Re: [ga] scammers using whois privacy

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Roberto and all,

  No "Name and Address" of any registrant or agent for any registrant
is needed for contact information.  All that is and has ever been
needed is a valid, reachable Email address and phone #.  We, you
and I amongst others have had this debate/discussion before in great
detail.  So again, as was determined in the Whois WG some time
ago, requiring any registrant to provide "Name and Address" before
any Domain name registration can be finalized or excepted is wrong.
It is wrong as well as dangerous as some have registrants have
experienced for a number of reasons which have been discussed
many times.  Of these reasons why "Name and Address" need not
and should not be required by any registrant or their agent, the
most important one has to do with the registrants personal security
in that several reported and documented cases of stalking have
been tracked back to criminals using Whois in order to get
personal and private information for victims, and terrorists to
do likewise with different motives.

  Secondly requiring "Name and Address" of any registrant
OR any registrants agent, also exposes registrant to fraudulent
legal harassment as was shown in the sex.com case for instance,
and as such empowering less than ethical lawyers to harass
registrants without cause and prior due process costing many
registrants far more than they can possibly afford and need not
have been dragged into such schemes had proper and reasonable
privacy practices been incorporated in ICANN's Whois policy
and contractual arrangements with registries and registrars.

Roberto Gaetano wrote:

> Karl Auerbach wrote:
>
> >
> > And one of the curative measures that seems to constantly
> > escape the minds of ICANN is that *before* any person should
> > be allowed to examine whois information that person ought to
> > be required to declare, in writing, into a permanent and
> > public archive the following things:
>
> [snip]
>
> I have always problems with statements like "ICANN does not understand" or
> the like.
> Sure, some people in the ICANN Board or staff or community might be in that
> situation, maybe others do understand but cannot change the situation,
> others do understand, but disagree, and so on with a variety of approaches
> and behaviours that is, IMHO, one of the richness of this environment.
>
> This said, I would like to state what is *not* the opinion of ICANN, or at
> least not necessarily, but is *my* opinion.
>
> The matter is extremely complex and far from having one single simple
> solution, as the exchange btw. Chris and Karl has shown. For me, the real
> problem, besides the fact that there are different opinions and interests
> (which is part of the given landscape, and a constraint that cannot be
> changed), is the fact that we are trying to use the WhoIs for different
> things, that are only loosely connected with the purpose for which the
> system was designed.
>
> Karl, or anybody who has a longer experience than myself with the subject,
> are welcome to correct me if I am wrong, but the initial purpose of the
> WhoIs, and its importance for security and stability matters, is to be able
> to identify an entity that can respond if there is a problem with the
> corresponding resource (name or address). This does not imply in any way
> identification of the owner of the resource, quite the contrary, in the vast
> majority of the cases this is an agent with some kind of authority delegated
> by the owner. While I agree that the ultimate responsibility stays with the
> owner, there is no need to identify the owner in an emergency situation.
>
> May I use an example. Suppose I own a domain name, and suppose that I use
> some kind of hosting services for the website. Suppose that my domain name
> is used as a relay by a spammer or scammer for his/her activities. It would
> not do any good to contact me, because in my ignorance of the internet
> technology I would barely understand what they are talking about, ;et alone
> to be able to do something to cure the problem. The fact is that, under the
> assumptions above, I pay a provider for a service, and if anybody can
> intervene, it is the technical staff of the provider, not me.
>
> This for what I understand to be the original purpose of the WhoIs. Another
> aspect is to identify, once the emergency has been fixed by the technical
> staff, the responsible party who has to pay for the damages, so to speak.
> This is a completely different ball game,and although we could use the WhoIs
> for storing this kind of information, I personally continue to fail to see
> any reason for having this information publicly available.
>
> The problem raised by Chris is a legitimate, but complex one. I don't think
> that it would be an appropriate use of the WhoIs to be a repository for
> information that have to do with the contents of a web site. The problem of
> being able to trust a web site is (again IMHO, not necessarily in the
> Board's opinion) something that is related to the trade or other activity
> performed on the web site. In simple words, there is the case of the
> ecommerce site that claims to sell goods that will never be delivered, but
> also the site who gives false information making believe they are an
> important news agency, or a fake university that claims to give degrees, or
> whatever. I am absolutely convinced that it is the trade organization that
> should react to put measures in place as safeguards to the consumers, in
> exactly the same way we do have brand protections, guaranteed origin marks
> for producers, quality labels, and so on. In short, since illegal activities
> do damage the honest traders, the community of the trade has to put in place
> measures to protect the traders (and the consumers).
>
> I don't know if we are going to see certificates on websites that guarantee
> the contents of the website from the ecommerce point of view, but I do
> believe that bodies like the ICC should be looking at this, and that this
> solution is more appropriate than to bend the WhoIs system to do something
> that it was not designed to do, and also oblige the customers to do searches
> for which they might be not technically skilled for rather than being
> prompted with some visible sign that will give them the sufficient
> confidence that the site can be trusted.
>
> Roberto
> (in my personal capacity)

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827