Changing the WHOIS Service isn’t necessary

The Generic Names Supporting Organization’s final Whois Task Force report (something like 2 years in the making) recommends that ICANN restrict the amount of contact information publicly available via the whois service, and completely do away with technical and administrative contacts in favor of an “Operational Point of Contact”, or OPoC, in an effort to minimize domain related scams like phishing, identity theft, fraudulent renewal scams, etc.

“Protecting the identity of the registrant…”

While the intent is noble, I have to wonder exactly what this is going to accomplish that private domain registrations don’t already cover? Aside from sort of ruining the private registration business in general. If a registrant is truly concerned about protecting their identity and their contact information, private domain registrations are a perfectly good way to do it, are already available, and are administered by private companies (rather than some pseudo-governmental agency).

If you’re not doing anything illegal, immoral or fattening with your domains, then you probably don’t have to worry about anyone using your whois data to track you down and sue you.

If you *are*, then you ought to have a private registration. Period. I don’t recommend using bogus whois data because I secretly hope ICANN (or someone) starts enforcing the existing rules about that being a bad-bad-bad offense and revokes registrations from people who are caught doing it.

Also, whether this new recommendation is enacted or not, the people who want to sue you will still be able to get their hands on your registration data, they just might have to pay their lawyers for a couple more hours of work (and then turn around and take it out of your ass when they finally get a hold of you).

Eliminating the Technical and Administrative Contacts

Switching from Admin and Tech contacts to an OPoC is all fine and good, but really, it’s not going to alleviate the issue of fake whois data because no one enforces the rules about NOT using fake whois data. I checked in my usual domaining haunts and no one had any concrete evidence anyone has ever lost a domain for using fake data. There were two third hand accounts of someone knowing someone who knew someone who had their domain revoked, but nothing that could be substantiated.

What it will possibly accomplish is clarify the purpose of the contact and hopefully businesses/individuals who are not well versed in the terminology will better understand the role the OPoC plays in their domain registration and will use better judgement in selecting the responsible party.

Also, the recommendation doesn’t really address how the registrar is going to verify that the designated OPoC *knows* he’s been named. If correspondence is no longer being sent to the registrant and is only sent to the OPoC (as recommended), you’re really putting a LOT of trust into this contact person. Even assuming the OPoC info is real and not completely fake, the system still breaks just as badly as before if that contact can’t be gotten in touch with, or forgets to renew their P.O. box, etc.

So… what’s to be done?

Ultimately, I think we already have mechanisms in place to protect our privacy if we choose to utilize them, and the means to address the bogus whois data also already exists, but needs to be enforced. Serious, legitimate registrants will either opt for privacy protection or just stop using fake info if they care about not losing their domains.

The system is just a little broken, not in need of an overhaul. Just enforce the rules and let the private registration companies do their thing.