[At-Large] 9th Circuit Court ruling on ICANN Contract.
Karl Auerbach
karl at cavebear.com
Sat Jan 8 23:53:10 UTC 2011
On 01/08/2011 02:37 PM, Roberto Gaetano wrote:
> I believe that the registration of a domain requires the owner of the domain
> to correctly identify oneself to the registering authority, but that this
> information does not need necessarily to be public.
> ...the example of car registration: a car owner is obliged
> to provide complete and accurate information to the registration authority,
> but this information is not necessarily public. Actually, I am not aware of
> any national car registry in which you can access this information without
> proving that you need it, and qualify yourself.
> I have not yet heard a convincing argument on why the domain names have to
> be treated differently.
You've hit on an important point. But first let me make a minor detour...
<begin detour>
If you check the registration of my primary automobile you won't find my
name anywhere. There are layers of corporate identities between my name
and the name on my automobile registration.
That is neither illicit nor does it oppose the social policies that
justify automobile registration.
"Ownership" is a distinct concept from that of "control". There are
quite legitimate reasons why ownership (or control) might be indirected
through layers of intermediaries. Moreover, there are cases, such as
when a person has acquired an automobile on the basis of a loan there
are separate and distinct legal and beneficial ownership rights.
<end detour>
The drum beat for privacy busting private regulation of domain name
registrations is driven by the desire by various people, some driven by
good intent (such as the anti-spam community), some driven by more
selfish motives (such as the intellectual property protection [as
distinguished from the intellectual property creation] industry). Those
groups would dispense with the nuisance of balanced due-process to the
data subject.
It is long past time to introduce some balance back into the equation:
For years I have advocated that penetration of domain registrations
should require the person making the request do several things:
1. They should announce their identity, personal and organizational
(including contact information), and proofs of that identity, which
would be recorded, permanently, into an access log.
2. A bond (small, perhaps $100) should be posted to indemnify the
data subject should the access be ill founded, vexatious, or made with
reckless disregard of facts known, or readily knowable to, the accessor.
(There are lots of ways that this requirement could be streamlined to
accommodate the needs of consumers - for example the bond could be
waived for the first 10 accesses during any 12 month period.)
3. They should make a concise and concrete accusation, into the
permanent log, that states why they believe rights they process towards
the domain name are being violated. This accusation must be backed by
evidence. This accusation could act as an estoppel against the accessor
making contrary assertions at a later date.
4. They should be required to enter into a legally binding agreement,
with the data subject being granted explicit third party beneficiary
rights of enforcement, that constrains the use of the data obtained so
that it may not be further disseminated or used for any other purpose
than to initiate a dialog with the data subject on the question whether
the accusation is well founded or specious.
5. The data subject should be given notice of the access, including
the identity of the accessor and the content of the accusation. The
data subject would have the right to make that accusation and the
identity of the accessor public.
6. On a periodic basis the log of access should be processed so that
the name of each accessor, and the number of accesses made, is published
to the public. This will help identify access trolls.
--karl--
More information about the At-Large
mailing list