Bill and all my friends, My response interspersed below.. Bill Silverstein wrote:
Derek and all my friends,
My remarks and comments interspersed.
Indeed true, but many more countries have been strengthening privacy regulations and laws accordingly especially in the EU. Reviewing archives of Whois WG's from ICANN should be aluminating for you, there have been 5 thus far sense 1999. See for instance: www.icann.org/committees/whois/ www.icann.org/gnso/whois-tf/report-19feb03.htm gnso.icann.org/issues/whois-privacy/ gnso.icann.org/issues/whois-privacy/tor.shtml gnso.icann.org/issues/whois-privacy/tor2.shtml and the list goes on and on and on...
I would suspect that if you contractually agree to make information public, then it is permitted to make it public.
Yes, if an only if said contract is in compliance with relevant law, and/or does not require any reduction of privacy rights by law, regulation, or government policy. If any contract contains any language that restricts or requires the forfeit of said legal constraints, that contract, signed or not, is not valid to whatever extent such less than legal conscripts are being circumvented or otherwise suggested to be forfeit.
Remember not all criminals are just spammers and phishers. We also see websites selling non-existent goods, websites set up to act as escrow sites for the non-existent goods and websites pretending to be courier companies that will transport the non existent goods. The same gangs will also set up job scam sites where moneymules will be recruited. We see fake lotteries, fake banks, fake lawyers, even the United Nations, FBI, CIA and Interpol spoofed in other types of scams. These domains are registered with stolen credit card details, by Western Union or other untraceable means. Many of them are in fact hosted on fastflux networks. As such, not to distract from the seriousness of spamming and phishing websites, there are other types of criminal abuse of the internet. In fact many times the same parties are behind these scams as in spam, however each scam type is serving a different purpose and are just part of one larger machine to defraud victims.
All too true indeed, I agree. In fact ICANN has contributed greatly to these problems with registrars such a Registryfly, now thankfully defunct, although much belated in the doing so. False organizations such as the IDNO, which collapsed upon its own false practices once exposed. Two previous questionable attempts by ICANN to create a @large, both of which once exposed for the fraud that they were, collapsed accordingly, and so forth and so on....
ICANN has contributed by this greatly by refusing to enforce actions against registrars. I am of the opinion that ICANN (with a little work with registries) can implement a penalty against violating registrars. This penalty would be the prevention of that registrar from being able to register NEW domains names, but still able to renew and control currently registered domain names.
I fully agree, and to do so would require that the RAA contracts currently being used be modified accordingly, AND that in these contracts now extant, be to the degree legally and practically possible, be enforced without prejudice.
I have reported clearly invalid information to registrars and seen nothing done. ICANN has sent letters to Network Solutions regarding this and the information still is invalid.
Sadly, yes this if true. Same is so with the IETF, in which I have sent several Email letters to the IETF secretariat, posted the evidence to the GA forum on more than one occasion, and strongly requested that the ICANN Board or staff take corrective action. So far, no action appears to have been taken, and the mis configured DNS's remain mis Configured, and as such are to a degree, endangering users to a dangerous level.
The biggest problem is that cyber criminals are the early adopters of new technology, privacy protection being no exception. This causes a major problem for the contemplated legitimate users of privacy protection in this case and is one of the reasons why we will most likely remain in a stalemate situation regarding whois privacy.
Whois privacy must be maintained and would benefit all users and registrants if strengthened significantly. There is not now nor has there ever been a real need for private and personal information regarding a registrant in order to address criminal activity, that is for the courts and LEA's to do with the many tools they already have at their disposal and is often done very effectively with same. Recent examples:Canadian Police Arrest 17 in Alleged Botnet Scheme http://www.cbc.ca/technology/story/2008/02/20/qc-hackers0220.html
http://www.darkreading.com/document.asp?doc_id=146639&WT.svl=news2_2 and "Man Gets Three Years Probation for eMail Harassment"
Your reliance on LEA's and the court is misplaced. I have dealt with LEAs and the FTC with spammers. Robert Soloway had been involved in illegal spamming for a long time. It was not until I found that he used a stolen credit card and registered the domain name under the name of the credit card. Once I got that information to an agent, it took more than 6 months before he was arrested.
I disagree here. Indeed the law often times moves far too slowly. However the old saying 'the wheels of justice grind slowly, but they grind exceedingly fine", I believe still remains largely true. None the less given the lack of LEA manpower, slowness is indeed not wholly satisfactory.
For LEAs to do anything, it has to be sufficiently large. How many reports do you see (where they really have to investigate) that $2,000 USD (or even $20,000) was recovered? Even if the information is anonymous to the public, there needs to be some mechanism to assign a UNIQUE registrant handle so that if a wrongdoer and so that all the domain names registered to this individual (not corporate type entity) can be linked to this individual, and that the point of contact can accept service of process on behalf of this individual.
Often times the little guy or individual is not satisfied or his complaint is not given the desired consideration that complainant believes it should be, and sometimes he/she is correct in that assumption. Yet this in no reasonable way is justification for not using the means and methods under the law and with LEA's not to cooperate with them to the extent possible and in your best as well as the public at large's, interest. Private enterprise cannot substitute for LEA's and should not do so, but private enterprise can work in concert with LEA's as much as practicality and ability allows. This is where ICANN and individuals often times fall short of the mark in being part of the solution.
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln
Regards, Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827