The WHOIS Database: Privacy and Intellectual Property Issues
Testimony of
Timothy P. Trainer
President
International AntiCounterfeiting Coalition (IACC)
Before the
Subcommittee on Courts, the Internet and Intellectual Property
Washington, D.C.
July 12, 2001
Mr. Chairman and Members of the SubCommittee, Good morning. I am Timothy Trainer, President of the International AntiCounterfeiting Coalition (IACC). On behalf of the IACC, I would like to thank the Committee for the privilege and opportunity to testify on an issue of great importance to intellectual property owners, Internet users, and the public at large - the collection, availability, and use of identification information collected from domain name registrants by domain name registrars.
The IACC is the largest organization dealing exclusively with issues involving intellectual property piracy and counterfeiting. The IACC has approximately 160 members who represent a cross-section of industries, including the automotive, electrical, motion picture, software, sound recording, apparel, luxury goods, personal care and pharmaceutical sectors. The total annual revenues of IACC members exceed US$650 Billion. The objective that brings such diverse industries together is their need to protect their intellectual property and their customers from those who would steal such property.
I am also personally thankful for the opportunity to testify because I was involved in the discussions that led to the issuance of the Department of Commerce's Green and White Papers on changes to Domain Name System (DNS) management during my service in the U.S. Patent and Trademark Office's Office of Legislative and International Affairs. Now as a member of the private sector, my opinion has not changed: WHOIS must remain open, accessible and accurate. Consequently, my testimony will address the following topics:
What is commonly referred to as the WHOIS database is the collection of information gathered
by a domain name registrar from domain name registrants. Currently, there are approximately
150 domain name registrars that are accredited by the Internet Corporation for Assigned Names
and Numbers (ICANN). Accredited registrars are "bound" by the terms of the ICANN Registrar
Accreditation Agreement (RAA). Sections II.E and II.F of the RAA require registrars to collect,
maintain, and make available to the public information regarding each second level domain
(SLD) (1)
they register. (2)
To companies and consumers, WHOIS is an identifier. It is the address on the front door or the
license plate on the car. If a businessman wants to acquire a domain name, if a parent wants to
know who owns the website that is distributing harmful toys, if a consumer wants to know who
owns the website that is offering discounted pharmaceuticals, or if a trademark or copyright
owner wants to know who owns the domain name from which a counterfeit version of its
products are being sold, they have one place to turn - the WHOIS databases. (3)
Consequently, the
IACC believes that Congress and the Administration should continue to advocate for an open
and accessible WHOIS database for all Internet users and strive to improve the accuracy of the
information contained therein. In support of this position, my testimony will focus on the following topics: 1. The compatibility of reasonable privacy interests with the maintenance and accessibility
of "WHOIS" databases; 2. The importance of publicly accessible "WHOIS" information; and 3. The need to ensure that "WHOIS" information is current and correct by either enforcing
existing obligations or imposing new ones. I. Whois vs. Privacy The IACC endorses a policy that enables intellectual property owners, consumers, parents and
other interested persons to obtain, at the very least, the type of information currently available in
the WHOIS databases. It is our position that the current system is fairly balanceds between
consumers right to know and a domain name registrant's expectation of privacy. In fact, if
anything, the IACC believes that registrants should be required the need for access to
information and the desire for privacy to improve their performance in insuring that domain
name registrants provide correct and updated information. Because a person (legal or
individual) voluntarily chooses to be present on the iInternet, the identity and contact
information of domain name registrants are entitled to no more privacy protection than are a
business or home addresses in the physical world. Privacy advocates concede that accurate domain name lookups are essential. In a February 16,
2001 letter to Congress, Mr. Marc Rotenberg, Executive Director of the Electronic Privacy
Information Center (EPIC) stated, "For good reasons related to the technical and security
considerations of maintaining websites and domains, it is necessary to make such information
publicly available. Making such contact information available has been the practice of the
domain name process for many years and is well-accepted by the many in the Internet
community." (4)
Mr. Lauren Weinstein, Moderator of the Privacy Forum and Co-Founder of the
People for Internet Responsibility, has expressed the opinion that he opposes limiting access to
WHOIS information or allowing registrants to withhold phone numbers. He was quoted as
saying, "In tracking down privacy, spam, or network problems, when things go wrong, you've
got to be able to call someone. You can't always rely on email. So, what are you going to do,
send them a letter?" (5)
The IACC agrees, however, that certain practices permitted under the ICANN Registrar
Accreditation Agreement (RAA) contribute to abuses and inappropriate use of personal
information. (6)
The RAA, however, already has mechanisms that registrars can enforce in order to
reduce these abuses. (7)
A close examination of the information that is currently available about the domain name
registrantstion leads us to no more than the name and address of the domain name owner. It is
important to understand what one gains access to when a WHOIS search is conducted.
