Re: [ga] JFC Morfin: people are not for sale

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Dominik and all,

  Interesting musings and thoughts from JFC here.  However Whois is
ICANN's baby and ICANN's baby alone in as much as policy for
Whois is concerned. W3C, IETF, ect., ect., can of course recommend
whatever they wish.  However registrars will have most of the final
say in regards to Whois policy.  Yet here inlies the problem, and/or
chicken and egg situation in respect to Whois and the different
legal concerns as to what is considered private information and what
is not.  Hence, indeed ICANN's registrars by contract to ICANN
will be forced or otherwise recognize ONE standard and/or policy
for Whois data and whom has access to what data elements in
a Whois query.  As privacy protections are being increased in
some countries and dramatically eroded in other countries such
as the US, a single standard and or policy is necessary if continuity
of Whois data is to be maintained and considered accurate and
reliable.  Yet different layers as to access can be and are in effect
now, can continue to be used as long as the Whois data base
itself is not effected or otherwise modified by said applications or
said applications are tested and approved by ICANN and/or its
registrars.

 This all still leaves the concern or challenge of enforcement of any
and all privacy violations with respect different laws and legal
systems in various nations.  As I have said before, we all have
many times witnessed, neither ICANN nor its registrars can
or will enforce their own standards and/or contract obligations.

Dominik Filipp wrote:

