Following from the ICANN meeting today in which they took up the issue of the whois privacy debate. The outcome is, unsurprisingly, motion 2.  Motion 2 is basically the do-nothing option.  It says that there is no consensus and more study is needed.  This after years of study by the ICANN commissioned whois Task force.   I really don’t know what else the expect to find out, this really is just a ‘we don’t want to decide, so lets put it off‘ option.

Comments on the decision:

Thomas Roessler:

In practical terms, this means that the ICANN community’s attempt to come to consensus about WHOIS is over for now. It is pretty clear that there is indeed no WHOIS policy that that community can agree on without a change to the political environment that it is operating in; it is also clear that this is not due to a lack of factual knowledge or background research, but because of deeply divergent views on the issues. Maybe taking time out would help. Nevertheless, the GNSO (and ICANN as a whole) also suffers horror vacui: ICANN is, after all, the organization tasked with coming to consensus about these kinds of issues, and ICANN giving up means a big opening for others to step in.

Wendy Seltzer:

Now, it’s time for the Council to vote. Council’s draft motions.

Motion 1: Approve OPOC as modified, 7 yes, 17 no. fails. The PDP is over. Long live the privacy-sapping WHOIS stalemate. Ross Rader, Registrar rep from Tucows, puts it best: “I do not think we have done the community any favors as a result of this discussion.”

The negotiation-forcing sunset proposal failed on a close vote: 10 yes, 13 no. It would have called for the elimination of WHOIS requirements from contracts in a year if consensus were not reached in the interim.

Instead, the Council called for — wait for it — more study. Don’t hold your breath.

It’s clearly time to go outside ICANN for help on the privacy front. I would like to see someone offer a _true_ privacy-preserving registration service — one that does not merely offer up the domain registrant’s personal information upon request. Any takers?

The long and the short of the decision is that the current whois registration system will remain with no changes.  You will still be required to provide a phone number and physical address to register a domain, which may be registered in a public database.  One thing to note about Australian domain registrations:  I’ve registered domains with both Jumba & Hostess (both resellers, Jumba for AussieHQ and Hostess for NetRegistry).  My phone & address details don’t show up for a whois query on these domains.  You only see my name and my email address.  Now I would rather not have the email address public either, but it’s better than what you get for some .com addresses (ie the WIPO domain).  Now this is not just benevolence on the part of the registrars, it’s actually part of the .au Domain Authority whois policy.

Under the heading of Disclosure of whois data:

4.2 In order to comply with Australian privacy legislation, the street address, telephone and facsimile numbers of registrants will not be disclosed.

4.3 It is necessary for the WHOIS data to include a contact email address for the registrant, for the purpose of contacting the registrant in relation to their domain name. The registrant does not have to nominate their own personal email address, but they must nominate an  email address at which they can be contacted.

4.4 To address user concerns about privacy and spam, and in line with international best practice, auDA has implemented Image Verification Check (IVC) on the web-based WHOIS service. The purpose of IVC is to prevent or hinder unauthorised access to WHOIS data by automated data mining programs or scripts. For consistency, auDA has removed all email addresses from Port 43 WHOIS responses; users of Port 43 WHOIS will be referred to the web-based WHOIS service to access email addresses via IVC.

There’s also a list of the fields that will be displayed at the bottom of that document, which are exactly what you see on any Australian whois query.  Now this is great.  It’s exactly the sort of policy decision that needs to be taken by the domain authorities.  If ICANN won’t step up and take the stand for privacy, then it’s going to be up to the individual domain authorities to make the right decisions.  ICANN seem to be wanting to be the UN of the internet, and it seems like they’re managing to emulate their idols quite well.