ICANN/GNSO
DNSO and GNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] whois.txt, ala robots.txt, as a standard ?


Hi Dan,

--- Dan Steinberg <synthesis@videotron.ca> wrote:
> George,
> 
> With respect,
> I think you have it backwards.

Well, it all depends on one's perspective. I don't believe there's an
*entitlement* to WHOIS privacy. It's a policy decision. Part of that
good policy is to consider the pros and cons, the costs and benefits.

> Society is an aggregation of people and other entities...who decide
> by 
> majority or force of someones bigger guns, or whatever...to agree to 
> certain limitations on the basic right to do whatever you want.

And if the majority is in favour of greater WHOIS privacy, after an
informed debate, I can cope. I'm a populist and democratic. :) But,
there are winners and losers, no matter how the question is decided. I
believe the status quo is a fair compromise, and allows a
privacy-seeker very low cost mechanisms to increase their privacy,
without allowing abusers to become more rampant and emboldened,
shifting the costs of their abuse to others.
 
> Now if you frame it that way...
> what economic value do you place on the right to take away my
> privacy? 
> Name the annual dollar benefit and identify who else would benefit
> and 
> how it would over alll ...benefit our society?
> Can you do it this way?

Sure, for the sake of argument, I can. I trust you, Karl, Ross, Michael
or others will do the same? :)

The benefit to me personally in having the WHOIS be public and accurate
is approximately equal to the cost savings in having to initiate a
lawsuit in order to acquire that information, if it was deemed that
WHOIS privacy should rule. It's also the cost saving from having less
abuse on the internet in general. As someone who uses the internet
quite a bit, I think these costs are on the order of thousands of
dollars per year, or at a minimum a few hundred dollars a year (i.e.
averaged out). I use WHOIS a lot. :) Even if I didn't use WHOIS a lot,
the fact that it's out there means less abuse, as it's a deterrent.

Some others who benefit from having public WHOIS:

1) folks who cannot afford high legal costs (it costs thousands of
dollars to initiate a legal case, compared to a couple of dollars for
individual Domains by Proxies subscriptions)
2) law enforcement
3) courts, through lower number of cases in front of them (encouraging
responsible internet usage reduces crimes overall; having free access
to WHOIS means fewer subpoena requests, challenges to the subpoenas,
etc., esp. since they can be international in scope)
4) emergency professionals

For #4, consider the recent case at:

http://www.nydailynews.com/news/story/56497p-52905c.html
http://www.arizonarepublic.com/arizona/articles/0205webfolo.html
http://www.stepzero.org/temp/ripper.html

where a teen overdosed on drugs which in a chatroom and on cam. The
victim even mentions WHOIS in the chat logs, as a way to reach his
family or for 911. Tragically, the WHOIS appears to have been
inaccurate (phone number was a phone 555-1234), and the teen died. I've
personally talked a few folks out of suicide online, and in one case
had to rely upon WHOIS to help reach one of their relatives. Others
have done the same, reaching their ISP, etc....when time is of the
essence, every piece of data helps.

So, the question for society and policy-makers: who should bear the
costs? Should it be legitimate Privacy-seekers who can spend a couple
of dollars per year? Or society at large, where legitimate individuals
and companies might need to spend thousands of dollars to get the
privacy through increased legal costs, time delays, and the suffering
of greater abuse?

Having private WHOIS is really "security by obscurity", ultimately,
which those in the security business will tell you is the *worst* kind
of security to rely upon. A determined person can kill you, no matter
what you do! Scary isn't it? I don't lose much sleep at night, though,
over that truth. What kind of message does it give vulnerable people
that to be safe, they need to hide? Folks should publish their contact
details proudly and show they're not afraid. If the other person has to
reveal themselves to take their shot at you, that might be your chance
to protect the rest of society, by catching them.

Better protection involves stronger laws, promotion of responsible
behaviour, and harsh punishments for those who break the law. WHOIS
privacy does none of this, and indeed hinders the promotion of
responsible behaviour.

I'm really looking forward to your measurements of the economic
*benefits* of increased privacy.

Sincerely,

George Kirikos
http://www.kirikos.com/
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html




<<< Chronological Index >>>    <<< Thread Index >>>