[At-Large] Issue Report on Thick Whois

[Patrick Vande Walle]

On 24/11/11 15:32, Neil Schwartzman wrote:
> Just for the record, CAUCE supports a complete implementation of Thick WHOIS, without qualification nor exception. the vast majority of investigations into abuse of hundreds of millions of end users that happens daily is predicated upon the use of clear and complete WHOIS data, by security researchers, not law enforcement. It is our work tht is then passed on to LEA for consideration.

I have no problem with LEAs outsourcing this research to external
experts. As long as the agreements are clear,  there are written
commitments to confidentiality, and all that, it is fine. I am sure
these experts would  not oppose entering into agreements with registries
to access the data. This is already the case for .tel.  and could be
expanded to other gTLDs. That will certainly happen with the upcoming
gTLDs that will be based in Europe. The bottom line is to be sure that
the professional performing the research is well-intentioned. 
By making the data public, you also allow criminals to access it.

> I'm wondering - for any of those who tout the privacy concerns of domain owners, why you hold them in higher regard than the privacy concerns of victims of spamming, phishing, malware, and identity theft, let alone more egregious activities. 

Again, as long as the LEAs or their contracted experts do this
investigation, it is fair to provide them with access to the
information. If they have reasonable clues that one person is performing
malicious activities, it is fair to investigate their WHOIS records.
However, explain to me why my neighbour would need to know which domain
names I have registered.

> I'm also wondering have you ever conducted an abuse investigation yourselves, or i this just theoretical for you?


No. I did not conduct any abuse investigation.  I have no standing to do
so. I am just an ordinary citizen. I trust the relevant authorities to
do this job.

Patrick