For Release: May 22,
2002 Accuracy of "WHOIS"
Internet Database Essential to Law Enforcement, FTC Tells
Congress
Database
Contains Registration Information About Web Site Operators
The Federal Trade
Commission today highlighted the importance of accurate
information in the Whois database, saying that law
enforcers fighting fraud on the Internet rely on the
integrity and accuracy of the database's registration
information about Web site operators.
J. Howard Beales, III,
Director of the FTC's Bureau of Consumer Protection, told
the House Judiciary Committee's Subcommittee on Courts,
the Internet, and Intellectual Property that when the
information is accurate, it can ". . . help law enforcers
quickly identify wrongdoers and their location, halt their
conduct and preserve money to return to defrauded
consumers. Inaccurate Whois data, however, help Internet
scam artists remain anonymous and stymie law enforcement
efforts."
The number of adults with
access to the Internet has grown from approximately 88
million in mid-2000 to more than 174 million by March
2002, according to the testimony. The growth in e-commerce
has created "fertile ground" for fraud. "There is real
danger that the benefits of the Internet may not be fully
realized if consumers identify the Internet with fraud
operators," Beales said. "We need to act quickly to stop
fraud, both to protect consumers and to protect consumer
confidence in e-commerce."
The FTC has brought more
than 225 Internet-related law enforcement actions against
688 defendants since 1994, stopping consumer injury
estimated at more than $2.1 billion, according to the
testimony. Tools the FTC has used in fighting Internet
fraud include:
- The FTC's Consumer
Sentinel database, which helps law enforcers identify
trends and target fraudsters quickly and efficiently;
- Cooperation with
multinational groups such as the 30-member International
Marketing Supervision Network and consumer protection
cooperation agreements with Canada, the U.K., and
Australia;
- Coordinated law
enforcement "Surf Days," with international, federal,
state, and local partners targeting types of claims
likely to violate the law. More than 250 law enforcement
agencies and consumer organizations around the world
have participated in 33 Surf Days that have identified
more than 6,000 Internet sites making dubious claims. A
significant percentage of site operators who receive
warning letters either take down their sites or modify
their claims;
- "Sweeps," which
coordinate law enforcement actions by both domestic and
international partners against Web-based scams;
- Training other law
enforcers in effective methods to pursue Internet fraud.
Since FY 2001, the FTC has trained more than 1,750 law
enforcement personnel from more than 20 countries, 38
states, 23 U.S. federal agencies, and 19 Canadian
agencies; and
- Special law enforcement
tools, such as the FTC's Internet laboratory.
The testimony notes that
another critical element in pursuing Internet fraud is the
Whois database. "It is hard to overstate the importance of
accurate Whois data to our Internet investigations,"
Beales said. "In all of our investigations against
Internet companies, one of the first tools FTC
investigators use to identify wrongdoers is the Whois
database. We cannot easily sue fraudsters if we cannot
find them. We cannot even determine which agency can best
pursue them if we are unable to figure out the country in
which they are located."
Beales cited examples of
FTC and international law enforcement efforts that were
hampered because of inaccurate names, addresses, and
telephone numbers listed in the Whois database. He noted
that the FTC has called on the Internet Corporation for
Assigned Names and Numbers, the body that governs
assignment of Internet names, ". . . to work with
registrars to implement and enforce the provisions of its
Registrar Accreditation Agreement that ensure the
completeness and accuracy of Whois data." The FTC endorses
the elimination of blank or incomplete registration forms
and false information, and requiring registrars to suspend
domain registration for failure to correct inaccurate
contact information. Noting that Web sites operating from
the two-letter code domains, such as .uk for the United
Kingdom and .jp for Japan, are not subject to uniform
rules on the collection and publication of contact
information, the testimony states it would be useful for
law enforcement purposes if country code domain registry
managers would implement measures to improve the accuracy
and accessibility of Whois data.
During the testimony,
Beales noted that there are tradeoffs between the
transparency of domain registration information and
personal privacy. For commercial Web sites, Beales noted
that ". . . the balance weighs in favor of public
disclosure of basic registrant contact information." There
are different considerations to balance, however, for Web
sites registered by individuals or Web sites registered
for non-commercial purposes. On the one hand, these
individuals and Web site operators have legitimate privacy
concerns. On the other hand, a fraudster should not be
permitted to hide from law enforcement authorities simply
by claiming registration as an individual or by claiming
registration for non-commercial purposes," he said. In
conclusion, Beales noted that the FTC is continuing to
work ". . . through international organizations,
businesses, and consumer groups to develop workable
solutions that balance the privacy interests with the
interests in transparency of Whois data."
The Commission vote to
approve the testimony was 5-0. |