Re: [ga] Privacy and Whois databases

[Peter Veeck <veeck@texoma.net>]

Srikanth,

Is there a reason I should have to pay to advise you that there is porn on your
site and your email is being returned or being pirated.  I am already paying for
the phone call.  Wouldn't it be better to do it like the phone company where you
have to pay extra for an unlisted number?  That way would be posting a do not
disturb sign.  Do not disturb me if my server goes down. I WANT to know when one
of my servers goes down. I'll continue to hit the delete button 20 times a day,
write complaints, and call toll free numbers.

Peter Veeck

Srikanth Narra wrote:

> Peter
>
> With tools I am pretty sure the market will respond and to find a way out.
>
> >How do you contact the operator of a web site whose DNS has been hijacked
> >by a pornography site?
>
> I was envising a system, pretty much like buying a domain name - go to the
> site of the firm holding whois information, agree to the agreement, pay
> nominal fee by verifiable means (credit card/your account with them) and see
> the information right away. I was relying on similar verifying mechanism as
> in domain name purchase rather than certificate.
>
> >How is the data maintainer going to cover or recover his costs?
>
> >From the nominal fee lots of us pay.
>
> Sri
> -----Original Message-----
> From: Peter Veeck
> To: Srikanth Narra
> Cc: ''ga@dnso.org ' '
> Sent: 10/16/99 9:20 PM
> Subject: Re: [ga] Privacy and Whois databases
>
> My argument is that there are pitifully few tools available to address
> SPAM,
> network abuse, and operational problems.  The registry databases are a
> tool for
> that use.  If your remove them you are removing a piece of the network
> operational structure and must replace it with something. How do you
> contact the
> operator of a web site whose DNS has been hijacked by a pornography
> site?
> Presently you go to the whois and get the phone number of the
> administrator.  If
> you have to go through a process of certification for access, by email
> or snail
> mail you create an unacceptable delay. If you set up prior
> certification, you
> create an extremely large pool of access to the database  which will be
> little
> different than the current system.  How is the data maintainer going to
> cover or
> recover his costs?  If he is consistent with existing databases it
> becomes a
> profit center.  Affluent organization can obtain the data.  You only cut
> off
> access for the individual and non-profit.  Have there not been enough
> concessions
> to business interests already? I offered a solution, tongue in cheek
> admittedly,
> that an enforcement division be established and rejected this personally
> in favor
> of the current system.  The current system requires that a tenet of the
> Internet,
> access to information, be observed. There are other solutions.  RFCs can
> be
> written to require that all mail programs be secure and the messages all
> be
> traceable.  We must bear in mind that RFC compliance is voluntary and
> there is no
> one enforcing compliance.  What I ask, is not to remove a tool for
> network
> administration without either replacing it with another or eliminating
> the need
> for that tool.  Being listed in at least three registry databases I
> understand
> the problem of privacy.  Being a network and server administrator I want
> to keep
> the system working.
>
> Peter Veeck
>
> Srikanth Narra wrote:
>
> > Jeff/Peter
> >
> > Maybe I miss your point a bit. My apologies -bear with me a bit more.
> The
> > information is currently avaliable freely and instantly at finger tips
> for
> > abuse today.
> >
> > The way I see it, under my proposal, we are providing a means for a
> > legitimate liable business firm to come forward and protect the
> information
> > free of cost or at negligible cost to us by means of a workable
> business
> > model.
> >
> > The firms will have to follow all the privacy laws that apply in real
> world
> > (in the country they are incorporated in).
> >
> > As well as - with the strides EU is making with regards to privacy and
> the
> > demands they are placing on overseas companies with regards to
> information
> > about their citizens - in return for allowing for companies to operate
> > smoothly in their countries and/or other wise in various trade
> negociations.
> > And possibilites of other countries taking the lead from that. (in the
> > countries the citizens reside as well).
> >
> > The firms should be expected to have a fairly large sum of amount in
> escrow
> > - initial deposit as well as certain percentage of fees - to pay for
> damages
> > in case of violations.
> >
> > Users can resort to courts if they see a preceived violation. States
> can
> > always resort to international courts/mechanisms, etc over percived
> > violations of their right over their citizens information.
> >
> > Personally I feel a whole lot more comfortable letting the courts /
> > governments beat the firms into evolving in a better manner and
> complying
> > rather than giving more powers or duties to ICANN.
> >
> > User benefits in different scenarios :-
> >
> > >From Spammers angle - The user has records of who made the request
> for his
> > information. Possibily a contract between the firm giving information
> and
