[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ga] Privacy and Whois databases

My argument is that there are pitifully few tools available to address SPAM,
network abuse, and operational problems.  The registry databases are a tool for
that use.  If your remove them you are removing a piece of the network
operational structure and must replace it with something. How do you contact the
operator of a web site whose DNS has been hijacked by a pornography site?
Presently you go to the whois and get the phone number of the administrator.  If
you have to go through a process of certification for access, by email or snail
mail you create an unacceptable delay. If you set up prior certification, you
create an extremely large pool of access to the database  which will be little
different than the current system.  How is the data maintainer going to cover or
recover his costs?  If he is consistent with existing databases it becomes a
profit center.  Affluent organization can obtain the data.  You only cut off
access for the individual and non-profit.  Have there not been enough concessions
to business interests already? I offered a solution, tongue in cheek admittedly,
that an enforcement division be established and rejected this personally in favor
of the current system.  The current system requires that a tenet of the Internet,
access to information, be observed. There are other solutions.  RFCs can be
written to require that all mail programs be secure and the messages all be
traceable.  We must bear in mind that RFC compliance is voluntary and there is no
one enforcing compliance.  What I ask, is not to remove a tool for network
administration without either replacing it with another or eliminating the need
for that tool.  Being listed in at least three registry databases I understand
the problem of privacy.  Being a network and server administrator I want to keep
the system working.

Peter Veeck

Srikanth Narra wrote:

> Jeff/Peter
> Maybe I miss your point a bit. My apologies -bear with me a bit more. The
> information is currently avaliable freely and instantly at finger tips for
> abuse today.
> The way I see it, under my proposal, we are providing a means for a
> legitimate liable business firm to come forward and protect the information
> free of cost or at negligible cost to us by means of a workable business
> model.
> The firms will have to follow all the privacy laws that apply in real world
> (in the country they are incorporated in).
> As well as - with the strides EU is making with regards to privacy and the
> demands they are placing on overseas companies with regards to information
> about their citizens - in return for allowing for companies to operate
> smoothly in their countries and/or other wise in various trade negociations.
> And possibilites of other countries taking the lead from that. (in the
> countries the citizens reside as well).
> The firms should be expected to have a fairly large sum of amount in escrow
> - initial deposit as well as certain percentage of fees - to pay for damages
> in case of violations.
> Users can resort to courts if they see a preceived violation. States can
> always resort to international courts/mechanisms, etc over percived
> violations of their right over their citizens information.
> Personally I feel a whole lot more comfortable letting the courts /
> governments beat the firms into evolving in a better manner and complying
> rather than giving more powers or duties to ICANN.
> User benefits in different scenarios :-
> >From Spammers angle - The user has records of who made the request for his
> information. Possibily a contract between the firm giving information and
> the user who took the information - binding the information seeker - that
> information would not be used for spamming and any other purposes than
> stated. For a nominal amount you get information to service the person/firm
> who spammed you. This in itself should make spammers task more difficult.
> >From Stacker angle - The instant email gives you a early alert at the least.
> >From Political persecution - The instant email gives the user a early
> warning to seek shelter at the least. With all the holocaust and other
> payments going on, I am sure the firms will do all they can - in a purdent
> and legal manner with regards to the rights of country over information in
> their citizens as well as avoiding becoming a accesory in persecution of a
> individual.
> Can you put in a easy example model which of these above would be worst of
> than the users are now.
> Also one thing I would like to state is with whois records - their is a huge
> burden on individuals to keep the records in whois current at all times or
> risk losing the domain ,possibily, under most unreasonable/filmsy of
> circumstances (eg:-aolsearch.com would make a interesting example).
> Sri
> -----Original Message-----
> From: Jeff Williams
> To: Srikanth Narra
> Cc: 'Peter Veeck '; 'Mark C. Langston '; 'ga@dnso.org '
> Sent: 10/16/99 5:07 AM
> Subject: Re: [ga] Privacy and Whois databases
> Sri and all,
>   My only comments are that this basically puts someone's privacy
> up for sale at a fixed price no less.  And that if I find that any of my
> regarding any of our DN is sold in this or any other manner the
> responsible parties can expect to be served immediately.
> Srikanth Narra wrote:
> > Peter
> >
> > This proposal, if any thing, should act to everyone's advantage in
> fighting
> > spam.
> >
> > 1. It becomes prohibitively expensive for a spammer to get (or
> revalidate
> > your information if you change it) from whois database as they have to
> pay
> > on a domain by domain basis giving valid reason (however filmsy) for
> > obtaining your details. The records of such requests exist with the
> > register.
> >
> > 2. Becomes (hopefully) easier for registers to spot someone mining the
> whois
> > for spamming purposes  - as they will have to make fairly number of
> > requests. At the least complicates spammer's methods to gather
> information
> > as they will have to use multiple identities, etc (remember verifiable
> means
> > of payment).
> >
> > (maybe we can even suggest some guidelines for registers to request
> for a
> > additional safety deposit from someone requesting too large a number
> of
> > records like couple of thousand - for legal defence or compensation
> purposes
> > - to be release back to requester after a certain time lapse)
> >
> > 3. Gives you a advance notice that someone is trying to lookup your
> records
> > and  why, (automatically and free of cost email to your email account
> -
> > unlike credit bureaus where you have to request for such information)
> -
> > giving you a chance to notify register if you suspect its a spammer.
> or take
> > precautions if its a potential stacker or political/religious
> persecuter.
> >
> > 4. As far as change from present system - from your additional burden
> > perspective - all that has changed to is, you having to pay nominal
> fee
> > (just like a spammer would) to enquire the spammers records. All your
> legal
> > and other options remain intact  - nothing else changes from present
> day. A
> > fair price for the little bit more sanity, peace of mind and personal
> safety
> > - is it not ?
> >
> > Best of all nobody ICANN or anyone gets additional powers or
> juridiction and
> > is a market based solution.
> >
> > comments ?
> >
> > Sri
> > -----Original Message-----
> > From: Peter Veeck
> > To: Mark C. Langston
> > Cc: ga@dnso.org; Srikanth Narra
> > Sent: 10/15/99 10:19 PM
> > Subject: Re: [ga] Privacy and Whois databases
> >
> > "Mark C. Langston" wrote:
> >
> > > On 15 October 1999, Srikanth Narra <snarra@talus.net> wrote:
> > >
> > > >May be we can take a clue from the way credit files are kept in US
> > and use
> > > >the same model.
> > > >
> > > >The whois records stay private with register. Anyone wants to take
> a
> > look at
> > > >them pays a nominal amount by verifiable means like credit card or
> a
> > check
> > > >for the privileage to see the information. (that should cover the
> > registers
> > > >expenses for keeping the records private and to fend the queries).
> >
> > I use whois to fight spam abuse.  Are  Spam complaints going to be
> taken
> > over by
> > ICANN or a subset thereof?
> >
> > Peter Veeck
> Regards,
> --
> Jeffrey A. Williams
> Spokesman INEGroup (Over 95k members strong!)
> CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
> Information Network Eng. Group. INEG. INC.
> E-Mail jwkckid1@ix.netcom.com
> Contact Number:  972-447-1894
> Address: 5 East Kirkwood Blvd. Grapevine Texas 75208