I am not going to say “I told you so”

Posted on October 24, 2020 by John Carr

I generally find it extremely irritating when people turn to me and, usually with a smug look, say “I told you so,” so that won’t happen here. With little additional comment I will merely draw your attention to a report which was released in the USA last month.

First point: it was produced by a body called the “Coalition for a Secure and Transparent Internet”. Its mission is to“advocate before U.S. and EU policymakers, ICANN, registrars, registries, and other stakeholders about the importance of open access to WHOIS data.”

Slightly surprised the word “accurate” does not appear between “to” and “WHOIS” but for most sensible people I guess that would be implied.

Congressman Robert Latta asked several US Federal Agencies for their views on the state of play with WHOIS, referring specifically to the current Covid crisis. This, inevitably, raised broader issues.

In September CTSI published the replies the Congressman had received. Below are a few choice extracts.

From the Food and Drug Administration

“Access to WHOIS information has been a critical aspect of FDA’s mission to protect
public health. Implementation of the E.U. General Data Protection Regulation (GDPR)
has had a detrimental impact on FDA’s ability to pursue advisory and enforcement
actions as well as civil and criminal relief in our efforts to protect consumers and patients.”

From the Federal Trade Commission

You also highlighted your concerns that the implementation of the
European Union’s General Data Protection Regulation (“GDPR”) has negatively affected the ability of law enforcement to identify bad actors online. I share your concerns about the impact of COVID-19 related fraud on consumers, as well as the availability of accurate domain name registration information.”

From Homeland Security

“HSI views WHOIS information, and the accessibility to it, as critical information required to advance HSI criminal investigations, including COVID-19 fraud. Since the implementation of GDPR, HSI has recognized the lack of availability to complete WHOIS data as a significant issue that will continue to grow. If HSI had increased and timely access to registrant data, the agency would have a quicker response to criminal activity incidents and have better success in the investigative process before criminals move their activity to a different domain.”

From the Department of Justice/FBI

“…greater WHOIS access for law enforcement would increase the effectiveness
of… investigations by identifying illicit activity in specific areas, and would assist in
disrupting and dismantling criminal organizations.”

How did we ever get to this?

That is an excellent question. I’m glad someone asked it.

I agreed about the need for ICANN to be given complete independence from the US Federal Government. But the Obama Administration handed over control without dotting the i’s and crossing the t’s. They left ICANN with the ability to abandon or substantially modify their historic mission, at least in respect of WHOIS.

Once free of a potential corrective intervention by the US Federal Governmenet ICANN became ever more obviously a trade association, a racket.

The public interest always comes second to Registrars’, Registries’ and their symbiotic co-dependent’s (ICANN’s) financial interests.

ICANN has weakened WHOIS, not strengthened it. They have reduced the obligations to ensure WHOIS data are accurate and that also means up to date. Link that with other real world developments about how the internet is being managed, and by whom, and anyone with two brain cells can see the future. But that won’t stop the Registrars, Registries and ICANN from dragging things out for as long as possible. Delay for them is the same as money. And money is what it is all about.

Could the US Government reverse its decision and take ICANN back under its wing? Probably not, but if it were shown ICANN acted in bad faith from the get-go, with no serious intention ever to fulfill or keep to the terms of the “Affirmation of Commitments”…. then what?

Who was asleep at which wheel?

The EU must take its share of the blame for what happened next, at least insofar as it concerns WHOIS.

In the four years or more between the draft GDPR being published and it being adopted as a final, legal instrument, none of the following words were uttered, never mind discussed, anywhere at any time in Brussels, at least not in any public meetings where minutes were taken and later published. Those words were: ICANN, Registrars, Registries, Registrants and WHOIS.

It’s not that the EU took its eye off the ball. They never had their eye on it. It was only after the event that officials went in to bat to limit the damage once the scale of ICANN’s impudent ambition became apparent. Why was it necessary for them to do that? Because ICANN had adopted an interpretation of GDPR rules which would never have been possible if those rules had been properly drawn up in the first place. And that interprtetation is the reason for those comments shown above.

Finally, here is the other nagging question. If EU bureacrats were not over-familiar with ICANN’s quaint ways and hidden intentions. If they had been lobbied, seduced, hoodwinked or neutralized by the hype, where were the cops and the governments?

A perfect smokescreen

Mainstream media journalists’ eyes glaze over at the first mention of ICANN’s recondite terminology. They shy away when they hear about the glacial pace at which things happen in obscure, acronym-heavy sub-committees. That creates a perfect smokescreen.

Nobody comes out of this covered in glory, other than the Registrars, Registries and their servants the ICANN bureaucracy. They got exactly what they wanted. Perhaps“glory” is the wrong word here?

A friend of mine who was once utterly immersed in ICANN and similar bodies, e.g. the IGF, reflected how, in the early days, there was a group of high-minded, public spirited people who flew around the world convinced their personal engagement with this still relatively “new thing”, the internet, and the participatory bodies which it was spawning e.g. ICANN and the IGF, was truly going to reshape that world and make it a better place. “Noblesse oblige”. Then they woke up and realised they’d been had.

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International and is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John is now or has formerly been an Adviser to the Council of Europe, the UN (ITU), the EU and UNICEF. John has advised many of the world's largest technology companies on online child safety. John's skill as a writer has also been widely recognised. http://johncarrcv.blogspot.com
This entry was posted in Uncategorized. Bookmark the permalink.