily affects individuals, it may also impact small businesses with fewer than seven employees if they choose to be treated as individual dot-ca domain owners, said Bernard Turcotte, president and CEO of CIRA in Ottawa. “”You have 30 days to provide proof that you meet the requirements.””
He said it’s possible some owners of small businesses with dot-com domain names may be attracted to CIRA’s privacy measure.
The drawbacks of creating a more anonymous system, however, is that “”it may attract some of the people we don’t really want to attract,”” explained Jeftovic.
Jeftovic said the phenomenon of “”throwaway domain names,”” or ones with little value, was never much of an issue with dot-ca names because there’s more scrutiny in verifying the registrants’ identity. But this may all change if people can register a domain name without having their personal details published, he added.
“”Spammers could start using them to operate. It would be hard to track them down because…most of the people who are actively combatting spam are outside official law-enforcement agencies. And if those people are cut off from access to this data, it’s going to make their jobs harder.””
Turcotte said at this point the only instances in which a domain-name registrant’s personal information may be divulged is if a court order mandates it or if a dot-ca domain owner decides to make it public.
But getting a court order to gain access to a particular WHOIS record is not always in reach even with evidence of thousands of pieces of spam, warned Jeftovic.
Based on the public consultations, CIRA’s board will recommend or amend the draft policy. But for the most part, PIPEDA is “”almost, you know, the final trump card that’s going to decide how this policy plays out,”” Jeftovic explained.
Canada’s approach, interestingly, contrasts with that of the U.S. There, the House of Representatives agreed to a bill last September that would beef up jail time for people providing false information when registering a dot-com domain name — something CIRA said registrants sometimes do to prevent their personal information from being abused.