Specifically as it relates to the domain name owner, the only information that one sees is the
owner name and an address. As an example, if one looks up the IACC's domain name
registration, the only information a person will see is our name and address. There is no
telephone number, facsimile number or email addresses for staff members. In effect, there is a
filtering mechanism in place from the outset. It is also important to understand what is not available. For example, one cannot find a
business's tax identification number or an individual's social security number or other personal
information. Therefore, the information that is accessible is not sufficient in and of itself to
result in the types of Internet crimes that make up identity theft. In essence, the WHOIS
databases provide very little information about the domain name owner. In the balancing of interests between some level of privacy and access to information, a person's
decision choosing to be present on the internet should lower the expectation of privacy because
the Internet is the most public place in existence. A single person can be present simultaneously
in each country that has a computer online. It is perfectly appropriate to apply existing privacy,
or limited privacy, concepts to conduct on the Internet. Moreover, domain name registrants
obtaining domain names with accredited registrars consent to providing a certain amount of
information with the knowledge that some information will be available to the public. (8) An open, accessible, and accurate WHOIS database is consistent with privacy and data
protection laws. WHOIS has provided public access to a full range of registrant contact data
since the inception of the domain name system. During all that time, no national governmental
authority has ever determined that this system violates privacy or data protection laws. The
same is true of the ICANN consensus policies under which gTLDs have operated for the past
year. Moreover, domain name registrants obtaining domain names with accredited registrars
agree to provide a certain amount of information. (9) There are many ways for individuals to establish a robust presence on the Internet without even
registering a domain name themselves. Those individuals who choose to do so by registering a
domain name should not be exempt from the mechanisms (like WHOIS) that serve to bring a
minimum level of accountability and transparency to online activities that may impinge on the
rights of others. Few people, and virtually no laws, treat privacy as an absolute right that trumps
every other social value. Unrestricted public access to WHOIS data - the long-established status
quo in the generic TLDs - is fully consistent with a balanced approach to privacy., the approach
that underpins privacy legislation both in the U.S. and abroad. No The IACC is not aware of any privacy or data protection law in the world that guarantees
absolute anonymity for all of a person's activities that bring him or her into contact with others.
Existing laws recognize a number of exceptions that justify public access to WHOIS, including
registrant consent, legal obligations to disclose, or disclosure for the purpose of carrying out a
contract to provide services. Furthermore, there are means by which a domain name registrant
may maintain anonymity (such as by use of a third level domain in the existing gTLDs), so long
as a registrant whose contact data is available accepts full legal responsibility for the activities of
the anonymous registrant. Many privacy advocates properly express concern over developments in Internet law and policy
that could adversely affect Americans' First Amendment rights. In the WHOIS context, these
advocates are concerned that the inability to anonymously share information and express
political views is a violation of First Amendment rights. The First Amendment has been
interpreted to grant a right of anonymous speech when that speech constitutes political
discourse. (11)
Not long ago, Think back to the beginnings of taking the Internet public - when we were calling
the Internet it the "information superhighway." Websites are like cars on that highway.
Sometimes, cars obey the rules, sometimes they don't. Their presence always has consequences
- good or bad, intended or unintended. In the physical world, in a hit and run situation, in a case
of speeding through a neighborhood, or otherwise driving recklessly, how do victims of or those
endangered by the driver's conduct know who is responsible? We know by the license plate -
the number and State of registration. The domain name is to a website what SLD is a website's
license plate is to a car. An identifier behind which stands information about the owner of the
car and is fully available to anyone who wants or needs it. (12)
Likewise, although there may be First Amendment protections for the contents of a website, the other passengers on the "information superhighway" are entitled to know in whose name the "car" is registered - who is the registrant of the SLD. Just as in the physical world situation, if a civilian or a law enforcement official invades the registrant's privacy, there is recourse. The default position should be that the information is public and those who commit transgressions with the information will be subject to consequences.
