[ga] Re: [Politech] An open letter to PFIR on "Whois" privacy [priv]

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Declan, Tom, and all,

  Mr. Nueman has as far back as I can recall at the moment has never
been a advocate of privacy.  Dave Farber has waffled on the issue
of privacy in whois data as well for a number of years.  PFIR seems
to now be willing to accept a two tier approach regarding registrants
privacy in whois data.  That in our members and my own opinion is
a step in the wrong direction as well as a dangerous direction as it
leaves the stakeholder/registrant and possibly the domain sites
clients/users exposed to a number of dangers at the expense of
the various desires/demands of large IP interests in the ICANN
GNSO IP constituency as well as the business constituency.

  One might also like to take a look at the article and especially
the comments to:  http://www.circleid.com/article/614_0_1_0_C/

Declan McCullagh wrote:

> [I invite PFIR to reply. --Declan]
>
> -------- Original Message --------
> Subject: An open letter to PFIR on DNS WHOIS
> Date: Tue, 22 Jun 2004 21:09:11 -0400
> From: Tom Cross <tom@xxxxxxxxxxxxxxx>
> To: lauren@xxxxxxxx, neumann@xxxxxxxx, dave@xxxxxxxxxx
> CC: declan@xxxxxxxx, whois-tf1-report-comments@xxxxxxxxxxxxxx
>
> An open letter to People for Internet Responsibility on Access to DNS
> WHOIS Data
>
> Mr Weinstien, Mr. Neumann, and Mr. Farber,
>
>         Shocked, awed, and appalled. Thats the only way that I can express how
> I felt when I read PFIR's Statement on Access to WHOIS Data.
> (http://www.pfir.org/statements/whois-access) Lauren Weinstein, Peter
> Neumann, and David Farber are three men who have provided sharp and
> insightful leadership to the internet community for years, and are well
> known, well respected, and well read by just about anyone who cares
> deeply about technology issues. I do not always find myself agreeing
> with your various opinions, but never have I seen any of you express
> ideas so caustic to the values that I hold dear, and so lacking in
> thoughtful balance, then those expressed in this essay. Its like I've
> walked through the looking glass.
>
> Anonymous Speech is a RIGHT, not a privilege.
>
> This point has been reaffirmed over and over again by almost 230 years
> of American jurisprudence of which you surely must be aware. The
> Federalist Papers, published anonymously, are so fundamental to our
> system of government that every high school student is required to
> study them. The Supreme Court has repeatedly defended anonymous speech,
> and frankly, I cannot express this point more clearly then Justice
> Stevens did in McIntyre V. Ohio Elections Commission (1995):
>
> "Under our Constitution, anonymous pamphleteering is not a pernicious,
> fraudulent practice, but an honorable tradition of advocacy and of
> dissent. Anonymity is a shield from the tyranny of the majority. See
> generally J. S. Mill,  On Liberty, in On Liberty and Considerations on
> Representative Government  1, 3-4 (R. McCallum ed. 1947). It thus
> exemplifies the purpose behind the Bill of Rights, and of the First
> Amendment in particular: to protect unpopular individuals from
> retaliation--and their ideas from suppression--at the hand of an
> intolerant society. The right to remain anonymous may be abused when it
> shields fraudulent conduct. But political speech by its nature will
> sometimes have unpalatable consequences, and, in general, our society
> accords greater weight to the value of free speech than to the dangers
> of its misuse."
>
> We cannot relegate political speech on the Internet to second class
> citizenship.
>
> The "extremely limited set of cases where domain holders might
> demonstrate a clear public safety or other critical need that may
> possibly justify masking of some WHOIS data" is the set of ALL
> political websites on the Internet. The Internet presently supports a
> vibrant ecology of political websites and weblogs of every flavor and
> prejudice. Together they constitute a meaningful discourse on nearly
> every issue of the day. A large portion of these sites employ WHOIS
> proxies or publish limited contact
> information.
>
> It is easy, even in the United States, to find examples of individuals
> who have been the target of violent retaliation because they have
> expressed their political views. Consider, for example, the recent case
> in San Francisco of a gallery owner who was assaulted because of a
> political artwork she put on display:
>
> http://tinyurl.com/27wvb
>
> If maintainers of political websites and weblogs are forced to offer up
> their personal contact information in order to hold a domain name, then
