[whois-sc] RE: [WHOIS-sc] DRAFT 3: Task force 2

["Milton Mueller" <Mueller@xxxxxxx>]

Marilyn:
A technical contact may or may not be all-seeing and all knowing
(though I note with amusement some people's tendency to endow
SECSAC with such omniscience). 

My point is simply that we face a policy issue that involves a
trade-off between privacy concerns and various other values
(e.g., ease of making technical adjustments, or law 
enforcement).

Technical committees have no authority whatsoever on how that 
tradeoff should be made. A good technical person will tell you the
technological or system consequences of making certain policy
choices, but any attempt to pretend as if technical expertise
gives someone the right to *determine* the policy choices is
illegitimate. 

We could make maintenance of the electrical power grid easier
if we gave technicians the right to enter anyone's home
whenever they liked. An electrical engineer might testify
as to the various ways access to homes might be needed to
maintain the stability and security of the electrical power
network. But no one in their right mind would rely on engineers'
testimony to make a policy/legal decision as to whether 
maintenance technicians had a right to enter people's homes
without permission.

>>> "Cade,Marilyn S - LGCRP" <mcade@xxxxxxx> 10/12/03 12:55PM >>>

I recall that the WHOIS TF had a briefing from the SECSAC after receiving their advisory report. I am sure that we could arrange a similar briefing regarding their Advisory for the Steering Committee. 

I disagree with your view, Milton, that only the technical  contact is needed. I think perhaps you are assuming that the technical contact is a "all knowing, all responsible" player inside an  organization.  Rarely the reality. :-)

I think that the data about what information is gathered by the registrars is an important task. I suggest that our chair ask the ICANN staff how that process is going, and whether there is something that "we" can do to be helpful. 

Rather than debating personal views on what we agree with, let's contribute to fact finding. 


202-255-7348c
mcade@xxxxxxx 


-----Original Message-----
From: Milton Mueller [mailto:Mueller@xxxxxxx] 
Sent: Saturday, October 11, 2003 11:36 PM
To: whois-sc@xxxxxxxx; metalitz@xxxxxxxx 
Subject: RE: [whois-sc] DRAFT 3: Task force 2



Inadvertently, you have proved my point. Everything they
want out of Whois can be satisfied by having the technical
contact exclusively. There is utterly no reason, given the
rationale below (incorrect configuration or inappropraite
use), for them to know name of the actual registrant. 
So it looks like we won't have a difficult time coming to an
agreement on this task force, eh? 

>>> Steve Metalitz <metalitz@xxxxxxxx> 10/11/03 12:20PM >>>
>From SECSAC:
The port 43 Whois protocol has traditionally been used by the Internet
community to identify and provide contact information for the person or
organization responsible for many Internet resources, for example, a domain
name or an IP address. It has been successfully used in a cooperative manner
for situations such as informing a person or organization of inappropriate
use of their resource (security), or incorrect configuration of their
resource (stability). Whois data is thus important for the security and
stability of the Internet as the administration and control of Internet
resources is widely distributed.

The accuracy of Whois data used to provide contact information for the party
responsible for an Internet resource must be improved, both at the time of
its initial registration and at regular intervals. Whois records known to be
false or inaccurate must be frozen or held until they can be updated or
removed. Whois records that have information that can not be validated may
be frozen or held until it can be verified.