The IT Law Wiki


WHOIS is a database that

contains the names and contact information — postal address, telephone number, electronic mail address and in some cases facsimile number — for customers who register domain names through the registrar.[1]


a Transmission Control Protocol (TCP)-based transaction-oriented query/response protocol that is widely used to provide information services to Internet users. While originally used to provide "white pages" services and information about registered domain names, current deployments cover a much broader range of information services. The protocol delivers its content in a human-readable format.[2]


The WHOIS service and protocol were originally developed and deployed in 1982 as a transaction-based service to provide a registry (directory) for "each individual with a directory on an ARPANET host, who is capable of passing traffic across the ARPANET."[3]


"The primary purpose of the WHOIS database is to provide necessary information in the event of domain name disputes, such as those arising from cybersquatting or trademark infringement."[4]

WHOIS began as a service that Internet operators could use to identify and contact individuals or entities responsible for the operation of a computer on the Internet when an operational problem arose. Since then, the WHOIS service has evolved into a tool used for many purposes, such as determining whether a domain name is available for registration, identifying the source of spam e-mail, enforcing intellectual property rights, and identifying and verifying online merchants.

The WHOIS service is not a single centrally managed database but consists of linked information that is collectively maintained in distributed databases by domain name registrars and registries.

Data accuracy[]

Data accuracy is important to the effectiveness of the EHOIS service in helping Internet operators to resolve technical network issues, as well as helping law enforcement officers to investigate such things as intellectual property misuse or online fraud. According to federal agency officials, accurate WHOIS data have the potential to allow law enforcement officials to identify individuals involved in criminal activities on the Internet more quickly than if such information were not available.

Although registrants are required to provide accurate WHOIS contact information, they may supply false or incomplete information in order to hide their identities or to shield themselves from being contacted by members of the public.[5]

Privacy concerns[]

The scope and accessibility of WHOIS database information has been an issue of contention. Privacy advocates have argued that access to such information should be limited, while many businesses, intellectual property interests, law enforcement agencies, and the U.S. Government have argued that complete and accurate WHOIS information should continue to be publicly accessible. Over the past several years, ICANN has debated this issue through its Generic Names Supporting Organization (GNSO), which is developing policy recommendations on what data should be publicly available through the WHOIS database.

On April 12, 2006, the GNSO approved an official "working definition" for the purpose of the public display of WHOIS information. The GNSO supported a narrow technical definition favored by privacy advocates, registries, registrars, and non-commercial user constituencies, rather then a more expansive definition favored by intellectual property interests, business constituencies, Internet service providers, law enforcement agencies, and the Department of Commerce (through its participation in [[ICANN]'s Governmental Advisory Committee).

At ICANN's June 2006 meeting, opponents of limiting access to WHOIS data continued urging ICANN to reconsider the working definition. On October 31, 2007, the GNSO voted to defer a decision on WHOIS database privacy and recommended more studies. The GNSO also rejected a proposal to allow Internet users the option of listing third party contact information rather than their own private data. Currently, the GNSO is exploring several extensive studies of WHOIS.[6] Meanwhile, a review committee established by the Affirmation of Commitments began its first review of WHOIS policy on October 1, 2010.[7]


  1., Inc. v. Verio, Inc., 126 F.Supp.2d 238, 241-42 (S.D.N.Y. 2000) (full-text).
  2. Privacy Impact Assessment for the National Cyber Security Division Joint Cybersecurity Services Pilot, at 2 n.6.
  3. ICANN SSAC, SAC 023: Is the WHOIS Service a Source for email Addresses for Spammers? (Oct. 2007) (full-text).
  4. v. Verio, 126 F.Supp.2d at 242.
  5. The GAO estimates that 2.31 million (5.14%) domain names have been registered with “patently false” WHOIS contact data — data that appeared obviously and intentionally false without verification against any reference data — in at least one of the required contact information fields. In addition, the GAO estimates that 1.64 million domain names (3.65%) have incomplete information in one or more of the required fields.
  6. See ICANN "Whois Services" page (full-text).
  7. See ICANN "Whois Services" page (full-text).

See also[]

External resources[]