The automobile registration database, like a WHOIS database, is only as good as the information given at the time of registration. It is reasonable to assume that jurisdictions that have rules to ensure that accurate information is given have a better chance when it comes to enforcing the law than do those jurisdictions that do not have or do not enforce requirements.
Although, there is an expectation of privacy in one's car (especially in its contents) - an
expectation that shields us from the public and from the police - the license plate is a very public
element. Through the license plate number, any other person can find out the name and the
address of the registrant of that vehicle. Unlike driver's license information, (13)
which is not made
public in many states, car registration information is fully available to anyone who wants or
needs it.
Likewise, although there may be privacy interests in the contents of a website, the other passengers on the "information superhighway" are entitled to know in whose name the "car" is registered - who is the registrant of the SLD. Just as in the physical world situation, if a civilian or a law enforcement official invades the registrant's privacy, there is recourse. The default position should be that the information is public and those who commit transgressions with the information will be subject to consequences.
The automobile registration database, like a WHOIS database, is only as good as the information given at the time of registration. It is reasonable to assume that jurisdictions which have rules to ensure that accurate information is given have a better chance when it comes to enforcing the law than do those jurisdictions who don't have or don't enforce requirements.
With regard to the assertion that the WHOIS databases contribute to the proliferation of bulk
mail on the Internet, the IACC has two observations. One, First, this is not clearly the case, as
many bulk mailing lists are "harvested via customizable programs that trawl websites and
mailing lists," according to Paul Kane, Chairman of the WHOIS Committee, a committee of
ICANN's Domain Name Supporting Organization. The WHOIS databases are not generally
used in cases involving unsolicited, bulk mailings (SPAM). (14)
1 Second, as stated above, the RAA includes provisions instructing registrars about third-party
bulk access and the limitation on the use of the WHOIS data. (15)
2 Thus, in view of the provisions
that already exist, there is no reason to lower thresholds for what price are we willing to pay in
terms of the trade-off between less junk mail and greater personal accountability in Internet
conduct. In exchange for less bulk mail, not an elimination of bulk mail, are we We should not
prepared to sacrifice the ability to see who is behind a domain name just because conduct takes
place on the Internet.? Even advocates against the proliferation of unsolicited, commercial email
concede that the WHOIS database plays a crucial role in helping victims identify the sources of
SPAM and other online transgressions. (16) Certainly, a distinction can be drawn between commercial or public speech transmitted to the
public via a website, i.e., an online bookstore or a political action site, and "personal" speech,
albeit transmitted in a public way, i.e., a website of family photographs available to family
members worldwide. However, the privacy interests inherent in the "luxury" of owning a
website must be balanced against the public's need to know who is on the Internet.you are.
Compared to the types and quantity of information requested for other activities in life which are
difficult, if not impossible to live without, a drivers license, medical insurance, marriage
license(s), each of which is accorded different levels of privacy protection, the WHOIS
databases collect a minimal amount of information in connection with an activity that most
people could live without - ownership of a domain name. Given the global broad reach of the Internet, and the potentially broad intended or unintended
effects of a presence on the Internet, WHOIS information should be open, accurate and
accessible to intellectual property owners and other interested persons, including consumers and
parents. The publicly available information is a minimal amount when compared to all of the
personal identification that attaches to individuals in today's world. a modicum of personal
accountability is not too much to demand. II. The Importance of "Whois" It is the IACC's position that the availability of registrant information is critical to allowing IP
owners to enforce their rights over the Internet and for providing consumers with some recourse
against counterfeiters and pirates. What is commonly referred to as the WHOIS database is the collection of information gathered
by a domain name registrar from domain name registrants. Currently, there are over 150 domain
name registrars that are accredited by the Internet Corporation for Assigned Names and Numbers
(ICANN). Accredited registrars are "bound" by the terms of the ICANN Registrar Accreditation
Agreement (RAA). Sections II.E and II.F of the RAA require registrars to collect, maintain, and
make available to the public information regarding each second level domain (SLD) (17)
they
register. (18)
This Committee knows full well the importance of intellectual property to today's companies
and the fact that the burden for protecting such property rests largely with the IP owner.
