[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [ga] Privacy and Whois databases

To: "'Peter Veeck '" <veeck@texoma.net>
Subject: RE: [ga] Privacy and Whois databases
From: Srikanth Narra <snarra@talus.net>
Date: Sat, 16 Oct 1999 22:58:56 -0400
Cc: "'''ga@dnso.org ' ' '" <ga@dnso.org>
Sender: owner-ga@dnso.org
Peter

With tools I am pretty sure the market will respond and to find a way out. 

>How do you contact the operator of a web site whose DNS has been hijacked
>by a pornography site?

I was envising a system, pretty much like buying a domain name - go to the
site of the firm holding whois information, agree to the agreement, pay
nominal fee by verifiable means (credit card/your account with them) and see
the information right away. I was relying on similar verifying mechanism as
in domain name purchase rather than certificate.

>How is the data maintainer going to cover or recover his costs?

From the nominal fee lots of us pay.

Sri
-----Original Message-----
From: Peter Veeck
To: Srikanth Narra
Cc: ''ga@dnso.org ' '
Sent: 10/16/99 9:20 PM
Subject: Re: [ga] Privacy and Whois databases

My argument is that there are pitifully few tools available to address
SPAM,
network abuse, and operational problems.  The registry databases are a
tool for
that use.  If your remove them you are removing a piece of the network
operational structure and must replace it with something. How do you
contact the
operator of a web site whose DNS has been hijacked by a pornography
site?
Presently you go to the whois and get the phone number of the
administrator.  If
you have to go through a process of certification for access, by email
or snail
mail you create an unacceptable delay. If you set up prior
certification, you
create an extremely large pool of access to the database  which will be
little
different than the current system.  How is the data maintainer going to
cover or
recover his costs?  If he is consistent with existing databases it
becomes a
profit center.  Affluent organization can obtain the data.  You only cut
off
access for the individual and non-profit.  Have there not been enough
concessions
to business interests already? I offered a solution, tongue in cheek
admittedly,
that an enforcement division be established and rejected this personally
in favor
of the current system.  The current system requires that a tenet of the
Internet,
access to information, be observed. There are other solutions.  RFCs can
be
written to require that all mail programs be secure and the messages all
be
traceable.  We must bear in mind that RFC compliance is voluntary and
there is no
one enforcing compliance.  What I ask, is not to remove a tool for
network
administration without either replacing it with another or eliminating
the need
for that tool.  Being listed in at least three registry databases I
understand
the problem of privacy.  Being a network and server administrator I want
to keep
the system working.

Peter Veeck

Srikanth Narra wrote:

