Re: [ga] Re: [atlarge-discuss] Re: [nc-transfer] Re: [ncdnhc-discuss] WLS proposal

[Don Brown <donbrown_l@inetconcepts.net>]

         "especially true where it involves family members and most
         especially children.  How many murders will it take?  How many were
         r killed before there were stalking laws?

         Publishing identifying information, whether people like it or not, is
         .  It's bad enough that for a price, one can obtain just about
         anything.  We don't have to make it easy."

I don't think that we disagree, that there is a problem,  I do think,
however, that we disagree on the extent of the problem and the methods
to rectify it.

Frankly, I do not advocate, taking any freedoms (including inspecting
the WhoIs database) away from anyone.  On that point, I don't foresee
that we'll see eye to eye.

It is time, I think, to kill this thread.  There is no agreement in
the cards, as I see it . . . . .

Thanks, Lisa,

Thanks,


Tuesday, June 18, 2002, 9:42:17 PM, L. Gallegos <jandl@jandl.com> wrote:


LG> On 18 Jun 2002, at 20:50, Don Brown wrote:

>> I certainly emphasize with your concerns. However, sometimes we have a
>> tendency to go gunning for an isolated, but notorious, incident more
>> zealously, due to its notoriety or shock value.  Perhaps, sometimes we gun
>> for mosquitos with a double barrel shotgun, because we are closer to the
>> mosquito bite than anyone else.  That's understandable.
>> 
>> I don't profess to know the total answer, but I recognize the problem
>> from a larger scope, I think.
>> 
>> As long as there is fraud, spammers and other pests on the Internet,
>> the WhoIs information will continue to be a tool that ISP's use to
>> "attempt" to stop them. We use the WhoIs all the time to identify the
>> source of Spammers. We use the WhoIs to help verify credit card
>> charges and to prove that a business, which is applying for a Merchant
>> Account, is the legitimate registrant of the domain name represented by the
>> pages we print and "fax" to the potential acquiring Bank.

LG> If a privacy bureau is used correctly, you would have no problem 
LG> contacting the registrant for the information and permission for access to 
LG> his/her records for that verification.  You just mail to 
LG> <account@privacybureau.TLD> and the mail goes to the registrant. OTOH, 
LG> there are other ways to verify information for bank cards and Merchant 
LG> Accounts.

LG> Once again, most spam uses forged headers, so the whois does not help much 
LG> since it is not the domain holder doing the spamming.  You would have to 
LG> go to the IP address and find the source of the spam to have any luck.  If 
LG> it is, in fact, the domain name holder, contacting the ISP would have the 
LG> same effect in stopping the spammer or block the IP address from which it 
LG> came, which is the method I use most if I don't receive a response from 
LG> the ISP.

LG> As an ISP, if you have a spammer and you know it is one of your users, you 
LG> already have his information and can stop him.  You still don't need the 
LG> public whois.

>> 
>> If WhoIs goes totally anonymous, I think the first folks to jump at
>> it will be the nefarious ones who use us and abuse us all the time.
>> They do their own brand of stalking by trying to relay mail off of our
>> servers, using fraudulent cards to sign up for our services and attacking
>> us with Ping floods and other methods of trying to bring our network to its
>> knees.

LG> Again, there are methods for obtaining verification without having a 
LG> public whois published.  I don't think ping floods will be stopped by 
LG> publishing the whois personal identifying information.  All you need is 
LG> the IP address of the offender.  NIDS does wonders for tracking attacks 
LG> and mail relay attempts.  If it comes to a lawsuit, a court order will 
LG> always release the information.  It is not in limbo, just not published 
LG> for the world to see.

>> 
>> Personally, I have an unlisted telephone number at home and I pay the
>> telephone company extra for that.  My motivation is to not have sales
>> people or get rich quick screamers call me at home.  I already get
>> that at work.  On the flip side of that, our neighborhood has a
>> neighborhood watch program and our address and telephone number is
>> listed in that directory.

LG> My business is in my home and I had to publish my unlisted number in the 
LG> whois.  Now I seldom answer that phone because of all the crank calls.  I 
LG> have another line that is not published anywhere.  So if you were to call 
LG> the number that is now public information, you would get a voice mail 
LG> announcement.  My business associates and friends have other numbers at 
LG> which to reach me.  So what good is the whois to you?  Most of the numbers 
LG> I've called from the whois are voice mail or pager numbers.  I just feel 
LG> for those who cannot manage the cost of all the different phone lines, 
LG> pagers, cellphones, etc.  We in the US are pretty spoiled in that regard. 

