Congress Fed Up With WHOIS

Tina Reilly
WASHINGTON, D.C. – The U.S. government is rallying for legislation that would heighten the penalty for online fraud committed by a person using a website registered under a false name or contact information, particularly through the WhoIs database, which is overseen by the domain registrars.

The bill was drafted by Reps. Lamar Smith (R-Texas) and Howard Berman (D-Calif.) and if passed could add seven years jail time to the current penalty. The law is written in such a way as to give federal prosecutors stronger punch when it comes to pursuing criminal offenses against intellectual property rights.

The two senators drafted the bill in response to a plea from the entertainment and software industries, which in recent years have suffered financial setbacks over the amount of copyrighted material being traded over the Internet for free, the Washington Post reports.

Many attempts to get a handle on fraudulent distribution channels have proven useless because some domain name registrants found through sites like WhoIs have input false names and contact information.

The WhoIs database is run by domain registrars, and regardless of oversight by Internet Corporation for Assigned Names and Numbers (ICANN), it is often rife with fraud, according to Congress.

Titled the "Fraudulent Online Identity Sanctions Act," the bill is mainly designed for collecting monetary damages from people who falsify their identities in order to distribute stolen content without permission, the Washington Post reports.

But making personal information so readily available to the general Internet community has been a sensitive issue for privacy advocates, particularly when it involves home addresses and telephone numbers, says the Washington Post, which can serve as a gateway for other crimes such as marketing scams and identity theft.

"Because of the way WhoIs is currently structured, there are a lot of reasons why users might submit false information that have nothing to do with copyright infringement," an analyst for the Center for Democracy and Technology (CDT) told the Washington Post.

The CDT is recommending that personal identification information be accessed only by law enforcement officers, the domain registrars, and copyright owners.

But as the bill gets closer to the House of Representatives, ICANN will inevitably be called in for a response. According to reports, ICANN has the power to terminate contracts with domain name holders whose information is found to be inaccurate.

To date, that policy has not been enforced.