Thank you and the members of the Committee on Financial Services for inviting me to testify today. I am pleased to have this opportunity to address recent developments related to WHOIS databases, and to share information about the work undertaken by the Department of Commerce in this critical issue area.
The Department of Commerce strongly supports continued, timely access to accurate and publicly available WHOIS data contained in the databases of information identifying registrants of domain names. We believe that WHOIS data is critical to meeting a variety of public policy objectives, including enforcement of laws and consumer protection, and have been pro-actively advocating this position at the meetings of the Internet Corporation for Assigned Names and Numbers (ICANN).
ICANN and WHOIS
The Department of Commerce is committed to preserving the stability and security of the Internet domain name and addressing system (DNS). There exists a Memorandum of Understanding (MOU) between the Department and ICANN, the private sector entity responsible for the day-to-day technical management of the DNS. The MOU contains provisions where ICANN has agreed to continue to assess the operation of WHOIS databases and to implement measures to secure improved accuracy of WHOIS data.1 In accordance with those specific provisions, ICANN has published three annual reports (as of April 2006) that provide information on community experiences with the InterNIC WHOIS Data Problem Reports system.2 ICANN has reported that the data collected is being used to ensure that individual registrars are complying with their obligations toward ensuring WHOIS data accuracy.3 ICANN has also published reports in 2004 and 2005 regarding the implementation of the WHOIS Data Reminder Policy, which requires ICANN-accredited registrars to formally contact domain name registrants on an annual basis to review and update their contact information.4 Again, the underlying purpose of this policy is to improve the accuracy of WHOIS data.
ICANN's Generic Names Supporting Organization (GNSO) has initiated a policy development process, which among other things, seeks to define the purpose of WHOIS data in the following contexts: ICANN's mission and core values; laws protecting individual privacy; laws specifically addressing WHOIS; and the changing nature of registered name holders. In April 2006, the GNSO Council voted in favor of a new definition of the purpose of WHOIS data that is to "resolve issues related to the configuration of the records associated with the domain name within a DNS nameserver." This definition is considered by many, including the U.S. Government, to reflect a narrow, technical definition. The United States public and private sectors are working within the ICANN process to address this problem.
This definition is, however, guiding the subsequent work by the GNSO WHOIS Task Force, which is turning its attention to three specific concerns: 1) determining what data should be available for public access; 2) improving the process for notifying a registrar of inaccurate WHOIS data; and 3) establishing a process for investigating and correcting inaccurate data. When the work of the task force is completed, it will be forwarded to the GNSO Council for review and approval. If approved, it will be forwarded to the ICANN Board for adoption.
The Department's Role and Perspective
I would like to now turn to the work of the Department of Commerce, and specifically to the work of the National Telecommunications and Information Administration (NTIA) regarding this important issue. NTIA serves as the representative for the United States Government to ICANN's Governmental Advisory Committee. Composed of government representatives from over 100 countries, this advisory committee provides advice to the ICANN Board on the activities of ICANN as they relate to the public policy concerns of governments.
ICANN's Governmental Advisory Committee has had several discussions on this topic. In preparation for each advisory committee meeting, NTIA convenes an interagency Working Group that develops and coordinates U.S. positions.5 Ensuring continued, timely access to accurate WHOIS data is a longstanding, shared priority among all U.S. agencies and has been advocated by the U.S. during these discussions.
As a reflection of that consensus among U.S. agencies, I am very pleased to share with this Committee a formal U.S. statement that was advanced during the June 2006 Governmental Advisory Committee meeting. The U.S. statement, a copy of which is attached to this testimony, outlines our concerns that a narrow, technical definition of the purpose of WHOIS data would hinder continued access to the WHOIS database for a range of legitimate uses. It could also impede law enforcement's ability to prosecute crimes by allowing perpetrators to hide behind the shield of anonymity. From our perspective, a public WHOIS database is essential to:
1 See Section II.C.10 of Amendment 6 to the Memorandum of Understanding between the U.S. Department of Commerce and the Internet Corporation for Assigned Names and Numbers, available at http://www.ntia.doc.gov/ntiahome/domainname/agreements/amendment6_09162003.htm.
2 These reports are available at www.icann.org/whois/wdprs-report-final-31mar04.htm; www.icann.org/whois/wdprs-report-final-31mar05.htm; and www.icann.org/announcements/wdprs-report-final-31mar06.pdf.
3 All ICANN agreements with generic top level domain name registries and registrars include requirements that domain name registrant contact information be collected, maintained, and publicly posted through WHOIS databases.
5 The Interagency Working Group is comprised of representatives from the Department of Commerce, the Justice Department, the Federal Trade Commission, the State Department, the Patent and Trademark Office, the Federal Bureau of Investigation, the Internal Revenue Service, and the Department of Homeland Security.