Legal Issues regarding Whois Databases
The registration of an Internet domain name may seem like a relatively easy endeavour. Behind the scenes, however, various stakeholders are striving to reach agreement on a set of rules for how the registration process should proceed and how the domain names should be administered.
One fundamental prerequisite for the functioning of the Domain Name System (DNS) is the uniqueness of the registered domain names. A “WHOIS” service was therefore created, as a support service for the current DNS. The service allows interested parties to address queries to databases (WHOIS databases) containing information about registered domain names, their registrants and the servers they use.
By investigating three different contractual frameworks (corresponding to the top-level domains .no, .eu and .com), this report highlights the main challenges with the current division of roles and responsibilities of the stakeholders involved in the creation and management of the WHOIS databases. More specifically, the report:
• suggests criteria to map and better classify the features and main functions of WHOIS databases;
• identifies the scope and limitations of the registries’ / registrars’ respective rights in the databases and the consequences this has on the functioning of WHOIS service;
• argues for the implementation of a layered access to the personal data contained in the databases, responding to the legitimate needs of potentially interested parties;
• argues for reconciliation of the apparent dichotomy between the need to access WHOIS information for legitimate law enforcement purposes and the requirement of a privacyfriendly WHOIS policy.
In addition to its academic significance – as one of the few extensive legal analyses of a key service in the Domain Name System – the present report will hopefully serve as a practical contribution to management of the .no domain by identifying the benefits and shortcomings of the current policy model for that domain (as compared to the policies for .com and .eu) and by suggesting an improved framework with additional legal safeguards for the concerned stakeholders.
The report is one element of a long-term research programme on Internet governance being conducted by the Norwegian Research Centre for Computers and Law (NRCCL), University of Oslo. Dana Irina Cojocorasu is now working at the Norwegian Directorate of Immigration.