I fail to see why WHOIS data needs to be public. As long as it remains so, if I want privacy I must either use someone else willing to act as a go-between (and this normally costs money), or lie. I should not have to do either. I have a right to privacy that I don't think should be trumped by others' rights to my data. And now if this law goes through, I may have to act criminally just to protect my privacy.|
This isn't about giving law enforcement access to accurate information if someone is using a domain name to commit a crime. Criminals will continue to give false information because they are already acting against the law, breaking another law will be no big deal. Alternatively, they can use someone else as the go-between who cannot identify them, such services already exist online. To the extent that law enforcement believes it can track down the party involved in criminal acts via a domain name, it should have to get a court order to access the data.
I have yet to hear a compelling argument for why WHOIS data needs to be public. I don't even think there needs to be a published email contact address. Spammers or others can still try *@that.domain. If the data is held in private by the registrar, they can give it up if ordered to do so by a court order. Likewise, if the domain name is the subject of a UDRP proceeding, the data could be made available by the registrar at the request of the panel.
One site I am involved with works to oppose hate groups. Most of its principals live in Canada. Two of them have had their automobiles torched, one has had their house firebombed. Death threats are common. None of this was due to WHOIS data, some of the principals also act in opposition to hate groups in the real world and can be found if someone is determined enough. But none of the principals are easy to find, for their own safety. Though they have telephones you won't find them in a telephone book, for example. Many criminals presumably also have telephones, should there therefore be a law that everyone must publicly list their telephone number and street address?
If entering accurate WHOIS data can put one at risk in one of the most peaceful countries in the world, one can easily see that those involved with sites taking controversial stands elsewhere in the world could be put in harm's way through such a law. I am actually unclear on what this law might mean internationally. If I am in the US and register a .co.uk domain and give false WHOIS data, is that a crime? While I am in Canada I have lived and travelled extensively in the US. Do I become a criminal only when I cross the border because I've given false WHOIS data for an .org domain? What about a .ca domain? As the root resides in the US, does this become a de facto global law? And BTW, here is an article about another US Bill, the "Truth in Domain Names Act," which would make it a crime to use a misleading Web site name to trick minors into visiting pornographic Web sites. While I have argued that something should be done about this, I am unclear how a US law can/will be used internationally.
I am less optimistic about the WHOIS Bill than Bret Fausett seems to be. Isn't entering fraudulent data an attempt to defraud by definition? A kiddie porn site, for example, may not be operating to monetarily defraud anyone. Does that mean this law couldn't be used against them?
This isn't about law enforcement though, they already have powers to, for example, get info from registrars regarding the credit card used to register a name, which is less likely to be bogus than WHOIS data, and will probably remain so even if this law is passed. This is a law by and for the Intellectual Property folks. I don't think property rights of any kind should trump the right to privacy, and even the right to be free from physical harm. -g