The DNS as a Tool for Global
Identity Policy:
WHOIS, ICANN, and Global
Internet Governance
DRAFT – NOT FOR PUBLICATION OR ATTRIBUTION
Milton Mueller, Professor, Syracuse University School of
Information Studies, and
The identity of Internet users has become a central issue in Internet governance. It has often been observed that one of the main problems with the Internet is that there is no identity layer in the TCP/IP protocols. (Cameron, 2005; Jones, 2006; Clark et al, 2002) The basic Internet protocols do not contain sufficient assurances about who the communicating parties are, nor does it authenticate the source, status or attributes of documents and other resources exchanged on the Internet. Insofar as digital identity is supplied by Internet technology, it comes from applications supplied at the edges. Thus Internet identities lack universality and, often, compatibility across domains. The concern about identity goes beyond the people involved in an actual communication. It also interests, at a broader level, third parties who have a monitoring or a surveillance interest. For various purposes -- some legitimate and some abusive, some public and some private – there is widespread demand for the ability to identify who is who on the Internet.
To fill this vacuum the WHOIS service has evolved into a surrogate identity layer, an identity system defined through contracts and policies as much as technical protocols. WHOIS service allows any Internet user to type a domain name into a web interface and be immediately returned the name and contact details of whoever has registered the domain. The businesses that provide domain name registration services are required to offer a free public WHOIS service by the ICANN contracts which authorize them to do business. In this respect it is often compared to an automated online telephone directory. But another comparison is more apt. To understand its functionality and importance, one need only imagine seeing the license plate of an automobile on the road, and being able to type it into a computer and be returned the name of the car owner and their street address, telephone number and email address. That is what WHOIS does to domain name registrants. It links the vehicle for navigating the complex arena of cyberspace (domains) to a responsible individual, a location, a jurisdiction.
It is not difficult to imagine both the benefits – and the trouble – that might be caused by free, anonymous, unrestricted public access to drivers’ license databases. No doubt amazing new information services could be developed by some Google of the future. No doubt, also, incidents of road rage and stalking would be taken to new heights. The same concerns apply to WHOIS. In addition to facilitating accountability on the Internet, open access to registrant contact data raises privacy issues and concerns about abuse of sensitive personal data by spammers, stalkers and identity thieves.
In Europe and
other countries such as
This paper focuses on the puzzling persistence of open access WHOIS. We believe that this puzzle has important implications for understanding the global governance of the Internet, particularly regarding issues of privacy and digital identity. At its simplest, it is a story of how the Internet governance regime has created a new, global “jurisdiction” wherein traditional rights to privacy are recast. It is also a story of how technological systems are shaped by interest groups: we recount in detail how the specific policies and practices of WHOIS have been shaped by political demand for adding identification capabilities to the Internet. More fundamentally, we are interested in developing an explanation for the apparently counterintuitive fact that a global governance regime can remain so impervious to national laws and well-established international norms, despite the absence of any formal treaty or agreement by the supposedly sovereign nations whose data protection guarantees have been compromised. In making this explanation, we draw upon the concept of a “default value,” which we believe is a useful way to capture the role of technological systems in generating certain kinds of institutional change.
A “default” is defined as a situation or condition that obtains in the absence of active intervention. A definition grounded more in computer science, but one that is appropriate in the context of the Internet and its protocols, defines “default” as “a particular setting or value for a variable that is assigned automatically by an operating system and remains in effect unless canceled or overridden by the operator.” Defaults tilt the playing field toward one option, by giving the specified value the benefit of inertia, forcing those who prefer an alternative to exert extra effort to change it. Most computer users are aware of the latent power of defaults. Default values can get a person to use software A over software B even when she would prefer to use B, because it is too much trouble to change it, or she doesn’t know how. Default values can get users to start their Internet browser at one site over another, steering millions of eyeballs and potential revenue-generating “hits” to one supplier instead of another.
WHOIS originated as a feature of the Internet when it was a small-scale, closed scientific network. Once the Internet evolved into a large-scale, public, commercial system, the WHOIS capability remained in place by default. The presence of an open WHOIS directory was then exploited by interest groups with the most to gain from a global identification capability, particularly trademark and copyright holders. When the ICANN regime was created, this interest group was able to institutionalize its access to user contact data by putting in place a new regime of private contracts that reconstructed an open global directory service on the Internet, despite its orthogonal relationship with national and international public laws. Once locked into place in this manner, it became very difficult, if not impossible to change. Understanding this evolutionary process holds important lessons for theories of global economic regulation, especially those, like Drezner (2006), which emphasize the need for US-EU agreement as a precondition to effective global governance.
