Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    Privacy WHOIS Report Punts on Privacy
    posted by michael on Thursday February 06 2003, @04:22AM

    Something odd is happening with respect to the Whois Task Force: user interest are being ignored while everyone else's interests are being catered to. No, wait, that's not odd -- it's business as usual for ICANN.

    It seems that the Whois Task Force decided to issue a final report on "Accuracy and Bulk Access" for a 10-day comment period. Oddly, rather than attempt to deal with privacy issues, or even make recommendations consistent with privacy concerns, the Task Force has adopted the strategy of deciding other things first, and relegating privacy to a separate "Privacy Issues Report". The game plan presumably is to announce consensus on the privacy-free policy, then later sorrowfully find an absence of consensus on the privacy issue.

    Both Kathy Kleiman and Danny Younger are asking the questions that need asking. Bet you there's an ICANN 'stakeholder' 'consensus' anyway. Or, maybe this is the moment where the gloves come off. After all, under the new ICANN By-laws, the Board doesn't need to pretend to have a consensus any more to make policy. It can just do whatever it likes.

      ICANNWatch Login  


    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

      Related Links  
  • Danny Younger, former GA Chair
  • decided
  • final report on "Accuracy and Bulk Access"
  • relegating privacy to a separate "Privacy Issues Report"
  • Kathy Kleiman
  • Danny Younger
  • More on Privacy
  • Also by michael
    This discussion has been archived. No new comments can be posted.
    WHOIS Report Punts on Privacy | Log in/Create an Account | Top | 13 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    i wouldn't be too sure about consensus
    by tbyfield (reversethis-{moc.xinap} {ta} {dleifybt}) on Thursday February 06 2003, @07:39AM (#11098)
    User #44 Info
    certainly, the general drift within ICANN over the years has been to treat whois data as an enforcement tool, so there's clearly support, as you suggest, to punt in a way that allows it continue to 'evolve' in that direction. otoh, verizon was one of the members of the hilarious whois not-really-a-committee [tbtf.com], and they've been remarkably aggressive in resisting a court order to hand over info about a p2p user on their network. granted, that's quite different from whois data; but, still, it seems as though there should be some structural resistance in these areas, if only because the cost of compliance and creep could be high for carriers. so it may just be that the punt stems from a very real lack of consensus among the 'stakeholders' in their current constellation; the task, then, will be for ICANN to engineer a different constellation with much less resistance.

    [ Reply to This | Parent ]
    As it always was
    by phoffman@proper.com on Thursday February 06 2003, @09:39AM (#11099)
    User #2063 Info
    "...certainly, the general drift within ICANN over the years has been to treat whois data as an enforcement tool..."

    That is what whois was being used for long before ICANN came into existence. When something related to a particular site was hurting the Internet, you used whois to find someone to contact. It worked incredibly well, and continues to work well for this.

    Why should whois data be private? In almost on country in the world is business identification data kept private. Further, if you want privacy from whois searchers, you can either lie or honestly list someone else who will hold your data private from snoopers.
    [ Reply to This | Parent ]
      Re:As it always was
      by dmehus on Thursday February 06 2003, @10:24AM (#11102)
      User #3626 Info | http://doug.mehus.info/
      For once, I agree with the final report from the GNSO's Whois Task Force. If you own a domain name, you are leasing a piece of *public* property for your own personal or commercial interests. In order to ensure that you do not abuse this privilege [of owning a domain name], you should be *required* to provide accurate and reliable contact information. I am a big supporter of privacy rights, but this is one area where I believe privacy is not a right. As far as spamming goes, that's just a fact of life. Use an e-mail forwarding service such as MyPrivacy.ca (http://www.myprivacy.ca/). Regarding solicitations by telephone or facsimile, let's face it -- you would still get those even if your contact information was private. So, instead of whining about WHOIS information, support a national "do-not-call" or "do-not-spam" registry. In my view, that's the *real* way of stopping that type of smut.

      Doug Mehus http://doug.mehus.info/ [mehus.info]
      [ Reply to This | Parent ]
        Re:As it always was
        by ldg on Monday February 17 2003, @05:12PM (#11177)
        User #2935 Info | http://example.com/
        I have commented in several areas regarding privacy as a right, so I won't go into it here. However, having been harrassed and stalked due to the WHOIS, I can say that I think you're way off base.

