[At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers

Jonathan Zuck JZuck at innovatorsnetwork.org
Sat Aug 24 04:05:21 UTC 2019

Of course thus is all different under gdpr so hardly worth the discussion

Jonathan Zuck
Executive Director
Innovators Network Foundation

From: At-Large <at-large-bounces at atlarge-lists.icann.org> on behalf of Karl Auerbach <karl at cavebear.com>
Sent: Friday, August 23, 2019 6:15:50 PM
To: Evan Leibovitch <evan at telly.org>
Cc: ICANN At-Large list <at-large at atlarge-lists.icann.org>
Subject: Re: [At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers

Let's not let the word "property" or "ownership" color this discussion -
those words tend to drag-in a lot of preconceived notions.

In law (at least in the US) there really is no such thing as
"ownership".  Rather various people (and governments, and other legally
recognized entities such as corporations) may have various (and often
overlapping) kinds of rights and duties with respect to a thing.  We
generally accord the word "owner" to whoever/whatever has the biggest
collection of those rights/duties.

Your concept of ICANN "owning" all domain names is interesting, however,
because there can be multiple domain name systems, that would require a
context such as "all domain names registered under such-and-such root
zone file".   Moreover, usually such a vast grant of ownership tends to
require a governmental level of delegation - the days of Conquistadors
planting flags are largely in our past.  ;-)

Given ICANN's history of kow-towing to certain industrial/governmental
interests would we really want to accord this additional level of authority?

Moving on...

I find it better to consider the rights/duties surrounding domain names
as contractual rights/duties.  That tends to remove any lingering
preconceptions that come from words like "property".

ICANN as it is presently established does operate on the basis of
contract rights and duties.  (What is typically missing in the world of
ICANN is the concept of "third party beneficiary" rights, which is the
legal notion that a person - an intended or explicity beneficiary of the
contract - but who is outside the contractual relationship may have the
power to enforce terms of that contract.)

Getting back to whois...

I would assert that the data mining of whois has been a source of abuse
of domain name registrants to at least the same degree, and perhaps a
greater degree, than any asserted abuse by spammers. Virtually every
person I know who has domain names has become the subject of a the
hurricane of scam phone calls and emails originating from whois mined
contact information.  And that hurricane does not stop - I'm still
getting stuff that is based on whois information that became obsolete
30+ years ago.  A large number of people have turned off their
telephones - a fact that recognizes that ill-minded people are modern
day Vandals who are undermining our modern culture as much as the elder
Vandals undermined Classical Rome.

You raise the scenario of a person having to pay money to report a
crime.  It is true that there is no $$ fee for that, but there are laws
that make false reports a crime - make a false report and you could end
up in jail yourself.

There is no friction, no penalty, no nothing against anonymously
perusing whois and redistributing that information.  There are sometimes
some notices of dubious legal applicability and enforceability.  But
when was the last time you read about a whois data miner going to jail
or suffering a penalty?

There's a balance to be made here.  However the status quo is anything
but a balance.  The access to whois is free and easy, without penalty,
cost, or friction; it can be made anonymously on a whim or mere
curiosity - or as part of a mechanized data scraping operation.  On the
other side there is a violation of privacy, without prior-notice that
the privacy will be violated, note of who violated that privacy, or what
accusation, if any, is being made to justify that intrusion.

Is if no wonder that registry privacy services are so popular?


At-Large mailing list
At-Large at atlarge-lists.icann.org

At-Large Official Site: http://atlarge.icann.org
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/at-large/attachments/20190824/0799b2be/attachment-0001.html>

More information about the At-Large mailing list