>> 
>> I don't know the total solution to the WhoIs information.  I do know
>> that from a business standpoint, making most information anonymous
>> will certainly help the bad guys.  John Gotti would have liked to have been
>> the anonymous Don rather than the Teflon Don.  Given the latter, he would
>> have enjoyed much better country club golf.

LG> I don't think that would be the case at all.  Just because the information 
LG> is not pubslished, does not mean it is not available to those with 
LG> legitimate reasons to obtain it (with the registrant's permission, of 
LG> course or a court order).  As for the Gotti's of the world, had it not 
LG> been for informants, no whois would have had any effect on his conviction. 
LG>  That was probably not the best analogy, IMO.
   
>> 
>> I don't know that there is a right or wrong answer to this debate.
>> We do, however, need to blend the practicality with the risk
>> management of it somehow.

LG> As I said, the risk management is the privacy bureau concept.  The 
LG> registrant is only protected from having personal inforamtion published on 
LG> the internet.  He can still be reached and information released under 
LG> specific circumstances.  We are not talking about complete anonymity, but 
LG> protection of privacy.  It simply becomes an Opt-IN situation rather than 
LG> an opt-out and the public cannot simply grab personal information without 
LG> the person's permission.

LG> I am inundated enough with trash contacts and take extra steps to protect 
LG> my and my family's privacy now.  Also, FYI, most people who are stalked do 
LG> not make it public information either.  Doing so makes the situation 
LG> worse, as it encourages more of the same.  Because my testimony at 
LG> Congress stated that I was stalked, it is known.  Prior to that, I did not 
LG> make it public knowledge.  In addtion, every time it has been brought up 
LG> publicly, I pay an additional price in crackpot email and calls.  I would 
LG> tend to believe that there are many more cases like mine and that for the 
LG> same reasons that I have not made a public case of it, they have not 
LG> either.  This is especially true where it involves family members and most 
LG> especially children.  How many murders will it take?  How many were 
LG> injured or killed before there were stalking laws?  

LG> Publishing identifying information, whether people like it or not, is 
LG> dangerous.  It's bad enough that for a price, one can obtain just about 
LG> anything.  We don't have to make it easy.

