ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] RE: Whois more in detail

  • To: Dominik Filipp <dominik.filipp@xxxxxxxx>
  • Subject: Re: [ga] RE: Whois more in detail
  • From: Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
  • Date: Wed, 10 Jan 2007 03:57:38 -0800
  • Cc: icann whois <whois-comments@xxxxxxxxx>, ga <ga@xxxxxxxxxxxxxx>
  • Organization: INEGroup Spokesman
  • References: <CA68B5E734151B4299391DDA5D0AF9BF1078FB@mx1.dsoft.sk>
  • Sender: owner-ga@xxxxxxxxxxxxxx

Dominik and all,

  I already have made several constructive suggestions one of which
was based on an earlier post by you on this very thread.  Maybe you
missed it.  In the case you did miss posts, let be know if you would
like or want the archived URL's for them, and I shall post same
again publicly.

  I have read the Preliminary Draft, and as I have already pointed out,
along with a few others on the GA, it is fatally flawed, and I did provide
as to how and where it is flawed in some significant and factual detail from

a legal aspect and a technical aspect as it directly relates to existing
and pending law/legislation.

  I have at the behest of many of our members, all of whom are registrants,
ask a number of questions which the Preliminary Draft does not address,
and remain unanswered.  I recognize they are very tough questions, and
raise some embarrassing history.  But it is the tough questions that need
and indeed must be answered and addressed adequately if a sound and
legal Whois policy is ever to be arrived at.

  I know it is abundantly clear and factual that no single server level
application can address the many and varied legal requirements of
many different countries, as well as most U.S. states legal requirements
and at the same time provide for privacy and security laws as well
as integrity of access use and data integrity in the Whois data base
itself...

Dominik Filipp wrote:

