Historically, the domain name WHOIS system has been an important tool to track down the operators of pirate sites and services.
While WHOIS data is not always accurate, it is still helpful in holding site operators accountable, at least when the information is available for access.
In recent years, access to domain registration information has often been restricted. This change is in large part the result of EU General Data Protection Regulation (GDPR), a privacy law that limits the availability of personal information in public databases.
In response to the law, domain name oversight body ICANN implemented a measure to restrict access to personal WHOIS data for gTLDs, unless explicit permission is granted. This was a welcome privacy upgrade for many domain registrants, but anti-piracy groups were not happy.
.US WHOIS Restrictions
Copyright holders have complained about the stricter privacy rules but were pleased to see that these didn’t apply universally. The .US ccTLD, for example, which falls under the oversight of the United States Department of Commerce’s NTIA, remains publicly accessible.
Public access helps enforcement efforts but also has some drawbacks. Since anyone can access the private details of domain registrants anonymously, the information can be used to spam, phish, or dox people.
To reduce the potential for abuse, NTIA and its contractor GoDaddy are proposing to limit anonymous access to .US registrant data and make information seekers accountable too.
“In response to concerns about the potential for abuse of usTLD registrant data, NTIA is considering a proposal from its Contractor to create an Accountable WHOIS Gateway System to provide public access to usTLD registrant information,” NTIA noted.
“The System would require those seeking access to the usTLD registration data to provide their name, an email address, and to accept the Terms of Service (TOS).”
RIAA Opposes WHOIS Shield
Earlier this year, NTIA asked the public for input on this proposal. As expected, that triggered opposition from various parties including the music industry’s anti-piracy watchdog, RIAA.
In response to the proposal, RIAA points out that EU privacy regulation and proxy registration services for many top-level domains have made it virtually impossible to obtain accurate registrant data for anti-piracy purposes.
The .US TLD is a rare exception, which is also apparent in the abuse numbers. Pirate sites tend to avoid .US domain names, presumably because WHOIS data is publicly available.
“We have seen much less copyright infringement on sites with .us domains than on those in the gTLD space,” RIAA writes.
This statement is backed up by figures showing that copyright infringement through .US domain names is trending down in recent years, while it has increased on .COM domain names.
WHOIS data is not only important to catch pirates, RIAA writes. It can also be helpful to other investigators, including law enforcement agencies, who also deal with online harms.
At the same time, RIAA suggests that the harm faced by registrants is minimal. At least, the organization is not aware of any concrete examples where public .US WHOIS information has caused any problems.
“[W]hile we have heard of anecdotal evidence of harm to registrants generally, we don’t know of any documented, verifiable, widespread, pervasive harm to .us registrants caused by publicly available registrant data.”
Why Change?
NTIA doesn’t propose to make it entirely impossible for rightsholders and other interested parties to obtain WHOIS data. Instead, it wants to hold WHOIS data seekers accountable, by asking them for their information as well.
This shouldn’t prevent RIAA and other rightsholders from accessing WHOIS records, but the RIAA sees no reason to change the status quo.
“Given the steep rise of cyber problems since the WHOIS data for gTLDs was masked, and the challenges such masking has caused to those combatting those problems, we don’t understand why .us would change its current policies.
“Accordingly, the current system of access to usTLD domain name registration data should remain unchanged, and we do not support efforts to create unnecessary gates around registrant data,” RIAA adds.
If NTIA decides to block unlimited and anonymous access to WHOIS data, RIAA notes that copyright holders should be granted free and immediate access. In addition, WHOIS data should be vetted through ‘know-your-customer’ requirements, while corporate domain registrations should remain publicly accessible.
—
A copy of RIAA’s full response to the NTIA’s proposal was published this week and is available here (pdf)
