RE: [ga] RE: Whois more in detail

["Dominik Filipp" <dominik.filipp@xxxxxxxx>]

Jeff,

if you read the Preliminary Draft and my paper once again you'll find
the most part of your response answered or as holding no merit.

As we are discussing the whois issue as a whole here, some proposals are
expected and worthy. If you have some don't hesitate to post it.
Criticism is fine and often useful but it should be balanced out with
constructive input.

Dominik


-----Original Message-----
From: Jeff Williams [mailto:jwkckid1@xxxxxxxxxxxxx] 
Sent: Wednesday, January 10, 2007 7:50 AM
To: Dominik Filipp; icann whois
Cc: ga
Subject: Re: [ga] RE: Whois more in detail

Dominik and all,

  Let me first and in different words say, privacy is not a "paid
service"
or a special circumstance.  It  IS a right  in some countries, and
codified in law in most countries as to what degree of privacy any
individual or entity has as a right.

 More comments and remarks in response to yours below...

Dominik Filipp wrote:

> Jeff,
>
> firstly, my proposal is just a technical framework on how whois 
> records could be structured and accessed respecting the ideas we've 
> been talking about here.

Dominik, the devil is always in the details.  And in the case of Whois,
in the technical details.

> The 'access modes' mentioned in the proposal, at this very first 
> phase, is nothing but a technical granulation, or an 'access'
> property attached to single whois entry. I'm still persuaded that such

> a granulation is technically important just for supporting different 
> whois policy models being taken into consideration whenever local law 
> enforcement is applied and demanded.

Individuals and NGO's demand privacy, not law enforcement.  Law
enforcement enforces the law, courts adjudicate law, and governments
make law.

>
> As you can see, the current Preliminary Draft on Whois we are about to

> comment now is also focused mainly on technical and structural issues,

> so do I.

  Again as Whois is largely technically oriented, the devil and whatever
policy will largely depend solely in the technical aspects.

> The main difference I see between the Draft and my proposal (I tend to

> say 'our' proposal as I've just taken various ideas from GA into 
> account and put them in a more formalized framework) is a more dynamic

> approach supported in the proposal.

No not 'our' proposal, but your interpretation of what some GA members
have asserted.

> In the Draft the model is somewhat
> fixed in favor of data publishing.

There is no such thing as "Fixed" in either data publishing, and Whois
is not a data publishing application nor was it ever designed or
intended to be, nor is Whois a means of publishing or displaying private
information,

and it was never intended to be.

> If you want more privacy you are
> obligated to qualify for the "Special Circumstances" process which is 
> a paid service and your request can still be refused unless you meet 
> adequate standards for that purpose. At the moment nobody knows what 
> the standards are (or will be) like. As a technical proposal it has 
> nothing to do with law enforcement. The only important question 
> regarding law issues in the technical proposal is whether we are 
> somehow able to manage different (national) policies on technical 
> level, thanks to a suitable granularity.

In one Whois access application it is not possible to manage different
(national) laws or policies.

>
> As far as I remember, there has been a long-term discussion out here 
> supporting the natural human right to keep individual privacy 
> similarly as it's arranged for individual gun holders, driving
licenses, etc.
> Frankly, first when I was reading the Draft I was for publishing as 
> much data as possible regardless of the 'type' of registrants. 
> However, after going further into reading the posts here I've realized

> the importance of individual privacy (over commercial business 
> companies). That's why I've decided to design the proposal more
dynamic.
>
> Secondly, I mean that whois records and the whois policy are two 
> different things. Again, in the Draft, you can notice calling for a 
> meaningful and operational policy capable of enforcing all whois 
> related laws every registrant is obligated to abide by.

Again whom is going to enforce privacy violations for any Whois policy?
Surely not ICANN or ICANN's registrars or registries!

> See, for instance, the
> section Inaccurate Data in the Draft. So, the need for functional 
> whois policy will come forth anyway. At the moment there is just a 
> very hazy understanding of how this could be actually reached, but the

> important question is whether the future whois model will be flexible 
> enough to adapt to possible approaches.

With a single access application it cannot.

> At this very first phase of the new whois model I don't care about the

> policy as well, there will be (I hope) enough room for further 
> discussions over that later.

The Whois policy is grounded and dependent on the technical details of
access methods and/or applications.  Hence not caring about the Whois
policy cannot be a logical approach or logical in and of itself.


>
> Now, let me show an example. The Dutch whois model strongly prefers 
> publishing all data, on the other hand the French model prefers (or
> allows/requires) more privacy. Both models are inherently incompatible

> and none static model can fit both expectations. Yeah, you can still 
> make a classical cut and state that whois record will contain just 
> half of data to 'satisfy' both models. No need to say it's a poor 
> solution that definitely fails in the moment when both governments 
> decide to strictly follow their own laws.
> In the dynamic model the situation is solvable as follows - when the 
> registrant fills in the country in the registration form, the next 
> form (with registrant data) offers suitable 'access modes' according 
> to the country selected; for Dutch registrant the only choice is
'Exposed'
> access mode, for French registrant there are all three modes available

> he/she can choose from. The resulting two whois records perfectly fit 
> the national law requirements.

This will not work because you assume that whomever/registrant is doing
the query will fill inn his or her honest country or origin in the
registration form.
Such a notion is foolish and folly to assume for every query.

>
>
> Sure, there are many open questions remaining. But we are at least 
> able to distinguish between the technical (data & handling) whois 
> structure on one side, and applicable (national) law enforcement 
> related to whois accuracy on the other side. Moreover, they both seem
to be compatible.

No they are not nor can they ever be in one access application.

>
>
> And finally, Jefsey is right, the dynamic model is part of the 
> application level and, indeed, its implementation is more complex than

> the static one. I even think that a new RFC will be necessary. So
what!
> If we are about to design something new let's design it better.

I believe Jefsey ment application layer not application level.  Such
application can be executed at the server level, or at the client level.

>
>
> Dominik
>
> -----Original Message-----
> From: Jeff Williams [mailto:jwkckid1@xxxxxxxxxxxxx]
> Sent: Tuesday, January 09, 2007 12:03 PM
> To: Dominik Filipp; icann whois
> Cc: ga
> Subject: Re: [ga] JFC Morfin: people are not for sale
>
> Dominik and all,
>
>   Interesting musings and thoughts from JFC here.  However Whois is 
> ICANN's baby and ICANN's baby alone in as much as policy for Whois is 
> concerned. W3C, IETF, ect., ect., can of course recommend whatever 
> they wish.  However registrars will have most of the final say in 
> regards to Whois policy.  Yet here inlies the problem, and/or chicken 
> and egg situation in respect to Whois and the different legal concerns

> as to what is considered private information and what is not.  Hence, 
> indeed ICANN's registrars by contract to ICANN will be forced or 
> otherwise recognize ONE standard and/or policy for Whois data and whom

> has access to what data elements in a Whois query.  As privacy 
> protections are being increased in some countries and dramatically 
> eroded in other countries such as the US, a single standard and or 
> policy is necessary if continuity of Whois data is to be maintained 
> and considered accurate and reliable.  Yet different layers as to 
> access can be and are in effect now, can continue to be used as long 
> as the Whois data base itself is not effected or otherwise modified by

> said applications or said applications are tested and approved by 
> ICANN and/or its registrars.
>
>  This all still leaves the concern or challenge of enforcement of any 
> and all privacy violations with respect different laws and legal 
> systems in various nations.  As I have said before, we all have many 
> times witnessed, neither ICANN nor its registrars can or will enforce 
> their own standards and/or contract obligations.

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div.
of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx  Registered Email addr with the USPS Contact
Number: 214-244-4827