DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

[comments-whois] Forwarding of comments to list



-----Original Message-----
From: Marilyn Cade [mailto:marilynscade@hotmail.com]
Thursday, October 17, 2002 1:44 PM
To: Jefferson Nunn; harris@cabase.org.ar
Cc: icann@icann.org; hewitt@icann.org; lynn@icann.org
Subject: Re: FW: Serious Privacy Issue with WhoIS and Valid Phone Numbers


Dear Mr. Nunn


Thank you for your comments. All comments which I receive or any Task Force

member receives, will be forwarded to the public comment site, so that they

are available to the full Task Force, and other interested  parties.   May I

request your permission to do so? Or, if you prefer, it would be simplier if

you posted directly.


We are just at the beginning of the open comment  period. I hope you will

monitor the comments on the dnso site and perhaps contribute further.


You can find the comments site at www.comments-whois@dnso.org.




Marilyn Cade,Co-chair, WHOIS Task force


cc: Antonio Harris, Co-chair








>From: "Jefferson Nunn" <Jefferson@isgca.com>

>To: <marilynscade@hotmail.com>

>CC: <icann@icann.org>,<lynn@icann.org>,<hewitt@icann.org>

>Subject: FW: Serious Privacy Issue with WhoIS and Valid Phone Numbers

>Date: Thu, 17 Oct 2002 10:02:26 -0700




>Please read through the email thread below. My original email is on the

>bottom. Mary's reply is above.


>For the same reasons that I would not want to provide a home number, I

>would not want to provide a work number. Additionally, why should I have to

>pay $40 a month for a voicemailbox when I shouldn't have to provide a phone

>number at all. Now, I will have an additional activity that I would have to

>perform every day to delete all the voicemails from harassers to avoid the

>"your voicemailbox is full" and again be at risk for a $500(!) fine.


>There seems to be an absence of consideration given to private domains.

>Domains like http://www.thomassmith.com and just private individuals that

>want to share basic information between themselves.


>As far as the argument of saying, "just allow your third party

>registrar to

>provide their contact details". Why should a Third Party Registrar be at

>risk for similar activities? Why can't an email and an physical address

>suffice? Email is a far more reliable and documentable activity for the

>purposes of notifications regarding whois and domain registration than

>phone numbers. Phone calls can't be proof-enough for notification even in a

>court of law. If you tape the conversation, you may violate wiretapping



>In any case, again, I believe there is a serious lack of consideration


>foresight given to the topic of the requirement of private individual

>domain holders to provide valid working telephone numbers.






>     -----Original Message-----

>     From: Mary Hewitt [mailto:hewitt@icann.org]

>     Sent: Wed 10/16/2002 4:37 PM

>     To: Jefferson Nunn

>     Cc:

>     Subject: RE: Serious Privacy Issue with WhoIS and Valid Phone Numbers




>     Jefferson,

>     As we discussed briefly on the phone, there are alternatives.  For

>instance, you can provide a work number, or voicemail, etc.

>     This issue is being looked at by the Domain Name Supporting Organization

>headed up by Marilyn Cade. You may want to forward her your email and

>providing her feedback on the Whois issue.  Her email address is Marilyn

>Cade [marilynscade@hotmail.com].


>     below is an update as to what is happening regarding the issue from a

>Washington Internet Daily publication:


>     The Names Council WHOIS Task Force is seeking comments on its interim

>report on how to improve the accuracy and ease of use of the WHOIS database. The

>interim report, which can be found at www.dnso.org, contains several recommendations: (1) Better

>enforcement of global top-level domain (gTLD) registry contracts could improve accuracy of WHOIS data

>without incurring significant additional costs, although some task force members believed some

>enforcement actions could come with costs. (2) Graduated sanctions for erroneous WHOIS data would have a $250

>fine after notice of noncompliance, which would escalate to $500, then $1,000 in 30-day

>increments if action still wasn’t taken to correct the listing. A 5-day suspension of registration rights would

>follow, leading to removal of accreditation if no remedies were undertaken. The task force is seeking comment on the

>possible effectiveness of that graduated approach. (3) Several methods to improve search

>capabilities were proposed. (4) The task force said 89% of respondents said WHOIS information shouldn’t be

>disseminated for marketing purposes unless the registrant opted in. Any comments filed by Oct. 22 will be

>taken into account at the ICANN meeting in Shanghai, the report said, and comments will be accepted until

>Nov. 8 at comments-whois@dnso.org. A final report will be ready in early Dec. for consideration by the ICANN

>board, the task force said.


>     Please let me know if you have any other questions.


>     Best regards,

>     Mary


>     Mary Hewitt

>     ICANN

>     Director of Communications

>     4676 Admiralty Way #330

>     Marina del Rey, CA 90292

>     310-301-5801

>     hewitt@icann.org


>     -----Original Message-----

>     From: Jefferson Nunn [mailto:Jefferson@isgca.com]

>     Sent: Wednesday, October 16, 2002 3:47 PM

>     To: hewitt@icann.org

>     Subject: FW: Serious Privacy Issue with WhoIS and Valid Phone Numbers

>     Importance: High



>     Thanks for the call. Attached is the email I sent previously. Any help

>would be greatly appreciated.