> these speakers will not hold domain names. Political speech on the
> internet will be a secondary activity occurring on shared hosting sites
> and multi-partisan discussion boards with no easy reference points for
> like minded communities. In other words, political speech will be put
> on the back burner, and the Internet will have less impact in the
> political domain then it otherwise would.
>
> You guys are barking up the wrong tree.
>
> DNS WHOIS is NOT the right tool for investigating security incidents on
> the Internet! To be sure, DNS WHOIS is a convenient place for
> organizations to voluntarily publish contact information, and that
> information is helpful when it is present, but security incidents do
> not come from domain names, they come from IP addresses. IP addresses
> are not always associated with registered domain names. Often they are
> associated with subdomains, or not associated with DNS at all.
>
> IP addresses can be resolved in the numbering authority's WHOIS
> database for the contact information of the ISP providing service to
> that address. Security and reliability issues relating to internet
> traffic can and should be dealt with through ISPs. There are
> significant problems with the accuracy and resolution of the numbering
> authority WHOIS systems, and some ISPs have poor abuse and incident
> response policies. Unlike the difficulties with accurate DNS WHOIS
> data, these are manageable problems. ISPs have the resources to
> maintain accurate contact information and full time incident response
> contacts. We simply need to put appropriate policies in place to
> improve practices. This is a much more realistic goal then getting
> everyone in the world to keep their DNS WHOIS data up to date all the
> time. Why are we spending so much time talking about DNS WHOIS when
> fixing IP address WHOIS is the best, and easiest way to improve the
> security and reliability of the Internet?
>
> You guys are standing along side corrupt interests.
>
> A large number of the people who are advocating accurate DNS WHOIS data
> have absolutely no interest in the security or reliability of the
> Internet. They are not trying to find a way to contact people because
> of technical issues. They are intellectual property holders and they
> want every website to have a public address where they can serve
> threats of prosecution should they decide that the contents of the
> website in question offend their interests.
>
> These people do not want to comply with the due process that our legal
> system affords defendants in such cases because its expensive, and
> because it means explaining their claims to a judge. They don't want to
> deal with ISPs for similar reasons. Frequently, as I'm sure you are
> aware, legal threats are sent out which have absolutely no basis in
> law. The individuals who receive them often have to comply because they
> simply don't have the resources to defend themselves even if they are
> in the right. Consider the archives at http://www.chillingeffects.org/
>
> How much time should be required between, for example, the appearance
> of forged e-mails or wider Internet postings containing libelous
> materials, false accusations aimed at ruining reputations or causing
> massive financial loss, vs. the ability of the aggrieved party to start
> discovering who is behind the attack before reputations or even entire
> organizations are massively damaged?
>
> EXACTLY the amount of time that a COURT needs to deliberatively balance
> the interests of both parties to the dispute. Not every party who
> claims a grievance is in the right! We have a process in the United
> States that allows an aggrieved party to prosecute a John Doe defendant
> and obtain access to that defendant if their claim is reasonable. We
> even have facilities for accelerating the usual processes if the
> circumstances are extenuating. To build an alternate structure with the
> intent of short cutting these processes is to do an end run around our
> democratic system of government!
>
> These are not technical security and reliability issues. These are
> content issues, and they should be dealt with through the legal system,
> not through ICANN. I strongly urge you to carefully reconsider your
> position on this matter.
>
> Tom Cross
> Just an ordinary unknown computer geek.
>
> _______________________________________________
> Politech mailing list
> Archived at http://www.politechbot.com/
> Moderated by Declan McCullagh (http://www.mccullagh.org/)

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
    Pierre Abelard

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827