The argument about defaults is fundamentally an argument about sequence and historical process. Thus the paper is organized around the timeline that starts on page 5. We divide the evolution of WHOIS into four phases. The first phase is the origin of a directory service known as NICNAME/WHOIS on the small-scale, restricted and experimental Internet of the 1980s. In Phase 2, the Internet is opened to the public and to commerce – yet the default value, a global directory with potentially sensitive contact data, remains in place. During this phase, those with the strongest need to identify Internet users seize upon WHOIS for its surveillance and identification capabilities, establishing both expectations about what was an appropriate level of access to user contact data and a powerful economic interest in its continued availability. Phase 3 covers the formation of the ICANN regime and the institutionalization of WHOIS capability in its contracts. In this phase, the WHOIS capability was no longer a default value but had to be actively constructed because of the transition from a single, centralized registry to a system with multiple, competing registrars and the addition of new top level domain name registries. Nevertheless, the policies that were institutionalized were clearly a function of the expectations and interests established in the default stage, and could not have been successfully institutionalized had they not been established for years as a default. The last phase, running from 2001 to the present, involves ongoing political contention between forces who want to maintain and strengthen the use of WHOIS as an identification and surveillance tool and those who want to reform it to conform to data protection and privacy norms. Despite some change around the margins, we see that massive investments of political energy on both sides have been unable to move decisively in either direction. The last section assesses the implications of the historical evidence for theories of global governance, focusing in particular on Drezner (2006).
WHOIS Timeline, 1982 – 2007
Phases:
|
WHOIS Established as part of Internet |
|
WHOIS Default Remains in Place During
Transition |
|
New WHOIS Institutionalized by ICANN regime |
|
Political contention
over WHOIS as identification tool and data protection laws and norms |
|
Date/Period |
Event or released
material (link) |
Source/Author |
|
March 1, 1982 |
First specification of a standard for WHOIS
(NICNAME) RFC 812: http://www.ietf.org/rfc/rfc0812.txt?number=812
|
IETF, Ken Harrenstien |
|
August 1982 |
First specification of the Domain Name System
(DNS) in RFC 819, http://www.ietf.org/rfc/rfc0819.txt?number=819
|
IETF, Network
Working Group Zaw-Sing Su (SRI) Jon Postel (ISI) |
|
October 1985 |
RFC 954 updating the WHOIS standard, http://www.ietf.org/rfc/rfc0954.txt?number=954
|
IETF, Network Working Group; K. Harrenstien, M.
Stahl, and E. Feinler (SRI) |
|
1991-1992 |
Internet opened to public; Commercial Internet
eXchange founded in 1991 and legislation passed in 1992 revising NSF's Acceptable
Use Policy to permit public use of NSF supported networks |
CIX, NSF |
|
1992 - 1993 |
Public release of graphical World Wide Web
browsers |
Mosaic, Netscape |
|
1994 |
First lawsuits related to domain name - trademark conflicts |
US Courts |
|
July 1995 |
Charging for domain registrations instituted by
NSF NSI “Domain Dispute Resolution Policy” gives trademark owners special rights to
domain names |
Network Solutions, Inc. (NSI) |
|
1996 – 1999 |
Growth of automated processes to collect zone
file / WHOIS data from centralized NSI database |
|
|
November 1998 |
http://www.ntia.doc.gov/ntiahome/domainname/icann-memorandum.htm
|
US Commerce Department |
|
January 1999 |
US Commerce Department, NSI agree on usage
restrictions for zone file data for .com, .net and .org |
US Commerce Department, NSI |
|
March 1999 – November 1999 |
First ICANN Registrar Accreditation Agreement (RAA)
developed http://www.icann.org/registrars/policy_statement.html
|
ICANN |
|
April 30, 1999 |
Final Report of WIPO Internet Domain Name
Process recommends that “contact
details of all domain name holders should be made publicly available” http://www.wipo.int/amc/en/processes/process1/report/finalreport.html
|
WIPO |
|
August 3, 2000 – February 2001 |
Litigation related to Verio’s use of automated
collection of Whois and zone file data for marketing purposes, http://www.icann.org/announcements/advisory-02feb01.htm
http://www.dnso.org/dnso/notes/20020122.rc01.4.html)
Injunction granted http://www.icann.org/registrars/register.com-verio/order-08dec00.htm
