A representative from the Federal Trade Commission told a U.S. House of Representatives panel on July 18 that access to the directories that contain information about Web site operators are critical to the agency’s consumer protection mission, law enforcement agencies around the world and consumers.
The Subcommittee on Financial Institutions and Consumer Credit, chaired by Rep. Spencer Bachus, R-AL, held the “ICANN and the Whois Database: Providing Access to Protect Consumers from Phishing” hearing.
It focused on proposals before the Internet Corporation for Assigned Names and Numbers that would limit the public’s access to domain name registrant contact information via the Whois database.
Whois data is used by financial institutions to prevent identify theft and account fraud particularly related to phishing.
Rep. Baccus said he was concerned that the adoption of these proposals could compromise the ability of financial institutions to respond to identity theft and phishing attempts.
Phishing refers to a practice where a thief misrepresents identity, typically claiming to be from a financial institution or an Internet service provider, in order to trick a consumer into providing sensitive personal information over the Internet.
In May 2006, the Anti-Phishing Working Group reported nearly 12,000 phishing sites that, on average, remained online for five days. Ninety-two percent of the phishing sites replicated financial institutions.
In testimony before the subcommittee, Eileen Harrington, deputy director of the Bureau of Consumer Protection at the FTC, said improvements should be made to the current Whois database system and the databases should be kept open, transparent and accessible.
The testimony notes that “because of concern about preserving access to Whois databases, the FTC attended the Internet Corporation for Assigned Names and Numbers meeting in Marrakech, Morocco, last month to highlight the importance of public access to Whois databases.”
The FTC made three recommendations at that meeting:
• ICANN’s advisory body, the Generic Names Supporting Organization, should reconsider and reverse its recommendation to limit Whois data available to the public.
• ICANN’s Governmental Advisory Committee should continue its outreach with law enforcement “to reinforce the serious law enforcement and consumer protection implications of losing access to Whois databases.”
• ICANN should “consider additional measures to improve the accuracy and completeness of domain name registration information.”
Restricting the purpose of the Whois databases does not satisfy privacy, consumer, and law enforcement interests, according to Harrington’s testimony. “Maintaining accessibility and enhancing the Whois databases would make great strides toward improving the safety and fulfilling the promise of the Internet.”
Her testimony notes that the FTC has continued to recommend that Congress enact the U.S. Safe Web Act, which has been passed by the Senate. “The Commission continues to recommend enactment of this legislation, which would give it additional tools to fight fraud.”
Access to the Whois database and passage of the U.S. Safe Web Act taken together, “will help ensure that consumers are free from deceptive practices that undermine the promise of the Internet,” Harrington said.
Other panelists that testified included John M.R. Kneuer, acting assistant secretary of commerce for communications and information and administrator of national telecommunications and information administration at the U.S. Department of Commerce; Catherine Allen, CEO of BITS/Financial Services Roundtable; Mark Bohannon, general counsel and senior vice president at the Software and Information Industry Association; and Marc Rotenberg, executive director of the Electronic Privacy Information Center.