[At-Large] [WHOIS-WG] Fwd: WHOIS Policy Review Team Final Report
Avri Doria
avri at acm.org
Thu May 17 07:19:38 UTC 2012
Somehow I expected this reply.
First many people do require registration to get a place that allows them to speak.
Second, even when a site is provided for others, keeping that site up requires protection from repressive regimes.
Third, who are you to determine what people need?
Fourth, I expect you will tell me next that people can use Google Facebook etc. Other than not wishing to become a shill for google et al; one can't count on those services for privacy; when they want the business of a regime they will give all the information the regime asks for. Often the only option is one's own registration and hosting service in a third country.
You claim to speak for the world's users, but you do so from the safety of a relatively . please don't assume that the conditions that prevail for you have any relation to the rest of the world.
I know registrants are not the only users, but they are indeed users. Don't sacrifice them on the altar of rich comfortable country consumerism.
avri
Evan Leibovitch <evan at telly.org> wrote:
>On 17 May 2012 01:02, Avri Doria <avri at acm.org> wrote:
>
>
>> Most of us come from countries where the state is a relatively good
>actor
>> and is not like to show up at our houses in the middle of the night
>to
>> torture us for the things we have said on our web/blog sites.
>> Unfortuantely far too many people come from states where whois
>information
>> freely avaialble on the net can cost them and their families their
>well
>> being or their lives.[...]
>>
>
>This logic demands the unfounded and erroneous assumption that one
>requires
>a first- or second-level ICANN-authorized domain in order to speak on
>the
>Internet.
>
>Most end users -- including those who wish to use the Internet to buy,
>sell, speak, listen, write or read -- will never need to buy domain to
>accomplish their objectives. I understand that there are many in ICANN
>--
>including some on this list with vested interests -- who see every
>Internet
>end-user as a potential registrant. (This, of course, helps to explain
>the
>difficulty within ICANN of distinguishing consumers from end users,
>because
>every end user is considered a potential "consumer" of domain names.)
>
>Not everyone shares the view that this approach is universally
>beneficial,
>let alone necessary, for anyone outside the domain industry.
>
>in my day job -- the one that has nothing to do with Internet
>governance
>and keeps me grounded outside this bubble -- I work with academic
>studies
>in refugee research. This role brings me in frequent contact with
>refugees
>who have stories to tell, but who would be in substantial danger (along
>with their families) should these stories could be traced to them. We
>(and
>other places) do quite well telling those stories while protecting
>identities. (NB: the strategy does NOT require giving every refugee --
>or
>even every refugee camp -- their own domain name.)
>
>So I don't need to be lectured on using the Internet to provide free
>speech; I can assert with some real-life experience -- as opposed to
>mere
>debating logic -- that the DNS need not play *any* special role in
>providing or protecting sensitive and dangerous speech on the Internet.
>
>The abuse of WHOIS for protection of criminals is real. The rationale
>in
>favour of maintaining abuse of WHOIS as *necessary* to protect
>sensitive
>speech is theoretical and provably wrong.
>
>- Evan
>
>
>
>
>>
>> So when a registration is in a country other than their own, not only
>> should their information not be served up on a platter to abusive law
>> enforcement, it should not be easily available without proper due
>process,
>> with all opportunity provided to protect the users who see the
>Internet as
>> their tool for achiving freedom. It is all well and good to protect
>> consumers from fraud, but this must not be done at the expense of
>those
>> fighting for freedom to either be who they are, e.g. gay registrants
>who
>> live in countries that imprison the gay, or those fighting the
>freedom to
>> speak to power.
>>
>> I know will will quickly rejoin that one does NEED a domina name to
>speak
>> to power or to blog about freedom, but many feel they do, and who are
>wee
>> to say that this is not the case. I think that when At-Large thinks
>about
>> protecting users it must think not only of the user whose major
>threat is
>> fraud, but must also think s of users living under repressive
>regimes.
>>
>> Protecting users does not mean only protecting consumers. The public
>> interest of the user is not identical to the public interst of the
>consumer.
