While commercial organizations would have to provide WHOIS data, the CDT favored allowing individuals to opt out entirely. The reasoning behind the exception would be to protect political dissidents from government surveillance.
To prevent spammers from gaming the system, the CDT suggested using anti-abuse teams to report suspicious domains to registries, which could decide whether to take legal or administrative action against the sites.
The working group also proposed giving law enforcement access to more registrant data than would be made available to other requestors. That suggestion was called as a "red herring," by Garth Bruen, principal investigator at Internet security research company Knujon, which is "no junk" spelled backwards.
"Law enforcement already has superior access to registrant data, they always did," Bruen told the KrebsonSecurity blog. "WHOIS is about ordinary Internet users being able to find out who owns a domain name. The consumer is ultimately being frozen out."
The expert working group is currently accepting comments on its proposal. The group will eventually hand a final recommendation to the ICANN, but a timetable was not announced.
Read more about data privacy in CSOonline's Data Privacy section.