China Internet Network Information Center (CNNIC), the state network information center of China, was founded as a non-profit organization on June 1997. CNNIC is the registry for the “.CN” and ".中国/.中國" country code top-level domain, serving more than 457 million Chinese internet users.
The CNNIC appreciates the WHOIS review team’s effort on improving the current WHOIS policies by collecting comments from the global internet community. CNNIC is willing to share its practical experience of enhancing WHOIS accuracy. In addition, CNNIC would like to answer some of the questions raised in the WHOIS review team discussion paper in order to present our perspectives on those WHOIS related issues.
CNNIC offers WHOIS services through web-based interface (http://ewhois.cnnic.net.cn/) implementing the protocol defined in RFC3912. By the end of 2010, the WHOIS accuracy of .cn has reached 97%, which means that the WHOIS data of more than 97% of .cn registrants has been verified and proven to be real information of the registrants. Domain name abuses of .cn have been significantly prevented by the real information verification. Spam emails sent under .cn URL have fallen to less than 5% in 2010 from 15% in 2009. Reported phishing websites under .cn has been reduced from 86.5% to less than 0.6%. Currently, all registrants of .cn are required to provide real WHOIS information, and CNNIC is responsible for verifying the information. Moreover, CNNIC requires all its registrars to help verify applicants’ WHOIS information, and WHOIS accuracy is defined as one of the conditions to evaluate the performance of those registrars.
Q3. What insight can country code TLDs (ccTLDs) offer on their response to domestic laws and how they have or have not modified their ccTLD WHOIS policies? We provide public WHOIS service with basic and concise information. Registrant information is reachable through the provided WHOIS information. Meanwhile, complete internal WHOIS information can be accessed on LEA request. By doing so, we protect our registrants’ privacy and support legal enforcement both at reasonable level.
Q4: How can ICANN balance the privacy concerns of some registrants with its commitment to having accurate and complete WHOIS data publicly accessible without restriction? We support that ICANN should continually promote the enhancement of WHOIS accuracy, but we also believe that ICANN WHOIS policies should respect national laws and regulations in different countries. Therefore, we suggest that ICANN should keep asking for accurate and complete WHOIS data, but also give some flexibility to registries/registrars to show tailored WHOIS data to the public based on their national privacy laws and regulations. By doing so, some balance could be achieved. On the one hand, accurate and complete WHOIS information could be still available when necessarily required, e.g., requirement from law enforcement; on the other hand, basic WHOIS service could be still available to the public for proper usage.
Q6: How effective are ICANN’s current WHOIS related compliance activities? We think that the current practice and performance of applying ICANN’s WHOIS policies has not met the standards and criteria defined in these policies. For instance, the WHOIS accuracy of .com and .net has been very poor. ICANN to some extent has failed to regulate .com and .net in term of maintaining accurate WHOIS information. Therefore, we suggest that ICANN has neither been effective at developing WHOIS policies nor well regulating registrars in terms of helping improve WHOIS accuracy.
Q7: Are there any aspects of ICANN’s WHOIS commitments that are not currently enforceable? According to ICANN’s current WHOIS policy, complete and accurate WHOIS information of registrants should be made available to the public. However, it turns out practically impossible for ICANN to fully execute the policies. Firstly, the current policies have not clearly defined registrars’ obligation to reach certain WHOIS accuracy level. Secondly, the current policies have conflicts with privacy laws and regulations in some countries. Therefore, we suggest that ICANN should respect and consider privacy laws and regulations of different countries when developing WHOIS policies, and also should impose more effective regulations to its accredited registrars.
Q11. What lessons can be learned from approaches taken by ccTLDs to the accuracy of WHOIS data? In 2009 and 2010, CNNIC started to improve WHOIS accuracy by verifying registrants’ information. By the end of 2010, the WHOIS accuracy has reached 97% and domain name abuses plummeted to a negligible level. The most important lesson during the two years is that collaborating with registrars is the key to improve WHOIS accuracy. According to our current policy, registrars are asked to collect real WHOIS information from applicants, and failing to do so may have to face de-accreditation. With the help of to our registrars, the WHOIS accuracy of .cn has been fundamentally improved.
Q12: Are there barriers, cost or otherwise, to compliance with WHOIS policy? Strictly verifying WHOIS information of applicants and registrants may raise extra expense of registries and registrars. In addition, applicants and registrants, especially the ones of .com and .net, have got used to submitting online inaccurate WHOIS information, because of no obligation and verification. Therefore, we suggest that the cost of verifying WHOIS information and educating applicants and registrants are the biggest two obstacles to compliance with ICANN WHOIS policy.