> Jeff,
>
> if you read the Preliminary Draft and my paper once again you'll find
> the most part of your response answered or as holding no merit.
>
> As we are discussing the whois issue as a whole here, some proposals are
> expected and worthy. If you have some don't hesitate to post it.
> Criticism is fine and often useful but it should be balanced out with
> constructive input.
>
> Dominik
>
> -----Original Message-----
> From: Jeff Williams [mailto:jwkckid1@xxxxxxxxxxxxx]
> Sent: Wednesday, January 10, 2007 7:50 AM
> To: Dominik Filipp; icann whois
> Cc: ga
> Subject: Re: [ga] RE: Whois more in detail
>
> Dominik and all,
>
>   Let me first and in different words say, privacy is not a "paid
> service"
> or a special circumstance.  It  IS a right  in some countries, and
> codified in law in most countries as to what degree of privacy any
> individual or entity has as a right.
>
>  More comments and remarks in response to yours below...
>
> Dominik Filipp wrote:
>
> > Jeff,
> >
> > firstly, my proposal is just a technical framework on how whois
> > records could be structured and accessed respecting the ideas we've
> > been talking about here.
>
> Dominik, the devil is always in the details.  And in the case of Whois,
> in the technical details.
>
> > The 'access modes' mentioned in the proposal, at this very first
> > phase, is nothing but a technical granulation, or an 'access'
> > property attached to single whois entry. I'm still persuaded that such
>
> > a granulation is technically important just for supporting different
> > whois policy models being taken into consideration whenever local law
> > enforcement is applied and demanded.
>
> Individuals and NGO's demand privacy, not law enforcement.  Law
> enforcement enforces the law, courts adjudicate law, and governments
> make law.
>
> >
> > As you can see, the current Preliminary Draft on Whois we are about to
>
> > comment now is also focused mainly on technical and structural issues,
>
> > so do I.
>
>   Again as Whois is largely technically oriented, the devil and whatever
> policy will largely depend solely in the technical aspects.
>
> > The main difference I see between the Draft and my proposal (I tend to
>
> > say 'our' proposal as I've just taken various ideas from GA into
> > account and put them in a more formalized framework) is a more dynamic
>
> > approach supported in the proposal.
>
> No not 'our' proposal, but your interpretation of what some GA members
> have asserted.
>
> > In the Draft the model is somewhat
> > fixed in favor of data publishing.
>
> There is no such thing as "Fixed" in either data publishing, and Whois
> is not a data publishing application nor was it ever designed or
> intended to be, nor is Whois a means of publishing or displaying private
> information,
>
> and it was never intended to be.
>
> > If you want more privacy you are
> > obligated to qualify for the "Special Circumstances" process which is
> > a paid service and your request can still be refused unless you meet
> > adequate standards for that purpose. At the moment nobody knows what
> > the standards are (or will be) like. As a technical proposal it has
> > nothing to do with law enforcement. The only important question
> > regarding law issues in the technical proposal is whether we are
> > somehow able to manage different (national) policies on technical
> > level, thanks to a suitable granularity.
>
> In one Whois access application it is not possible to manage different
> (national) laws or policies.
>
> >
> > As far as I remember, there has been a long-term discussion out here
> > supporting the natural human right to keep individual privacy
> > similarly as it's arranged for individual gun holders, driving
> licenses, etc.
> > Frankly, first when I was reading the Draft I was for publishing as
> > much data as possible regardless of the 'type' of registrants.
> > However, after going further into reading the posts here I've realized
>
> > the importance of individual privacy (over commercial business
> > companies). That's why I've decided to design the proposal more
> dynamic.
> >
> > Secondly, I mean that whois records and the whois policy are two
> > different things. Again, in the Draft, you can notice calling for a
> > meaningful and operational policy capable of enforcing all whois
> > related laws every registrant is obligated to abide by.
>
> Again whom is going to enforce privacy violations for any Whois policy?
> Surely not ICANN or ICANN's registrars or registries!
>
> > See, for instance, the
> > section Inaccurate Data in the Draft. So, the need for functional
> > whois policy will come forth anyway. At the moment there is just a
> > very hazy understanding of how this could be actually reached, but the
>
> > important question is whether the future whois model will be flexible
> > enough to adapt to possible approaches.
>
> With a single access application it cannot.
>
> > At this very first phase of the new whois model I don't care about the
>
> > policy as well, there will be (I hope) enough room for further
> > discussions over that later.
>
> The Whois policy is grounded and dependent on the technical details of
> access methods and/or applications.  Hence not caring about the Whois
> policy cannot be a logical approach or logical in and of itself.
>
> >
> > Now, let me show an example. The Dutch whois model strongly prefers
> > publishing all data, on the other hand the French model prefers (or
> > allows/requires) more privacy. Both models are inherently incompatible
>
> > and none static model can fit both expectations. Yeah, you can still
> > make a classical cut and state that whois record will contain just
> > half of data to 'satisfy' both models. No need to say it's a poor
> > solution that definitely fails in the moment when both governments
> > decide to strictly follow their own laws.
> > In the dynamic model the situation is solvable as follows - when the
> > registrant fills in the country in the registration form, the next
> > form (with registrant data) offers suitable 'access modes' according
> > to the country selected; for Dutch registrant the only choice is
> 'Exposed'
> > access mode, for French registrant there are all three modes available
>
> > he/she can choose from. The resulting two whois records perfectly fit
> > the national law requirements.
>
> This will not work because you assume that whomever/registrant is doing
> the query will fill inn his or her honest country or origin in the
> registration form.
> Such a notion is foolish and folly to assume for every query.
>
> >
> >
> > Sure, there are many open questions remaining. But we are at least
> > able to distinguish between the technical (data & handling) whois
> > structure on one side, and applicable (national) law enforcement
> > related to whois accuracy on the other side. Moreover, they both seem
> to be compatible.
>
> No they are not nor can they ever be in one access application.
>
> >
> >
> > And finally, Jefsey is right, the dynamic model is part of the
> > application level and, indeed, its implementation is more complex than
>
> > the static one. I even think that a new RFC will be necessary. So
> what!
> > If we are about to design something new let's design it better.
>
> I believe Jefsey ment application layer not application level.  Such
> application can be executed at the server level, or at the client level.
>
> >
> >
> > Dominik
> >
> > -----Original Message-----
> > From: Jeff Williams [mailto:jwkckid1@xxxxxxxxxxxxx]
> > Sent: Tuesday, January 09, 2007 12:03 PM
> > To: Dominik Filipp; icann whois
> > Cc: ga
> > Subject: Re: [ga] JFC Morfin: people are not for sale
> >
> > Dominik and all,
> >
> >   Interesting musings and thoughts from JFC here.  However Whois is
> > ICANN's baby and ICANN's baby alone in as much as policy for Whois is
> > concerned. W3C, IETF, ect., ect., can of course recommend whatever
> > they wish.  However registrars will have most of the final say in
> > regards to Whois policy.  Yet here inlies the problem, and/or chicken
> > and egg situation in respect to Whois and the different legal concerns
>
> > as to what is considered private information and what is not.  Hence,
> > indeed ICANN's registrars by contract to ICANN will be forced or
> > otherwise recognize ONE standard and/or policy for Whois data and whom
>
> > has access to what data elements in a Whois query.  As privacy
> > protections are being increased in some countries and dramatically
> > eroded in other countries such as the US, a single standard and or
> > policy is necessary if continuity of Whois data is to be maintained
> > and considered accurate and reliable.  Yet different layers as to
> > access can be and are in effect now, can continue to be used as long
> > as the Whois data base itself is not effected or otherwise modified by
>
> > said applications or said applications are tested and approved by
> > ICANN and/or its registrars.
> >
> >  This all still leaves the concern or challenge of enforcement of any
> > and all privacy violations with respect different laws and legal
> > systems in various nations.  As I have said before, we all have many
> > times witnessed, neither ICANN nor its registrars can or will enforce
> > their own standards and/or contract obligations.
>
> Regards,
>
> --
> Jeffrey A. Williams
> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
> "Obedience of the law is the greatest freedom" -
>    Abraham Lincoln
>
> "Credit should go with the performance of duty and not with what is very
> often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the burden, B;
> liability depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> ===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div.
> of Information Network Eng.  INEG. INC.
> ABA member in good standing member ID 01257402 E-Mail
> jwkckid1@xxxxxxxxxxxxx  Registered Email addr with the USPS Contact
> Number: 214-244-4827

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827





<<< Chronological Index >>>    <<< Thread Index >>>