DNSO Archives: [nc-whois]

ICANN/DNSO DNSO Mailling lists archives

[nc-whois]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [nc-whois] Contribution Of Globally, Publicly Accessible WHOI S Information To Identity Theft And Other Fraud

To: Abel Wisman <abel@able-towers.com>
Subject: Re: [nc-whois] Contribution Of Globally, Publicly Accessible WHOI S Information To Identity Theft And Other Fraud
From: Thomas Roessler <roessler-mobile@does-not-exist.net>
Date: Mon, 10 Mar 2003 23:05:45 +0100
Cc: "'Steve Metalitz'" <metalitz@iipa.com>, "'Ruchika Agrawal'" <agrawal@epic.org>, "'Marilyn Cade'" <mcade@att.com>, "'NC-WHOIS (E-mail)'" <nc-whois@dnso.org>
In-Reply-To: <01ff01c2e720$83b8c7d0$0100a8c0@mephisto>
Mail-Followup-To: Abel Wisman <abel@able-towers.com>,'Steve Metalitz' <metalitz@iipa.com>,'Ruchika Agrawal' <agrawal@epic.org>, 'Marilyn Cade' <mcade@att.com>,"'NC-WHOIS (E-mail)'" <nc-whois@dnso.org>
References: <ED4EC3C54C514942B84B686CDEC7FC055C703B@smsvr2.iiap.com> <01ff01c2e720$83b8c7d0$0100a8c0@mephisto>
Sender: owner-nc-whois@dnso.org
User-Agent: Mutt/1.5.3i

The conclusion from all this is that anyone who's active in
enforcement (even privacy commissioners, when they are wearing that
hat) certainly will view WHOIS as a valuable tool -- but that this
view is just one side of the medal, with concerns like the one cited
by Ruchika being on that medal's other side.

How do you balance these perspectives?  That's precisely the
question future policy work will have to address.  We are, at this
point, in the process of laying the foundations for that work, in
particular by explaining the different perspectives.

Trying to find out now which of these perspectives is the "right
approach" (or asking this or that government entity what kind of
balance they would strike, according to the politics and lobbying
around them) would be pointless and unproductive.  (Besides that, it
would waste time we don't have.)

Both views have merit, and the best thing we can do at this point is
probably to present *both* of them as clearly and accurately as
possible.

