FOI ALERT: Whois Database: Critical Public Access to Web Domains
By Kyle Elyse Niederpruem, Indiana Sunshine Chairwoman
Ever wonder who’s behind a Web site and if the creator and content provider is legitimate?
The current Whois database system (http://www.internic.com/index.html) provides ready and easy access to domain name registrant contact information, including names, addresses, phone numbers, e-mail addresses and technical and administrative contacts.
Investigators use the data in both civil and criminal cases to crack phishing crimes, where legitimate brands are hijacked and both consumers and businesses fall prey.
But the Internet Corporation for Assigned Names and Numbers (http://www.icann.org/) wants to limit the information, arguing it’s a necessary move to protect Internet users’ privacy. The obvious counter argument made by more than 50 groups from a dozen countries is that consumer confidence is at risk and investigations will be compromised by restricting access.
At the heart of the issue is the explosion in cyber crime or phishing, which is defined as the act of sending an e-mail to a user and falsely claiming to be an established legitimate enterprise. Victims of phishing unknowingly surrender private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords, credit card, social security, and bank account numbers that the legitimate organization already has. The Web site where the user is directed is bogus and established only to steal a user’s financial information.
Ninety-two percent of the phishing sites found in a recent study replicated financial institutions. And the Government Accountability Office (http://www.gao.gov/) reported in 2005 that data kept on more than five million domain names in .com, .net, and .org is false, incomplete or missing.
The first person convicted for phishing scams is John Zuccarini, who was hit with a $1.9 million fine and 30 months in jail. Zuccarini was alleged to be a typosquatter, registering domain names that were intentional misspellings of other brands to divert visitor traffic.
A Michigan graphics artist sought civil relief after finding five variations of his Web site registered by Zuccarini. When cease and desists letters didn’t stop what he was doing, a case was brought under the Anti-Cybersquatting Consumer Protection Act. Under the Act, successful plaintiffs can collect from $1,000 to $100,000 per domain name.
Political candidates and phony public service campaigns can also fall victim to phishing. The scams distribute false and damaging information about a political opponent or try to raise dollars for nonexistent causes.
The need is real. In the last presidential campaign, both candidates lost millions of visitors and potential donations to fake sites.
New Mexico and Kentucky have recently become the first states in the nation to demand authentification and certification of political Web sites via new security options that are commercially available.
In these states, a political candidate or group registers with the Secretary of State’s office. Once the site is confirmed for authenticity, it is listed in a special registrar directory. An electronic SOS seal appears that visitors can scroll over allowing confirmation of certification.
For the time being, the Federal Trade Commission (http://www.ftc.gov) has recommended that the Whois database system remain “open, transparent and accessible.”