Although the IACC and other intellectual property groups have advocated for greater
enforcement of IP rights by law enforcement, nearly 99 percent of all enforcement is done civilly
by the IP owner. (19)4 Unfortunately, for all its promise, Tthe Internet has made the IP owners' this
burden to protect their marks more difficult. Just as the Internet opened new markets for
legitimate companies, it also opened new markets for counterfeiters and pirates. IACC member
companies, who used to consider mega-flea-markets as their biggest problem, now point directly
at the Internet as the greatest threat to their brands. One reason for this is that Tthe Internet also
did away with some of the key indicators that investigators and consumers used to detect
counterfeit merchandise. Whereas indicators such as location, touch and feel quality, and
personal interaction with the vendor could often identify goods as fakes, the virtual store, digital
imaging, and point-click purchasing too often leave investigators and consumers blind.
Indicators such as location, quality, and personal interaction with the vendor are key to
identifying fakes in the physical world. In Cyberspace, however, the virtual store, digital
imaging, and point-click purchasing often leave investigators and consumers blind and
uninformed. The one investigative element that IP owners have in the Internet marketplace is "Whois"
WHOIS - a necessary point of contact in an artificial world. IP owners use the information in
the WHOIS database in a number of ways. Sometimes they approach the site operator directly, with a
demand that the unlawful activities cease. Sometimes WHOIS data is used to track relationships
between websites to "map" IP infringers' activities and "business" associations. This
information can be used to establish whether a particular infringer is engaged in a pattern of
behavior, such as a cybersquatter's wholesale warehousing of domain names that are confusingly
similar to trademarks, or other types of IP crimes. Such information can also be useful in later
civil or criminal enforcement proceedings, or as leverage in settlement discussions. WHOIS also
allows copyright owners to invoke the Digital Millennium Copyright Act's "notice and
takedown" procedure and is used by trademark owners to help demonstrate a cybersquatter's bad
faith. However, if a businessman wants to acquire a domain name, if a parent wants to know who
owns the website that is distributing harmful toys, if a consumer wants to know who owns the
website that is offering discounted pharmaceuticals, or if a trademark or copyright owner wants
to know who owns the domain name from which counterfeit version of its products are being
sold, they have one place to turn - the WHOIS databases. (20) Until another method of identifying
those behind certain websites is created, WHOIS remains the only tool for companies looking to
protect their intellectual property rights on the Internet. Thus, the importance of an open,
accurate and accessible WHOIS database cannot be overstated in view of all the interested
persons relying on these databases. III. Making WHOIS Current and Correct It is the IACC's position is that registrars, as are the sole entities that can collect, verify, and
maintain the information made available through the WHOIS service, and that the registrars
should be responsible for keeping the database accurate. (21)
5 Both the U.S. Government's White Paper (22)
6 and the subsequent implementation of its
recommendations in ICANN's RAA hold registrars accountable for the collection, provision,
and maintenance of registrant information. The penalty for failure by the registrant to provide
accurate registrant information is the cancellation of the domain name by the registrar. The
penalty for failure by the registrar to satisfy the requirements in the RAA is cancellation of
accreditation. As explained earlier, according to ICANN's RAA, accredited registrars are obligated to collect,
maintain, and furnish to the public contact information for SLD registrants. Section II.J.8
provides that a "registrar shall abide by any ICANN-adopted policies requiring reasonable and
commercially practicable (a) verification, at the time of registration, of contact
information associated with an SLD registration...or (b) periodic re-verification of such
information...In the event [a] registrar learns of inaccurate contact information associated
with an SLD registration it sponsors, it shall take reasonable steps to correct that
inaccuracy." The IACC believes that failure by a registrar to take steps to verify and re-verify contact
information should be considered a breach of the RAA.Failure by a registrar to take such steps
should be considered a breach of the RAA. According to Section II.N, "[the RAA] may be
terminated before its expiration by ICANN in any of the following circumstances: ... 4. Registrar
fails to cure any breach of the Agreement within fifteen working days after ICANN gives
Registrar notice of the breach. To the IACC's knowledge, there have been no such actions taken
by ICANN, despite widespread complaints regarding the inaccuracy of WHOIS information. ICANN's capacity to enforce the WHOIS obligations contained in the RAA needs improvement.
