[At-Large] Same discussion over again? The recurring WhoIs issue

Evan Leibovitch evan at telly.org
Thu Jan 24 12:22:09 UTC 2013

Thanks for this, Roberto.

I am perfectly happy with this scheme, with a few comments.

   - What protections and mechanisms would exist to ensure that WHOIS data
   remain accurate over time?

   - If you say "this does not mean that a Registrar will be sanctioned if
   an entry is incorrect", then what is the mechanism for enforcing accuracy?
   What happens if a domain (or a large number of domains under a registrar)
   is or becomes wildly inaccurate? If there is no explicit responsibility
   there appears to be no incentive for bad actors to improve.

   - Instead of "vigilanties", I would suggest "private investigators", a
   concept that is already established in some jurisdictions.

On 24 January 2013 04:35, Roberto Gaetano <roberto_gaetano at hotmail.com>wrote:

> I think that over the years I have heard the same discussions, with the
> same
> argumentation, many times.
> I had therefore planned not to reply.
> However, since I have already broken this plan with my previous message, I
> might as well provide my full version (which is not much different from the
> conclusions of the WG).
> First of all, I do not enter in the gun registry issue, because this is a
> local issue, and must be fully on the authority of the local laws.
> Different
> countries (maybe even different States in the US) have different
> legislation, and there is no need for a globally uniform approach. But for
> the Internet, as global resource, things are different, and therefore more
> complicated.
> My approach can be summarized in the following points:
> .         WhoIs data *must* be complete and accurate. There's no point in
> even having a WhoIs if we cannot rely on its content
> .         The entity that accepts the registration (generally it will be
> the
> Registrar or the resellers that act anyway under the authority of the
> Registrar) are responsible for completeness and accuracy of data. Of
> course,
> this is an additional burden on Registrars, but if it is enforced in the
> whole system it will not cause competitive advantage by some.
> .         ICANN must have the authority (and the means) of enforcing the
> completeness and correctness of the data. This does not mean that a
> Registrar will be sanctioned if an entry is incorrect, it means that
> procedures have to be defined to deal with these cases. We have to
> understand that data can be complete and accurate at the creation, but
> might
> become inaccurate in time.
> .         WhoIs information will be of two types: public and restricted. We
> can even think of using the experience of social networks to define what is
> public and what not, for instance we can allow a nickname to be public and
> the real name being hidden, if the result of the PDP is going in this
> direction.
> .         Information on organization and individuals are not necessarily
> the same. In particular, the public and private part might differ. Of
> course, in some jurisdiction it is OK to have a completely fake
> organization, but this is a problem that we cannot solve as it impacts
> local
> legislation. I assume that those "fake" organizations will be clustered
> among a small subset of Registrars, and since the Registrar is known...
> .         LEAs have full access to Registrant's data. ICANN maintains a
> list
> of the organizations that have full access (it can be slightly wider than
> LEAs themselves, it will include probably ICANN itself, the Registries, the
> RIR, and others. GAC will have access to the list and has the authority to
> determine whether an organization operating in the country they represent
> is
> authorized or not. International LEAs, like Europol and Interpol, are a
> limited number anyway.
> .         Local organizations like vigilantes can get the right to access
> data if they are recognized and authorized by a LEA. The LEA is fully
> responsible for the actions of the entities to whom they have delegated
> authority, as well of keeping complete and accurate data of them. ICANN, in
> particular the compliance department, has full access to the complete data
> of these organizations that act under LEAs' authority. These data are
> otherwise restricted (unless the organization itself wants to make them, or
> part thereof, public).
> .         A private citizen will have access only to the public part of the
> WhoIs data. To access the restricted part, he/she must do so via a LEA or
> authorized vigilante (I am using this term for lack of a better term). I am
> working under the assumption that there will be organizazions, like
> SpamHaus, who will be accessible by private citizen to perform requests in
> their behalf and that will be more responsive than the official LEAs.
> Of course, there are problems. For instance, privacy is not fully
> guaranteed. We have the potential case of refugees from a regime whose data
> can be detected by a LEA operating under that very regime. However, I
> believe that we cannot solve this problem because it would never be
> acceptable that a LEA, by its very nature, cannot access the WhoIs data. We
> have to think about other means to exert the right of free speech in a way
> that does not necessarily implies the registration of a domain name. I am
> sure that in the world there exist already so many cases of fighters for
> freedom who have obtained substantial results without registering domain
> names.
> I know I am not making friends here, but I have the right to free speech as
> well. The consequence is that I have to be ready to accept flames.
> Cheers,
> Roberto
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> At-Large Official Site: http://atlarge.icann.org

Evan Leibovitch
Toronto Canada

Em: evan at telly dot org
Sk: evanleibovitch
Tw: el56

More information about the At-Large mailing list