<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] Text Posting of Michael Palage's Comments on Whois TaskForce
On Wed, 23 Oct 2002, Michael D. Palage wrote:
I am slowly digesting your comments, which are, as usual, interesting and
enlightening.
Right now I only want to deal with one point:
> · Some of the Whois Task Force's recommendations explicitly rely on changes
> to the ICANN Registrar Accreditation Agreement (RAA). Per Louis Touton's
> note of October 20, 2002, ICANN lacks the contractual authority to
> unilaterally renegotiate this or other agreements.
Let's not forget the value of comity.
ICANN had no way of forcing Verisign/NSI into the major amendment of their
contract with ICANN, but with the carrot that ICANN offered, the perpetual
control of .com, Verisign was happy to be induced.
What I'm saying is that perhaps there is no unilateral power, but there is
value in future comfortable relations.
At the risk of violating ICANN's policy of having comments in the form of
messages tossed over a wall and disappearing from view, please pardon me
if I take this opportunity to post my own comment on the report:
From karl@CaveBear.com Tue Oct 22 22:58:10 2002
Date: Sun, 20 Oct 2002 14:48:55 -0700 (PDT)
From: Karl Auerbach <karl@CaveBear.com>
To: comments-whois@dnso.org
Subject: Comment on Oct. 14 Interim report
I see nothing in this interim report that answers the primary question why
personally identifiable information must be published to the public at
all.
In other words, the report fails to answer what I believe must be the
first question: Why is "whois" needed, and by whom?
It is my sense that there is little public value in the existance of a
publicly available "whois" database.
There are, of course, small groups who find such a database useful and
perhaps even valuable - groups such as marketeers (spammers) and trademark
people who seek to redress perceived violations of their rights without
resorting to the processes that nations have established for that purpose
(i.e. the legal system.)
However, the report fails to indicate that the needs of those groups is of
sufficient weight to justify what amounts to a wholesale violation of
privacy principles that amounts to nothing less than an anti-privacy tax
on anyone who wishes to become visible on the internet through the
mechanism of acquiring a domain name.
The report fails to consider privacy protection mechanisms such as the
following:
- Requirements that the data subjects (i.e. the people named in whois
records) have free and effective means to maintain the data.
- Requirements that those who examine the records must first identify
themselves, offer proof of that identity, and indicate working means
of contact, in particular a valid e-mail address.
+ To ensure that the contact of the person making the inquiry is
valid, the response to the query should be returned by e-mail
rather than being made online.
+ Special arrangements might be established for those in operational
roles (such as people in ISP network operating centers) to have
pre-arranged access credentials.
- That the time, date, and identity of every inquiry be recorded and
made available to the data subjects.
- Requirements that the registries and registrars make no use of the
information for any purpose except that for which it was gathered, the
maintainence of the registrant's domain name (including the issuance
of billing and status statements.)
- Requirements that registries and registrars take concrete steps ensure
that this data is protected by adequate and appropriate security
measures.
--karl--
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|