For instance, despite the public statement by the General Counsel of ICANN that "most
registrars appear not to be in compliance" with their RAA obligation to provide a fully
searchable WHOIS, (23)
7 the IACC is not aware of any enforcement action, formal or informal, that
ICANN has ever taken to enforce this obligation. This is particularly disappointing in light of
ICANN's strongly expressed view that only it, and not any third party, can enforce the WHOIS-related obligations of an accredited registrar under the RAA. (24) Accredited registrars also have some obligations under the RAA concerning WHOIS data
quality. The prevalence of inaccurate or outdated contact information in the WHOIS database
limits its usefulness as an anti-piracy tool. The RAA gives ICANN the authority to develop data
quality or verification standards that registrars would be obligated to fulfill. ICANN has not
done so, even though steps could easily be taken to eliminate obviously false contact data at little
or no cost to registrars. The RAA also requires registrars to accept reports from third parties
(such as intellectual property owners) of false contact data, and to cancel registrations when
contact data cannot be verified. Compliance with these obligations is extremely sparse. The U.S. government should urge ICANN to pay more attention to the implementation and
enforcement of the registrars' RAA obligations and to increase its efforts to restore WHOIS at
least to the level of usability that the public enjoyed up until the advent of registrar competition
in 1999. Since the gTLD WHOIS environment provides a template for these services in other
parts of the DNS, increased attention here could improve accountability and transparency
throughout the Internet. In addition to better enforcement of existing obligations, ICANN must direct its accredited
registrars in developing a method for ensuring that the information collected upon registration
and renewal is accurate. One suggestion would be to use the credit card holder's information as
the registrant contact information in the WHOIS database. If websites selling books or clothing
do not process transactions unless the mailing address and billing address are the same, why
shouldn't an SLD registrar be required to confirm that information? Bringing greater transparency and accountability to the gTLD and ccTLD world through
improved public accessibility of registrant contact data must be a high priority both for ICANN
and for the U.S. government. In its participation in ICANN's Governmental Advisory
Committee (GAC), the U.S. should continue to urge its foreign counterparts to insist that the
operators of provide free, real-time, unrestricted public access to the full range of WHOIS data
elements. Such a step would be in the best interests of consumers, creators, and Internet users in
each of these countries, and would facilitate the full integration of these ccTLDs into the
mainstream of global electronic commerce. The U.S. government should also ensure that the
ccTLD, which it controls, .us, provides a model in this regard. Finally, we need to consider what
steps should be taken to ensure that U.S.-based "virtual gTLDs" that operate two-character
domains that have been delegated to them by foreign territories adhere to the best possible
practices with regard to transparency and accountability, lest they become havens for online
piracy and an embarrassment to the United States. Conclusion The IACC urges this Committee to continue its support for an open, accessible and accurate
WHOIS database. IP rights and privacy interests are not mutually exclusive level of
transparency and accountability required by our laws. The IACC recommends the following
steps as concrete actions that would improve WHOIS and provide mechanisms for protecting
consumers and IP owners. 1. WHOIS database operation must continue to be mandatory for all ICANN accredited
registrars, regardless of the gTLD the registrar is managing; 2. Registrars must obtain, and maintain basic contact information; 3. The information must be publicly accessible; 4. The information must be verifiable; and 5. The information must be kept up-to-date. Thank you again for this opportunity to provide these comments on behalf of the IACC's
member companies. I would be happy to answer any questions. 1 A generic top-level domain or gTLD is commonly understood as the .com, .org, .net, etc. ending, which an
accredited registrar manages, in cooperation with ICANN. The SLD is the domain name a third party registers with
the accredited registrar, i.e., iacc.org. 2 II.F. Public Access to Data on SLD Registrations. "During the term of this Agreement: 1. At its expense, Registrar shall provide an interactive web page and a port 43 WHOIS service providing free public
query-based access to up-to-date (i.e. updated at least daily) data concerning all active SLD registrations sponsored
by Registrar in the registry for the .com, .net, and .org TLDs. The data accessible shall consist of elements that are
designated from time to time according to an ICANN-adopted policy. Until ICANN otherwise specifies by means of
an ICANN-adopted policy, this data shall consist of the following elements as contained in Registrar's database: The
name of the SLD being registered and the TLD for which registration is being requested; a. The IP addresses of the primary nameserver and secondary nameserver(s) for the SLD; b. The corresponding names of those nameservers; c. The identity of Registrar (which may be provided through Registrar's website); d. The original creation date of the registration; e. The expiration date of the registration; f. The name and postal address of the SLD holder; g. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the
technical contact for the SLD; h. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the
administrative contact for the SLD." 2. Upon receiving any updates to the data elements listed in Sections II.F.1.b through d and f through i from the SLD
holder, Registrar shall promptly update its database used to provide the public access described in Section II.F.1. 3. 3 Prior to 1999, Network Solutions, Inc., both managed the Domain Name System (DNS) and registered SLDs under
contracts with the U.S. Government. Once the monopoly was broken, ICANN accredited dozens of registrars
(currently, there are approximately 160), and each of them began building their own, separate WHOIS database.