>>
>> avri
>>
>>
>> Antony Van Couvering <avc at avc.vc> wrote:
>>
>> >Dear Carlton,
>> >
>> >While I agree that in general it is unwise, and often unfair, to
>> >speculate on the motives of participants, I do think several of
>> >Patrick's points are quite valid - an open Whois is a gold mine for
>> >spammers, salespeople, and identity thieves, particularly when the
>> >information is verified/correct.
>> >
>> >Did the review team look at the relative harm, and likelihood of
>harm,
>> >to consumers from spamming vs. the benefits gained by making things
>> >easier for law enforcement?
>> >
>> >Also, did it consider the difference between correct information and
>> >the public display of correct information? One undeniable benefit
>of
>> >not publicly displaying private information (e.g., address, phone
>> >number) is that people are far more likely to provide correct
>> >information if they're not worried about stalkers and thieves
>showing
>> >up at their house, or salesmen calling them during dinner. If law
>> >enforcement has a reason to view private information, then it could
>be
>> >provided to them. I think very few people would object to that.
>> >
>> >One very important element of compliance is to get buy-in from the
>> >affected parties. Everything we know about consumers is that they
>> >don't like putting their private information out on the Internet for
>> >everyone to see. The wave of protests over information sharing by
>> >Facebook is a good example of this.
>> >
>> >My personal view is that if the parties were serious about coming to
>a
>> >workable solution, they would examine options like this, and they
>> >wouldn't poo-poo other sides' objections. For instance, registrars
>> >should not, as they sometimes have, contend that law enforcement has
>no
>> >need for quick access to information. The other side should not
>> >dismiss as worthy of consideration the very substantial cost to
>> >verifying information, both directly and in terms of retooling
>systems,
>> >particularly when these costs *will* get passed along to the
>consumers.
>> >This last consideration is not just about domain name registrants --
>> >many registrars are also web hosting and email providers, and they
>may
>> >be more likely to pass along their costs in one of these (or other)
>> >areas rather than just raise the price of domain names.
>> >
>> >I would hope that the At Large community could help facilitate a
>> >solution that answers to the needs of the affected parties,
>including
>> >consumers, rather than provide a blanket endorsement to a plan that,
>> >while it may be on point with its criticisms of ICANN, will not in
>my
>> >opinion lead to a workable solution. It is more likely, if enacted,
>to
>> >lead to court battles, leaving consumers to deal with a broken
>system
>> >in the meantime.
>> >
>> >With best regards,
>> >
>> >Antony
>> >
>> >On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
>> >
>> >> Patrick:
>> >> I would still like to know who your gut tells is the Svengali
>> >directing
>> >> ALAC positions on the WHOIS issue.
>> >>
>> >> For the record, my SOI is and remains public information; no
>> >conflicts.
>> >> What I find personally irritating is the notion you espouse that
>I,
>> >> myself, could be 'directed' to a position!
>> >>
>> >> It is galling because if this was the case, I would have wasted
>the
>> >> literally hundreds of hours I've spent reading and cross-checking
>> >> documents/sources to shape a position!
>> >>
>> >> With respect, you might wish to review this business of taking
>your
>> >gut as
>> >> bellewether to a blood libel. Not good.
>> >>
>> >> Best,
>> >> - Carlton
>> >>
>> >> ==============================
>> >> Carlton A Samuels
>> >> Mobile: 876-818-1799
>> >> *Strategy, Planning, Governance, Assessment & Turnaround*
>> >> =============================
>> >>
>> >>
>> >> On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle
>> ><patrick at vande-walle.eu
>> >>> wrote:
>> >>
>> >>> On 15/05/12 17:07, Carlton Samuels wrote:
>> >>>
>> >>> Your position condemns ordinary users who are hurt by bad actors
>to
>> >do
>> >>> without the basic information to initiate redress of grievance.
>> >>> Undoubtedly WHOIS information to a class of better informed
>> >interlocutors
>> >>> could likely be fruitful. But information discrimination of the
>> >kind
>> >>> suggested against victims of dissolute behaviours adds insult to
>> >injury.