> > the user who took the information - binding the information seeker -
> that
> > information would not be used for spamming and any other purposes than
> > stated. For a nominal amount you get information to service the
> person/firm
> > who spammed you. This in itself should make spammers task more
> difficult.
> >
> > >From Stacker angle - The instant email gives you a early alert at the
> least.
> >
> > >From Political persecution - The instant email gives the user a early
> > warning to seek shelter at the least. With all the holocaust and other
> > payments going on, I am sure the firms will do all they can - in a
> purdent
> > and legal manner with regards to the rights of country over
> information in
> > their citizens as well as avoiding becoming a accesory in persecution
> of a
> > individual.
> >
> > Can you put in a easy example model which of these above would be
> worst of
> > than the users are now.
> >
> > Also one thing I would like to state is with whois records - their is
> a huge
> > burden on individuals to keep the records in whois current at all
> times or
> > risk losing the domain ,possibily, under most unreasonable/filmsy of
> > circumstances (eg:-aolsearch.com would make a interesting example).
> >
> > Sri
> >
> > -----Original Message-----
> > From: Jeff Williams
> > To: Srikanth Narra
> > Cc: 'Peter Veeck '; 'Mark C. Langston '; 'ga@dnso.org '
> > Sent: 10/16/99 5:07 AM
> > Subject: Re: [ga] Privacy and Whois databases
> >
> > Sri and all,
> >
> >   My only comments are that this basically puts someone's privacy
> > up for sale at a fixed price no less.  And that if I find that any of
> my
> > regarding any of our DN is sold in this or any other manner the
> > responsible parties can expect to be served immediately.
> >
> > Srikanth Narra wrote:
> >
> > > Peter
> > >
> > > This proposal, if any thing, should act to everyone's advantage in
> > fighting
> > > spam.
> > >
> > > 1. It becomes prohibitively expensive for a spammer to get (or
> > revalidate
> > > your information if you change it) from whois database as they have
> to
> > pay
> > > on a domain by domain basis giving valid reason (however filmsy) for
> > > obtaining your details. The records of such requests exist with the
> > > register.
> > >
> > > 2. Becomes (hopefully) easier for registers to spot someone mining
> the
> > whois
> > > for spamming purposes  - as they will have to make fairly number of
> > > requests. At the least complicates spammer's methods to gather
> > information
> > > as they will have to use multiple identities, etc (remember
> verifiable
> > means
> > > of payment).
> > >
> > > (maybe we can even suggest some guidelines for registers to request
> > for a
> > > additional safety deposit from someone requesting too large a number
> > of
> > > records like couple of thousand - for legal defence or compensation
> > purposes
> > > - to be release back to requester after a certain time lapse)
> > >
> > > 3. Gives you a advance notice that someone is trying to lookup your
> > records
> > > and  why, (automatically and free of cost email to your email
> account
> > -
> > > unlike credit bureaus where you have to request for such
> information)
> > -
> > > giving you a chance to notify register if you suspect its a spammer.
> > or take
> > > precautions if its a potential stacker or political/religious
> > persecuter.
> > >
> > > 4. As far as change from present system - from your additional
> burden
> > > perspective - all that has changed to is, you having to pay nominal
> > fee
> > > (just like a spammer would) to enquire the spammers records. All
> your
> > legal
> > > and other options remain intact  - nothing else changes from present
> > day. A
> > > fair price for the little bit more sanity, peace of mind and
> personal
> > safety
> > > - is it not ?
> > >
> > > Best of all nobody ICANN or anyone gets additional powers or
> > juridiction and
> > > is a market based solution.
> > >
> > > comments ?
> > >
> > > Sri
> > > -----Original Message-----
> > > From: Peter Veeck
> > > To: Mark C. Langston
> > > Cc: ga@dnso.org; Srikanth Narra
> > > Sent: 10/15/99 10:19 PM
> > > Subject: Re: [ga] Privacy and Whois databases
> > >
> > > "Mark C. Langston" wrote:
> > >
> > > > On 15 October 1999, Srikanth Narra <snarra@talus.net> wrote:
> > > >
> > > > >May be we can take a clue from the way credit files are kept in
> US
> > > and use
> > > > >the same model.
> > > > >
> > > > >The whois records stay private with register. Anyone wants to
> take
> > a
> > > look at
> > > > >them pays a nominal amount by verifiable means like credit card
> or
> > a
> > > check
> > > > >for the privileage to see the information. (that should cover the
> > > registers
> > > > >expenses for keeping the records private and to fend the
> queries).
> > >
> > > I use whois to fight spam abuse.  Are  Spam complaints going to be
> > taken
> > > over by
> > > ICANN or a subset thereof?
> > >
> > > Peter Veeck
> >
> > Regards,
> >
> > --
> > Jeffrey A. Williams
> > Spokesman INEGroup (Over 95k members strong!)
> > CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
> > Information Network Eng. Group. INEG. INC.
> > E-Mail jwkckid1@ix.netcom.com
> > Contact Number:  972-447-1894
> > Address: 5 East Kirkwood Blvd. Grapevine Texas 75208