Although services such as www.better_WHOIS.com and www.allWHOIS.com allow an inquirer to search multiple
registrars online and free-of-charge, the data is still flawed and no single system exists to allow the search of all
accredited registrars, let alone the registrant databases maintained by unaccredited registrars and those who manage
the country code TLDs (ccTLDs - which currently number approximately 240). In negotiations to revise its
contract to run the .com/net/org registry, Verisign agreed to devote part of a $200 million research and development
fund to work on a "universal WHOIS" to allow access to WHOIS data from as many registries as possible
(.com/net/org, new TLDs, ccTLDs) via a single portal. Work is to begin this year with the goal of making
substantial progress by the end of 2002. Whether this system is a valuable tool or is redundant of the existing
"WHOIS portals," remains to be seen. (See footnote below on privacy complaints regarding Verisign's marketing of
WHOIS data). 4 EPIC letter to Senators Conrad Burns and Fritz Hollings and Representatives Fred Upton and Edward J. Markey,
criticizing VeriSign's (formerly Network Solutions, Inc.) aggressive marketing of WHOIS registrant information.
www.epic.org/privacy/internet/ICANN_privacy.html. ICANN is currently considering proposals to limit the RAA's
existing rules governing mandatory bulk access of registrant data. 5 Reported April 5, 2001 in InternetNews at www.internetnews.com/bus-news/article/0,,3_734951,00.html. 6 Registrar Accreditation Agreement (RAA), II.F.6.a "Registrar shall make a complete electronic copy of the data
available at least one time per week for download by third parties who have entered into a bulk access agreement
with Registrar."
7 RAA, II.F.6.d and e.
8 RAA, II.J.7.
9 A check of the proceedings brought under the ICANN Uniform Dispute Resolution Policy, the data indicated that
3,978 proceedings had been initiated as of July 6, 2001, involving over 7,000 domain names.
10 The driver's license analogy has been used in the past to justify the collection of information for the WHOIS
database. The IACC believes that the license plate analogy more accurately reflects the dimensions of this issue.
11 The Washington Post, June 11, 2001, www.newsbytes.com. In fact, even the sale of WHOIS information is
restricted to certain purposes by the RAA (discussed above). Sections II.F.5 and 6.c prohibit registrars from
providing WHOIS contact data to third parties if that information is to be used to "allow, enable, or otherwise
support the transmission of mass, unsolicited, commercial advertising or solicitations via email (spam)."
Furthermore under RAA Sections II.F.6.e and f, registrars may require third parties not to resell the data unless it has
been transformed through incorporation in a value-added product, and may enable SLD holders who are individuals
to "opt-out" of the bulk access database. Again, enforcement of the existing provisions seems to be the key to
solving many apparent problems with management of the domain name system (DNS). 12 RAA, II.F.6.c.
13 The IdWashington Post, June 11, 2001. The article refers to the comments of Jason Catlett, President of
Junkbusters (www.junkbusters.com).
14 According to published reports, in FY2000, DOJ convicted 44 individuals of criminal trademark violations under
18 U.S.C. 2320.
21. 15 The IACC's statements apply to the obligations accepted by ICANN-accredited registrars of generic top-level
domains (gTLDs). Obviously, much less control can be exerted over the data-related practices of registrars who are
either unaccredited, register only country code TLDs, or who are part of a movement to create an alternative to the
DNS. These "alternative roots" - top level domains which have been created outside the ICANN-recognized "root
server" system. Most of aggressively marketed alternative - new.net - now claims to be accessible to over 40
million U.S. Internet users. Some of these alternatives - including new.net - make some WHOIS data available to
the public, but none are subject to ICANN requirements in this area, and all create a serious risk of consumer
confusion. 16 63 Fed.Reg. 31741, 31750 (June 10, 1998): "Trademark holders and domain name registrants, and others should
have access to searchable databases of registered domain names that provide information necessary to contact a
domain name registrant." 17 See http://www.icann.org/committees/WHOIS/touton-letter-01dec00.htm, question 7. 18See to ICANN's amicus filing in Register.com v. Verio, posted at http://www.icann.org/registrars/register.com-verio/amicus-22sep00.htm.