LG> Regards,

LG> Leah

>> 
>> Thanks,
>> 
>> 
>> Tuesday, June 18, 2002, 12:12:38 PM, Jeff Williams <jwkckid1@ix.netcom.com>
>> wrote: JW> Barbara all assembly members, stakeholders or interested
>> parties,
>> 
>> JW>   INEGroup wholeheartedly and strongly agrees with Barbara's comments
>> JW> below.  Indeed it is not necessary for a registrants personal and
>> private JW> information such as home address and phone number to be listed
>> in Whois JW> data for their domain name.  In fact to do so is s severe
>> security risk JW> to that individual and a potential hindrance to law
>> enforcement in this JW> unfortunate age of cyber terrorism.  Law
>> enforcement agencies, such JW> as the FBI, CIA, NSA, or military
>> intelligence do not need to be JW> chasing false leads due to some
>> prankster using Whois data to JW> create false leads or false information
>> fraudulently using someone's JW> registration information of a Domain Name
>> that would include JW> their personal physical address or personal Phone
>> Number. JW> To make such information necessary as part of the registration
>> JW> of a Domain name is simply stupid and unnecessarily harmful, as JW>
>> well as partly counter productive..
>> 
>> JW> Barbara Simons wrote:
>> 
>> >> If you are opposed to spammers, then I would think that you would be
>> >> really upset with the whois database, which is a rich resource indeed
>> >> for spammers.
>> >>
>> >> Information about where I live has nothing to do with openness or the
>> >> lack thereof.  I am quite happy to have my email address made available
>> >> (but not to spammers - I wish).  But surely you would not accuse me of a
>> >> lack of openness if I were to refuse to provide my home address to the
>> >> world in order to obtain my own domain name.  (It is entirely
>> >> reasonable, by contrast, to require that I provide an accurate technical
>> >> contact).
>> >>
>> >> I have no idea how many children have their own domain names, but there
>> >> are obviously quite a few.  You might want to check out Chris Van Allen,
>> >> whose dad gave him the domain name pokey.org several years ago.  Chris
>> >> became somewhat famous when he was sent a cease and desist order by the
>> >> Prema Toy Co., the company that manufactures Gumby.  You can read about
>> >> Chris' adventures at www.pokey.org.
>> >>
>> >> To state the obvious, if a child has a website that has been purchased
>> >> by that child's parent, and if the parent is required to provide his or
>> >> her home address, most folks will be able to infer the address of the
>> >> child.
>> >>
>> >> Many parents seem to believe that information about their children
>> >> should not be posted for anyone in the world to view.  Many adults feel
>> >> the same about their own information.
>> >>
>> >> You might have made a similar argument about drivers' license records
>> >> being held by the California Dept of Motor Vehicles.  That information
>> >> was open, and as a result a young women's home address was located by a
>> >> stalker, and she was murdered.  I have heard about a woman who was
>> >> stalked based on her whois information, but I'm afraid I can't give you
>> >> a reference for that. Maybe someone else on one of these lists can.
>> >>
>> >> As far as political speech goes, I'm sure you are aware of countries and
>> >> times during which criticism of one's government can be life
>> >> threatening. And you don't have to go outside the US to find multiple
>> >> examples of abuses and harassment of law abiding citizens by some law
>> >> enforcement agencies.  If you have not been following the most recent
>> >> revelations about the FBI and its obsession with UC Berkeley, the Free
>> >> Speech Movement, and Clark Kerr, the then President of the University of
>> >> California, I shall be happy to forward to you a very detailed set of
>> >> articles published a couple of weeks ago in the San Francisco Chronicle.
>> >>  If the '60s are ancient history for you, there are recent abuses by the
>> >> LA Police Department, including the framing of innocent people, that
>> >> date back only a few years.  I can send you some references for those as
>> >> well.
>> >>
>> >> Openness does not mean that we must relinquish all notions of privacy if
>> >> we are to own a domain name.  Rather than forcing people to provide
>> >> information about where they are located, Congress should be requiring
>> >> ICANN to institute meaningful privacy protections on the whois database.
>> >>  Maybe then we could discuss whether or not the domain name owner's
>> >> personal information should be provided.
>> >>
>> >> Barbara
>> >>
>> >> P.S.  The early incarnation of the Internet, ARPANET, was about
>> >> maintaining communications after a devastating event such as the
>> >> dropping of nuclear weapons on the US.  It was *not* about openness, nor
>> >> was it about commerce. The openness that you and I both cherish came
>> >> into being because of the small clique of researchers and academics who
>> >> were the original ARPANET users.  I share your desire to maintain that
>> >> openness and to prevent the Internet from being regulated and restricted
>> >> to the point that it becomes a jazzed up Home Shopping Channel.  If the
>> >> Internet is to continue to be the open communications channel that it
>> >> has become, then it is critical that people have the ability to speak
>> >> without fearing that everything they say and do can be monitored.
>> >>
>> >> On 6/17/02 10:46 PM, "Micheal Sherrill" <micheal@beethoven.com> wrote:
>> >>
