RE: [ga] scammers using whois privacy

["Roberto Gaetano" <roberto@xxxxxxxxx>]

Karl Auerbach wrote:

> 
> And one of the curative measures that seems to constantly 
> escape the minds of ICANN is that *before* any person should 
> be allowed to examine whois information that person ought to 
> be required to declare, in writing, into a permanent and 
> public archive the following things:

[snip]


I have always problems with statements like "ICANN does not understand" or
the like.
Sure, some people in the ICANN Board or staff or community might be in that
situation, maybe others do understand but cannot change the situation,
others do understand, but disagree, and so on with a variety of approaches
and behaviours that is, IMHO, one of the richness of this environment.

This said, I would like to state what is *not* the opinion of ICANN, or at
least not necessarily, but is *my* opinion.

The matter is extremely complex and far from having one single simple
solution, as the exchange btw. Chris and Karl has shown. For me, the real
problem, besides the fact that there are different opinions and interests
(which is part of the given landscape, and a constraint that cannot be
changed), is the fact that we are trying to use the WhoIs for different
things, that are only loosely connected with the purpose for which the
system was designed.

Karl, or anybody who has a longer experience than myself with the subject,
are welcome to correct me if I am wrong, but the initial purpose of the
WhoIs, and its importance for security and stability matters, is to be able
to identify an entity that can respond if there is a problem with the
corresponding resource (name or address). This does not imply in any way
identification of the owner of the resource, quite the contrary, in the vast
majority of the cases this is an agent with some kind of authority delegated
by the owner. While I agree that the ultimate responsibility stays with the
owner, there is no need to identify the owner in an emergency situation.

May I use an example. Suppose I own a domain name, and suppose that I use
some kind of hosting services for the website. Suppose that my domain name
is used as a relay by a spammer or scammer for his/her activities. It would
not do any good to contact me, because in my ignorance of the internet
technology I would barely understand what they are talking about, ;et alone
to be able to do something to cure the problem. The fact is that, under the
assumptions above, I pay a provider for a service, and if anybody can
intervene, it is the technical staff of the provider, not me.

This for what I understand to be the original purpose of the WhoIs. Another
aspect is to identify, once the emergency has been fixed by the technical
staff, the responsible party who has to pay for the damages, so to speak.
This is a completely different ball game,and although we could use the WhoIs
for storing this kind of information, I personally continue to fail to see
any reason for having this information publicly available.

The problem raised by Chris is a legitimate, but complex one. I don't think
that it would be an appropriate use of the WhoIs to be a repository for
information that have to do with the contents of a web site. The problem of
being able to trust a web site is (again IMHO, not necessarily in the
Board's opinion) something that is related to the trade or other activity
performed on the web site. In simple words, there is the case of the
ecommerce site that claims to sell goods that will never be delivered, but
also the site who gives false information making believe they are an
important news agency, or a fake university that claims to give degrees, or
whatever. I am absolutely convinced that it is the trade organization that
should react to put measures in place as safeguards to the consumers, in
exactly the same way we do have brand protections, guaranteed origin marks
for producers, quality labels, and so on. In short, since illegal activities
do damage the honest traders, the community of the trade has to put in place
measures to protect the traders (and the consumers).

I don't know if we are going to see certificates on websites that guarantee
the contents of the website from the ecommerce point of view, but I do
believe that bodies like the ICC should be looking at this, and that this
solution is more appropriate than to bend the WhoIs system to do something
that it was not designed to do, and also oblige the customers to do searches
for which they might be not technically skilled for rather than being
prompted with some visible sign that will give them the sufficient
confidence that the site can be trusted.

Roberto
(in my personal capacity)