        Secondly, there is legislation regarding telephone solicitation and "junk fax" - at least in the US, so your argument that you would get it anyway doesn't fit here. You can't get an unlisted fax number that easily either. Disallowing bulk access would, however, go a long way to preventing that kind of abuse based on the WHOIS.

        As for "public property" use, you can't simply obtain information from many public agencies, including driver's license, social security numbers, etc. unless you have credentials and make a specific request.

        When you register a domain name, you provide inforamtion that is necessary to maintain that record and should not be used for any other purpose. Even small businesses located in homes should have their information held private.
        [ Reply to This | Parent ]
      • 1 reply beneath your current threshold.
      Re:As it always was
      by daminal on Thursday February 06 2003, @11:57AM (#11103)
      User #3687 Info
      The Internet has long since evolved away from a model where whois for domains is usefull for solving real technical problems (except for inaddr.arpa). I am also bewildered by the notion that a domain name registration is a business identifier - There are a tremendous number of registrations that have nothing whatsoever to do with 'business'.

      Also, lying in your contact info under current rules is grounds for losing your registration.

      Having a 'privacy proxy' adds cost and complexity, and also means that the contact info is useless for the purpose of solving technical problems, so why bother?

      If it wasn't for the tm mafia, public contacts whould have gone away a long time ago, and technically oriented people could continue to concentrate on the exception, inaddr.arpa, that really *is* critical for solving technical problems.
      [ Reply to This | Parent ]
      Re:As it always was
      by KarlAuerbach on Thursday February 06 2003, @12:08PM (#11104)
      User #3243 Info | http://www.cavebear.com/
      You mention that business identification is usually available to the public. Two points on that:

      1. Many domain name registrations, even those in .com, are not used for business purposes at all. If publication of whois data is based on business activity then that foundation doesn't exist for those names used for non commercial purposes.

      2. In nearly every State of the US many businesses organized as corporations can, and do, hide the identity of their principals. For example, here in California a closely held corporation (i.e. owned by only a few people) takes a bit of effort to penetrate. Another state, Delaware, allows even bigger corporations to act with a degree of anonanimity. And of course, with corporate hierarchies, with corporations owning corporations, particularly if some are foreign, it can be exceedingly impenetrable.

      But back to the basic issue of why whois should be private.

      Having a domain name is one of the keys to becoming a sophisticated user of the net - something beyond the typical AOL level of userhood. And as the net moves beyond being a toy and is integrated into peoples lives, having this beyond-AOL status will become increasingly useful to whatever activities that people chose to do.

      So we can't dismiss this issue of privacy any longer on the basis that it is an issue relevant only to a few.

      Among the widely accepted general principles of privacy are principles that data ought to be collected only for a specific purpose (in this case DNS registration.) Another principal is that data ought to be used only for that purpose (i.e. not to be used by spammers or trademark people - those are not uses consistent with the purpose for which the data was gathered.) That latter principal is violated by publication of whois to just anybody who wants to take a peek.

      There is indeed usefulness in whois data - but there ought to be some pre-conditions to obtaining access.

      First is that the person who wants to take a look ought to leave a calling card - an identity, contact information, and some authenticator so that we can believe the identity and contact. With the possible exception of law enforcement access, this information ought to be available to the data subject - it is reasonable for someone to know who has been peeking at their data.

      Second, the person who wants to take a look must demonstrate that there is a legitimate reason for him/her to take a peek. This can be mechanised to make it easy for those who tend to know in advance that they will need to occassionally take a look - for instance, ISP people in operations centers can have pre-arranged credentials that serve to both identify and to indicate that the person acts ina role in which access is usually well grounded.

      In the case of trademark people - their desire to access is based on an accusation that the data subject is engaged in unlawful use of a domain name. To my mind that kind of accusation requires that they demonstrate to a neutral magistrate with actual proofs of actual acts that their trademark rights are being harmed and that there is a reasonable basis to believe that the harm comes from the accused domain name.
      [ Reply to This | Parent ]
        Re:As it always was
        by dtobias (dan@tobias.name) on Thursday February 06 2003, @06:15PM (#11106)
        User #2967 Info | http://domains.dan.info/
        Well, it has always been my position that .com domains are intended for commercial use, and any other use of them is really abuse.