|
Register.com v. Verio, Inc. |
|
May 2000 |
International Working Group on Data Protection in
Telecommunications warns ICANN that “publication of personal data of domain name
holders gives rise to data protection and privacy issues.” |
Internationaler |
|
December 1. 2000 |
WHOIS Committee convened by ICANN to address
implementation questions caused by registrar competition |
ICANN (VP & General Counsel) |
|
March 6, 2001 |
ICANN WHOIS Committee recommends standardizing
WHOIS output across registrars http://www.icann.org/committees/whois/committee-recommendations-06mar01.htm
|
ICANN WHOIS Committee |
|
May 2001 |
2nd (Current) Iteration of ICANN
Registrar Accreditation Agreement |
ICANN |
|
July2001 |
Congressional Hearing on "The
WHOIS Database: 'Privacy and Intellectual Property Issues.'" http://judiciary.house.gov/media/pdfs/printers/107th/73612.pdf
|
US House of Representatives, Committee on the
Judiciary, Subcommittee on Courts, the Internet,
and Intellectual Property |
|
Feb 2001 – February 2003 |
First ICANN Whois Task Force (WHOIS TF 1)
established, focusing on accuracy, postponing privacy http://www.dnso.org/clubpublic/nc-whois/Arc00/
(List archives) http://www.icann.org/gnso/whois-tf/report-19feb03.htm
(final report) http://www.icann.org/correspondence/touton-message-to-cade-30jan03.htm
|
ICANN/DNSO |
|
May 2002 |
Congressional Hearing on "The
Accuracy and Integrity of the Whois Database." http://judiciary.house.gov/media/pdfs/printers/107th/79752.pdf
|
US House, Committee on the Judiciary, Subcommittee on Courts, the Internet, and Intellectual
Property |
|
September 2002 |
ICANN WHOIS Data Problem Reports
system established |
ICANN |
|
September 2003 |
Congressional Hearing on “Internet
Domain Name Fraud – The U.S. Government’s Role in Ensuring Public Access to
Accurate WHOIS Data.” http://judiciary.house.gov/media/pdfs/printers/108th/89199.pdf
|
US House, Committee on the Judiciary, Subcommittee on Courts, the Internet, and Intellectual
Property |
|
September 18, 2003 |
Second ICANN WHOIS Task Force (WHOIS TF 2),
focusing on Whois-privacy issues, http://gnso.icann.org/meetings/minutes-whois-sc-18sep03.shtml:
|
ICANN/GNSO Council |
|
October 2003 |
Registrar WHOIS Data Reminder Policy goes into
effect |
ICANN |
|
November 2005 |
GAO
releases report Quantifying Prevalence of False Contact Information for
Registered Domain Names” http://www.gao.gov/new.items/d06165.pdf |
US
Governmental Accountability Office |
|
November 28, 2005 |
GNSO Council voted by a
supermajority in favor of the ‘Recommendation on a procedure for potential
conflicts between Whois requirements and privacy laws’ in the Final Task
Force Report of the Whois Task Force |
GNSO Council |
|
March 15, 2006 |
Final Task Force report on the purpose of Whois
and Whois contacts http://gnso.icann.org/issues/whois-privacy/tf-report-15mar06.htm
|
GNSO Council / WHOIS Task Force |
|
April 12, 2006 |
GNSO Council supermajority
vote for narrow, technical definition of WHOIS purpose |
GNSO Council |
|
May 10, 2006 |
ICANN Board unanimously approves GNSO Council ‘Recommendation on a procedure for potential conflicts
between Whois requirements and privacy laws’ in the Final Task Force Report
of the Whois Task Force, http://www.icann.org/minutes/minutes-10may06.htm
|
ICANN Board |
|
June 22, 2006 |
Broad set of letters to ICANN Reacting to new
purpose definition, including Article 29 Working Party http://icann.org/correspondence/ |
Article 29 WG, Privacy Commissioner of |
|
July 25, 2006 |
Letter on the consultation on the
implementation of .ca Whois look-up directory privacy policy http://icann.org/correspondence/ |
CIRA |
|
November 22, 2006 |
Preliminary Task Force Report on
Whois Services http://gnso.icann.org/issues/whois-privacy/prelim-tf-rpt-22nov06.htm |
ICANN GNSO Council |
|
March 12, 2007 |
Final task force report on Whois services, recommending OPoC proposal http://gnso.icann.org/issues/whois-privacy/whois-services-final-tf-report-12mar07.htm |
ICANN GNSO Council |
|
Letter from Article 29 Working Party reacting
to the 'Draft Procedure on Potential Conflicts with
Whois Requirements and National Laws' and 'Preliminary Task Force Report on
Whois Services' http://icann.org/correspondence/ |
Article 29 Data Protection Working Party |
|
|
March 28, 2007 |
GAC Principles regarding gTLD Whois
services http://gac.icann.org/web/home/WHOIS_principles.pdf
|
ICANN’s Governmental Advisory Committee |
|
GNSO Council creates a new WHOIS
Working Group to specify what WHOIS data elements should remain publicly
