[At-Large] Impressions from the Whois-Review

Patrick Vande Walle patrick at vande-walle.eu
Mon Jan 31 18:34:39 UTC 2011

Thanks for this, Lutz. I have a few questions.

About the membership of the review team: are there any data protection offices represented, law enforcement agencies ? 

About the technical aspects of the WHOIS: 

it has long been said several times that the current WHOIS system is broken, not only because it does not support anything else than US-ASCII gracefully, but also because it does not allow any credentials-based access, etc.  There have been several suggestions, from the IRIS standard to REST interfaces, like the one developed by ARIN. Is this part of the discussion ?

This being said, I would tend to agree with Neil that the WHOIS might contain clues that eventually lead to the criminal. It is certainly useful to an extend to LEAs. 
But that does not mean that the WHOIS should be open to all.  To take an example that has already been mentioned : the car registration plate databases are open to LEAs, possibly insurance companies, emergency services, etc. But these parties are clearly identified. This is not the case with the WHOIS. It is open to all, including the bad guys. The "good guys" that could justify a genuine interest to the WHOIS can certainly be identified and be granted unlimited WHOIS access.

On 31 Jan 2011, at 18:27, Derek Smythe wrote:

> Also, anybody wishing to refute that non-LE third parties play an 
> important part in fighting Internet abuse, is not in touch with what 
> is happening on the Internet currently.

What *is* happening is one thing. What should be happening is another. I would have little problem with private organizations using the WHOIS to fight Internet abuse. As long as they can transparently show who pays for their work, which agreements they have signed with which LEAs, etc. We do not have a democratic control over them, so transparency is the minimum required in that case.   LEAs, may be slow, overloaded, etc, but, at least, they are under the control of the democratic system we voted for (in democratic countries, at least).   

I come from a cultural and societal background where private investigations have bad press. More often than not, the discoveries of private investigations are dismissed in court, because they were conducted by unaccountable parties.  It may be that other cultures are OK with private investigations. But because the gTLD market is global by definition, we need policies that are global , and not one based on that of a particular society.

Patrick Vande Walle

More information about the At-Large mailing list