        While I oppose any attempt to retroactively impose any sort of registration restrictions on .com, .net, or .org, since doing this to a currently open-registration domain would be impractical and unfair (I said this back when the possibility of .org restrictions was "in the air", and still hold this position), I do support the tailoring of policies for the different TLDs to the type of users for which they are intended.

        Thus, .com should have policies appropriate for commercial use, such as requiring public WHOIS information, while a TLD intended specifically for individuals (e.g., .name) deserves a much more privacy-friendly policy.
        [ Reply to This | Parent ]
          Re:As it always was
          by KarlAuerbach on Thursday February 06 2003, @08:15PM (#11107)
          User #3243 Info | http://www.cavebear.com/
          How does one "use" a domain name?

          Remember, all that a domain name is a key into a database. And the records under that key are of multiple types (only one of which is for IP addresses) and for each type there may be multiple instances.

          And then, if one looks only at DNS through the peephole of assuming that all it is used for is IP addresses, then one needs to consider that an IP address simply denotes an interface on a computer and that computer may be offering a myriad of services, only one of which may be world-wide-web.

          So the concept of using DNS as a taxinomy is technically flawed from the outset - there is simply too much ambiguity. And there is no linkage beyond serindipity between domain name records and server services and content.

          A much better approach is to not to try to use DNS as a directory. Instead, one should build real directories.

          By-the-way, even before there was DNS there was the AUP - the Appropriate Use Policy. And way back in the 70's we kinda knew that host names ending with .edu and .org and .net and .mil all tended to do things within the AUP, but things with .com were in unknown territory - not necessarily commercial, but simply not clearly under the AUP.
          [ Reply to This | Parent ]
          Re:As it always was
          by tbyfield (reversethis-{moc.xinap} {ta} {dleifybt}) on Thursday February 06 2003, @09:36PM (#11110)
          User #44 Info
          your remarks don't really make much sense: you 'oppose any attempt to retroactively impose any sort of registration restrictions on .com, .net, or .org,' and yet -- ignoring years of actual usage, in which .com was NOT treated as an imprimatur of commercial activity -- say that '.com should have policies appropriate for commercial use.' i agree that it makes sense to 'tailor policies for the different TLDs to the type of users for which they are intended' *if* that encompasses effectively unregulated TLDs. personally, i'd like to see a .non where IPR are presumed NOT to apply. but of course the IPR zealots can't tolerate exceptionalism except insofar as it benefits them.

          [ Reply to This | Parent ]
            Re:As it always was
            by dmehus on Friday February 07 2003, @10:23AM (#11114)
            User #3626 Info | http://doug.mehus.info/
            I would prefer two new unrestricted and unsponsored 'generic' TLDs, but that won't happen until the Department of Commerce makes major reforms to ICANN. The two gTLDs are .web and .blog. .web because it will ease the clogging in .com and .info, but also, trademarks would not apply. However, malicious domain name hijacking and domain name cyber-squatting would not be permitted. Spamming, of course, would be prohibited. .blog would be another trademark-free zone. :) Best, DougDoug Mehus http://doug.mehus.info/ [mehus.info]
            [ Reply to This | Parent ]
      Re:As it always was
      by tbyfield (reversethis-{moc.xinap} {ta} {dleifybt}) on Thursday February 06 2003, @09:19PM (#11109)
      User #44 Info
      it seems like you're conflating a bunch of different issues and arguing with straw men. (1) functional contact information is not necessarily a surveillance/enforcement tool: it isn't hard to imagine a privacy-oriented proxy service that *expedites* contact with a registrant. (2) as for 'hurting the internet,' back to usenet with you, where you can read up on the venerable distinction between 'abuse *of* the net' and 'abuse *on* the net': TM infractions, real or perceived, are not abuse *of* the net. (3) i didn't say that whois data should 'be private,' whatever that means -- obviously, *someone* knows that info; the questions have to do, rather, with the latitude users, registrars, registries, and others might have to make access to that data difficult. (4) not all registration info is 'business identification data.' if D&B want to publish a commercial company's info, fine, or if guidestar wants to public a noncommercial organization's financials, that's fine too -- but that doesn't automagically disappear the many, *many*, MANY domains registered by individuals for personal use.

      [ Reply to This | Parent ]
    • 1 reply beneath your current threshold.

    Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com