>> >> > Wait a minute.  I am all for protecting abused wives, children, and
>> >> > those seeking political asylum.  But, what does this have to do with
>> >> > the Whois function?  I agree that perhaps a felony conviction for a
>> >> > first time offense is harsh but please do not forget what this
>> >> > Internet was, and is all about, openness.  At this time this
>> >> > (openness) is being clogged by a proliferation of SPAMers that will,
>> >> > eventually, plug the pipe for any meaningful communication. If we do
>> >> > not have the means to track accurate information of those that seek to
>> >> > take advantage of all the resources that others fund how will we
>> >> > survive? Your arguments pluck at our heartstrings but they also try to
>> >> > pluck my pocketbook.  I mean, how many children have their own domain
>> >> > name?  And if they can afford it, why do they need to hide their
>> >> > identity?  It would seem to me that most children are trying to reach
>> >> > other children.  So why protect them from each other?  Besides, the
>> >> > children do not register the domain names, their parents usually do. 
>> >> > It has nothing to do with discovery.  Even more so, what Internet
>> >> > sites are dedicated to battered women that would somehow lead angry,
>> >> > misguided men to a safe house?  I do not think that any support group
>> >> > would purchase a domain name but would be smart enough and economical
>> >> > enough to go through a Web hosting company.  And what is even more
>> >> > perplexing is the reference to free speech.  Free speech is about
>> >> > openness.  We talk about things in the open!  So why the need for
>> >> > subterfuge?  If we have free speech on the Internet what makes sense
>> >> > about listing a false address for our cause? Anything else is already
>> >> > illegal, even via the USPS.  Plus, I have no idea what you are talking
>> >> > about in reference to trademark holders sending out cease and desist
>> >> > letters.  Overall, the logic of your complaint does not compute.
>> >> >
>> >> > Regards,
>> >> >
>> >> >
>> >> > Micheal Sherrill
>> >> >
>> >> >
>> >> > ---------- Original Message ----------------------------------
>> >> > From: Jeff Williams <jwkckid1@ix.netcom.com>
>> >> > Date:  Mon, 17 Jun 2002 19:55:34 -0700
>> >> >
>> >> > Barbara and all,
>> >> >
>> >> > We [INEGroup] agree with you here Barbara, and are in process of
>> >> > contacting the appropriate senate and House members that are
>> >> > involved in this rather arcane and misguided legislation being
>> >> > considered.
>> >> >
>> >> > I personally would suggest that anyone concerned about their personal
>> >> > safety, and privacy that are Domain Name holders do likewise without
>> >> > delay...
>> >> >
>> >> > Barbara Simons wrote:
>> >> >
>> >> >> I agree that accurate information should be provided for the
>> >> >> technical liaison.  What I'm saying is that a law that makes it a
>> >> >> felony to provide inaccurate information for the domain name holder
>> >> >> creates major problems regarding political speech, shelters for
>> >> >> battered women, children who own their own domain name, etc.  The
>> >> >> whois database is an open invitation for massive privacy invasion of
>> >> >> domain name owners (as opposed to technical contacts).  HR 4640 would
>> >> >> make it a felony in the U.S., punishable by up to 5 years in prison,
>> >> >> to provide false address information for the owner of a domain name. 
>> >> >> This would be a boon to trademark holders who are eager to send out
>> >> >> large numbers of cease and desist letters, and a blow to people who
>> >> >> care about protecting our privacy.
>> >> >>
>> >> >> I didn't mean to start a discussion about HR 4640, though I hope that
>> >> >> this has helped to make our US based members aware of this misguided
>> >> >> legislative proposal.
>> >> >>
>> >> >> Regards,
>> >> >> Barbara
>> 
>> JW> Regards,
>> 
>> JW> --
>> JW> Jeffrey A. Williams
>> JW> Spokesman for INEGroup - (Over 124k members/stakeholders strong!)
>> JW> CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
>> JW> Information Network Eng. Group. INEG. INC.
>> JW> E-Mail jwkckid1@ix.netcom.com
>> JW> Contact Number:  972-244-3801 or 214-244-4827
>> JW> Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
>> 
>> 
>> JW> --
>> JW> This message was passed to you via the ga@dnso.org list.
>> JW> Send mail to majordomo@dnso.org to unsubscribe
>> JW> ("unsubscribe ga" in the body of the message).
>> JW> Archives at http://www.dnso.org/archives.html
>> 
>> 
>> 
>> 
>> ----
>> Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
>> donbrown_l@inetconcepts.net         http://www.inetconcepts.net
>> PGP Key ID: 04C99A55              (972) 788-2364  Fax: (972) 788-5049
>> Providing Internet Solutions Worldwide - An eDataWeb Affiliate
>> ----
>> 
>> --
>> This message was passed to you via the ga-full@dnso.org list.
>> Send mail to majordomo@dnso.org to unsubscribe
>> ("unsubscribe ga-full" in the body of the message).
>> Archives at http://www.dnso.org/archives.html
>> 
>> 


LG> --
LG> This message was passed to you via the ga@dnso.org list.
LG> Send mail to majordomo@dnso.org to unsubscribe
LG> ("unsubscribe ga" in the body of the message).
LG> Archives at http://www.dnso.org/archives.html




----
Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
donbrown_l@inetconcepts.net         http://www.inetconcepts.net
PGP Key ID: 04C99A55              (972) 788-2364  Fax: (972) 788-5049
Providing Internet Solutions Worldwide - An eDataWeb Affiliate
----

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html