[At-Large] FW: Withdraw the gun database

Holly Raiche h.raiche at internode.on.net
Sun Jan 20 01:05:42 UTC 2013

Hi Karl

You are talking to a lawyer - so not much of what you say is new to me although it may be to others.

For me (and I suspect you), the hard bit will be working out what  amount to legitimate rights to what data - and ensuring that there is a process to ensure that any access that is granted is only done after the bona fides of the access seeker and reasons for access are established.

Yes, LEAs can try to get the data - but when every bit of information provided in the Whois data base is either not there or completely inaccurate, having the right to it is of little help.  What the Whois Final Report did say is that, if people are more confident about having their privacy respected, they will have less reason to provide false information.  At that point, ICANN can and should insist on complete and accurate data being provided.

On 20/01/2013, at 11:53 AM, Karl Auerbach wrote:

> On 01/19/2013 04:11 PM, Holly Raiche wrote:
>> .. The Final Whois Review Team report explicitly recognises the
>> tension between legitimate needs to access Whois data and the equally
>> legitimate right of individuals to privacy.
> You are, of course, absolutely correct that there is a tension.  (And I
> won't mention those bang-bang machines.)
> Being a lawyer I have seen how tensions play out in practice.  And it is
> rarely as clean-cut as one would like.  And apropos the IETF work -
> rarely can these things be reduced to machinery that applies an
> algorithm without at least some steps involving discretionary human
> judgment.  Otherwise we have that famous cartoon of a two scientists
> standing before a chalk board covered with equations and in the middle a
> cloud that says "a miracle occurs".
> When searching for ways through this dark forest one generally comes up
> with some principles to guide the process.  For example are we looking
> at choices that are relatively minor in their effects or are choices
> that affect fundamental rights of people - such as their right to
> petition their governments or to conceive children or practice their
> religious beliefs.
> And generally one recognizes that law enforcement has both special
> powers - and special responsibilities - that require the application of
> other principles, or at least other measures of the weight of competing
> considerations.
> I generally take law enforcement out of WHOIS issue because they have
> the powers to seek judicially supervised warrants, or given sufficient
> probable cause to act without such warrants.  In other words law
> enforcement, if practiced according to the rules, has a trump card that
> it can play to enter WHOIS no matter what.  The trouble is that a lot of
> law enforcement are too lazy to bother with path of obtaining a warrant,
> or are civil administrative bodies that want to dress up as law
> enforcement in order to spread their writ to places where they are not
> really supposed to go.
> So back to that balance - Privacy is a tough thing because it is one of
> those sort-of negative things - a right to exclude rather than a right
> to do something.  As such it becomes hard to find principles to balance.
> In a normal balancing act one typically measures the social and
> constitutional values of X doing act Y against the social and
> constitutional values of Z preventing act Y.
> But in privacy we don't get to see what act Y is - because it is
> private, and in fact there may not even be an act Y to evaluate.
> Kafka gave us a good start on these sorts of things.  "The Trial" begins
> with a sentence saying (paraphrase from memory) that "Someone had been
> asking questions about Joseph K. because one fine morning he was
> arrested and taken away."
> What Kafka was suggesting is that if somebody is intruding into your
> affairs that at least the intruder should identify himself, prove his
> identity, should be able to state what unlawful act you are being
> accused of, and adduce some concrete evidence to support that accusation.
> Those kinds of things make sense as much for those thrown in to
> Guantanamo as those whose WHOIS privacy is being penetrated.
> One last point - in law there is a concept known as estoppel - it
> basically means that if you say one thing on day 1 you can't say the
> opposite on day 2.  One of the reasons that those who penetrate whois
> should be required to assert what rights of theirs are being violated by
> the accused domain name owner is that that by remembering those
> accusations we can find those who abusively accuse and, if necessary,
> hold them to their stories so that they can not make contrary
> accusations later or claim that they were unaware.
> 	--karl--

More information about the At-Large mailing list