[At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers
Karl Auerbach
karl at cavebear.com
Fri Aug 23 22:15:50 UTC 2019
Let's not let the word "property" or "ownership" color this discussion -
those words tend to drag-in a lot of preconceived notions.
In law (at least in the US) there really is no such thing as
"ownership". Rather various people (and governments, and other legally
recognized entities such as corporations) may have various (and often
overlapping) kinds of rights and duties with respect to a thing. We
generally accord the word "owner" to whoever/whatever has the biggest
collection of those rights/duties.
Your concept of ICANN "owning" all domain names is interesting, however,
because there can be multiple domain name systems, that would require a
context such as "all domain names registered under such-and-such root
zone file". Moreover, usually such a vast grant of ownership tends to
require a governmental level of delegation - the days of Conquistadors
planting flags are largely in our past. ;-)
Given ICANN's history of kow-towing to certain industrial/governmental
interests would we really want to accord this additional level of authority?
Moving on...
I find it better to consider the rights/duties surrounding domain names
as contractual rights/duties. That tends to remove any lingering
preconceptions that come from words like "property".
ICANN as it is presently established does operate on the basis of
contract rights and duties. (What is typically missing in the world of
ICANN is the concept of "third party beneficiary" rights, which is the
legal notion that a person - an intended or explicity beneficiary of the
contract - but who is outside the contractual relationship may have the
power to enforce terms of that contract.)
Getting back to whois...
I would assert that the data mining of whois has been a source of abuse
of domain name registrants to at least the same degree, and perhaps a
greater degree, than any asserted abuse by spammers. Virtually every
person I know who has domain names has become the subject of a the
hurricane of scam phone calls and emails originating from whois mined
contact information. And that hurricane does not stop - I'm still
getting stuff that is based on whois information that became obsolete
30+ years ago. A large number of people have turned off their
telephones - a fact that recognizes that ill-minded people are modern
day Vandals who are undermining our modern culture as much as the elder
Vandals undermined Classical Rome.
You raise the scenario of a person having to pay money to report a
crime. It is true that there is no $$ fee for that, but there are laws
that make false reports a crime - make a false report and you could end
up in jail yourself.
There is no friction, no penalty, no nothing against anonymously
perusing whois and redistributing that information. There are sometimes
some notices of dubious legal applicability and enforceability. But
when was the last time you read about a whois data miner going to jail
or suffering a penalty?
There's a balance to be made here. However the status quo is anything
but a balance. The access to whois is free and easy, without penalty,
cost, or friction; it can be made anonymously on a whim or mere
curiosity - or as part of a mechanized data scraping operation. On the
other side there is a violation of privacy, without prior-notice that
the privacy will be violated, note of who violated that privacy, or what
accusation, if any, is being made to justify that intrusion.
Is if no wonder that registry privacy services are so popular?
--karl--
More information about the At-Large
mailing list