Reducing unreachable ICANN registrations

Recently ICANN (Internet Corporation for Assigned Names and Numbers) published a report on inaccurate registration data in her own databases. Now the question is presented to the world how can we mitigate this problem? There seems to be a very easy solution.

Why register?
The question to this answer seems simple. To know who has registered with an organisation. This makes it possible to contact the registered person or organisation, to send bills and to discuss policy with the members.

The rationale of unreachable registrations
This one completely goes by me. ICANN distributes IP resources at the highest level that are on principle scarce: domain names and IP addresses and sets policy around the distribution of these resources. So it seems to be in the utmost interest of ICANN to have an accurate database. Over the past years it has been shown over and over again, that accuracy was not a priority of ICANN, even against her existing policies.

There does not seem to be a rationale for this lapses in registration measures. ICANN in the end loses money as she provides a service, but is most likely not paid for this service. Next to that it is not good for ICANN’s image, as government and LEA reactions have shown over the past years. It could even become a threat to ICANN’s very existence.

Cyber crime and enforcement
With the coming of cyber crime, spam and botnets, law enforcement agencies of different back ground became interested in Whois data and were very much frustrated when they found data not to be accurate. (And vetting and revocation mechanisms not being in place.) Whois data is a primary source at the start of investigations. So if these are false this makes investigations harder, not impossible.

Inaccurate data
What can be reasons that data is inaccurate? There can be several reasons. To give a few examples. Someone forgot to change the data after a move of the office, contact person, a merger, bank account, a company stopped its activities, etc. In the meantime the IP resources are still used as they were meant to, but from an unknown address.

A second reason could be that free speech advocates want to have a chance to hide their identity behind a so called proxy registration. This way they are safe from prosecution in their home country. Usually this is supported by western governments.

A third reason can be criminal intent. A person or group of persons uses the IP resources for personal gain through illegal activities. They never intended to provide accurate data. From a society point of view this is an activity that preferably is stopped as fast as possible.

What to do about it?
We are discussing unreachable registered companies. It looks quite simple to me. ICANN has many ways to reach out to these companies and does so. Everyone concerned gets one year to alter the data. As soon as someone complies, the data is submitted to the Whois database, after being vetted by ICANN.

All that have not updated their registration on time -and one year is a very lenient time frame- are de-registered by ICANN and where possible their IP resources taken away.

Legit after claims
If ICANN makes sure there’s a good procedure to follow for legit claims after the de-registration come in anyway, I’m sure this procedure will work. Criminals usually do not show up and try to find new ways to proceed their business.

Vetting of all new registrations
When ICANN makes sure new applicants are vetted before being admitted and an ongoing checking procedure of existing members is put in place, I’m convinced that the Internet will become a safer place for all concerned. Also, she becomes an example for policy at lower level IP resource organisations by setting a standard. It makes one avenue on the Internet harder to reach for criminals.

Wout de Natris, De Natris Consult

Leiderdorp, 31 January 2012

Advertisements

About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber crime, Cyber crime data or the absence of it, International cooperation: IP resources, Internet governance, Self regulation and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s