available and which legitimate third parties may have access to the data that
is no longer publicly available. The WG continued from April to August 2007, http://gnso.icann.org/issues/whois-privacy/whois-wg/whois-working-group-charter-16apr07.pdf
|
GNSO |
Phase 1: Early manifestation and purpose of
Whois
The WHOIS service was first defined through an Internet Engineering Task Force standards document, RFC 812 (1982), superseded a few years later by RFC 954 (1985). Both RFCs describe the underlying query/response protocol which can be consulted by any host computer on the network by sending a query from a client to a server. The introduction to RFC 954 reads:
The NICNAME/WHOIS Server is a TCP transaction based query/response
server…that provides netwide directory service to internet users. It is one of a series of internet name
services maintained by the DDN Network Information Center (NIC) at SRI
International on behalf of the Defense Communications Agency (DCA). The server is accessible across the Internet
from user programs running on local hosts, and it delivers the full name,
The first RFCs
make it clear that the WHOIS protocol was intended to make available to users a
general directory of other
ARPANET/Internet users. At the time, ARPANET was what we would now call an
“Intranet” that linked a few hundred computer scientists and researchers at
less than a hundred geographically distributed sites. A critical fact about
this directory, then, is that it was intended to serve a closed, relatively
homogeneous and (compared to today’s internet) very small group of networked computer users.[2] The
RFCs do not specify exactly what the purpose of this directory was. One can
infer from context that it served a variety of purposes, and was seen as a
convenience to the community of defense contractors involved in building the
early Internet. Another critical fact is that for most users, participation in
the directory was encouraged but was not operationally, legally or
contractually required.[3] It
may be that the Defense Communication Agency’s request to register in the
centralized WHOIS Database is made to facilitate technical coordination, but
this is not documented in the RFC, and evidence supporting this has not been
found anywhere else. The RFC states only that the purpose is to provide a
directory service to the network users.
In the initial (1982) description of the standard, the information
requested for the WHOIS server included: “full name, middle initial,
Phase 2: Internet opened to the public and
to commerce
The number of hosts connected to the Internet grew rapidly throughout the 1980s, but it was still a closed community of users. From 1991 to 1995 a critical change in the status of the Internet occurred: it was opened to commercial users and to the general public. This change was accelerated by the creation and deployment of the World Wide Web and user-friendly Web browsers, which made the Internet usable and interesting to ordinary members of the public. The number of computers connected to the Internet exceeded 1.3 million before the end of 1992 and was somewhere between 6 and 8 millions by the middle of 1995. This was no longer a “community” of computer scientists and researchers, but a mass, heterogeneous public, engaged in both commerce and in public and personal communication. It was also an increasingly contentious and litigious public. As documented in Mueller (2002), the emergence of the WWW gave domain names economic value as locators of web sites. Domains were now commonly registered for speculative and sometimes fraudulent activity. The economic value of domains made them a site of conflict over legal rights to names, as trademark owners and registrants negotiated new property rights boundaries around the use of domains.
During this tornado of change the WHOIS service that was implemented between 1982 and 1985 remained in place. The user base of the Internet was no longer closed, no longer homogeneous, no longer situated within a noncommercial community, and no longer relatively small and manageable, but the protocol and the practice of supplying a “directory” of Internet users remained the same. The only significant change was that the burden of supplying the WHOIS service shifted from defense contractor SRI to civilian National Science Foundation contractor Network Solutions, Inc. As the Internet moved from the small, noncommercial and closed world of the 1980s to the open, public, and commercial world of the mid-1990s no one made a conscious decision to retain the open-access WHOIS service of RFC 954; WHOIS was an unnoticed default value.
