I only recall two subpoenas for _just_ domain names. The rest always had more info, like email headers or IP addresses.
Here's a good example of why it's a waste of LEA/LEO's time to be looking at WHOIS data: Below is the data for my personal domain. I am the only one who uses it. The only one who is responsible for it. My friend, who doubles as a registrar, "registers" it for me. Looks perfectly accurate to me and this is how it will be "updated", but in order to find out it's me, LEA has to send a subpoena to get the information i.e. who are the account holders, where are they, where do they pay their bills from, etc. etc. Registrant: Where The Fugawi (FUGAWI2-DOM) 3300 Irvine Ave, #385 Newport Beach, CA 92660 US Domain Name: FUGAWI.NET Administrative Contact, Technical Contact: Barrow, Michael (MB144) michael@MLBARROW.COM mlbarrow.com 1415A Harbor View Drive Santa Barbara, CA 93103 US 949-885-1802 781-240-5836 Record expires on 24-Aug-2002. Record created on 23-Aug-1997. Database last updated on 19-Jun-2002 13:48:52 EDT. Domain servers in listed order: NS1.IJDOMAINS.COM 12.44.117.72 NS2.IJDOMAINS.COM 65.107.235.169 As far as my statement about a whois record being "junk", I mean it's junk to LEAs. Honestly? Is this more accurate than a dig on ns, mx, soa and a traceroute to find out what REALLY is going on here? -M