Accuracy of "WHOIS" Internet Database Essential to Law Enforcement, FTC Tells Congress
May 22, 2002
The Federal Trade Commission today highlighted the importance of accurate information in the Whois database, saying that law enforcers fighting fraud on the Internet rely on the integrity and accuracy of the database's registration information about Web site operators.
J. Howard Beales, III, Director of the FTC's Bureau of Consumer Protection, told the House Judiciary Committee's Subcommittee on Courts, the Internet, and Intellectual Property that when the information is accurate, it can ". . . help law enforcers quickly identify wrongdoers and their location, halt their conduct and preserve money to return to defrauded consumers. Inaccurate Whois data, however, help Internet scam artists remain anonymous and stymie law enforcement efforts."
The number of adults with access to the Internet has grown from approximately 88 million in mid-2000 to more than 174 million by March 2002, according to the testimony. The growth in e-commerce has created "fertile ground" for fraud. "There is real danger that the benefits of the Internet may not be fully realized if consumers identify the Internet with fraud operators," Beales said. "We need to act quickly to stop fraud, both to protect consumers and to protect consumer confidence in e-commerce."
The FTC has brought more than 225 Internet-related law enforcement actions against 688 defendants since 1994, stopping consumer injury estimated at more than $2.1 billion, according to the testimony. Tools the FTC has used in fighting Internet fraud include:
The FTC's Consumer Sentinel database, which helps law enforcers identify trends and target fraudsters quickly and efficiently;
Cooperation with multinational groups such as the 30-member International Marketing Supervision Network and consumer protection cooperation agreements with Canada, the U.K., and Australia;
Coordinated law enforcement "Surf Days," with international, federal, state, and local partners targeting types of claims likely to violate the law. More than 250 law enforcement agencies and consumer organizations around the world have participated in 33 Surf Days that have identified more than 6,000 Internet sites making dubious claims. A significant percentage of site operators who receive warning letters either take down their sites or modify their claims;
"Sweeps," which coordinate law enforcement actions by both domestic and international partners against Web-based scams;
Training other law enforcers in effective methods to pursue Internet fraud. Since FY 2001, the FTC has trained more than 1,750 law enforcement personnel from more than 20 countries, 38 states, 23 U.S. federal agencies, and 19 Canadian agencies; and
Special law enforcement tools, such as the FTC's Internet laboratory.
The testimony notes that another critical element in pursuing Internet fraud is the Whois database. "It is hard to overstate the importance of accurate Whois data to our Internet investigations," Beales said. "In all of our investigations against Internet companies, one of the first tools FTC investigators use to identify wrongdoers is the Whois database. We cannot easily sue fraudsters if we cannot find them. We cannot even determine which agency can best pursue them if we are unable to figure out the country in which they are located."
Beales cited examples of FTC and international law enforcement efforts that were hampered because of inaccurate names, addresses, and telephone numbers listed in the Whois database. He noted that the FTC has called on the Internet Corporation for Assigned Names and Numbers, the body that governs assignment of Internet names, ". . . to work with registrars to implement and enforce the provisions of its Registrar Accreditation Agreement that ensure the completeness and accuracy of Whois data." The FTC endorses the elimination of blank or incomplete registration forms and false information, and requiring registrars to suspend domain registration for failure to correct inaccurate contact information. Noting that Web sites operating from the two-letter code domains, such as .uk for the United Kingdom and .jp for Japan, are not subject to uniform rules on the collection and publication of contact information, the testimony states it would be useful for law enforcement purposes if country code domain registry managers would implement measures to improve the accuracy and accessibility of Whois data.
During the testimony, Beales noted that there are tradeoffs between the transparency of domain registration information and personal privacy. For commercial Web sites, Beales noted that ". . . the balance weighs in favor of public disclosure of basic registrant contact information." There are different considerations to balance, however, for Web sites registered by individuals or Web sites registered for non-commercial purposes. On the one hand, these individuals and Web site operators have legitimate privacy concerns. On the other hand, a fraudster should not be permitted to hide from law enforcement authorities simply by claiming registration as an individual or by claiming registration for non-commercial purposes," he said. In conclusion, Beales noted that the FTC is continuing to work ". . . through international organizations, businesses, and consumer groups to develop workable solutions that balance the privacy interests with the interests in transparency of Whois data."
The Commission vote to approve the testimony was 5-0