ICANN’s WHOIS policy shift would be criminal negligence
There’s a move afoot to help criminals obscure their illegal online activities. The Internet Corporation for Assigned Names and Numbers (ICANN) is considering making it possible for anyone to avoid putting Web site ownership and contact information into the Internet’s WHOIS database.
This seemingly minor change to the already loose requirements for Web site registration is being advocated by an unholy alliance of privacy ideologues, primarily in the European Union, and greedy Internet service providers. The former group argues that the less that is known about a Web site owner, the better that person’s rights are protected. The ISPs supporting the change see it as a way to generate more business, though most of it is likely to be from crooks who, ironically, rip off Internet users by violating their privacy.
One of the most pernicious types of online crime is phishing. With a phishing scam, criminals lure consumers to visit a counterfeit Web page that looks identical to, say, a bank’s site and then dupe the visitors into entering personal information. The crooks drain their marks’ bank accounts or run up their credit card limits. Consumer Reports says that more than a million people lost a total of $2.1billion during the past two years from phishing. Without WHOIS, the situation would be massively worse.
Today, legitimate businesses work vigilantly to protect their customers and their companies’ reputations online. They hire brand-protection services that hunt down and shutter phishing sites. These third-party phisher killers are needed because law enforcement agencies lack the bandwidth to stop the bad guys. The crooks know this, so they have no fear of legal retribution. Indeed, MarkMonitor, a brand-protection service, claims that phishing incidents increased 104% in this year’s first quarter compared with the same period last year.
In a variation on phishing, typosquatters prey on online consumers’ poor typing skills. Brand protector CitizenHawk says, “Digital thieves use sophisticated, automated systems to purchase dozens, if not hundreds, of possible misspellings of domain names … to build vast networks of Web sites to siphon traffic away from legitimate companies.” The reason they siphon that traffic is to steal personal information from clueless visitors.
WHOIS is one small tool available to identify the ISP serving a bogus Web site and force it to shut the site down. Without WHOIS, it could take days instead of hours to locate and terminate a phisher’s or typosquatter’s presence.
ICANN is said to be leaning toward adopting operational point of contact, a policy that would eliminate the requirement that site owners identify themselves in WHOIS. An alternate policy, known as special circumstances, would let individuals and organizations — say, political dissidents or homes for battered women — hide their WHOIS data from prying eyes. That’s a far better option.
But why make any change? WHOIS has been with us since the earliest days of the Internet. There will be no appreciable privacy gains by adopting a new policy, except in the abstract thinking of privacy-rights zealots. In the real world of the World Wide Web, it’s more likely that increasing numbers of people will get their private information stolen if ICANN embraces operational point of contact for WHOIS. That would be criminally negligent.
WHOIS is not just about protecting corporate brands and unwary consumers. It’s a good educational tool for kids, too. Visit www.martinlutherking.org, a Web site targeting schoolchildren. With WHOIS, you can run a search on its owner. Turns out the site is run by Stormfront Inc., a group that proclaims itself to be of interest to “pro-White activists and anyone else interested in White survival.” But not those interested in the truth about Martin Luther King Jr.
Let’s keep WHOIS data available to help sustain commerce on the Web, protect people’s privacy and enhance our kids’ educations.
Original URL: http://www.computerworld.com/action/…/300493