In this constancy in the midst of radical transformation, we find an important trigger of change in global governance arrangements. As noted before, a “default” is a situation or condition that obtains in the absence of active intervention. Establishing open access to user contact information as the default gave an opening to those looking to compensate for the anonymity of Internet use. In particular, trademark lawyers viewed domain names that incorporated or resembled the marks of their clients as threats to the exclusivity and value of their brand names. These industrial interests created a strong demand for Internet capabilities that permitted them to monitor domain name registrations and identify the registrant. WHOIS records were perfectly suited to this purpose: they combined information about registered domains with the date of the registration and extensive contact information for the registrant and technical administrators. That combination enabled mark holders not only to identify what they considered infringements, but also to quickly serve legal process on the registrant. The data in the WHOIS record was as close as the internet got to an identity card. Well before the creation of ICANN’s contractual regime in 1999, information providers of trademark monitoring services, such as Thomson, Inc., were incorporating WHOIS information into their products.
The practice of using WHOIS information for private policing functions quickly spread to include copyright holders who wanted to be able to identify and prosecute web sites that were distributing infringing content. Additionally, public law enforcement agencies tracking online fraud found the instant access to identification information, without any need for due process, temptingly convenient. Social science researchers interested in objective data about aspects of the Internet also joined the game.[4] With domain name registration and web site hosting evolving into a multi-billion dollar industry, access to registration records and zone files were also being used to gain marketing data. Thus within a few years of the Internet’s commercialization, the process of using WHOIS as a form of identification, surveillance and data mining, often using automated bots to gather data, had become common practice.
In its original
default, WHOIS data and the DNS zone files were pure data “commons,” accessible
to anyone on the Internet. Network Solutions, Inc., the central registry which
held the exclusive contract to operate the .com, .net and .org domains, was
required to make its zone files available for legitimate use. In January, 1999,
however – only a few months after the
Phase 3: ICANN Institutionalizes WHOIS
A new global
governance regime for the Internet’s domain name system (DNS) was created from
1998 – 1999. The regime was created by the
The ICANN regime had three main purposes. One was to provide a formal institutional home for the coordination of the Internet’s identifier system; the other was to develop a mechanism for handling domain name-trademark conflicts; the third was to introduce competition in the supply of domain names. The latter goal, which required separating registries from registrars and thus decentralizing the maintenance of customer account records, was incompatible with the original design of WHOIS. Put bluntly, registrar competition broke the old, centralized WHOIS. ICANN could, therefore, no longer rely on the default. In order to institutionalize the legacy capability of WHOIS it had to define new contractual relationships among the parties. As ICANN’s general counsel Louis Touton stated at the time, “An overall goal of the Whois provisions of the Registrar Accreditation Agreements was to help restore the InterNIC Whois service that existed in .com, .net, and .org prior to the introduction of multiple registrars.”[6]
As the prior statement indicates, the central component in the evolution of WHOIS policy is the Registrar Accreditation Agreement (RAA). “Registrars” are artifacts of ICANN’s regulatory regime for the supply of domain names. They are the “retail” side of a contractually-imposed vertical separation between “wholesale” registries that exclusively operate top level domains (such as .com or .info), and multiple registrars who compete at the retail level to sell second-level domain name registrations (such as aol.com or igp.info) in the top-level domains to end users. Before any company could become a registrar, they had to sign an accreditation contract with ICANN. This contract was used to impose regulations pertaining to the supply of WHOIS services (among many other things). The first RAA contract was developed between February and November 1999. The first published version of it is dated May 12, 1999; it reached something close to its current form with the November 1999 version.[7]
In the RAA and in its contracts with registries, ICANN transformed the community directory of RFC 954 into a contractual obligation on the part of registrars to provide a “free” (i.e., subsidized at registrant expense) database that could be queried an unlimited number of times by any Internet user. For registrars, the obligation to provide a WHOIS service is embodied in Section F of the 1999 RAA:
At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e. updated at least daily) data concerning all active SLD registrations sponsored by Registrar in the registry for the .com, .net, and .org TLDs. The data accessible shall consist of elements that are designated from time to time according to an ICANN-adopted policy.
