Dominik and all,
Let me first and in different words say, privacy is not a "paid service"
or a special circumstance. It IS a right in some countries, and
codified
in law in most countries as to what degree of privacy any individual
or entity has as a right.
More comments and remarks in response to yours below...
Dominik Filipp wrote:
Jeff,
firstly, my proposal is just a technical framework on how whois records
could be structured and accessed respecting the ideas we've been talking
about here.
Dominik, the devil is always in the details. And in the case of Whois,
in the technical details.
The 'access modes' mentioned in the proposal, at this very
first phase, is nothing but a technical granulation, or an 'access'
property attached to single whois entry. I'm still persuaded that such a
granulation is technically important just for supporting different whois
policy models being taken into consideration whenever local law
enforcement is applied and demanded.
Individuals and NGO's demand privacy, not law enforcement. Law
enforcement enforces the law, courts adjudicate law, and governments
make law.
As you can see, the current Preliminary Draft on Whois we are about to
comment now is also focused mainly on technical and structural issues,
so do I.
Again as Whois is largely technically oriented, the devil and whatever
policy will largely depend solely in the technical aspects.
The main difference I see between the Draft and my proposal (I
tend to say 'our' proposal as I've just taken various ideas from GA into
account and put them in a more formalized framework) is a more dynamic
approach supported in the proposal.
No not 'our' proposal, but your interpretation of what some GA members
have asserted.
In the Draft the model is somewhat
fixed in favor of data publishing.
There is no such thing as "Fixed" in either data publishing, and Whois is
not a data publishing application nor was it ever designed or intended
to be, nor is Whois a means of publishing or displaying private
information,
and it was never intended to be.
If you want more privacy you are
obligated to qualify for the "Special Circumstances" process which is a
paid service and your request can still be refused unless you meet
adequate standards for that purpose. At the moment nobody knows what the
standards are (or will be) like. As a technical proposal it has nothing
to do with law enforcement. The only important question regarding law
issues in the technical proposal is whether we are somehow able to
manage different (national) policies on technical level, thanks to a
suitable granularity.
In one Whois access application it is not possible to manage different
(national) laws or policies.
As far as I remember, there has been a long-term discussion out here
supporting the natural human right to keep individual privacy similarly
as it's arranged for individual gun holders, driving licenses, etc.
Frankly, first when I was reading the Draft I was for publishing as much
data as possible regardless of the 'type' of registrants. However, after
going further into reading the posts here I've realized the importance
of individual privacy (over commercial business companies). That's why
I've decided to design the proposal more dynamic.
Secondly, I mean that whois records and the whois policy are two
different things. Again, in the Draft, you can notice calling for a
meaningful and operational policy capable of enforcing all whois related
laws every registrant is obligated to abide by.
Again whom is going to enforce privacy violations for any Whois
policy? Surely not ICANN or ICANN's registrars or registries!
See, for instance, the
section Inaccurate Data in the Draft. So, the need for functional whois
policy will come forth anyway. At the moment there is just a very hazy
understanding of how this could be actually reached, but the important
question is whether the future whois model will be flexible enough to
adapt to possible approaches.
With a single access application it cannot.
At this very first phase of the new whois
model I don't care about the policy as well, there will be (I hope)
enough room for further discussions over that later.
The Whois policy is grounded and dependent on the technical
details of access methods and/or applications. Hence not caring
about the Whois policy cannot be a logical approach or logical
in and of itself.
Now, let me show an example. The Dutch whois model strongly prefers
publishing all data, on the other hand the French model prefers (or
allows/requires) more privacy. Both models are inherently incompatible
and none static model can fit both expectations. Yeah, you can still
make a classical cut and state that whois record will contain just half
of data to 'satisfy' both models. No need to say it's a poor solution
that definitely fails in the moment when both governments decide to
strictly follow their own laws.
In the dynamic model the situation is solvable as follows - when the
registrant fills in the country in the registration form, the next form
(with registrant data) offers suitable 'access modes' according to the
country selected; for Dutch registrant the only choice is 'Exposed'
access mode, for French registrant there are all three modes available
he/she can choose from. The resulting two whois records perfectly fit
the national law requirements.
This will not work because you assume that whomever/registrant is doing
the query will fill inn his or her honest country or origin in the
registration form.
Such a notion is foolish and folly to assume for every query.
Sure, there are many open questions remaining. But we are at least able
to distinguish between the technical (data & handling) whois structure
on one side, and applicable (national) law enforcement related to whois
accuracy on the other side. Moreover, they both seem to be compatible.
No they are not nor can they ever be in one access application.
And finally, Jefsey is right, the dynamic model is part of the
application level and, indeed, its implementation is more complex than
the static one. I even think that a new RFC will be necessary. So what!
If we are about to design something new let's design it better.
I believe Jefsey ment application layer not application level. Such
application can be executed at the server level, or at the client
level.
Dominik
-----Original Message-----
From: Jeff Williams [mailto:jwkckid1@xxxxxxxxxxxxx]
Sent: Tuesday, January 09, 2007 12:03 PM
To: Dominik Filipp; icann whois
Cc: ga
Subject: Re: [ga] JFC Morfin: people are not for sale
Dominik and all,
Interesting musings and thoughts from JFC here. However Whois is
ICANN's baby and ICANN's baby alone in as much as policy for Whois is
concerned. W3C, IETF, ect., ect., can of course recommend whatever they
wish. However registrars will have most of the final say in regards to
Whois policy. Yet here inlies the problem, and/or chicken and egg
situation in respect to Whois and the different legal concerns as to
what is considered private information and what is not. Hence, indeed
ICANN's registrars by contract to ICANN will be forced or otherwise
recognize ONE standard and/or policy for Whois data and whom has access
to what data elements in a Whois query. As privacy protections are
being increased in some countries and dramatically eroded in other
countries such as the US, a single standard and or policy is necessary
if continuity of Whois data is to be maintained and considered accurate
and reliable. Yet different layers as to access can be and are in
effect now, can continue to be used as long as the Whois data base
itself is not effected or otherwise modified by said applications or
said applications are tested and approved by ICANN and/or its
registrars.
This all still leaves the concern or challenge of enforcement of any
and all privacy violations with respect different laws and legal systems
in various nations. As I have said before, we all have many times
witnessed, neither ICANN nor its registrars can or will enforce their
own standards and/or contract obligations.
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
Registered Email addr with the USPS
Contact Number: 214-244-4827