WASHINGTON, D.C. -- Harsh penalties for domain name registrars that don't accurately track who owns what site are part of legislation intended to combat identity theft and help make the Web safer.
The Fraudulent Online Identity Sanctions Act (H.R. 3754) toughens civil and criminal remedies for domain name fraud. In particular it seeks to improve accuracy of the Whois registry, which is supposed to contain up-to-date information on the millions who have purchased and registered a domain name.
Dangers of False Data
The proposed law targets people who register false domain name contact information, says Representative Lamar Smith (R-Texas), who brought the bill to the House floor. It also increases by as much as seven years the prison time for felonies related to the false information. Often, copyright or trademark violations are involved, Smith notes.
"Copyright owners use [the Whois database] to identify pirate sites that operate on the Internet," Smith adds. "Trademark owners use it to resolve cybersquatting disputes and to track down owners of Web sites that offer counterfeit goods or otherwise infringe upon intellectual property rights."
Also, parents and law enforcement rely on Whois to "protect our children from online threats," Smith says. He says that authorities have called Whois the first step in investigating most Web-based child pornography and exploitation cases.
Names, addresses, phone numbers, and credit card numbers are among the information required for the purchase of domain names.
Currently, registrars can charge a credit card for services without actually verifying the registration information. Authors of the proposed law say that the act should provide more incentive to registrars, and to people registering domain names, to enter and maintain correct information.
But privacy advocates said at a Wednesday hearing that Whois has two basic flaws: Its requirements for verifying information are too lax, and applicants can too easily falsify information.
While the Center for Democracy and Technology regards Whois as a valuable tool and "uncontroversial for commercial registrations," the organization has privacy concerns, said Alan Davidson, associate director.
Requiring information like home addresses, home phone numbers, and home e-mail addresses could be "abused for purposes ranging from unwelcome marketing to identity theft, fraud, stalking, and other criminal activities," Davidson added.
"An accurate, reliable Whois will do more to promote privacy," said Mark Bohannon, general counsel and senior vice president for public policy on behalf of the Copyright Coalition on Domain Names, speaking at Wednesday's hearing.
Law enforcement has a better chance of catching someone engaged in identity theft if it can use the resources Whois requires, according to Bohannon.
Ignored by ICANN?
Smith says he introduced the measure after learning that the Internet's nonprofit governing organization, the Internet Corporation for Assigned Names and Numbers, has failed to address similar concerns raised earlier. Congress first brought up the issue of accuracy several years ago.
A congressional hearing late last year prompted the Commerce Department to look closer at Whois and consider improvements.
Smith says he is "disappointed to say that the early signs from ICANN are not encouraging." He joins other critics who accuse ICANN of wasting time in discussion rather than taking action.