>             -----Original Message-----

>             From: Jefferson Nunn

>             Sent: Wed 10/16/2002 3:21 PM

>             To: 'lynn@icann.org'

>             Cc: 'icann@icann.org'

>             Subject: Serious Privacy Issue with WhoIS and Valid Phone





>             Mr. Lynn,




>             I am writing to you out of concern regarding the issue of

>placing valid phone numbers on privately-held domain records. Presently, I hold the

>domain of Mindragon.com. I first submitted an email about this issue last

>week and I have not heard anything back, so I am resubmitting the request.




>             In case you are unaware, there is a serious electronic war

>presently being waged using the internet. Spammers, Hackers and Vigilantes

>are in abundance on the internet causing threats to privacy, freedom of

>speech and our way of life. I recently wrote an article condemning the

>violent actions of SPEWS.org and its’ affiliates. These people look for

>any information that they can obtain and will use it against you in

>whatever fashion in order to seek retribution for what they feel is a

>threat to them. Shortly after I wrote that article, my spam count rose from

>2-3 per week to 100 to 200 per day. In addition, I received approximately

>30 to 40 new articles of mail per week that could be classified as spam.

>Truly, these people do not have any regard for personal privacy or personal

>freedoms as they supposedly campaign to rid our world of spammers by

>destroying companies and causing tens of millions of dollars in damages.




>             On a similar note, I am surprised that ICANN would choose to

>force its’ registrars to enforce the policy of providing a valid phone number

>through which someone can be personally located. Think about this for a

>moment; if Bill Gates setup www.billgates.com <http://www.billgates.com/> ,

>would you expect to dial 1-800-bill-gates and reach him personally?




>             In fact, ICANN does not enforce this policy at all for its’

>own members. ALEJANDRO PISANTY is listed at

> http://www.icann.org/biog/pisanty.htm as having an email address that

> points to apisan@servidor.unam.mx. Unam.mx according to www.allwhois.com

<http://www.allwhois.com/>  doesn’t have a valid phone number, email

>address, physical address or even an expiration date. He is just one

>person. I found four such listings without even trying on ICANN.org’s





>             I can understand why aol.com should list a valid phone number

>and wouldn’t mind listing 703-265-4670. Not that you will reach an actual

>human at that phone number, but it is an AOL phone number.




>             I cannot understand why a Private Individual, such as myself,

>that is listing a domain that is a Private Website domain is required to list a

>valid phone number that would then subject myself to:




>             1)       Telephone Harassment


>             a.       If you file a complaint with the police, you’d be lucky

>to have the harasser stop. More than likely, they’ll just switch

>phone numbers and continue to harass you.


>             2)       Telemarketing Harassment


>             a.       Supposedly, California is passing a law against this. But

>still, not every state has a law stopping this time-wasting activity


>             3)       Wiretapping (land-lines)


>             a.       Land-lines can be tapped relatively easily. Any spy shop

>has the equipment required to do it. Takes just seconds and you can

>listen to lots of private information. Yeah, it’s illegal, but first you gotta

>know that it is happening. Most people never know.


>             4)       Wiretapping (cell)


>             a.       They have kits that are available on the black market to

>tap into digital cell phone communications. So, that isn’t secure either.




>             It’s one thing to request addresses and email addresses.

>Emails can’t hurt. One can use virus protection, firewalls and tools like

>ad-aware to ensure that the machine is secure. Emails can even be encrypted

>for total security. Spam filters are coming online so that spams will be

>all but eliminated. Snail Mails can go to a Post Office box. If any armed

>bandits show up there, the police can and will be called. So, physical

>addresses can be made secure. Telephones aren’t in the same boat.

>Wiretaps can be made such that people never know that it is happening. And

>lots of private communications go over these wiretaps. So your system,

>presently, condones the activity of Privacy Violations and Identity Theft.

>This is why I placed the number to the local police department. I can

>actually be reached through there, although, it's a bit of a convoluted





>             Now, I find it ironic that registrars are not required to

>check every single domain to ensure that all phone numbers are valid. It’s

>almost tempting to write a routine that sucks down every single domain and

>check every single phone number for validity and auto-submit a complaint to

>ICANN’s complaint system. This is a valid process that conforms to your

>own rules. Any Internet User can request WhoIS information without any

>penalties. Any citizen can place a phone call. Any internet user can submit

>a complaint to ICANN. I’m sure if such a routine were enacted, I would

>shortly receive a letter from your attorney requesting that I stop

>bombarding you with these requests. At that point, I would simply point to

>your so-called “regulations” and state that I am following the rules by

>submitting complaints about invalid whois information. However, just like

>your request to me, this process doesn’t make a damn bit of sense!




>             Therefore, I humbly request that this policy be reconsidered

>in light of present day events and factors that the people writing the

>policies may have been clueless about in 1992. It certainly was a different

>world then.




>             Regards,




>             Jefferson Nunn

>             Chief Information Officer

>             Internet Solution Group, Inc.

>             2535 Townsgate Road

>             Suite 310

>             Westlake Village, CA 91361

>             Tel: (805) 446-2222 x 129

>             Cel: (805) 750-8700











<<< Chronological Index >>>    <<< Thread Index >>>