[WHOIS-WG] Deckers vs Does

Derek Smythe derek at aa419.org
Tue Dec 13 18:02:36 UTC 2011 

On 2011/12/13 17:57, Lutz Donnerhacke wrote:
> On Tue, Dec 13, 2011 at 05:39:23PM +0200, Derek Smythe wrote:
>> My point is all things are nicely connected here. Part and parcel of
>> connecting the dots is the WHOIS system and the ability to view whois
>> data.
> 
> That's wrong.
> 
>> So, if there were no WHOIS service as you state, it would be difficult
>> to link many of the websites, probably making any investigation more
>> expensive. This simply shifts costs to innocent parties, with no real
>> chance of relief that can be sought.
> 
> There are other - mostly more accurate and dependable - ways to dig after an
> operator.
> 
> WHOIS is only easy to use, it's neither lawful nor designed to serve such
> requests.

Define lawful? Are you going to use European law, US law, Chinese law,
Russian law, Korean law, Sudanese law ... ? In an international TLD?

As for "designed to serve such requests": A lot of ways used to
investigate something was not necessarily designed for that purpose,
yet has become a valid investigative method nonetheless that will
stand up in a court of law in the correct perspective.

A better question to ask would be to ask if the DNS system was
designed with abuse in mind? Human nature is what it is, likewise
crime. Would you build a munitions factory without locks and security?
No. Yet this is what we see in our legacy "virtual" DNS world used by
real world human beings. It would be extremely naive to expect the
system not to be abused for fraud and like, given half the chance. Yet
we will find a registrar willing to accept $10 and turn a blind eye to
abuse of the DNS system and allow us to register a domain with invalid
details, knowing it will be abused..

If you wish to specify privacy on say .EU domains, fine, as long as
there is a way to rapidly (note choice of word) obtain registration
data if there are valid grounds and mechanisms.

However once we get to the legacy TLD's, international abuse is a
reality while international LE cooperation is slow to follow. That is
also assuming that you can garner LE interest. Even then the loss
would have to be great enough or the issue serious enough to to get
interest from them. Why? Because they simply do not have the manpower
and resources to investigate each and every illegal attempt made at
fraud or whatever using the internet. So what else remains?

That brings us back to the article I pointed out.

We also need to take cognizance of what LE officials are telling us.
If you read the ICANN correspondence, you will find numerous letters
from law enforcement agencies. Take note of their content. We also
need to ask why the .US ccTLD had privacy removed.

The truth, whether we like it or not, it that WHOIS data is used to
investigate internet issues and is a valid part of an investigation.


Derek

More information about the WHOIS-WG mailing list