[At-Large] [WHOIS-WG] Fwd: WHOIS Policy Review Team Final Report

Avri Doria avri at acm.org
Thu May 17 07:19:38 UTC 2012

Somehow I expected this reply.

First many people do require registration to get a place that allows them to speak.

Second, even when a site is provided for others, keeping that site up requires protection from repressive regimes.

Third, who are you to determine what people need?

Fourth, I expect you will tell me next that people can use Google Facebook etc. Other than not wishing to become a shill for google et al; one can't count on those services for privacy; when they want the business of a regime they will give all the information the regime asks for. Often the only option is one's own registration and hosting service in a third country.

You claim to speak for the world's users, but you do so from the safety of a relatively . please don't assume that the conditions that prevail for you have any relation to the rest of the world.

I know registrants are not the only users, but they are indeed users. Don't sacrifice them on the altar of rich comfortable country consumerism.


Evan Leibovitch <evan at telly.org> wrote:

>On 17 May 2012 01:02, Avri Doria <avri at acm.org> wrote:
>> Most of us come from countries where the state is a relatively good
>> and is not like to show up at our houses in the middle of the night
>> torture us for the things we have said on our web/blog sites.
>>  Unfortuantely far too many people come from states where whois
>> freely avaialble on the net can cost them and their families their
>> being or their lives.[...]
>This logic demands the unfounded and erroneous assumption that one
>a first- or second-level ICANN-authorized domain in order to speak on
>Most end users -- including those who wish to use the Internet to buy,
>sell, speak, listen, write or read -- will never need to buy domain to
>accomplish their objectives. I understand that there are many in ICANN
>including some on this list with vested interests -- who see every
>end-user as a potential registrant. (This, of course, helps to explain
>difficulty within ICANN of distinguishing consumers from end users,
>every end user is considered a potential "consumer" of domain names.)
>Not everyone shares the view that this approach is universally
>let alone necessary, for anyone outside the domain industry.
>in my day job -- the one that has nothing to do with Internet
>and keeps me grounded outside this bubble -- I work with academic
>in refugee research. This role brings me in frequent contact with
>who have stories to tell, but who would be in substantial danger (along
>with their families) should these stories could be traced to them. We
>other places) do quite well telling those stories while protecting
>identities. (NB: the strategy does NOT require giving every refugee --
>even every refugee camp -- their own domain name.)
>So I don't need to be lectured on using the Internet to provide free
>speech;  I can assert with some real-life experience -- as opposed to
>debating logic -- that the DNS need not play *any* special role in
>providing or protecting sensitive and dangerous speech on the Internet.
>The abuse of WHOIS for protection of criminals is real. The rationale
>favour of maintaining abuse of WHOIS as *necessary* to protect
>speech is theoretical and  provably wrong.
>- Evan
>> So when a registration is in a country other than their own, not only
>> should their information not be served up on a platter to abusive law
>> enforcement, it should not be easily available without proper due
>> with all opportunity provided to protect the users who see the
>Internet as
>> their tool for achiving freedom.  It is all well and good to protect
>> consumers from fraud, but this must not be done at the expense of
>> fighting for freedom to either be who they are, e.g. gay registrants
>> live in countries that imprison the gay, or those fighting the
>freedom to
>> speak to power.
>> I know will will quickly rejoin that one does NEED a domina name to
>> to power or to blog about freedom, but many feel they do, and who are
>> to say that this is not the case.  I think that when At-Large thinks
>> protecting users it must think not only of the user whose major
>threat is
>> fraud, but must also think s of users living under repressive
>> Protecting users does not mean only protecting consumers. The public
>> interest of the user is not identical to the public interst of the
>> avri
>> Antony Van Couvering <avc at avc.vc> wrote:
>> >Dear Carlton,
>> >
>> >While I agree that in general it is unwise, and often unfair, to
>> >speculate on the motives of participants, I do think several of
>> >Patrick's points are quite valid - an open Whois is a gold mine for
>> >spammers, salespeople, and identity thieves, particularly when the
>> >information is verified/correct.
>> >
>> >Did the review team look at the relative harm, and likelihood of
>> >to consumers from spamming vs. the benefits gained by making things
>> >easier for law enforcement?
>> >
>> >Also, did it consider the difference between correct information and
>> >the public display of correct information?  One undeniable benefit
>> >not publicly displaying private information (e.g., address, phone
>> >number) is that people are far more likely to provide correct
>> >information if they're not worried about stalkers and thieves
>> >up at their house, or salesmen calling them during dinner.  If law
>> >enforcement has a reason to view private information, then it could
>> >provided to them.   I think very few people would object to that.
>> >
>> >One very important element of compliance is to get buy-in from the
>> >affected parties.  Everything we know about consumers is that they
>> >don't like putting their private information out on the Internet for
>> >everyone to see.   The wave of protests over information sharing by
>> >Facebook is a good example of this.
>> >
>> >My personal view is that if the parties were serious about coming to
>> >workable solution, they would examine options like this, and they
>> >wouldn't poo-poo other sides' objections.  For instance, registrars
>> >should not, as they sometimes have, contend that law enforcement has
>> >need for quick access to information.  The other side should not
