ICANN/DNSO
DNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [ga] Text Posting of Michael Palage's Comments on Whois Task Force


Well said Karl. I strongly believe that until we deal with the issue of
privacy, any solution to the perceived problems with Whois will just mask
the real problems and will be very ineffective because users will find ways
to protect their privacy in ways avoid new regulations.

Chuck

-----Original Message-----
From: Karl Auerbach [mailto:karl@CaveBear.com]
Sent: Wednesday, October 23, 2002 2:10 AM
To: Michael D. Palage
Cc: ga@dnso.org
Subject: Re: [ga] Text Posting of Michael Palage's Comments on Whois
Task Force


On Wed, 23 Oct 2002, Michael D. Palage wrote:

I am slowly digesting your comments, which are, as usual, interesting and
enlightening.

Right now I only want to deal with one point:

> ·	Some of the Whois Task Force's recommendations explicitly rely on
changes
> to the ICANN Registrar Accreditation Agreement (RAA). Per Louis Touton's
> note of October 20, 2002, ICANN lacks the contractual authority to
> unilaterally renegotiate this or other agreements.

Let's not forget the value of comity.

ICANN had no way of forcing Verisign/NSI into the major amendment of their
contract with ICANN, but with the carrot that ICANN offered, the perpetual
control of .com, Verisign was happy to be induced.

What I'm saying is that perhaps there is no unilateral power, but there is 
value in future comfortable relations.

At the risk of violating ICANN's policy of having comments in the form of
messages tossed over a wall and disappearing from view, please pardon me
if I take this opportunity to post my own comment on the report:

From karl@CaveBear.com Tue Oct 22 22:58:10 2002
Date: Sun, 20 Oct 2002 14:48:55 -0700 (PDT)
From: Karl Auerbach <karl@CaveBear.com>
To: comments-whois@dnso.org
Subject: Comment on Oct. 14 Interim report


I see nothing in this interim report that answers the primary question why 
personally identifiable information must be published to the public at 
all.

In other words, the report fails to answer what I believe must be the 
first question: Why is "whois" needed, and by whom?

It is my sense that there is little public value in the existance of a 
publicly available "whois" database.

There are, of course, small groups who find such a database useful and
perhaps even valuable - groups such as marketeers (spammers) and trademark
people who seek to redress perceived violations of their rights without
resorting to the processes that nations have established for that purpose 
(i.e. the legal system.)

However, the report fails to indicate that the needs of those groups is of
sufficient weight to justify what amounts to a wholesale violation of
privacy principles that amounts to nothing less than an anti-privacy tax
on anyone who wishes to become visible on the internet through the
mechanism of acquiring a domain name.

The report fails to consider privacy protection mechanisms such as the 
following:

  - Requirements that the data subjects (i.e. the people named in whois 
    records) have free and effective means to maintain the data.

  - Requirements that those who examine the records must first identify 
    themselves, offer proof of that identity, and indicate working means 
    of contact, in particular a valid e-mail address.

     + To ensure that the contact of the person making the inquiry is 
       valid, the response to the query should be returned by e-mail 
       rather than being made online.

    + Special arrangements might be established for those in operational 
      roles (such as people in ISP network operating centers) to have 
      pre-arranged access credentials.

  - That the time, date, and identity of every inquiry be recorded and 
    made available to the data subjects.

  - Requirements that the registries and registrars make no use of the 
    information for any purpose except that for which it was gathered, the 
    maintainence of the registrant's domain name (including the issuance 
    of billing and status statements.)

  - Requirements that registries and registrars take concrete steps ensure
    that this data is protected by adequate and appropriate security 
    measures.

		--karl--
  





--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>