Derek and all my friends,
My remarks and comments interspersed.
Indeed true, but many more countries have been strengthening privacy regulations and laws accordingly especially in the EU. Reviewing archives of Whois WG's from ICANN should be aluminating for you, there have been 5 thus far sense 1999. See for instance: www.icann.org/committees/whois/ www.icann.org/gnso/whois-tf/report-19feb03.htm gnso.icann.org/issues/whois-privacy/ gnso.icann.org/issues/whois-privacy/tor.shtml gnso.icann.org/issues/whois-privacy/tor2.shtml and the list goes on and on and on...
I would suspect that if you contractually agree to make information public, then it is permitted to make it public.
Remember not all criminals are just spammers and phishers. We also see websites selling non-existent goods, websites set up to act as escrow sites for the non-existent goods and websites pretending to be courier companies that will transport the non existent goods. The same gangs will also set up job scam sites where moneymules will be recruited. We see fake lotteries, fake banks, fake lawyers, even the United Nations, FBI, CIA and Interpol spoofed in other types of scams. These domains are registered with stolen credit card details, by Western Union or other untraceable means. Many of them are in fact hosted on fastflux networks. As such, not to distract from the seriousness of spamming and phishing websites, there are other types of criminal abuse of the internet. In fact many times the same parties are behind these scams as in spam, however each scam type is serving a different purpose and are just part of one larger machine to defraud victims.
All too true indeed, I agree. In fact ICANN has contributed greatly to these problems with registrars such a Registryfly, now thankfully defunct, although much belated in the doing so. False organizations such as the IDNO, which collapsed upon its own false practices once exposed. Two previous questionable attempts by ICANN to create a @large, both of which once exposed for the fraud that they were, collapsed accordingly, and so forth and so on....
ICANN has contributed by this greatly by refusing to enforce actions against registrars. I am of the opinion that ICANN (with a little work with registries) can implement a penalty against violating registrars. This penalty would be the prevention of that registrar from being able to register NEW domains names, but still able to renew and control currently registered domain names. I have reported clearly invalid information to registrars and seen nothing done. ICANN has sent letters to Network Solutions regarding this and the information still is invalid.
The biggest problem is that cyber criminals are the early adopters of new technology, privacy protection being no exception. This causes a major problem for the contemplated legitimate users of privacy protection in this case and is one of the reasons why we will most likely remain in a stalemate situation regarding whois privacy.
Whois privacy must be maintained and would benefit all users and registrants if strengthened significantly. There is not now nor has there ever been a real need for private and personal information regarding a registrant in order to address criminal activity, that is for the courts and LEA's to do with the many tools they already have at their disposal and is often done very effectively with same. Recent examples:Canadian Police Arrest 17 in Alleged Botnet Scheme http://www.cbc.ca/technology/story/2008/02/20/qc-hackers0220.html
http://www.darkreading.com/document.asp?doc_id=146639&WT.svl=news2_2 and "Man Gets Three Years Probation for eMail Harassment"
Your reliance on LEA's and the court is misplaced. I have dealt with LEAs and the FTC with spammers. Robert Soloway had been involved in illegal spamming for a long time. It was not until I found that he used a stolen credit card and registered the domain name under the name of the credit card. Once I got that information to an agent, it took more than 6 months before he was arrested. For LEAs to do anything, it has to be sufficiently large. How many reports do you see (where they really have to investigate) that $2,000 USD (or even $20,000) was recovered? Even if the information is anonymous to the public, there needs to be some mechanism to assign a UNIQUE registrant handle so that if a wrongdoer and so that all the domain names registered to this individual (not corporate type entity) can be linked to this individual, and that the point of contact can accept service of process on behalf of this individual.
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln