Re: Re[2]: [ga-sys] the Euro v. Americas issue on privacy plus

[Kent Crispin <kent@songbird.com>]

On Fri, Jun 29, 2001 at 07:20:42PM +0200, Alexander Svensson wrote:
> 
> I agree that the possible domain uses will be greatly affected.
> But this applies to any (ab)use of data.

No, it doesn't.  You are over-generalizing -- not all data has the same
purpose.  And, in the case of the Internet, the difference in purpose is
very important. 

For example:

The physical hardware of telephones is designed so that it is very
difficult for a misbehaving phone to cause problems in the entire 
network.  Therefore, there is little need to be able to contact the owner 
of a particular telephone to seek their aid in fixing a phone.  Moreover, 
the structure of the phone system is such that almost all the maintenance 
is done by a central facility.

This is not the case with the Internet -- a node connected to the
internet can cause many kinds of bad effects remotely, *and* there is no
central authority that can authoritatively deal with problems. 

This model equally applies with equal force to non-technical problems --
the phone by its nature doesn't have many modes for causing legal
problems, and when they do happen, there is a central authority through
which a responsible party can be reached to deal with things.  A
computer, on the other hand, is a very much more capable device than a
phone; when you connect a computer to the Internet a large number of new
ways of interacting with the law become possible, *and* there is no
central authority through which a responsible party can be reached. 

So, despite the superficial similarity, getting a domain name is *not* 
like getting a phone number -- like it or not, getting a domain name 
has far wider social implications than getting a phone number.  When 
you get a domain name for your personal use you must *also* accept 
responsibility for this far broader range of possible effects.

[ inappropriate example deleted ]

> A price for privacy which we have to pay. Is it *absolutely*
> *necessary* *not* to have an opt-out option?

Not at all.  But if you want to opt out of the responsibilities that 
accompany getting a domain name, it is only fair that you pay some 
increased cost to account for your avoidance of responsibility.

> > Domain transfers, for instance, DEPEND on getting whois data to
> > authenticate transfer requests.  Secure certificate authorities depend
> > on whois outputs to verify the proper owner of a domain name and make
> > sure they only issue a cert to the proper owner.
> 
> So you cannot get a certificate at a certain company
> unless you opt-in -- that's fine. Maybe other companies
> will find and use other verification methods to do so
> even for those who opted out, but even if they don't
> it's an improvement (surely not everyone wants a secure
> certificate).

If there were a way to register a "lower capability" domain name that,
for example, could *not* be used to get a certificate, then it might
make sense to make special rules for such domains.  But with the current
state of technology there is no way to distinguish between a domain name
registered to IBM and a domain name registered to a single individual --
all domain names convey the same potential for misuse.  Hence the social 
cost for dealing with abuse tends to get spread among all levels of 
users. 

[...]

> Sure, no limits to imagination. But do you think that hiding
> the contact details for the admin-c makes it impossible
> to stop spammers? Doesn't that also apply to people abusing
> their Hotmail accounts? I assume you don't want to have a Whois
> for all e-mail users! Let's separate information we would *like*
> to have from information we *must* have. I'm not convinced
> mail address, e-mail, phone and fax of registrant/admin-c belong
> in this category.

If you don't want those details visible, then you can contract with 
someone to register the domain for you.  They then become the 
registrant/admin contact.  Your identity is protected; your contract 
with them protects your rights to the domain; they provide the service 
of a legal point of contact for the registrant/admin-contact.  With 
economies of scale such a service could be cheap.

-- 
Kent Crispin                               "Be good, and you will be
kent@songbird.com                           lonesome." -- Mark Twain
--
This message was passed to you via the ga-sys@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-sys" in the body of the message).
Archives at http://www.dnso.org/archives.html