[At-Large] FW: Withdraw the gun database
karl at cavebear.com
Sun Jan 20 00:53:46 UTC 2013
On 01/19/2013 04:11 PM, Holly Raiche wrote:
> .. The Final Whois Review Team report explicitly recognises the
> tension between legitimate needs to access Whois data and the equally
> legitimate right of individuals to privacy.
You are, of course, absolutely correct that there is a tension. (And I
won't mention those bang-bang machines.)
Being a lawyer I have seen how tensions play out in practice. And it is
rarely as clean-cut as one would like. And apropos the IETF work -
rarely can these things be reduced to machinery that applies an
algorithm without at least some steps involving discretionary human
judgment. Otherwise we have that famous cartoon of a two scientists
standing before a chalk board covered with equations and in the middle a
cloud that says "a miracle occurs".
When searching for ways through this dark forest one generally comes up
with some principles to guide the process. For example are we looking
at choices that are relatively minor in their effects or are choices
that affect fundamental rights of people - such as their right to
petition their governments or to conceive children or practice their
And generally one recognizes that law enforcement has both special
powers - and special responsibilities - that require the application of
other principles, or at least other measures of the weight of competing
I generally take law enforcement out of WHOIS issue because they have
the powers to seek judicially supervised warrants, or given sufficient
probable cause to act without such warrants. In other words law
enforcement, if practiced according to the rules, has a trump card that
it can play to enter WHOIS no matter what. The trouble is that a lot of
law enforcement are too lazy to bother with path of obtaining a warrant,
or are civil administrative bodies that want to dress up as law
enforcement in order to spread their writ to places where they are not
really supposed to go.
So back to that balance - Privacy is a tough thing because it is one of
those sort-of negative things - a right to exclude rather than a right
to do something. As such it becomes hard to find principles to balance.
In a normal balancing act one typically measures the social and
constitutional values of X doing act Y against the social and
constitutional values of Z preventing act Y.
But in privacy we don't get to see what act Y is - because it is
private, and in fact there may not even be an act Y to evaluate.
Kafka gave us a good start on these sorts of things. "The Trial" begins
with a sentence saying (paraphrase from memory) that "Someone had been
asking questions about Joseph K. because one fine morning he was
arrested and taken away."
What Kafka was suggesting is that if somebody is intruding into your
affairs that at least the intruder should identify himself, prove his
identity, should be able to state what unlawful act you are being
accused of, and adduce some concrete evidence to support that accusation.
Those kinds of things make sense as much for those thrown in to
Guantanamo as those whose WHOIS privacy is being penetrated.
One last point - in law there is a concept known as estoppel - it
basically means that if you say one thing on day 1 you can't say the
opposite on day 2. One of the reasons that those who penetrate whois
should be required to assert what rights of theirs are being violated by
the accused domain name owner is that that by remembering those
accusations we can find those who abusively accuse and, if necessary,
hold them to their stories so that they can not make contrary
accusations later or claim that they were unaware.
More information about the At-Large