Bruce Tonkin about the registrar perspective. Starts with OECD privacy principles and purpose specification in RAA — timely resolution of problem. Registrars require acccess to contact information in order to authorize transfers. Turning to common abuses. Wide-spread, not isolated incidents. Unsolicited renewal notices to mislead consumer to believing they are dealing with original supplier. Not: “we’re cheaper, please change”, but “we’re your supplier. renew or lose.” Consumer confusion. Marketing of related services. Domain appears in zone file — registrants will need web hosting services. Marketing phone calls shortly after registration. … Analogy with meeting travel: Choose airline yourself is the traditional thing. Alternative: ICANN collects information, puts it up on the net, 200 airlines call high-value customers. Travel industry uses first model. DNS industry uses second model.
Frauds to collect credit card information. Fake registrar web site. “You need to change your password. Please type in old password and credit card information to authenticate.” Common model for scams. Work because customer is contacted with very specific data about their relationship with supplier.
Bulk access. About ten agreements for large registrars. No proof for abuse. Port 43 public WHOIS. 2 million queries, 137,000 locations per day. Regularly observe mass queries, not just occasional use of query-based interface.
Market price for WHOIS data: $30 for 30 million records. There is a problem.