<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] whois.txt, ala robots.txt, as a standard ?
Ram and all former DNSO GA members or other interested parties,
Ram Mohan wrote:
> Karl:
> I am mystified after reading your post. I share similar beliefs to yours
> reg. data privacy. Some of your statements seem to be derived from a
> different reading of my post than what I intended -- let me clarify.
>
> > The burden of proving that access to personally identifiable information
> > is a valid access ought to fall on the person requesting access, not on
> > the data subject.
>
> + Agreed. I merely point out that Whois information has value beyond just
> marketers and ip/trademark folks. Although network operators use
> address-registry whois information more than domain-registry, they do (also)
> use domain whois information. Individuals should have the ability to
> protect information about themselves from being indiscriminately
> displayed/mined/sold.
Individuals should have the already legally mandated right to keep
or restrict any and all of their personal and private information, including
Whois data from being even viewed by anyone without their expressed
written permission. Currently what you suggest above in response to Karl's
well stated comments/remarks is still not sufficient, nor is the current
Final Report from the Whois Task force...
>
>
> > Why are people who feel they need to protect their privacy "egregious
> > violators". Suppose you had young children, would you feel comfortable
> > publishing your (and thus their) addresses and phone numbers onto an open
> > directory?
>
> + You misread what I said. I said that providing *only* individuals the
> right to provide access to data works as long as the premise is that the
> individual supplies accurate/valid data. However, some of the most
> egregious violators (such as domain slammers) wantonly provide false
> information - and those trying to get "their" domain name restored to them
> have a problem.
Reverse Domain Name slamming is primarily achieved by getting information
from Personal and private information from Whois. The Sex.com case is a
good example. There are many more, many of which have been publicized
and shared in the recent past on this vary forum.
>
>
> > If there are reasonable grounds to believe that someone has
> > violated a civil or criminal law, there are well established legal
> > procedures (many of which involve going before a neutral magistrate and
> > making a showing of those reasonable grounds) to obtain access to things
> > like domain name registration databases.
>
> + Indeed. As long as you can find someone/someplace to serve. Or if the
> domain name database has accurate information to go after that
> individual/group. The OECD case showed some interesting practical
> challenges to this approach.
>
> > And let's be careful not to turn whois into Megan's law in reverse: in
> > which internet users are forced to publish their (and their children's)
> > names, addresses, and phone numbers for the benefit of any and all
> > predators.
>
> + I don't disagree with you on this. I certainly get my share of spam,
> unsolicited calls, etc thanks to having accurate information available via
> Whois.
>
> In reality, domain name Whois information represents a shrinking percentage
> of the total Internet (and world) population -- its relevance reduces every
> passing year. You can pick up far more detailed, segmented demographic
> information about me (or you) through product registration databases that
> get updated when people send in registration cards for everything they buy -
> and which they don't realize is often distributed without their permission.
>
> There needs to be a place where accurate domain contact information resides.
> Access to this information ought to be restricted and differentiated.
> Permission needs to be sought. Current practice is often a mess, and
> abused. Does this mean we should "completely disengage from the current
> system", as Ross suggests ? Maybe Ross' suggestion is just about marketer
> use/abuse of Whois data, in which case I have nothing more to say on the
> topic.
>
> Back to my day job now.
>
> -ram
> ----- Original Message -----
> From: "Karl Auerbach" <karl@cavebear.com>
> To: "Ram Mohan" <rmohan@afilias.info>
> Cc: <ross@tucows.com>; "'George Kirikos'" <gkirikos@yahoo.com>;
> <ga@dnso.org>
> Sent: Friday, February 07, 2003 1:01 AM
> Subject: Re: [ga] whois.txt, ala robots.txt, as a standard ?
>
> >
> > On Thu, 6 Feb 2003, Ram Mohan wrote:
> >
> > > Interesting thoughts and an interesting premise. The problem is, that
> the
> > > groups you mention here (marketers, IP folks, etc) are not the only
> people
> > > who utilize Whois information.
> > >
> > > System operators (including technicians, systems administrators
> responding
> > > to abuse, etc) often depend solely on information found in Whois to
> > > determine next courses of action for serious network and other related
> > > issues.
> >
> > I disagree - Folks in NOCs *do* use something called "whois", but it most
> > often it is a distinct set of databases pertaining to IP address
> > allocations.
> >
> > Why do NOC folks use the IP "whois"? Simply because the key that one has
> > for the lookup is less easily forged. Domain names on purported spam
> > e-mail are only ocassionally accurate. But the IP address on a TCP
> > connection has intrinsic value because a TCP connection can not be formed
> > unless both the source and destination address are actually reachable.
> >
> > Assuming for the moment that ISP's and such obtained value out of DNS
> > whois information - That still doesn't justify them mucking around unless
> > certain conditions are met:
> >
> > 1. That a person who acquires a domain name is informed from the outset
> > that such access will be performed by ISP people. (I.e. actual or implied
> > consent by the data subject.)
> >
> > 2. The person who is doing the looking is actually a real ISP person
> > following up on a specific legitimate problem.
> >
> > It would not be all that hard for anyone claiming to be an "ISP" to jump
> > through some qualification hoops in order to gain a whois access
> > credential. For instance, once a year.
> >
> > The burden of proving that access to personally identifiable information
> > is a valid access ought to fall on the person requesting access, not on
> > the data subject.
> >
> > > Your premise is also that all individuals provide accurate information.
> We
> > > know (you definitely do, as a registrar) that some of the most egregious
> > > violators make sure that they provide _false_ information.
> >
> > Why are people who feel they need to protect their privacy "egregious
> > violators". Suppose you had young children, would you feel comfortable
> > publishing your (and thus their) addresses and phone numbers onto an open
> > directory?
> >
> > > Giving individuals the sole right to provide information about them
> > > seems to swing the pendulum too far one way.
> >
> > It's their information; they have the right to control it.
> >
> > > .... However, your suggested solution provides a
> > > wonderful shelter for every spammer, DDoS violator and domain-slammer to
> > > hide behind.
> >
> > Nonesense. If there are reasonable grounds to believe that someone has
> > violated a civil or criminal law, there are well established legal
> > procedures (many of which involve going before a neutral magistrate and
> > making a showing of those reasonable grounds) to obtain access to things
> > like domain name registration databases.
> >
> > Absent such a showing, there is no reason to violate privacy. That is,
> > unless one accepts as a working premise that those who are accused are
> > considered guilty until they prove otherwise.
> >
> > > The Whois Task Force is working on providing meaningful recommendations
> > > that, among other things, addresses the issue of Bulk Whois.
> >
> > Until they establish that there is a reason for public publication of DNS
> > registration information in the first place, such recommendations are
> > fundamentally useless.
> >
> > > The IETF Provreg group is debating adding a <privacy> element as a
> > > standard part of the de-facto standard domain protocol (EPP).
> >
> > If you follow what is going on there, they are debating whether even to
> > include some very weak, and potentially useless, mechanisms, and only
> > because the IESG is holding the working group's feet to the fire.
> >
> > > Let's be careful not to throw the baby out with the bath water.
> >
> > And let's be careful not to turn whois into Megan's law in reverse: in
> > which internet users are forced to publish their (and their children's)
> > names, addresses, and phone numbers for the benefit of any and all
> > predators.
> >
> > --karl--
> >
> >
>
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 129k members/stakeholders strong!)
================================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|