Testimony of John M. R. Kneuer
Acting Assistant Secretary for Communications and Information
United States Department of Commerce
Subcommittee on Financial Institutions and Consumer Credit
of the Committee on Financial Services
United States House of Representatives
July 18, 2006
Thank you and the members of the Committee on Financial Services for inviting me to testify today. I am pleased to have this opportunity to address recent developments related to WHOIS databases, and to share information about the work undertaken by the Department of Commerce in this critical issue area.
The Department of Commerce strongly supports continued, timely access to accurate and publicly available WHOIS data contained in the databases of information identifying registrants of domain names. We believe that WHOIS data is critical to meeting a variety of public policy objectives, including enforcement of laws and consumer protection, and have been pro-actively advocating this position at the meetings of the Internet Corporation for Assigned Names and Numbers (ICANN).
ICANN and WHOIS
The Department of Commerce is committed to preserving the stability and security of the Internet domain name and addressing system (DNS). There exists a Memorandum of Understanding (MOU) between the Department and ICANN, the private sector entity responsible for the day-to-day technical management of the DNS. The MOU contains provisions where ICANN has agreed to continue to assess the operation of WHOIS databases and to implement measures to secure improved accuracy of WHOIS data.[ 1 ]  In accordance with those specific provisions, ICANN has published three annual reports (as of April 2006) that provide information on community experiences with the InterNIC WHOIS Data Problem Reports system.[ 2 ]  ICANN has reported that the data collected is being used to ensure that individual registrars are complying with their obligations toward ensuring WHOIS data accuracy.[ 3 ]  ICANN has also published reports in 2004 and 2005 regarding the implementation of the WHOIS Data Reminder Policy, which requires ICANN-accredited registrars to formally contact domain name registrants on an annual basis to review and update their contact information.[ 4 ]  Again, the underlying purpose of this policy is to improve the accuracy of WHOIS data.
ICANN’s Generic Names Supporting Organization (GNSO) has initiated a policy development process, which among other things, seeks to define the purpose of WHOIS data in the following contexts: ICANN’s mission and core values; laws protecting individual privacy; laws specifically addressing WHOIS; and the changing nature of registered name holders. In April 2006, the GNSO Council voted in favor of a new definition of the purpose of WHOIS data that is to “resolve issues related to the configuration of the records associated with the domain name within a DNS nameserver.” This definition is considered by many, including the U.S. Government, to reflect a narrow, technical definition. The United States public and private sectors are working within the ICANN process to address this problem.
This definition is, however, guiding the subsequent work by the GNSO WHOIS Task Force, which is turning its attention to three specific concerns: 1) determining what data should be available for public access; 2) improving the process for notifying a registrar of inaccurate WHOIS data; and 3) establishing a process for investigating and correcting inaccurate data. When the work of the task force is completed, it will be forwarded to the GNSO Council for review and approval. If approved, it will be forwarded to the ICANN Board for adoption.
The Department’s Role and Perspective
I would like to now turn to the work of the Department of Commerce, and specifically to the work of the National Telecommunications and Information Administration (NTIA) regarding this important issue. NTIA serves as the representative for the United States Government to ICANN’s Governmental Advisory Committee. Composed of government representatives from over 100 countries, this advisory committee provides advice to the ICANN Board on the activities of ICANN as they relate to the public policy concerns of governments.
ICANN’s Governmental Advisory Committee has had several discussions on this topic. In preparation for each advisory committee meeting, NTIA convenes an interagency Working Group that develops and coordinates U.S. positions.[ 5 ]  Ensuring continued, timely access to accurate WHOIS data is a longstanding, shared priority among all U.S. agencies and has been advocated by the U.S. during these discussions.
As a reflection of that consensus among U.S. agencies, I am very pleased to share with this Committee a formal U.S. statement that was advanced during the June 2006 Governmental Advisory Committee meeting. The U.S. statement, a copy of which is attached to this testimony, outlines our concerns that a narrow, technical definition of the purpose of WHOIS data would hinder continued access to the WHOIS database for a range of legitimate uses. It could also impede law enforcement’s ability to prosecute crimes by allowing perpetrators to hide behind the shield of anonymity. From our perspective, a public WHOIS database is essential to:
- assist civil and criminal law enforcement in resolving cases that involve the use of the Internet; combat intellectual property infringement and theft;
- support Internet network operators responsible for the operation, security and stability of the Internet;
- protect the rights of consumers by facilitating, for example, their identification of legitimate online businesses; and
- assist businesses in investigating fraud, phishing and other law violations.
In developing this consensus position among U.S. government agencies, NTIA has undertaken considerable outreach to and engaged in consultations with a broad range of interested parties, including the financial services sector. In this regard, NTIA facilitated a meeting between U.S. agencies and the companies associated with the Financial Services Roundtable to discuss their concerns regarding the implications of a new, narrow technical definition of the purpose of WHOIS data. We will continue to work with these and other interested parties to ensure that the broad range of legitimate uses of WHOIS data are reflected in the final proposals on WHOIS data that are forwarded by the GNSO Council to the ICANN Board.
NTIA has also actively engaged foreign governments on this issue through ICANN’s Governmental Advisory Committee. NTIA serves as the chair of the advisory committee’s Working Group on GNSO issues. This working group has identified the public policy aspects of access to WHOIS databases as a priority. NTIA has facilitated information exchanges between the advisory committee and the GNSO to discuss consumer protection and law enforcement perspectives of continued access to accurate WHOIS data. NTIA is working closely with other national governments represented on this committee to develop more formal public policy advice on the purpose and use of WHOIS data.
Finally, I would also note that the ICANN Board passed a Resolution regarding the WHOIS policy process during its June meeting that acknowledges the open dialogue between the Governmental Advisory Committee and the GNSO regarding the issues covered by the WHOIS Task Force terms of reference, as well as the opportunity for public comment from that advisory committee as a whole and from individual member governments. We see this as a positive development that recognizes the important public policy aspects related to access to WHOIS data.
I thank you for this opportunity to update you on this important issue and the progress the Department is making in meeting the needs of U.S. law enforcement and consumer protection agencies. The Department will continue to advocate continued and timely public access to accurate WHOIS data and believes ICANN has provided a productive forum to seek international consensus on WHOIS issues.
Attachment: United States Government Contribution to the Governmental Advisory Committee (GAC) and the Generic Names Supporting Organizati
[ 1 ]  See Section II.C.10 of Amendment 6 to the Memorandum of Understanding between the U.S. Department of Commerce and the Internet Corporation for Assigned Names and Numbers, available at http://www.ntia.doc.gov/ntiahome/domainname/agreements/amendment6_09162003.htm.
[ 2 ]  These reports are available at www.icann.org/whois/wdprs-report-final-31mar04.htm; www.icann.org/whois/wdprs-report-final-31mar05.htm; and www.icann.org/announcements/wdprs-report-final-31mar06.pdf.
[ 3 ]  All ICANN agreements with generic top level domain name registries and registrars include requirements that domain name registrant contact information be collected, maintained, and publicly posted through WHOIS databases.
[ 4 ]  These reports are available at www.icann.org/whois/WDRP-Implementation-30Nov04.pdf, and at www.icann.org/whois/wdrp-survey-report-30nov05.pdf.
[ 5 ]  The Interagency Working Group is comprised of representatives from the Department of Commerce, the Justice Department, the Federal Trade Commission, the State Department, the Patent and Trademark Office, the Federal Bureau of Investigation, the Internal Revenue Service, and the Department of Homeland Security.