The policy requires registrars to include “only” the name and postal address as the SLD holder’s personal data in such provision; however, the technical and administrative contacts for the SLD must provide “the name, postal address, e-mail address, voice telephone number, and (where available) fax number.” In practice, registrants are presented with a form containing all the contact data and usually not informed that they needn’t provide more than that. Additionally, a registrant who is a natural person may not have separate administrative and technical contacts and thus, must provide personal telephone and email addresses. The registrar must allow any lawful uses of the registration data provided through the query-based public access. The only exception is “mass unsolicited, commercial advertising or solicitations via e-mail (spam); or […] high volume, automated, electronic processes that apply to Registrar (or its systems).”[8]
The RAA also obligates the registrar to provide “bulk access” to WHOIS data. Upon payment of an annual fee capped at $10,000, registrars must make available “a complete electronic copy of the data available at least one time per week for downloading by third parties.” Such deals are subject to the above-mentioned restrictions. This part of the RAA was meant to accommodate the political demands of a growing number of trademark monitoring service providers who systematically collected WHOIS data and compiled it into analyses that were sold to trademark holders.[9]
The RAA contract contains several boilerplate allusions to standard data protection principles, such as a requirement to notify end users of what data was required and what the data would be used for,[10] and grants individual domain name registrants a nominal right to “opt out” of any deals for bulk access related to marketing. The basic intent of securing a “WHOIS service providing free public query-based access” largely nullifies their effect. It is as if they were driven by two heterogeneous forces, or come from two distinct sources. The concept of notifying users what purpose their data is used for becomes meaningless in the context of open, public query-based access, which makes it possible for the data to be used by anyone for practically any purpose. Aware that there might be privacy statutes and regulations that could conflict with it, Paragraph 8 under section F provides for the possibility that ICANN may change policy regarding the WHOIS public access service when required for compliance with enforceable laws and regulations.[11]
In sum, the RAA was crafted to walk a fine line between making possible identification and surveillance for the various interest groups that relied on it, including those wanting systematic bulk access to domain name records, while preventing the kind of wholesale and uncontrolled exploitation of a data commons that was beginning to emerge through automated processes. ICANN’s initial contractual regime institutionalized the capability RFC 954, making query-based access to WHOIS an obligatory part of the registration industry, while putting in place a few restrictions on use that it considered illegitimate or abusive.
In preparing the RAA, the ICANN regime openly catered to the needs of the intellectual property interests. The U.S. Commerce White Paper that set in motion the process of creating ICANN called upon the World Intellectual Property Organization (WIPO) to convene a process for making policy recommendations regarding domain names. In its Interim and Final Reports, WIPO recommended that “contact details of all domain name holders should be made publicly available.”
In this stage, ICANN WHOIS was maintained not as a default value but as an actively constructed legal obligation. Nevertheless, our argument is that ICANN’s contractual regime attempted to maintain the classical WHOIS capability in the new situation, and that the institutionalization of WHOIS along these lines never would have been possible had it not been preceded by nearly five years of the default WHOIS, which created and legitimated expectations about appropriate levels of access and vested interests in exploiting that access. To fully comprehend the power and importance of the default value, we need to rely here on a counterfactual scenario. One might want to argue, in contradiction to our point, that the trademark and copyright interests are very powerful and would have succeeded in gaining access to user contact data during the institutionalization phase regardless of the prior existence of WHOIS and the persistence of any default value. To refute this argument, we point to the absence of any similar lookup capability outside of the domain name system. A large portion of Internet users do not have their own domain registration; most rely on digital identities supplied by Internet service providers or email services; e.g., they navigate the Internet as goodperson@xs4all.nl or badperson@gmail.com. Most Internet users only possess usernames under domains registered by someone else, and these kinds of accounts are just as likely to be the basis of malicious use as directly registered domains. Suppose, then, that in response to all the problems of fraud and cybersquatting in the early years of the Internet’s existence trademark and copyright holders and law enforcement agencies had demanded that the world’s ISPs should be required to set up a globally interoperable, uniformly formatted database that allowed anyone in the world to type an ISP username such as goodperson@xs4all.nl or badperson@gmail.com into a web interface and be returned the name and street address of the account holder.[12] What would have happened if, in the absence of a pre-existing default directory, those interested in surveillance and identification on the Internet had demanded the equivalent of a WHOIS capability for ISP accounts?
The strongest
answer to this question is simply the absence of such a capability, or anything
close to it, anywhere in the world, much less on a global basis. Yet the
justification for such a capability is just as strong as is the case for domain
name WHOIS. Indeed, the case for it is stronger, because the wider scope of
such a system would allow it to access the records of spammers and fraudsters
who use third party ISP accounts as well as those using their own domains. But
such a system has neither been created nor are there any organized efforts to
lobby for it. It seems clear that trademark and copyright holders never would
succeed in getting such a system implemented globally, or even within the