> Jeff/Peter
>
> Maybe I miss your point a bit. My apologies -bear with me a bit more.
The
> information is currently avaliable freely and instantly at finger tips
for
> abuse today.
>
> The way I see it, under my proposal, we are providing a means for a
> legitimate liable business firm to come forward and protect the
information
> free of cost or at negligible cost to us by means of a workable
business
> model.
>
> The firms will have to follow all the privacy laws that apply in real
world
> (in the country they are incorporated in).
>
> As well as - with the strides EU is making with regards to privacy and
the
> demands they are placing on overseas companies with regards to
information
> about their citizens - in return for allowing for companies to operate
> smoothly in their countries and/or other wise in various trade
negociations.
> And possibilites of other countries taking the lead from that. (in the
> countries the citizens reside as well).
>
> The firms should be expected to have a fairly large sum of amount in
escrow
> - initial deposit as well as certain percentage of fees - to pay for
damages
> in case of violations.
>
> Users can resort to courts if they see a preceived violation. States
can
> always resort to international courts/mechanisms, etc over percived
> violations of their right over their citizens information.
>
> Personally I feel a whole lot more comfortable letting the courts /
> governments beat the firms into evolving in a better manner and
complying
> rather than giving more powers or duties to ICANN.
>
> User benefits in different scenarios :-
>
> >From Spammers angle - The user has records of who made the request
for his
> information. Possibily a contract between the firm giving information
and
> the user who took the information - binding the information seeker -
that
> information would not be used for spamming and any other purposes than
> stated. For a nominal amount you get information to service the
person/firm
> who spammed you. This in itself should make spammers task more
difficult.
>
> >From Stacker angle - The instant email gives you a early alert at the
least.
>
> >From Political persecution - The instant email gives the user a early
> warning to seek shelter at the least. With all the holocaust and other
> payments going on, I am sure the firms will do all they can - in a
purdent
> and legal manner with regards to the rights of country over
information in
> their citizens as well as avoiding becoming a accesory in persecution
of a
> individual.
>
> Can you put in a easy example model which of these above would be
worst of
> than the users are now.
>
> Also one thing I would like to state is with whois records - their is
a huge
> burden on individuals to keep the records in whois current at all
times or
> risk losing the domain ,possibily, under most unreasonable/filmsy of
> circumstances (eg:-aolsearch.com would make a interesting example).
>
> Sri
>
> -----Original Message-----
> From: Jeff Williams
> To: Srikanth Narra
> Cc: 'Peter Veeck '; 'Mark C. Langston '; 'ga@dnso.org '
> Sent: 10/16/99 5:07 AM
> Subject: Re: [ga] Privacy and Whois databases
>
> Sri and all,
>
>   My only comments are that this basically puts someone's privacy
> up for sale at a fixed price no less.  And that if I find that any of
my
> regarding any of our DN is sold in this or any other manner the
> responsible parties can expect to be served immediately.
>
> Srikanth Narra wrote:
>
> > Peter
> >
> > This proposal, if any thing, should act to everyone's advantage in
> fighting
> > spam.
> >
> > 1. It becomes prohibitively expensive for a spammer to get (or
> revalidate
> > your information if you change it) from whois database as they have
to
> pay
> > on a domain by domain basis giving valid reason (however filmsy) for
> > obtaining your details. The records of such requests exist with the
> > register.
> >
> > 2. Becomes (hopefully) easier for registers to spot someone mining
the
> whois
> > for spamming purposes  - as they will have to make fairly number of
> > requests. At the least complicates spammer's methods to gather
> information
> > as they will have to use multiple identities, etc (remember
verifiable
> means
> > of payment).
> >
> > (maybe we can even suggest some guidelines for registers to request
> for a
> > additional safety deposit from someone requesting too large a number
> of
> > records like couple of thousand - for legal defence or compensation
> purposes
> > - to be release back to requester after a certain time lapse)
> >
> > 3. Gives you a advance notice that someone is trying to lookup your
> records
> > and  why, (automatically and free of cost email to your email
account
> -
> > unlike credit bureaus where you have to request for such
information)
> -
> > giving you a chance to notify register if you suspect its a spammer.
> or take
> > precautions if its a potential stacker or political/religious
> persecuter.
> >
> > 4. As far as change from present system - from your additional
burden
> > perspective - all that has changed to is, you having to pay nominal
> fee
> > (just like a spammer would) to enquire the spammers records. All
your
> legal
> > and other options remain intact  - nothing else changes from present
> day. A
> > fair price for the little bit more sanity, peace of mind and
personal
> safety
> > - is it not ?
> >
> > Best of all nobody ICANN or anyone gets additional powers or
> juridiction and
> > is a market based solution.
> >
> > comments ?
> >
> > Sri
> > -----Original Message-----
> > From: Peter Veeck
> > To: Mark C. Langston
> > Cc: ga@dnso.org; Srikanth Narra
> > Sent: 10/15/99 10:19 PM
> > Subject: Re: [ga] Privacy and Whois databases
> >
> > "Mark C. Langston" wrote:
> >
> > > On 15 October 1999, Srikanth Narra <snarra@talus.net> wrote:
> > >
> > > >May be we can take a clue from the way credit files are kept in
US
> > and use
> > > >the same model.
> > > >
> > > >The whois records stay private with register. Anyone wants to
take
> a
> > look at
> > > >them pays a nominal amount by verifiable means like credit card
or
> a
> > check
> > > >for the privileage to see the information. (that should cover the
> > registers
> > > >expenses for keeping the records private and to fend the
queries).
> >
> > I use whois to fight spam abuse.  Are  Spam complaints going to be
> taken
> > over by
> > ICANN or a subset thereof?
> >
> > Peter Veeck
>
> Regards,
>
> --
> Jeffrey A. Williams
> Spokesman INEGroup (Over 95k members strong!)
> CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
> Information Network Eng. Group. INEG. INC.
> E-Mail jwkckid1@ix.netcom.com
> Contact Number:  972-447-1894
> Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
Follow-Ups:
- Re: [ga] Privacy and Whois databases
  - From: Peter Veeck <veeck@texoma.net>
Prev by Date: Re: [ga] Privacy and Whois databases
Next by Date: Re: [ga] Privacy and Whois databases
Prev by thread: Re: [ga] Privacy and Whois databases
Next by thread: Re: [ga] Privacy and Whois databases
Index(es):
- Date
- Thread