Recently ICANN (Internet Corporation for Assigned Names and Numbers) published a report on inaccurate registration data in her own databases. Now the question is presented to the world how can we mitigate this problem? There seems to be a very easy solution.
The question to this answer seems simple. To know who has registered with an organisation. This makes it possible to contact the registered person or organisation, to send bills and to discuss policy with the members.
The rationale of unreachable registrations
This one completely goes by me. ICANN distributes IP resources at the highest level that are on principle scarce: domain names and IP addresses and sets policy around the distribution of these resources. So it seems to be in the utmost interest of ICANN to have an accurate database. Over the past years it has been shown over and over again, that accuracy was not a priority of ICANN, even against her existing policies.
There does not seem to be a rationale for this lapses in registration measures. ICANN in the end loses money as she provides a service, but is most likely not paid for this service. Next to that it is not good for ICANN’s image, as government and LEA reactions have shown over the past years. It could even become a threat to ICANN’s very existence.
Cyber crime and enforcement
With the coming of cyber crime, spam and botnets, law enforcement agencies of different back ground became interested in Whois data and were very much frustrated when they found data not to be accurate. (And vetting and revocation mechanisms not being in place.) Whois data is a primary source at the start of investigations. So if these are false this makes investigations harder, not impossible.
What can be reasons that data is inaccurate? There can be several reasons. To give a few examples. Someone forgot to change the data after a move of the office, contact person, a merger, bank account, a company stopped its activities, etc. In the meantime the IP resources are still used as they were meant to, but from an unknown address.
A second reason could be that free speech advocates want to have a chance to hide their identity behind a so called proxy registration. This way they are safe from prosecution in their home country. Usually this is supported by western governments.
A third reason can be criminal intent. A person or group of persons uses the IP resources for personal gain through illegal activities. They never intended to provide accurate data. From a society point of view this is an activity that preferably is stopped as fast as possible.
What to do about it?
We are discussing unreachable registered companies. It looks quite simple to me. ICANN has many ways to reach out to these companies and does so. Everyone concerned gets one year to alter the data. As soon as someone complies, the data is submitted to the Whois database, after being vetted by ICANN.
All that have not updated their registration on time -and one year is a very lenient time frame- are de-registered by ICANN and where possible their IP resources taken away.
Legit after claims
If ICANN makes sure there’s a good procedure to follow for legit claims after the de-registration come in anyway, I’m sure this procedure will work. Criminals usually do not show up and try to find new ways to proceed their business.
Vetting of all new registrations
When ICANN makes sure new applicants are vetted before being admitted and an ongoing checking procedure of existing members is put in place, I’m convinced that the Internet will become a safer place for all concerned. Also, she becomes an example for policy at lower level IP resource organisations by setting a standard. It makes one avenue on the Internet harder to reach for criminals.
Wout de Natris, De Natris Consult
Leiderdorp, 31 January 2012