[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ga] Privacy and Whois databases

Let me give you an example of how the privacy of the Texas auto registration
Database works.  The private individual cannot get any information.  The
Companies get the Entire Database for mail lists.

Enforcement of rules/regulatons is a scary subject.  Everybody does not follow
all of the RFC's, does anybody know them all?  There is no abuse@rndtm.net.my,
but there is a mail server with an open relay. nor is there a
Postmaster@telco.co.in but there is a mail server. In theory you shouldn't need
a database to contact a network operator.  You can get a contact from the SOA or
you can mail to the RFC addresses.  In an ideal world none of this would be
necessary so obviously this is not an ideal world.  You can not have governance
without enforcement.

You can solve your privacy issue very easily. Set up SPAM cops under ICANN,
allow only them to have access to the database for investigative purposes.  Set
up ICANN as the clearing house for SPAM complaints.  ICANN could take over MAPS
RBL.  They can also handle network/server intrusion complaints. Of course before
you add someone to the RBL you must have a hearing of some sort so you need
either to have a judicial system or work with a local system.  Will the US allow
anybody else to have judicial authority over their citizens?  They won't even
sign a treaty they instigated. Will the rest of the world freely submit
themselves to US administration. NOT LIKELY, even if as P.T. Barnum said, you
can fool all of the people some of the time.

Personally I would prefer to keep the databases as they are (actually I would
prefer better accuracy of their information) and put up with the aggravations.
I'll do my own policing. I know the present, the future is what is scary.

Getting rid of the registration databases does not get rid of SPAM nor will it
in any way effect network/server security.  There are programs that go out and
sniff the web for email addresses.  Somebody might get my address from this very
email.  How long before one of the indexing companies, there is a profit motive,
starts scavenging their databases for email addresses?  Have you noticed that
there are names, phone numbers, and addresses in the telephone directories.

On another tact,  how much of this privacy argument is driven by profit motive?
My database--my information--my Copyright--PAY ME.

Peter Veeck

Srikanth Narra wrote:

> Peter
> This proposal, if any thing, should act to everyone's advantage in fighting
> spam.
> 1. It becomes prohibitively expensive for a spammer to get (or revalidate
> your information if you change it) from whois database as they have to pay
> on a domain by domain basis giving valid reason (however filmsy) for
> obtaining your details. The records of such requests exist with the
> register.
> 2. Becomes (hopefully) easier for registers to spot someone mining the whois
> for spamming purposes  - as they will have to make fairly number of
> requests. At the least complicates spammer's methods to gather information
> as they will have to use multiple identities, etc (remember verifiable means
> of payment).
> (maybe we can even suggest some guidelines for registers to request for a
> additional safety deposit from someone requesting too large a number of
> records like couple of thousand - for legal defence or compensation purposes
> - to be release back to requester after a certain time lapse)
> 3. Gives you a advance notice that someone is trying to lookup your records
> and  why, (automatically and free of cost email to your email account -
> unlike credit bureaus where you have to request for such information) -
> giving you a chance to notify register if you suspect its a spammer. or take
> precautions if its a potential stacker or political/religious persecuter.
> 4. As far as change from present system - from your additional burden
> perspective - all that has changed to is, you having to pay nominal fee
> (just like a spammer would) to enquire the spammers records. All your legal
> and other options remain intact  - nothing else changes from present day. A
> fair price for the little bit more sanity, peace of mind and personal safety
> - is it not ?
> Best of all nobody ICANN or anyone gets additional powers or juridiction and
> is a market based solution.
> comments ?
> Sri
> -----Original Message-----
> From: Peter Veeck
> To: Mark C. Langston
> Cc: ga@dnso.org; Srikanth Narra
> Sent: 10/15/99 10:19 PM
> Subject: Re: [ga] Privacy and Whois databases
> "Mark C. Langston" wrote:
> > On 15 October 1999, Srikanth Narra <snarra@talus.net> wrote:
> >
> > >May be we can take a clue from the way credit files are kept in US
> and use
> > >the same model.
> > >
> > >The whois records stay private with register. Anyone wants to take a
> look at
> > >them pays a nominal amount by verifiable means like credit card or a
> check
> > >for the privileage to see the information. (that should cover the
> registers
> > >expenses for keeping the records private and to fend the queries).
> I use whois to fight spam abuse.  Are  Spam complaints going to be taken
> over by
> ICANN or a subset thereof?
> Peter Veeck