>> >>> Count me out.
>> >>>
>> >>>
>> >>> A fully open, public WHOIS condemns honest domain name
>registrants
>> >to be
>> >>> hurt by bad actors, like spammers. Being harassed on the phone,
>and
>> >see
>> >>> personal details exposed for all to see.
>> >>>
>> >>> I have no doubt experts in cybercrime would find the useful clues
>in
>> >the
>> >>> WHOIS. I am all in favour of giving them access to the
>information
>> >they
>> >>> need, as long as they clearly identify themselves, the work they
>do
>> >and be
>> >>> transparent who they work for, have a code of conduct, etc.
>> >However, I
>> >>> consider that exposing the private details of millions of honest
>> >individual
>> >>> domain name registrants to chase a few thousand criminals, who
>> >would fake
>> >>> their contact details anyway, is disproportionate from a human
>> >rights POV.
>> >>>
>> >>> Note also that other registries, mostly ccTLDs, have privacy
>> >policies.
>> >>> Yet, they do not have more issues with counterfeiting and spam
>than
>> >the
>> >>> main gTLDs have. What is disappointing is that ICANN (both the
>> >>> corporation and the community) does not want to question the
>model
>> >they use
>> >>> and learn from best practices developed elsewhere.
>> >>>
>> >>> Lastly, we should really distinguish between data collection and
>> >data
>> >>> display. The current ICANN WHOIS policy does not. Collecting
>> >private
>> >>> details is legitimate. Displaying them to everyone is not. I
>doubt
>> >there
>> >>> are many countries where one can consult the car registration
>> >database or
>> >>> obtain the details of an unlisted phone number without showing
>the
>> >right
>> >>> credentials to access that data. Why should the domain name
>database
>> >be any
>> >>> different ?
>> >>>
>> >>>
>> >>> All aside, I am curious as to the identity of the individual
>> >allegedly
>> >>> of outsize influence "who have a business interest in an
>> >open-to-anyone
>> >>> WHOIS".
>> >>>
>> >>>
>> >>> This is more a gut feeling based on past posts that the result of
>an
>> >>> investigation. Frankly, I would have absolutely no issue if
>people
>> >made a
>> >>> living in fighting spam, counterfeit goods or generally
>investigate
>> >>> criminal activities. As long as this is transparent to the
>rest
>> >of the
>> >>> community. Indeed, I think Evan's suggestion to publish SOIs is
>a
>> >good
>> >>> starting point. I have not done so, because I am not in a
>> >leadership
>> >>> position, but I would have no issue to do it, if required. Maybe
>> >this
>> >>> should be extended to all members of the WGs.
>> >>>
>> >>> Patrick
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> WHOIS-WG mailing list
>> >>> WHOIS-WG at atlarge-lists.icann.org
>> >>> https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
>> >>>
>> >>> WHOIS WG Wiki:
>> >>> https://community.icann.org/display/atlarge/At-Large+Whois+Policy
>> >>>
>> >> _______________________________________________
>> >> At-Large mailing list
>> >> At-Large at atlarge-lists.icann.org
>> >> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> >>
>> >> At-Large Official Site: http://atlarge.icann.org
>> >
>> >
>> >_______________________________________________
>> >At-Large mailing list
>> >At-Large at atlarge-lists.icann.org
>> >https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> >
>> >At-Large Official Site: http://atlarge.icann.org
>>
>> _______________________________________________
>> At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>>
>> At-Large Official Site: http://atlarge.icann.org
>>
>
>
>
>--
>Evan Leibovitch
>Toronto Canada
>
>Em: evan at telly dot org
>Sk: evanleibovitch
>Tw: el56
>_______________________________________________
>At-Large mailing list
>At-Large at atlarge-lists.icann.org
>https://atlarge-lists.icann.org/mailman/listinfo/at-large
>
>At-Large Official Site: http://atlarge.icann.org
More information about the At-Large
mailing list