>    --- <Forwarded on JFC's behalf> ---
>
> Dear Chris and Dominik,
> what you call for cannot be provided by the rudimentary Whois
> information system, even if enhanced. You need a site information or
> certificate system as per W3C, etc. This is because that kind of
> solution do not belong to the network layer but to the application
> layer and to procedures to be supported by the browsers, not by the
> network. The HTTP protocol is the same for e-merchants for private
> exchanges. That is the Internet layer (public whois is of no actual
> techical interest and illegal in many countries, so the US attitude
> is actually a layer violation). This means that the proposition of
> Dominik cannot be technically enforced at that layer as Chris
> question it. But it could at the application layer (W3C has a
> proposition I think).
>
> Information disclosure on a site owner should be made necessary when
> a site function asks for information on the user. This is an IETF/W3C
> and legal issue to be discussed at the IGF (I understand that France
> has invited a mid-term IGF meeting this year on the matter through
> the individual indentity issue).
>
> No national culture, practices and laws should be attempted to be
> globally enforced against others.
>
> The real problem we meet here is a lack of analysis, of consideration
> of ISO by the Internet Governance, and of networked digital usage
> oriented Technical Committee at ISO. I do not think it is something
> too much complicate to obtain, if we wanted seriously to document it.
> First you become a member of your national standardisation body
> (ANSI, AFNOR, BSI, DENIC, etc. individuals usually can be). Then you
> follow the procedures. And we ally for an international lobbying.
> This is the kind of things @large should have carried.
>
> In most of the cases people do not oppose: they just do not know
> what/how/why - in this case this is something we could help. This is
> all the more urgent that a replacement of the ISO reference for the
> Internet, by commercial data, is engaged. This can only lead to
> global instability and to a possible Internet split.
> All the best.
> jfc
>
> At 18:51 08/01/2007, kidsearch wrote:
>
> >I see that as completely doable Dominik and appreciate the time you
> >spent on that. One question is would it be enforceable? I mean say I
> >registered a domain nameand said i was a nonprofit or noncomm, but
> >then built a commercial website anyway. There could be a link in the
> >whois, "report this website as noncompliant with whois rules" where
> >users can report that it is a commercial website and not a noncomm.
> >
> >Chris McElroy aka NameCritic
> >http://www.articlecontentprovider.com
> >
> >----- Original Message ----- From: "Dominik Filipp"
> <dominik.filipp@xxxxxxxx>
> >To: "ga" <ga@xxxxxxxxxxxxxx>
> >Sent: Monday, January 08, 2007 7:49 AM
> >Subject: [ga] Whois more in detail
> >
> >
> >>Hi all,
> >>
> >>after reviewing the posts sent here so far, I also tend to prefer
> >>privacy to data disclosure in the whois. However, to satisfy the
> Chris's
> >>(and also my) need, the privacy on whois data should be something
> that
> >>individuals and, possibly, non-com organizations should be allowed
> to
> >>qualify for only.
> >>To be more explicit, my opinion on how the whois record could be
> >>accessed and dealt with (including the ideas from GA) is as follows
> >>
> >>Basically, I agree with dividing the whois record into the Holder
> >>contact and the OPoC contact parts as proposed in the Preliminary
> Draft.
> >>Furthermore, I see three distinct modes in which to access the whois
>
> >>data
> >>
> >>Access Modes
> >>------------
> >>
> >>a) 'Exposed' mode; data is publicly visible when visiting the whois
> page
> >>(much like it works now).
> >>
> >>b) 'On-Request' mode; data is still publicly accessible but
> obtainable
> >>solely via explicit request sent to the registrar that will send the
>
> >>requested data back to the requester's email address. In this case
> the
> >>request (email, IP?) could be logged. The access should avoid
> automatic
> >>data harvesting and make data access more difficult for
> >>spammers/scammers.
> >>The 'request-response' mechanism could be improved by requiring to
> input
> >>an image-code before sending the request, and/or an email
> confirmation
> >>by the requester prior sending the requested data from the registrar
>
> >>back to the requester.
> >>
> >>c) 'Locked' mode; data is inaccessible to public but obtainable on
> >>behalf of explicit eligible requests (subpoena, law enforcement)
> from
> >>registrar (or thick registry).
> >>
> >>WhoIs Data
> >>----------
> >>
> >>1. Holder Part
> >>Holder may at his/her own discretion publish all data (Holder's full
>
> >>address, phone number and email address), but also
> >>
> >>a) if Holder is an individual or a non-com organization then he/she
> may
> >>just publish the name and country/state (short form), or to suppress
>
> >>data publication at all. In such a case the whois record would
> contain
> >>(in the Holder's part) just an assigned Holder's ID.
> >>The fact that the Holder is an individual or a non-com org could be
> >>specified during the domain registration.
> >>All three 'Exposed', 'On-Request', and 'Locked' access are
> applicable
> >>here.
> >>
> >>b) if Holder is a commercial organization then the necessary minimum
>
> of
> >>data published is company name and country/state (but, perhaps,
> more).
> >>Only 'Exposed' access mode is applicable here.
> >>
> >>2. OPoC Part
> >>OPoC contact part could contain full contact information (including
> >>address, phone, and email). However, not all data would be directly
> >>exposed to the public (e.g., phone and email).
> >>The 'Exposed' and 'On-Request' access modes are applicable here.
> >>However, for commercial companies, all OPoC entries should be
> 'Exposed',
> >>except email that could be 'On-Request' (anti-spam precaution).
> >>
> >>As for the granularity of the access modes, one (extreme)
> possibility
> is
> >>to allow to set up specific access mode for each data entry
> (address,
> >>phone, email, etc.); or to specify a set of blocks each sharing the
> same
> >>access mode, etc.
> >>
> >>A whois record could look like
> >>
> >>a) Individual Holder (opting the private whois form)
> >>
> >>I. variant                          II. Variant
> >>----------                          -----------
> >>HOLDER CONTACT [Locked]             HOLDER CONTACT [Locked]
> >>Holder ID: 4523857                  Holder ID: 4523857
> >>
> >>OPERATIONAL CONTACT                 OPERATIONAL CONTACT [On-Request]
>
> >>Name: MyPrivacy Company Ltd.        OPOC ID: 44323578
> >>Postal Address: My Street 123
> >>City: My City
> >>State/Region: My State
> >>Country: My Country
> >>Phone: [On-Request]
> >>Fax: [On-Request]
> >>Email: [On-Request]
> >>
> >>b) Commercial company Holder (opting the maximum allowable private
> form)
> >>
> >>HOLDER CONTACT
> >>Name: MyComm Company Ltd.
> >>State/Region: My State
> >>Country: My Country
> >><perhaps more>
> >>
> >>OPERATIONAL CONTACT
> >>Name: MyContact Company Ltd.
> >>Postal Address: My Street 123
> >>City: My City
> >>State/Region: My State
> >>Country: My Country
> >>Phone: +121546589
> >>Fax: +121546589
> >>Email: [On-Request]
> >>
> >>Obviously, the more data specified in the Holder part the more
> eligible
> >>the com-company could be treated as.
> >>
> >>And, of course, I suppose the full Holder's and OPoC's contact data
> are
> >>stored somewhere at registrar.
> >>
> >>Dominik
>
>   <http://i.msgtag.com/anmh/gkgjwxf/cbzaA/vztagzm/om/zltEksm.gif>
>
>

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827