Regards,
-- 
Thomas Roessler				<roessler@does-not-exist.org>




On 2003-03-10 16:17:04 -0000, Abel Wisman wrote:
> From: Abel Wisman <abel@able-towers.com>
> To: 'Steve Metalitz' <metalitz@iipa.com>, 'Ruchika  Agrawal' <agrawal@epic.org>, 
>  'Marilyn Cade' <mcade@att.com>, "'NC-WHOIS (E-mail)'" <nc-whois@dnso.org>
> Date: Mon, 10 Mar 2003 16:17:04 -0000
> Subject: RE: [nc-whois] Contribution Of Globally, Publicly Accessible WHOI S 
>  Information To Identity Theft And Other Fraud
> Reply-To: abel@able-towers.com
> Envelope-to: roessler-mobile@does-not-exist.net
> Delivery-date: Mon, 10 Mar 2003 17:19:48 +0100
> Organization: able towers
> X-No-Spam: whitelist
> 
> reply for the staff of the FTC not representing the opinion of the FTC, 
>  
> what argument is it precisely that you are wanting to make ?
>  
> abel
>  
> 
> -----Original Message-----
> From: owner-nc-whois@dnso.org [mailto:owner-nc-whois@dnso.org] On Behalf
> Of Steve Metalitz
> Sent: 10 March 2003 14:01
> To: Steve Metalitz; 'Ruchika Agrawal'; Marilyn Cade; 'NC-WHOIS (E-mail)'
> Subject: RE: [nc-whois] Contribution Of Globally, Publicly Accessible
> WHOI S Information To Identity Theft And Other Fraud
> 
> 
> Attached please find the FTC response to the Task Force survey.  
>  
> Steve Metalitz
>  
> 
> -----Original Message-----
> From: Steve Metalitz [mailto:metalitz@iipa.com]
> Sent: Sunday, March 09, 2003 6:08 PM
> To: 'Ruchika Agrawal'; Marilyn Cade; 'NC-WHOIS (E-mail)'
> Subject: RE: [nc-whois] Contribution Of Globally, Publicly Accessible
> WHOI S Information To Identity Theft And Other Fraud
> 
> 
> 
> If a registrar is in compliance with its obligations under the RAA, it
> is advising its registrants "who is collecting the information, why the
> information is being collected, and how it is going to be used."  I have
> posted the RAA citations previously to this list.  
> 
>  
> 
> "The global, public accessibility of WHOIS data contradict[s] FTC's
> advice"  -- I think this would come as news to the FTC, which has
> strongly supported public access to Whois and which submitted a response
> to our Task Force's survey to that effect.  
> 
>  
> 
> If this is intended as a statement of the FTC's position or approach to
> Whois then I believe we should have the FTC review it.  If it is
> intended as the interpretation by one Task Force member of how FTC
> positions on other aspects of privacy ought to be applied to Whois
> --i.e., as a critique of the FTC's actual Whois position - then that is
> certainly another story, but I am not sure why a critique of alleged
> inconsistency by the FTC belongs in the issues report of this Task
> Force.    
> 
>  
> 
> I am also concerned about the suggestion that "the enforcement of the
> accuracy of Whois data" is an innovative or novel suggestion of this
> Task Force.  These obligations regarding accuracy have been on the books
> for years and have been "enforced" a number of times, whether in the
> sense of registrants losing their registrations for willful submission
> of false data or in terms of ICANN action to enforce the obligation of
> registrars to respond to complaints of false Whois data.  
> 
>  
> 
> Steve Metalitz 
> 
>  
> 
> -----Original Message-----
> From: Ruchika Agrawal [mailto:agrawal@epic.org] 
> Sent: Friday, March 07, 2003 2:01 PM
> To: Cade,Marilyn S - LGCRP; NC-WHOIS (E-mail)
> Subject: [nc-whois] Contribution Of Globally, Publicly Accessible WHOIS
> Information To Identity Theft And Other Fraud
> 
>  
> 
> Dear All:
> 
> Here are the paragraphs on the contribution of globally, publicly
> accessible WHOIS information to identity theft and other fraud:
> 
> The U.S. Federal Trade Commission (FTC) plays a critical role both in
> the investigation of consumer fraud and in the protection of consumers
> from fraud.  According to the FTC's website, "The FTC works for the
> consumer to prevent fraudulent, deceptive and unfair business practices
> in the marketplace and to provide information to help consumers spot,
> stop and avoid them." [See, for example,
> http://www.ftc.gov/bcp/conline/pubs/online/dontharvest.htm]
> 
> 
> 
> 
> In this vein, the FTC advises consumers not to disclose personal
> information, and if consumers choose to disclose personal information,
> they should know who is collecting the information, why the information
> is being collected, and how it is going to be used.   Not only does the
> global, public accessibility of WHOIS data contradict FTC's advice, but
> the consumer, as a domain name registrant, is stripped of these
> abilities, as the registrant has no way of knowing who collected his/her
> WHOIS data, why the information was collected, and how the collector
> intends to use the information.   Further yet, with the enforcement of
> the accuracy of WHOIS data, as is recommended by the WHOIS Task Force,
> consumers will not even have a choice on whether to disclose their
> personal information.  The alternative to relinquish a domain name is
> not giving consumers a genuine choice, and instead infringes on Internet
> free speech.
> 
> 
> 
> 
> The global, public accessibility of WHOIS data imposes risks on domain
> name registrants, and may contribute to identify theft as well as other
> fraud.  The FTC's guidelines in their effort to safeguard consumer
> privacy are applicable to the protection of domain name registrants;
> these safeguards should be appropriately enforced.
> 
> Regards,
> Ruchika
>

References:
- RE: [nc-whois] Contribution Of Globally, Publicly Accessible WHOI S Information To Identity Theft And Other Fraud
  - From: Steve Metalitz <metalitz@iipa.com>
- RE: [nc-whois] Contribution Of Globally, Publicly Accessible WHOI S Information To Identity Theft And Other Fraud
  - From: "Abel Wisman" <abel@able-towers.com>
- RE: [nc-whois] Contribution Of Globally, Publicly Accessible WHOI S Information To Identity Theft And Other Fraud
  - From: "Abel Wisman" <abel@able-towers.com>

<<< Chronological Index >>> <<< Thread Index >>>