A multistakeholder approach and global coordination across different jurisdictions/RIRs is the way forward for achieving whois data accuracy. An interesting session at the APNIC 45 Cooperation SIG that caught the attention of the community was on ‘Whois accuracy – present status and its challenges‘.
The Cooperation SIG is a forum for discussion about broader Internet issues like Public Policy and Internet Governance, which are related to APNIC community interests, but which involve governments, other organizations and communities too.
The APNIC Whois Database is always in the discussions and gaining importance as the demand for IP addresses is increasing exponentially, due to the increasing number of Internet users and a fast-emerging IoT ecosystem.
As you are aware, APNIC maintains the whois database, which contains address-delegation information about contacts for networks, contacts for administration for the network, technical contacts, abuse contacts, and so on. It is important to keep the registration accurately and update it in the whois database when there is a change.
The traditional clients of the whois services are network operators and security agencies who need to trace operational and security issues that are identified by user’s IP address. These days, more and more people are beginning to rely on the whois, especially for tracking in security and criminal investigations.
It was a pleasure for me to Chair the session with Co-Chair Billy Cheon (South Korea), along with multistakeholder panellists, including Craig Ng (APNIC), Richard Leaning (RIPE NCC), Nabinda Aryal (Nepal Police), Alice Munya (GAC Rep) and Anurag Bhatia (Hurricane Electric).
Why this session?
What we really need is continuous dialogue and discussion on this issue, particularly since whois data quality is a critical link for all kinds of investigations. It calls for everyone’s involvement and cooperation.
Initiating the dialogue, Craig Ng talked about the evolution of the whois over the years and how IP addresses are gaining value, as a true record of custodianship of IP resources for due diligence.
He also mentioned the ‘Privacy vs Accountability’ aspect of the data and the need for a balanced approach. Another point outlined was whether Law Enforcement Agencies (LEAs) require registration data up to the end-user level or is it happy with data one step removed from the end-user.
Also debated was whether there needs to be a contractual agreement instead of a legal one between APNIC and the Member. Mr Nabinda Aryal, Superintendent of the Nepal Police, stressed the strong need for a global coordination mechanism with the RIRs and public safety organizations, seeking industry assistance and collaboration. He cited long delays in investigation processes due to inaccurate data and the lengthy processes involved like MLATs, ILOR, LOR, and so forth.
He highlighted a case study that happened in August 2017 in Nepal, where a victim/complainant approached the LEA, mentioning that he was receiving threatening and extorting messages. Later on, tracing the IP address, it was found to be fraudulent, pretending to be original. At the same time, the reply from the service provider was that since the network was of the Carrier Grade Network Address Translation (CGNAT) type, they wouldn’t be able to provide the details.
This is one example of the major hurdles or challenges for LEA investigators. Richard Leaning talked about how the RIPE NCC and RIPE community are engaging LEAs in a productive manner, understanding each other’s requirements. They are conducting training, education and capacity building at regular intervals for the community and LEAs.
Alice Munya discussed the creation of the Public Safety Working Group (PSWG) in ICANN, to engage with LEAs and improve whois accuracy. PSWG members are representing law enforcement interests in the Working Group. She also mentioned GAC‘s outreach and capacity-building programs and how they are evolving the next generation of the whois registration process.
Anurag Bhatia highlighted the whois from operator’s and peering perspectives. There have to be incentives for the operators, end-users, and so forth to update the whois.
Updating data has to be achieved through sending regular emails every year to ISPs/operators/end users for validating the whois.
CGNATs have been deployed at a very significant scale and it is becoming difficult to map the end user, unless IPv6 is implemented.
Summarizing the session, I noted that:
- The whois database is a critical link for any kind of investigation
- An annual contact system of upgrading the database is required
- The need to work together with all stakeholders is being increasingly felt
- Coordination across different jurisdictions/RIRs is imperative
- Regular training, education and capacity-building programs in the RIRs have to be carried out in a planned manner
- The issue of privacy, accountability and data protection with the upcoming GDPR needs to be addressed
There are new developments taking place where technologies like RPKI and RDAP are going to be used. Further, the issues of privacy and data protection are bound to affect the way whois data will be structured in the future. This is expected to change the way we access the whois database today.
I invite community feedback on the issues and developments taking place in the realm of providing high quality Internet number registry data. I would also appreciate, if the community provides what the action points are emerging out of this discussion on whois accuracy, and the subsequent steps or any ideas on how to deal with it.
Dr Govind is an expert in the Internet governance space and is the former CEO of the National Internet Exchange of India (NIXI).
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.