[ga] A story about Whois and privacy

[Vittorio Bertola <vb@bertola.eu.org>]

A few days ago, I was watching one of my favourite TV shows here in
Italy, and they were showing the following story.

Some people had told the journalists of the show about a very peculiar
online cheat: they had found a .com site advertising sex nights with
very beautiful women (photos included) at the cost of several hundred
Euros (even thousands in some cases). By calling the telephone numbers
found on the site, they were told that they would have to pay in
advance half of the money to get the "date". Money had to be paid to a
given person and postal address through the payment system of the
Post. But of course, when the people paid they never got anything back
- the postal address on the payment bill was fake and by calling back
the website owners they were only getting mocked. (And you can imagine
that these "customers" weren't eager to go to the police to tell the
whole story.)

However, the journalist tried a WHOIS search on the domain, and he
found the same name as on the payment bills - but this time with the
real address! Thanks to WHOIS, he was able to get back to the owner of
the domain. But to his surprise, he discovered that the owner was a
mentally handicapped person living on minimal State subsidies. In the
end, it came out that the true inventors of the fraud had exploited
this person, convinced him to let them have his personal documents,
and used these documents to register the domain and to collect the
money at the Post office. The police was finally called and these
people were caught.

Now, apart from any judgement on suppliers and customers of this
peculiar form of e-commerce, and giving for granted that everything
was true and reported precisely, you may take different conclusions
from this story.

It is true that the people were found thanks to WHOIS, and that for
the "customers" it could have been the only way to get back to the
people behind the service. But it is also true that the police would
have been able to do the same in a minute even without public WHOIS
(either by a private access to WHOIS data, or by tracking down
telephone numbers, or by looking for the name of the person). And what
if, rather than by a journalist, the WHOIS search had been made by an
angry customer? He could have ended chasing up or menacing the wrong
person. 

So, personally, I take it as an indication that cases of "identity
theft" are getting more and more common, and that some action should
be taken; and that there should be a quick way to get back to domain
owners in case of crimes, but it should not be accessible to everyone
without control.
-- 
vb.                  [Vittorio Bertola - vb [at] bertola.eu.org]<---
-------------------> http://bertola.eu.org/ <-----------------------
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html