RE: [ga] scammers using whois privacy

["Roberto Gaetano" <roberto@xxxxxxxxx>]

Trying to answer several comments on the same subject.

First, the DMV. Funny you quote this example. I used it in the ICANN meeting
in Tunis, I believe in a reply to Steve Metalliz, arguing that the request
for a complete and publicly available WhoIs to search for potential (or
actual) intellectual property infringements (sp?) in domain names would be
equivalent to ask for complete and public access to all car registration
agencies worldwide to allow a multinational corporation to check the cars
they own.

About Jeff's observation on "name and address", when I mentioned resources
as names and addresses, I meant Domain Names, and IP Addresses, not personal
names and addresses. Sorry if it was confused.

About the comment on Karl's proposal, I have heard this already, and I am
not under the impression that Karl intended the data of the requestor to be
made public, but only to be kept logged.

On Chris' comment below about things being different from the early days, my
only point was that I don't think it is a good idea to use the WhoIs for
matters that are not related to the physical characteristics of the resource
(domain name or IP address) to cover other aspects, like for instance the
content of the web site. 
I agree that "ecommerce is huge and the best protection for consumers is a
way for them to know who they are dealing with". All what I am saying is
that the WhoIs is, IMHO, not the best way to solve this problem: I would
argue that the solution to what is essentially a consumer protection issue
should be provided by mechanisms that have always been used to address this
issue in the real world, like trade certificates, quality labels, etc.

Cheers,
Roberto



> -----Original Message-----
> From: kidsearch [mailto:kidsearch@xxxxxxxxxxxxx] 
> Sent: 04 January 2007 15:41
> To: Roberto Gaetano; 'Karl Auerbach'
> Cc: 'Dena Whitebirch'; 'ga'
> Subject: Re: [ga] scammers using whois privacy
> 
> I understand the original purpose Roberto, but in the early 
> days a lot of things were not forseen. Domain names were not 
> supposed to be related to trademarks either. Dot Org was 
> supposed to be nonprofit. ICANN was supposed to elect board members.
> 
> But all nostalgia aside, things have changed. ecommerce is 
> huge and the best protection for consumers is a way for them 
> to know who they are dealing with. Everyone keeps saying, "we 
> have spoken about this many times" as if that means it should 
> not be brought back out on the table. The way things were 
> "intended" to be on the web also has nothing to do with the 
> current situation or problems consumers face on the web.
> 
> Chris McElroy aka NameCritic
> http://www.articlecontentprovider.com
> 
> ----- Original Message -----
> From: "Roberto Gaetano" <roberto@xxxxxxxxx>
> To: "'Karl Auerbach'" <karl@xxxxxxxxxxxx>; "'kidsearch'" 
> <kidsearch@xxxxxxxxxxxxx>
> Cc: "'Dena Whitebirch'" <shore@xxxxxxxxxx>; "'ga'" <ga@xxxxxxxxxxxxxx>
> Sent: Wednesday, January 03, 2007 9:30 AM
> Subject: RE: [ga] scammers using whois privacy
> 
> 
> > Karl Auerbach wrote:
> >
> >>
> >> And one of the curative measures that seems to constantly
> >> escape the minds of ICANN is that *before* any person should
> >> be allowed to examine whois information that person ought to
> >> be required to declare, in writing, into a permanent and
> >> public archive the following things:
> >
> > [snip]
> >
> >
> > I have always problems with statements like "ICANN does not 
> understand" or
> > the like.
> > Sure, some people in the ICANN Board or staff or community 
> might be in 
> > that
> > situation, maybe others do understand but cannot change the 
> situation,
> > others do understand, but disagree, and so on with a 
> variety of approaches
> > and behaviours that is, IMHO, one of the richness of this 
> environment.
> >
> > This said, I would like to state what is *not* the opinion 
> of ICANN, or at
> > least not necessarily, but is *my* opinion.
> >
> > The matter is extremely complex and far from having one 
> single simple
> > solution, as the exchange btw. Chris and Karl has shown. 
> For me, the real
> > problem, besides the fact that there are different opinions 
> and interests
> > (which is part of the given landscape, and a constraint 
> that cannot be
> > changed), is the fact that we are trying to use the WhoIs 
> for different
> > things, that are only loosely connected with the purpose 
> for which the
> > system was designed.
> >
> > Karl, or anybody who has a longer experience than myself 
> with the subject,
> > are welcome to correct me if I am wrong, but the initial 
> purpose of the
> > WhoIs, and its importance for security and stability 
> matters, is to be 
> > able
> > to identify an entity that can respond if there is a 
> problem with the
> > corresponding resource (name or address). This does not 
> imply in any way
> > identification of the owner of the resource, quite the 
> contrary, in the 
> > vast
> > majority of the cases this is an agent with some kind of authority 
> > delegated
> > by the owner. While I agree that the ultimate 
> responsibility stays with 
> > the
> > owner, there is no need to identify the owner in an 
> emergency situation.
> >
> > May I use an example. Suppose I own a domain name, and 
> suppose that I use
> > some kind of hosting services for the website. Suppose that 
> my domain name
> > is used as a relay by a spammer or scammer for his/her 
> activities. It 
> > would
> > not do any good to contact me, because in my ignorance of 
> the internet
> > technology I would barely understand what they are talking 
> about, ;et 
> > alone
> > to be able to do something to cure the problem. The fact is 
> that, under 
> > the
> > assumptions above, I pay a provider for a service, and if 
> anybody can
> > intervene, it is the technical staff of the provider, not me.
> >
> > This for what I understand to be the original purpose of the WhoIs. 
> > Another
> > aspect is to identify, once the emergency has been fixed by 
> the technical
> > staff, the responsible party who has to pay for the 
> damages, so to speak.
> > This is a completely different ball game,and although we 
> could use the 
> > WhoIs
> > for storing this kind of information, I personally continue 
> to fail to see
> > any reason for having this information publicly available.
> >
> > The problem raised by Chris is a legitimate, but complex 
> one. I don't 
> > think
> > that it would be an appropriate use of the WhoIs to be a 
> repository for
> > information that have to do with the contents of a web 
> site. The problem 
> > of
> > being able to trust a web site is (again IMHO, not 
> necessarily in the
> > Board's opinion) something that is related to the trade or 
> other activity
> > performed on the web site. In simple words, there is the case of the
> > ecommerce site that claims to sell goods that will never be 
> delivered, but
> > also the site who gives false information making believe they are an
> > important news agency, or a fake university that claims to 
> give degrees, 
> > or
> > whatever. I am absolutely convinced that it is the trade 
> organization that
> > should react to put measures in place as safeguards to the 
> consumers, in
> > exactly the same way we do have brand protections, 
> guaranteed origin marks
> > for producers, quality labels, and so on. In short, since illegal 
> > activities
> > do damage the honest traders, the community of the trade 
> has to put in 
> > place
> > measures to protect the traders (and the consumers).
> >
> > I don't know if we are going to see certificates on websites that 
> > guarantee
> > the contents of the website from the ecommerce point of 
> view, but I do
> > believe that bodies like the ICC should be looking at this, 
> and that this
> > solution is more appropriate than to bend the WhoIs system 
> to do something
> > that it was not designed to do, and also oblige the customers to do 
> > searches
> > for which they might be not technically skilled for rather 
> than being
> > prompted with some visible sign that will give them the sufficient
> > confidence that the site can be trusted.
> >
> > Roberto
> > (in my personal capacity)
> >