ICANN conference focuses on security

The annual meeting of the Internet Corporation for Assigned Names and Numbers, (ICANN), began this week with a warning from a US...

The annual meeting of the Internet Corporation for Assigned Names and Numbers, (ICANN), began this week with a warning from a US congressman that unless domain registrars can verify their customers, US law makers may step in and force them to do it.

"Without verification, we leave the field open for malevolent registrants," and that includes anyone from intellectual property thieves to terrorists using the Web to raise money and exchange information, said Howard Berman.

Verification of the Whois database, the directory that lists names and contact information of people who register, "can help law enforcement track these people", he said.

Berman left it unclear what action he would take, but as the key member of the Judiciary Committee's Subcommittee on Courts and Intellectual Property, he is in a position to make changes.

But Berman also underscored his support for those who use the Internet anonymously and said allowing people such freedom is important. "I do not believe accurate and complete Whois information conflicts with the goal of allowing anonymous Internet usage," he said.

The accuracy of the Whois database is only one of many security-related issues likely to be examined over four days of meetings by ICANN.

In response to the terrorist attacks on 11 September, ICANN will be spending most of its time discussing the security of the Domain Name System (DNS). The primary job of this international, non-profit organisation is to ensure the stability of the DNS.

But Berman's solution, mandating verification of people who register domain names, conflicts with ICANN's policy. The group cannot force businesses and organisations to take specific actions unless they voluntarily agree.

There are also technical issues to consider. It is extremely difficult for registrars to verify addresses and phone numbers in many countries, according to Rick Wesson, president of Alice's Registry. "Other countries do not provide access to the data," he said.

ICANN has a self-regulatory system for ensuring accuracy. If a registrar, under its agreement with ICANN, is told that particular Whois data is incorrect, it "has an obligation to correct it or delete the domain name", said Andrew McLaughlin, ICANN's chief policy officer.

One of the main issues is whether ICANN is a technical standards organisation or one with policy-making authority. Some of the problems that ICANN faces are based on misunderstandings of its limited power.

Esther Dyson, former chairwoman of the ICANN board said, ICANN sets policy and does not run the Internet as some believe. "It doesn't even run the infrastructure of the Internet. It doesn't really have much of an administrative role," she said.

Read more on Antivirus, firewall and IDS products