>> >dismiss as worthy of consideration the very substantial cost to
>> >verifying information, both directly and in terms of retooling
>> >particularly when these costs *will* get passed along to the
>> >This last consideration is not just about domain name registrants --
>> >many registrars are also web hosting and email providers, and they
>> >be more likely to pass along their costs in one of these (or other)
>> >areas rather than just raise the price of domain names.
>> >
>> >I would hope that the At Large community could help facilitate a
>> >solution that answers to the needs of the affected parties,
>> >consumers, rather than provide a blanket endorsement to a plan that,
>> >while it may be on point with its criticisms of ICANN, will not in
>> >opinion lead to a workable solution.  It is more likely, if enacted,
>> >lead to court battles, leaving consumers to deal with a broken
>> >in the meantime.
>> >
>> >With best regards,
>> >
>> >Antony
>> >
>> >On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
>> >
>> >> Patrick:
>> >> I would still like to know who your gut tells is the Svengali
>> >directing
>> >> ALAC positions on the WHOIS issue.
>> >>
>> >> For the record, my SOI is and remains public information; no
>> >conflicts.
>> >> What I find personally irritating is the notion you espouse that
>> >> myself, could be 'directed' to a position!
>> >>
>> >> It is galling because if this was the case, I would have  wasted
>> >> literally hundreds of hours I've spent reading and cross-checking
>> >> documents/sources to shape a position!
>> >>
>> >> With respect, you might wish to review this business of taking
>> >gut as
>> >> bellewether to a blood libel.  Not good.
>> >>
>> >> Best,
>> >> - Carlton
>> >>
>> >> ==============================
>> >> Carlton A Samuels
>> >> Mobile: 876-818-1799
>> >> *Strategy, Planning, Governance, Assessment & Turnaround*
>> >> =============================
>> >>
>> >>
>> >> On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle
>> ><patrick at vande-walle.eu
>> >>> wrote:
>> >>
>> >>> On 15/05/12 17:07, Carlton Samuels wrote:
>> >>>
>> >>> Your position condemns ordinary users who are hurt by bad actors
>> >do
>> >>> without the basic information to initiate redress of grievance.
>> >>> Undoubtedly WHOIS information to a class of better informed
>> >interlocutors
>> >>> could likely be fruitful.  But information discrimination of the
>> >kind
>> >>> suggested against victims of dissolute behaviours adds insult to
>> >injury.
>> >>> Count me out.
>> >>>
>> >>>
>> >>> A fully open, public WHOIS condemns honest domain name
>> >to be
>> >>> hurt by bad actors, like spammers. Being harassed on the phone,
>> >see
>> >>> personal details exposed for all to see.
>> >>>
>> >>> I have no doubt experts in cybercrime would find the useful clues
>> >the
>> >>> WHOIS.  I am all in favour of giving them access to the
>> >they
>> >>> need, as long as they clearly identify themselves, the work they
>> >and be
>> >>> transparent  who they work for, have a code of conduct, etc.
>> >However, I
>> >>> consider that exposing the private details of millions of honest
>> >individual
>> >>> domain name  registrants to chase a few thousand criminals, who
>> >would fake
>> >>> their contact details anyway, is disproportionate from a human
>> >rights POV.
>> >>>
>> >>> Note also that other registries, mostly ccTLDs, have privacy
>> >policies.
>> >>> Yet, they do not have more issues with counterfeiting and spam
>> >the
>> >>> main gTLDs have.  What is disappointing  is that ICANN  (both the
>> >>> corporation and the community) does not want to question the
>> >they use
>> >>> and learn from best practices developed elsewhere.
>> >>>
>> >>> Lastly, we should really distinguish between data collection and
>> >data
>> >>> display. The current  ICANN WHOIS policy does not. Collecting
>> >private
>> >>> details is legitimate.  Displaying them to everyone is not. I
>> >there
>> >>> are many countries where one can consult the car registration
>> >database or
>> >>> obtain the details of an unlisted phone  number without showing
>> >right
>> >>> credentials to access that data. Why should the domain name
>> >be any
>> >>> different ?
>> >>>
>> >>>
>> >>> All aside, I am curious as to the identity of the individual
>> >allegedly
>> >>> of outsize influence "who have a business interest in an
>> >open-to-anyone
>> >>> WHOIS".
>> >>>
>> >>>
>> >>> This is more a gut feeling based on past posts that the result of
>> >>> investigation. Frankly, I would have absolutely no issue if
>> >made a
>> >>> living in fighting spam, counterfeit goods or generally
>> >>> criminal activities.    As long as this is transparent to the
>> >of the
>> >>> community.  Indeed, I think Evan's suggestion to publish SOIs is
>> >good
>> >>> starting point.  I have not done so, because I am not in a
>> >leadership
>> >>> position, but I would have no issue to do it, if required. Maybe
>> >this
>> >>> should be extended to all members of the WGs.
>> >>>
>> >>> Patrick
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> WHOIS-WG mailing list
>> >>> WHOIS-WG at atlarge-lists.icann.org
>> >>> https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
>> >>>
>> >>> WHOIS WG Wiki:
>> >>> https://community.icann.org/display/atlarge/At-Large+Whois+Policy
>> >>>
>> >> _______________________________________________
>> >> At-Large mailing list
>> >> At-Large at atlarge-lists.icann.org
>> >> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> >>
>> >> At-Large Official Site: http://atlarge.icann.org
>> >
>> >
>> >_______________________________________________
>> >At-Large mailing list
>> >At-Large at atlarge-lists.icann.org
>> >https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> >
>> >At-Large Official Site: http://atlarge.icann.org
>> _______________________________________________
>> At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> At-Large Official Site: http://atlarge.icann.org
>Evan Leibovitch
>Toronto Canada
>Em: evan at telly dot org
>Sk: evanleibovitch
>Tw: el56
>At-Large mailing list
>At-Large at atlarge-lists.icann.org
>At-Large Official Site: http://atlarge.icann.org

More information about the At-Large mailing list