<<<
Chronological Index
>>> <<<
Thread Index
>>>
[nc-whois] some basic remarks
Folks,
I believe that yesterday's phone conference demonstrated that we are
currently mixing together "legitimate" applications of whois which
should, in fact, be considered separately.
Remember: We are not just talking about some database which happens
to be there and is looking for uses. We're not talking about a
handy-dandy phone directory for net.gods - that way of thinking
about whois was appropriate when "home page" was spelled ~/.plan.
Today, we are talking about public access to a certain subset of
registrars' databases which is mandated by ICANN. Now, what does
this mean for us?
- We're talking about ICANN-imposed policy. So the question is:
What part of this is inside ICANN's scope, and what's outside?
- We're talking about imposing access conditions on registrars.
Ross told us yesterday that bulk access is a "pain in the butt".
In other words: We're causing costs for registrars.
- Finally, we are talking about _mandatory_ public access to
personal data. Once again, we're generating cost, this time for
everyone.
With this in mind, the distinction between legitimate and
illegitimate uses of WHOIS services is inappropriate. Rather, we
should ask the question which interests in and uses of registration
data justify (1) ICANN policy-making, (2) costs to registrars (and
registries), (3) costs to registrants.
Now, let's look at the various applications which come up all over
the time:
- A handy-dandy telephone book (one of our "legitimate
applications"). Bad enough, WHOIS isn't even the right tool for
this, except possibly in technical circles: The database only
contains an extremely small portion of those on the net. Also,
if people want to be contacted, they'll find a way to make their
contact information public. If they don't want to be contacted,
it's none of ICANN's business to force them into a "telephone
book".
- As a special application for this, we're hearing about WHOIS
being used for resolving technical problems. But is this really
about domain name whois, as opposed to IP address assignment
whois? Don't you think that screwed up name servers will be
noticed rather quickly by those operating them? And, once again,
isn't this something which can easier be solved by voluntary
services, as opposed to ICANN-mandated publication of data?
(Quite frankly, I don't think that ICANN has any business in
preventing administrators from shooting themselves into the foot.)
- Identification of those you're doing business with. Somehow, I
doubt that average customer John Q. Public is looking at whois
information, and I also doubt that the information he'll get will
be particularly helpful for his purposes.
Of course, in some cases, the entity behind a web site may be
entirely unclear, so WHOIS could at least give you an (easily
faked) business name. But is this really ICANN's business? Any
good online business will include contact information. Consumers
can easily avoid businesses which don't give appropriate
information. Law enforcement can handle those who give wrong
information. Ultimately, this application certainly does not
justify public access to all this information.
- Identification of those you're communicating with. Once again,
WHOIS isn't even the right tool for this.
- Marketing. WHOIS is clearly an excellent tool for this, but
somehow, I don't think that ICANN has any business at all in
regulating (or even enforcing!) marketers' access to registrars'
customer databases. Why shouldn't this be left to the market?
In short: I do not think that any of these applications justify
ICANN policy-making with the result that WHOIS data are made
available to the public. I'd really like to hear actual arguments
(i.e., not just "is nice to have, we're used to it") to the
contrary.
What remains? On the one hand transfers - but in that case, we're
talking about a well-defined set of parties who need access to data.
This does not justify any kind of public access.
On the other hand, there is a variety of law enforcement
applications, on all levels. Most of this ultimately boils down
into two categories:
- Finding out whom to sue.
- Collecting evidence.
Thus, the most important question we should look at is what is the
kind of access _required_ (once again, as opposed to "nice to have")
for these purposes.
Applying this to bulk access, I'm more and more in doubt that we
need the kind of bulk access provisions which makes access available
to just about everyone. The law enforcement applications listed
above need expanded search services? Fine. Let's make bulk data
available to firms providing this kind of service. Academic (or
maybe even corporate) research needs this kind of bulk data? Fine.
Let's make it available. For that purpose, under appropriate
conditions.
I'm looking forward to your objections and comments. ;-)
Kind regards,
--
Thomas Roessler <roessler@does-not-exist.org>
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|