U.S. gov weighs in on GoDaddy’s Whois policy.
The U.S. government has sent a letter to ICANN asking it to review GoDaddy’s (NYSE: GDDY) activities around blocking access to Whois records.
David Redl, who heads the National Telecommunications and Information Administration, sent the letter to ICANN’s board today asking it to look into the matter.
At issue is GoDaddy’s decision to block access to Whois records through Port 43. A lot of security and brand users use Port 43 to track bad guys, but a lot of spammers use it to harvest Whois records and barrage domain registrants with unwanted emails, texts and phone calls.
Redl writes:
First, the actions taken by GoDaddy last month to throttle Port 43 access and to mask the infonnation in certain WHOIS fields are of grave concern for NTIA given the U.S. Government’s interest in maintaining a WHOIS service that is quickly accessible for legitimate purposes. NTIA is concerned that GoDaddy’s approach of throttling access and masking infonnation will be replicated by other registrars and registries, compounding the problems these actions create.
While NTIA is sympathetic to the need to protect customers from bad actors and malicious activity, we think that the actions taken by Go Daddy are inconsistent with the
multistakeholder approach ofICANN and potentially conflict with ICANN’s Registrar Accreditation Agreement. 1 NTIA encourages you to investigate the actions of Go Daddy as a contractual compliance matter, but also consider an ICANN cross-community discussion on the issue. Such conversation could result in a solution that addresses GoDaddy concerns, while still meeting the needs of the legitimate users of Port 43.
The timing of the letter is peculiar. Although ICANN is under pressure over GoDaddy’s blocking, it’s kind of pointless in light of the possibility that all of Whois will go dark next month as the EU’s General Data Protection Regulation goes into effect. I find it odd that the letter avoids the elephant in the room.
The letter also asks ICANN to consider if companies other than the registrar should be able to make DNS changes at the registry:
With the growing sophistication of domain names registrants and third party content delivery networks seeking to offer enhanced security features, including deploying DNSSEC, NTIA sees merit in examining the roles other parties could play. One example is the feasibility and impact of allowing non-ICANN accredited registrars to offer services that manage specific DNS resource records, such as MX or NS records, directly with a registry.
I wonder who made that ask?
Update: James Bladel, GoDaddy VP of Policy, released this statement to DNW:
ICANN’s Registrar Accreditation Agreement (RAA) requires GoDaddy to collect contact information for every domain name, and to publish this in a WHOIS database that is public and can be accessed anonymously. The RAA (Sec. 3.3.5) also requires us to protect registrant data from harvesting for the purposes of spam and abuse. Our goal is to reconcile this conflict between our obligation to operate a Port43 WHOIS service, and our duty to protect our customer data from harvesting by bad actors.
We have irrefutable evidence that abuse of WHOIS data is occurring, even by “whitelisted” Port43 users, and we will do everything in our power to protect our customers. We have therefore taken steps to guard against bulk harvesting on Port43, while still making the required data available via protected web-based queries.
It’s ironic the United States government is accusing GoDaddy of being “inconsistent to the multistake holder approach”, when in fact the multistake model consists of multiple government regimes that censor all internet activities.
Im with Godaddy on this one. Someone just recently looked up my whois information with a bullshit story about a korean investor who cant speak english wants to buy my domain for $80,000. This shows the level of intelligence of these guys. If you see a price for $2,000 who in their right mind would off $80,000.
The DNSSEC ask is consistent with former chair Dr. Crocker asks, and with suggestions from DNS providers such as Cloudflare. The likely path is (one of those) -> Homeland Security -> NTIA -> ICANN.
Registrars unwillingness to push DNSSEC, quoting low market demand, is possibly to blame for this… but as nobody asks for a clean glass when they go to a bar, people don’t ask for security. They simply assume it’s secure enough since someone is selling it to them, notably someone with credentials like “ICANN-Accredited”.
My experience is that a number of registrars completely fail RAA 2013 determinations of DNSSEC support, even if only thru customer service requests. Solution was to consolidate all domains with GoDaddy, who supports DNSSEC directly on the customer portal.
So, it’s curious that a letter about GoDaddy gets the DNSSEC message, considering that they go beyond RAA requirements to support it.
Thier actually just greedy remote hijackers who abuse thier jobs to steal information from innocent unaware idividuals and make them look like a criminal in order to recieve financial gain. Huge joke and hoax. Here click the hyper link so we can decode your information to steal domains and bank information that belongs to just one individual who is getting slandered, and trashed for it. and have gone out of their way by using wearable devices to gain third party intrusion to do so. Of course the third party idiot dumped the individuals personal cell phone data into the share alike commons first. Wow. Talking about illegal. Wake up people. It’s theft and invasion of privacy. Icann and ianma know exactly who those domains really belong to. Greed and deception. Stop lying to america icann and ianna. It’s criminal.