Back to www.cdt.org                    
  IMAGE MAP

September 4, 2003

The Honorable Lamar S. Smith
House of Representatives
Washington, DC 20515

The Honorable Howard L. Berman
House of Representatives
Washington, DC 20515

Dear Chairman Smith and Representative Berman:

In conjunction with the Subcommittee's hearing on Whois accuracy, we write to urge the Subcommittee to consider the real privacy questions raised for people who register domain names and must put sensitive personal information in the publicly available Whois database. There are valuable technical, consumer protection and enforcement benefits from Whois, but CDT believes a balanced approach can be achieved that preserves enforcement while protecting personal privacy.

The Whois database - a public listing of contact information for millions of domain name registrants - does create substantial public benefits. Originally designed to allow contact in the case of a technical problem, the database is now also used by law enforcement, consumer protection agencies, and private groups including intellectual property holders.

While uncontroversial for commercial registrations, Whois may require that individual Internet users, when they register domain names, make their names, home addresses, home phone numbers, and home e-mail addresses available to the world. Such potentially sensitive personal information, released publicly, can be abused for purposes ranging from unwelcome marketing to identity theft, fraud, stalking, and other criminal activities.

The current Whois regime is on a collision course with public sensitivities and international law. In an era of concern about identity theft and online security, it is unwise to require millions of individual registrants to place their home phone numbers, home addresses, and personal email accounts into a publicly available database that places no restrictions on the use of that data. Such an approach also violates the privacy laws of some nations. Absent safeguards to protect privacy and security, law-abiding people will continue to place inaccurate data in the Whois database. The best way to achieve accuracy in the Whois database will be to guarantee registrants privacy and security for their information.

There are solutions to these problems that would provide added privacy protections for Whois data while preserving its technical and enforcement benefits. Proposals include creating a "tiered access" system for viewing Whois data, providing notice to users when their data is viewed, and creating "audit trails" that could expose abuse or misuse of the database.

CDT believes a balance can be struck that protects privacy and allows reasonable access to data for important public purposes. We look forward to working with the Subcommittee and the ICANN community to craft such a balanced approach.

Respectfully,
Alan Davidson
Center for Democracy and Technology
1634 Eye St. NW
Suite 1100
202-637-9800

Free Speech | Data Privacy | Government Surveillance | Cryptography | Domain Names | International | Bandwidth | Security | Internet Standards, Technology and Policy Project | Terrorism | Authentication | Right to Know | Spam
Navigation bar
Our Mission | Get Involved | Staff | Publications | Links | Search CDT | Jobs | Action!
Previous Headlines | Legislative Tracking | CDT's Privacy Policy
Valid CSS! Bobby Approved (v 3.2)

The Center For Democracy & Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
(v) 202.637.9800
(f) 202.637.0968
Contact CDT
Copyright © 2005 by Center for Democracy and Technology.
The content throughout this Web site that originates with CDT can be freely copied and used as long as you make no substantive changes and clearly give us credit. Details.

CDT Mission Get Involved Staff Policy Posts Resource Library Search the Site Jobs Take Action