I looked over the MOU for the RIR's and these seem to be the relevant clauses to whois data access: "The ICANN bylaws assign to the ASO the responsibility for the development of global policies relating to the following areas: Definition of global policies for the distribution and registration of Internet address space (currently IPv4 and IPv6);... Specifically this responsibility is limited to the above and does not extend to the business practices or local policies of the RIRs except as needed to ensure that the RIRs meet the criteria for ICANN approved RIRs. The RIRs are responsible to their own members and in most cases this must be their prime responsibility." ICANN/IANA has a responsibility under the US government contract: "The Contractor shall ensure the authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation."