[At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers

Karl Auerbach karl at cavebear.com
Fri Aug 23 22:15:50 UTC 2019

Let's not let the word "property" or "ownership" color this discussion - 
those words tend to drag-in a lot of preconceived notions.

In law (at least in the US) there really is no such thing as 
"ownership".  Rather various people (and governments, and other legally 
recognized entities such as corporations) may have various (and often 
overlapping) kinds of rights and duties with respect to a thing.  We 
generally accord the word "owner" to whoever/whatever has the biggest 
collection of those rights/duties.

Your concept of ICANN "owning" all domain names is interesting, however, 
because there can be multiple domain name systems, that would require a 
context such as "all domain names registered under such-and-such root 
zone file".   Moreover, usually such a vast grant of ownership tends to 
require a governmental level of delegation - the days of Conquistadors 
planting flags are largely in our past.  ;-)

Given ICANN's history of kow-towing to certain industrial/governmental 
interests would we really want to accord this additional level of authority?

Moving on...

I find it better to consider the rights/duties surrounding domain names 
as contractual rights/duties.  That tends to remove any lingering 
preconceptions that come from words like "property".

ICANN as it is presently established does operate on the basis of 
contract rights and duties.  (What is typically missing in the world of 
ICANN is the concept of "third party beneficiary" rights, which is the 
legal notion that a person - an intended or explicity beneficiary of the 
contract - but who is outside the contractual relationship may have the 
power to enforce terms of that contract.)

Getting back to whois...

I would assert that the data mining of whois has been a source of abuse 
of domain name registrants to at least the same degree, and perhaps a 
greater degree, than any asserted abuse by spammers. Virtually every 
person I know who has domain names has become the subject of a the 
hurricane of scam phone calls and emails originating from whois mined 
contact information.  And that hurricane does not stop - I'm still 
getting stuff that is based on whois information that became obsolete 
30+ years ago.  A large number of people have turned off their 
telephones - a fact that recognizes that ill-minded people are modern 
day Vandals who are undermining our modern culture as much as the elder 
Vandals undermined Classical Rome.

You raise the scenario of a person having to pay money to report a 
crime.  It is true that there is no $$ fee for that, but there are laws 
that make false reports a crime - make a false report and you could end 
up in jail yourself.

There is no friction, no penalty, no nothing against anonymously 
perusing whois and redistributing that information.  There are sometimes 
some notices of dubious legal applicability and enforceability.  But 
when was the last time you read about a whois data miner going to jail 
or suffering a penalty?

There's a balance to be made here.  However the status quo is anything 
but a balance.  The access to whois is free and easy, without penalty, 
cost, or friction; it can be made anonymously on a whim or mere 
curiosity - or as part of a mechanized data scraping operation.  On the 
other side there is a violation of privacy, without prior-notice that 
the privacy will be violated, note of who violated that privacy, or what 
accusation, if any, is being made to justify that intrusion.

Is if no wonder that registry privacy services are so popular?


More information about the At-Large mailing list