A review of the draft KENIC.KE domain name WHOIS policy

  • 22 Sep 2021
  • 4 Mins Read
  • 〜 by Francis Monyango

KeNIC is a company, limited by guarantee, licensed to manage and administer the dot ke Country Code Top-Level Domain (.Ke ccTLD) name. As a registry they record, store and maintain details of domain names in the Top Level Domain (TLD). 

WHOIS is a query and response protocol used to lookup certain information related to domain names. A WHOIS query returns information related to contact details, name servers, and the Registrar of a domain name. This service is intended only for query‐based access. A domain name is an internet resource name that is universally understood by Web servers and online organizations and provides all pertinent destination information. To access an organization’s web-based services, website users must know the precise domain name.

The purpose of the KeNIC WHOIS policy is to:

  • describe the WHOIS Service of the TLD,
  • how the Service may be used, 
  • actions KeNIC may take to promote the accuracy of the Service and
  • those we may take to ensure the security and stability of the Service.
  • make available up-to-date contact data for the individuals involved in a given domain registration, i.e. the registrant, the Admin-C, the Tech-C and the registrar the domain is registered with.

WHOIS LOOK-UP FACILITY

The Public Policy Rules require the Registry to provide a WHOIS look-up facility where, by typing in a .ke Domain Name, information about the administrative and technical contact administering the Domain Name can be found.

The purpose of the WHOIS database is to provide reasonably accurate and up to date information about the technical and administrative points of contact administering the domain names under the .ke TLD.

When a Domain Name is registered, the information relating to that registration sits in a WHOIS database in compliance with the rules. The information collected includes Registrant contact information, the Registrar involved and details of the name servers to which the Registry delegates authority for the Domain Name.

By going to the Website of the Registry and typing in the Domain Name in the WHOIS look-up facility, information about that name and the Registrant can be accessed in accordance with the rules in the policy. When registering a Domain Name, the Registrant is seen to have accepted the Registry’s Terms and Conditions which authorizes the Registry to make some personal data accessible on its web site, along with some other technical data, in order to guarantee the transparency of the domain name system towards the public.

Information published in the WHOIS

All Registrants are required to accept the Terms and Conditions in which the Registrant authorizes the Registry to publish certain personal data. When the Registrant is a legal person or another form of organization the Registry generally publishes the following information in its WHOIS:

  • name, address and telephone and fax number of the Registrant;
  • technical contact person;
  • e-mail address of Registrant; and
  • technical data (such as status of the Domain Name or the name servers).

Preventing misuse of WHOIS data

In order to prevent misuse of personal data available in the web-based WHOIS look-up facility the Registry takes the following steps:

  • E-mail addresses, and if published, postal addresses, telephone and fax numbers are displayed as images (pictures) rather than text making it difficult to automate capture of the data.
  • Multi-criteria searching and other search facilities to search by name, email address, address, fax or telephone numbers will not be possible.
  • All those who submit a query to the WHOIS database will be assumed to have read and agree to the ‘WHOIS legal statement and terms and conditions’ which will inform the user that the Registry does not guarantee the accuracy or availability of the WHOIS Service records. Any records returned from the WHOIS Services are provided on an “as is” basis without any representations or warranties of any kind.

The Draft Data and Information Sharing Policy

The draft KeNic Data and Information Sharing Policy dictates how KeNIC collects, stores, shares, and uses data. It further provides for processes on data security to protect data stored by KeNIC from being accessed or used maliciously. The key considerations in the formulation of this policy are;

  1. Persons/entities that would want to access data from KeNIC;
  2. The information on the Users/customers sought by KeNIC;
  3. The purpose/intention for the collection/storage of information by KeNIC;
  4. The nature of data that would be requested by persons/entities from KeNIC;
  5. The sensitivity level of the information held with KeNIC.

The policy also has Access to Information guidelines

Requests for information must be made in writing attaching the prescribed request for information form signed by the chief executive officer or an access of information officer. Where justified, the information requested will be shared within ten (10) days from the date of request. Should the request be unclear on any of these parameters, KeNIC will seek further clarifications.

No request made anonymously will be honoured by KeNIC.

The right to access information is not absolute and the law imposes certain limitations. As such, KeNIC will withhold disclosure of information that is limited by section 6 of the Access to Information Act, 2016.

The draft policies are a good move in KeNICS’s compliance with the Data Protection Act and the Access to Information. 

However, stakeholders in the ICT sector have raised concerns with the manner in which KeNIC is conducting the public participation for these draft policies.

They have asked the domains organisation for a framework and roadmap of how the Public Participation Process will flow, who will manage it, and how feedback will be provided. They are also asking for the deadline for the call for submissions.