[At-Large] [WHOIS-WG] Fwd: WHOIS Policy Review Team Final Report

Avri Doria avri at acm.org
Thu May 17 05:02:50 UTC 2012


On additonal ppoint I would like to add.

Most of us come from countries where the state is a relatively good actor and is not like to show up at our houses in the middle of the night to torture us for the things we have said on our web/blog sites.  Unfortuantely far too many people come from states where whois information freely avaialble on the net can cost them and their families their well being or their lives.

So when a registration is in a country other than their own, not only should their information not be served up on a platter to abusive law enforcement, it should not be easily available without proper due process, with all opportunity provided to protect the users who see the Internet as their tool for achiving freedom.  It is all well and good to protect consumers from fraud, but this must not be done at the expense of those fighting for freedom to either be who they are, e.g. gay registrants who live in countries that imprison the gay, or those fighting the freedom to speak to power.

I know will will quickly rejoin that one does NEED a domina name to speak to power or to blog about freedom, but many feel they do, and who are wee to say that this is not the case.  I think that when At-Large thinks about protecting users it must think not only of the user whose major threat is fraud, but must also think s of users living under repressive regimes.

Protecting users does not mean only protecting consumers. The public interest of the user is not identical to the public interst of the consumer.


Antony Van Couvering <avc at avc.vc> wrote:

>Dear Carlton,
>While I agree that in general it is unwise, and often unfair, to
>speculate on the motives of participants, I do think several of
>Patrick's points are quite valid - an open Whois is a gold mine for
>spammers, salespeople, and identity thieves, particularly when the
>information is verified/correct. 
>Did the review team look at the relative harm, and likelihood of harm,
>to consumers from spamming vs. the benefits gained by making things
>easier for law enforcement?  
>Also, did it consider the difference between correct information and
>the public display of correct information?  One undeniable benefit of
>not publicly displaying private information (e.g., address, phone
>number) is that people are far more likely to provide correct
>information if they're not worried about stalkers and thieves showing
>up at their house, or salesmen calling them during dinner.  If law
>enforcement has a reason to view private information, then it could be
>provided to them.   I think very few people would object to that. 
>One very important element of compliance is to get buy-in from the
>affected parties.  Everything we know about consumers is that they
>don't like putting their private information out on the Internet for
>everyone to see.   The wave of protests over information sharing by
>Facebook is a good example of this. 
>My personal view is that if the parties were serious about coming to a
>workable solution, they would examine options like this, and they
>wouldn't poo-poo other sides' objections.  For instance, registrars
>should not, as they sometimes have, contend that law enforcement has no
>need for quick access to information.  The other side should not
>dismiss as worthy of consideration the very substantial cost to
>verifying information, both directly and in terms of retooling systems,
>particularly when these costs *will* get passed along to the consumers.
>This last consideration is not just about domain name registrants --
>many registrars are also web hosting and email providers, and they may
>be more likely to pass along their costs in one of these (or other)
>areas rather than just raise the price of domain names.
>I would hope that the At Large community could help facilitate a
>solution that answers to the needs of the affected parties, including
>consumers, rather than provide a blanket endorsement to a plan that,
>while it may be on point with its criticisms of ICANN, will not in my
>opinion lead to a workable solution.  It is more likely, if enacted, to
>lead to court battles, leaving consumers to deal with a broken system
>in the meantime.  
>With best regards,
>On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
>> Patrick:
>> I would still like to know who your gut tells is the Svengali
>> ALAC positions on the WHOIS issue.
>> For the record, my SOI is and remains public information; no
>> What I find personally irritating is the notion you espouse that I,
>> myself, could be 'directed' to a position!
>> It is galling because if this was the case, I would have  wasted the
>> literally hundreds of hours I've spent reading and cross-checking
>> documents/sources to shape a position!
>> With respect, you might wish to review this business of taking your
>gut as
>> bellewether to a blood libel.  Not good.
>> Best,
>> - Carlton
>> ==============================
>> Carlton A Samuels
>> Mobile: 876-818-1799
>> *Strategy, Planning, Governance, Assessment & Turnaround*
>> =============================
>> On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle
><patrick at vande-walle.eu
>>> wrote:
>>> On 15/05/12 17:07, Carlton Samuels wrote:
>>> Your position condemns ordinary users who are hurt by bad actors to
>>> without the basic information to initiate redress of grievance.
>>> Undoubtedly WHOIS information to a class of better informed
>>> could likely be fruitful.  But information discrimination of the
>>> suggested against victims of dissolute behaviours adds insult to
>>> Count me out.
>>> A fully open, public WHOIS condemns honest domain name registrants
>to be
>>> hurt by bad actors, like spammers. Being harassed on the phone, and
>>> personal details exposed for all to see.
>>> I have no doubt experts in cybercrime would find the useful clues in
>>> WHOIS.  I am all in favour of giving them access to the information
>>> need, as long as they clearly identify themselves, the work they do
>and be
>>> transparent  who they work for, have a code of conduct, etc.   
>However, I
>>> consider that exposing the private details of millions of honest
>>> domain name  registrants to chase a few thousand criminals, who
>would fake
>>> their contact details anyway, is disproportionate from a human
>rights POV.
>>> Note also that other registries, mostly ccTLDs, have privacy
>>> Yet, they do not have more issues with counterfeiting and spam than
>>> main gTLDs have.  What is disappointing  is that ICANN  (both the
>>> corporation and the community) does not want to question the model
>they use
>>> and learn from best practices developed elsewhere.
>>> Lastly, we should really distinguish between data collection and
>>> display. The current  ICANN WHOIS policy does not. Collecting
>>> details is legitimate.  Displaying them to everyone is not. I doubt
>>> are many countries where one can consult the car registration
>database or
>>> obtain the details of an unlisted phone  number without showing the
>>> credentials to access that data. Why should the domain name database
>be any
>>> different ?
>>> All aside, I am curious as to the identity of the individual
>>> of outsize influence "who have a business interest in an
>>> WHOIS".
>>> This is more a gut feeling based on past posts that the result of an
>>> investigation. Frankly, I would have absolutely no issue if people
>made a
>>> living in fighting spam, counterfeit goods or generally investigate
>>> criminal activities.    As long as this is transparent to the rest
>of the
>>> community.  Indeed, I think Evan's suggestion to publish SOIs is a
>>> starting point.  I have not done so, because I am not in a
>>> position, but I would have no issue to do it, if required. Maybe
>>> should be extended to all members of the WGs.
>>> Patrick
>>> _______________________________________________
>>> WHOIS-WG mailing list
>>> WHOIS-WG at atlarge-lists.icann.org
>>> https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
>>> WHOIS WG Wiki:
>>> https://community.icann.org/display/atlarge/At-Large+Whois+Policy
>> _______________________________________________
>> At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> At-Large Official Site: http://atlarge.icann.org
>At-Large mailing list
>At-Large at atlarge-lists.icann.org
>At-Large Official Site: http://atlarge.icann.org

More information about the At-Large mailing list