Police Want Tighter Domain Registration Rules
Jeremy Kirk writes on Computerworld UK:
Law enforcement officials in the UK and US are pushing the Internet Corporation for Assigned Names and Numbers to put in place measures that would help reduce abuse of the domain name system.More here.
Now it is "ridiculously easy" to register a domain name under false details, said Paul Hoare, senior manager and head of e-crime operations for the UK's Serious Organised Crime Agency (SOCA). Domain names can be used for all kinds of criminal activity, ranging from phishing to trademark abuse to facilitating botnets. Law enforcement often run into difficulty when investigating those domains, as criminals use false details and stolen credit cards.
The FBI and SOCA have submitted a set of recommendations to ICANN for how it could strengthen Registration Accreditation Agreements (RAAs). The agreement is a set of terms and conditions that a registrar, an entity that can accept domain name registrations, would be subject to in order to run their business. ICANN's RAA applies to registrars for generic top-level domains (gTLDs), such as ".com."
The ideas from the FBI and SOCA have not been publicly revealed but include stronger verification of registrants' name, address, phone number, e-mail address and stronger checks on how they pay for a domain name, Hoare said. Those financial checks are already done for e-commerce transactions, so "there's no reason why the registries and domain registrars can't do the same thing," Hoare said. Many registrars and registries already do this, he said.