Re: [ga] RE: Whois more in detail

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Dominik and all,

  Let me first and in different words say, privacy is not a "paid service"
or a special circumstance.  It  IS a right  in some countries, and codified
in law in most countries as to what degree of privacy any individual
or entity has as a right.

 More comments and remarks in response to yours below...

Dominik Filipp wrote:

> Jeff,
>
> firstly, my proposal is just a technical framework on how whois records
> could be structured and accessed respecting the ideas we've been talking
> about here.

Dominik, the devil is always in the details.  And in the case of Whois,
in the technical details.

> The 'access modes' mentioned in the proposal, at this very
> first phase, is nothing but a technical granulation, or an 'access'
> property attached to single whois entry. I'm still persuaded that such a
> granulation is technically important just for supporting different whois
> policy models being taken into consideration whenever local law
> enforcement is applied and demanded.

Individuals and NGO's demand privacy, not law enforcement.  Law
enforcement enforces the law, courts adjudicate law, and governments
make law.

>
> As you can see, the current Preliminary Draft on Whois we are about to
> comment now is also focused mainly on technical and structural issues,
> so do I.

  Again as Whois is largely technically oriented, the devil and whatever
policy will largely depend solely in the technical aspects.

> The main difference I see between the Draft and my proposal (I
> tend to say 'our' proposal as I've just taken various ideas from GA into
> account and put them in a more formalized framework) is a more dynamic
> approach supported in the proposal.

No not 'our' proposal, but your interpretation of what some GA members
have asserted.

> In the Draft the model is somewhat
> fixed in favor of data publishing.

There is no such thing as "Fixed" in either data publishing, and Whois is
not a data publishing application nor was it ever designed or intended
to be, nor is Whois a means of publishing or displaying private information,

and it was never intended to be.

> If you want more privacy you are
> obligated to qualify for the "Special Circumstances" process which is a
> paid service and your request can still be refused unless you meet
> adequate standards for that purpose. At the moment nobody knows what the
> standards are (or will be) like. As a technical proposal it has nothing
> to do with law enforcement. The only important question regarding law
> issues in the technical proposal is whether we are somehow able to
> manage different (national) policies on technical level, thanks to a
> suitable granularity.

In one Whois access application it is not possible to manage different
(national) laws or policies.

>
> As far as I remember, there has been a long-term discussion out here
> supporting the natural human right to keep individual privacy similarly
> as it's arranged for individual gun holders, driving licenses, etc.
> Frankly, first when I was reading the Draft I was for publishing as much
> data as possible regardless of the 'type' of registrants. However, after
> going further into reading the posts here I've realized the importance
> of individual privacy (over commercial business companies). That's why
> I've decided to design the proposal more dynamic.
>
> Secondly, I mean that whois records and the whois policy are two
> different things. Again, in the Draft, you can notice calling for a
> meaningful and operational policy capable of enforcing all whois related
> laws every registrant is obligated to abide by.

Again whom is going to enforce privacy violations for any Whois
policy?  Surely not ICANN or ICANN's registrars or registries!

> See, for instance, the
> section Inaccurate Data in the Draft. So, the need for functional whois
> policy will come forth anyway. At the moment there is just a very hazy
> understanding of how this could be actually reached, but the important
> question is whether the future whois model will be flexible enough to
> adapt to possible approaches.

With a single access application it cannot.

> At this very first phase of the new whois
> model I don't care about the policy as well, there will be (I hope)
> enough room for further discussions over that later.

The Whois policy is grounded and dependent on the technical
details of access methods and/or applications.  Hence not caring
about the Whois policy cannot be a logical approach or logical
in and of itself.


>
> Now, let me show an example. The Dutch whois model strongly prefers
> publishing all data, on the other hand the French model prefers (or
> allows/requires) more privacy. Both models are inherently incompatible
> and none static model can fit both expectations. Yeah, you can still
> make a classical cut and state that whois record will contain just half
> of data to 'satisfy' both models. No need to say it's a poor solution
> that definitely fails in the moment when both governments decide to
> strictly follow their own laws.
> In the dynamic model the situation is solvable as follows - when the
> registrant fills in the country in the registration form, the next form
> (with registrant data) offers suitable 'access modes' according to the
> country selected; for Dutch registrant the only choice is 'Exposed'
> access mode, for French registrant there are all three modes available
> he/she can choose from. The resulting two whois records perfectly fit
> the national law requirements.

This will not work because you assume that whomever/registrant is doing
the query will fill inn his or her honest country or origin in the
registration form.
Such a notion is foolish and folly to assume for every query.

>
>
> Sure, there are many open questions remaining. But we are at least able
> to distinguish between the technical (data & handling) whois structure
> on one side, and applicable (national) law enforcement related to whois
> accuracy on the other side. Moreover, they both seem to be compatible.

No they are not nor can they ever be in one access application.

>
>
> And finally, Jefsey is right, the dynamic model is part of the
> application level and, indeed, its implementation is more complex than
> the static one. I even think that a new RFC will be necessary. So what!
> If we are about to design something new let's design it better.

I believe Jefsey ment application layer not application level.  Such
application can be executed at the server level, or at the client
level.

>
>
> Dominik
>
> -----Original Message-----
> From: Jeff Williams [mailto:jwkckid1@xxxxxxxxxxxxx]
> Sent: Tuesday, January 09, 2007 12:03 PM
> To: Dominik Filipp; icann whois
> Cc: ga
> Subject: Re: [ga] JFC Morfin: people are not for sale
>
> Dominik and all,
>
>   Interesting musings and thoughts from JFC here.  However Whois is
> ICANN's baby and ICANN's baby alone in as much as policy for Whois is
> concerned. W3C, IETF, ect., ect., can of course recommend whatever they
> wish.  However registrars will have most of the final say in regards to
> Whois policy.  Yet here inlies the problem, and/or chicken and egg
> situation in respect to Whois and the different legal concerns as to
> what is considered private information and what is not.  Hence, indeed
> ICANN's registrars by contract to ICANN will be forced or otherwise
> recognize ONE standard and/or policy for Whois data and whom has access
> to what data elements in a Whois query.  As privacy protections are
> being increased in some countries and dramatically eroded in other
> countries such as the US, a single standard and or policy is necessary
> if continuity of Whois data is to be maintained and considered accurate
> and reliable.  Yet different layers as to access can be and are in
> effect now, can continue to be used as long as the Whois data base
> itself is not effected or otherwise modified by said applications or
> said applications are tested and approved by ICANN and/or its
> registrars.
>
>  This all still leaves the concern or challenge of enforcement of any
> and all privacy violations with respect different laws and legal systems
> in various nations.  As I have said before, we all have many times
> witnessed, neither ICANN nor its registrars can or will enforce their
> own standards and/or contract obligations.

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827