[At-Large] [WHOIS-WG] Fwd: WHOIS Policy Review Team Final Report

Antony Van Couvering avc at avc.vc
Wed May 16 17:57:21 UTC 2012 

Dear Carlton,

While I agree that in general it is unwise, and often unfair, to speculate on the motives of participants, I do think several of Patrick's points are quite valid - an open Whois is a gold mine for spammers, salespeople, and identity thieves, particularly when the information is verified/correct. 

Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement?  

Also, did it consider the difference between correct information and the public display of correct information?  One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner.  If law enforcement has a reason to view private information, then it could be provided to them.   I think very few people would object to that. 

One very important element of compliance is to get buy-in from the affected parties.  Everything we know about consumers is that they don't like putting their private information out on the Internet for everyone to see.   The wave of protests over information sharing by Facebook is a good example of this. 

My personal view is that if the parties were serious about coming to a workable solution, they would examine options like this, and they wouldn't poo-poo other sides' objections.  For instance, registrars should not, as they sometimes have, contend that law enforcement has no need for quick access to information.  The other side should not dismiss as worthy of consideration the very substantial cost to verifying information, both directly and in terms of retooling systems, particularly when these costs *will* get passed along to the consumers.  This last consideration is not just about domain name registrants -- many registrars are also web hosting and email providers, and they may be more likely to pass along their costs in one of these (or other) areas rather than just raise the price of domain names.

I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan that, while it may be on point with its criticisms of ICANN, will not in my opinion lead to a workable solution.  It is more likely, if enacted, to lead to court battles, leaving consumers to deal with a broken system in the meantime.  

With best regards,

Antony

On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:

> Patrick:
> I would still like to know who your gut tells is the Svengali directing
> ALAC positions on the WHOIS issue.
> 
> For the record, my SOI is and remains public information; no conflicts.
> What I find personally irritating is the notion you espouse that I,
> myself, could be 'directed' to a position!
> 
> It is galling because if this was the case, I would have  wasted the
> literally hundreds of hours I've spent reading and cross-checking
> documents/sources to shape a position!
> 
> With respect, you might wish to review this business of taking your gut as
> bellewether to a blood libel.  Not good.
> 
> Best,
> - Carlton
> 
> ==============================
> Carlton A Samuels
> Mobile: 876-818-1799
> *Strategy, Planning, Governance, Assessment & Turnaround*
> =============================
> 
> 
> On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle <patrick at vande-walle.eu
>> wrote:
> 
>> On 15/05/12 17:07, Carlton Samuels wrote:
>> 
>> Your position condemns ordinary users who are hurt by bad actors to do
>> without the basic information to initiate redress of grievance.
>> Undoubtedly WHOIS information to a class of better informed interlocutors
>> could likely be fruitful.  But information discrimination of the kind
>> suggested against victims of dissolute behaviours adds insult to injury.
>> Count me out.
>> 
>> 
>> A fully open, public WHOIS condemns honest domain name registrants to be
>> hurt by bad actors, like spammers. Being harassed on the phone, and see
>> personal details exposed for all to see.
>> 
>> I have no doubt experts in cybercrime would find the useful clues in the
>> WHOIS.  I am all in favour of giving them access to the information they
>> need, as long as they clearly identify themselves, the work they do and be
>> transparent  who they work for, have a code of conduct, etc.    However, I
>> consider that exposing the private details of millions of honest individual
>> domain name  registrants to chase a few thousand criminals, who would fake
>> their contact details anyway, is disproportionate from a human rights POV.
>> 
>> Note also that other registries, mostly ccTLDs, have privacy policies.
>> Yet, they do not have more issues with counterfeiting and spam than the
>> main gTLDs have.  What is disappointing  is that ICANN  (both the
>> corporation and the community) does not want to question the model they use
>> and learn from best practices developed elsewhere.
>> 
>> Lastly, we should really distinguish between data collection and data
>> display. The current  ICANN WHOIS policy does not. Collecting private
>> details is legitimate.  Displaying them to everyone is not. I doubt there
>> are many countries where one can consult the car registration database or
>> obtain the details of an unlisted phone  number without showing the right
>> credentials to access that data. Why should the domain name database be any
>> different ?
>> 
>> 
>> All aside, I am curious as to the identity of the individual allegedly
>> of outsize influence "who have a business interest in an open-to-anyone
>> WHOIS".
>> 
>> 
>> This is more a gut feeling based on past posts that the result of an
>> investigation. Frankly, I would have absolutely no issue if people made a
>> living in fighting spam, counterfeit goods or generally investigate
>> criminal activities.    As long as this is transparent to the rest of the
>> community.  Indeed, I think Evan's suggestion to publish SOIs is a good
>> starting point.  I have not done so, because I am not in a leadership
>> position, but I would have no issue to do it, if required. Maybe this
>> should be extended to all members of the WGs.
>> 
>> Patrick
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> WHOIS-WG mailing list
>> WHOIS-WG at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
>> 
>> WHOIS WG Wiki:
>> https://community.icann.org/display/atlarge/At-Large+Whois+Policy
>> 
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> 
> At-Large Official Site: http://atlarge.icann.org

More information about the At-Large mailing list