U.S. gov weighs in on GoDaddy’s Whois policy.
The U.S. government has sent a letter to ICANN asking it to review GoDaddy’s (NYSE: GDDY) activities around blocking access to Whois records.
David Redl, who heads the National Telecommunications and Information Administration, sent the letter to ICANN’s board today asking it to look into the matter.
At issue is GoDaddy’s decision to block access to Whois records through Port 43. A lot of security and brand users use Port 43 to track bad guys, but a lot of spammers use it to harvest Whois records and barrage domain registrants with unwanted emails, texts and phone calls.
First, the actions taken by GoDaddy last month to throttle Port 43 access and to mask the infonnation in certain WHOIS fields are of grave concern for NTIA given the U.S. Government’s interest in maintaining a WHOIS service that is quickly accessible for legitimate purposes. NTIA is concerned that GoDaddy’s approach of throttling access and masking infonnation will be replicated by other registrars and registries, compounding the problems these actions create.
While NTIA is sympathetic to the need to protect customers from bad actors and malicious activity, we think that the actions taken by Go Daddy are inconsistent with the
multistakeholder approach ofICANN and potentially conflict with ICANN’s Registrar Accreditation Agreement. 1 NTIA encourages you to investigate the actions of Go Daddy as a contractual compliance matter, but also consider an ICANN cross-community discussion on the issue. Such conversation could result in a solution that addresses GoDaddy concerns, while still meeting the needs of the legitimate users of Port 43.
The timing of the letter is peculiar. Although ICANN is under pressure over GoDaddy’s blocking, it’s kind of pointless in light of the possibility that all of Whois will go dark next month as the EU’s General Data Protection Regulation goes into effect. I find it odd that the letter avoids the elephant in the room.
The letter also asks ICANN to consider if companies other than the registrar should be able to make DNS changes at the registry:
With the growing sophistication of domain names registrants and third party content delivery networks seeking to offer enhanced security features, including deploying DNSSEC, NTIA sees merit in examining the roles other parties could play. One example is the feasibility and impact of allowing non-ICANN accredited registrars to offer services that manage specific DNS resource records, such as MX or NS records, directly with a registry.
I wonder who made that ask?
Update: James Bladel, GoDaddy VP of Policy, released this statement to DNW:
ICANN’s Registrar Accreditation Agreement (RAA) requires GoDaddy to collect contact information for every domain name, and to publish this in a WHOIS database that is public and can be accessed anonymously. The RAA (Sec. 3.3.5) also requires us to protect registrant data from harvesting for the purposes of spam and abuse. Our goal is to reconcile this conflict between our obligation to operate a Port43 WHOIS service, and our duty to protect our customer data from harvesting by bad actors.
We have irrefutable evidence that abuse of WHOIS data is occurring, even by “whitelisted” Port43 users, and we will do everything in our power to protect our customers. We have therefore taken steps to guard against bulk harvesting on Port43, while still making the required data available via protected web-based queries.