Sigh. In what fantasy world do you imagine that there is a process to implement this? Also, in this world, we routinely identify and turn off a thousand or more domains at a time used by criminals, so make sure it scales. If you're saying I have to post a $100,000 bond to track down a pillz spammer, no thanks. On the other hand, if you're proposing that people have to appear in person to a government official and verify their identity before they can register a domain, that's not a bad idea. R's, John
For years I have advocated that penetration of domain registrations should require the person making the request do several things:
1. They should announce their identity, personal and organizational (including contact information), and proofs of that identity, which would be recorded, permanently, into an access log. As long as the same requirements are put on registrants (also see point 6).
2. A bond (small, perhaps $100) should be posted to indemnify the data subject should the access be ill founded, vexatious, or made with reckless disregard of facts known, or readily knowable to, the accessor. (There are lots of ways that this requirement could be streamlined to accommodate the needs of consumers - for example the bond could be waived for the first 10 accesses during any 12 month period.)
The same for the registrant, he should also post a bond. If any allegations are found to be justified, there should be punitive measures in place.
3. They should make a concise and concrete accusation, into the permanent log, that states why they believe rights they process towards the domain name are being violated. This accusation must be backed by evidence. This accusation could act as an estoppel against the accessor making contrary assertions at a later date
Semi agreed. Those accusations should be recorded and be held for at least a period of five years. The records of accusations should be available to to all parties; law enforcement, recognized anti-abuse groups, registrars, registries etc). Just remember the accusation may not only be against the domain name, but may span a range of issues (botnets herders, fake shopfronts ...)
Should the accusation be found to be correct, the registrar or his agent shall upon request by the accuser, also supply all other domain names registered to the same party. This may also be used at other registrars/privacy proxies and like.
4. They should be required to enter into a legally binding agreement, with the data subject being granted explicit third party beneficiary rights of enforcement, that constrains the use of the data obtained so that it may not be further disseminated or used for any other purpose than to initiate a dialog with the data subject on the question whether the accusation is well founded or specious.
The data should also be allowed to be shared with legal authorities and recognized anti-abuse groups, along with any pertinent data (also accusation in point 3). A response is required from the data subject in 24 to 48 hrs maximum for a legal person, 7 days for a natural person. If no such response is forthcoming, the data will be made available as if an affirmative response was received.
Should the registration data be found to be grossly inaccurate (bogus registration details, identity theft etc) then all domains linked to those grossly inaccurate registration details will immediately be suspended. This requirement will be mandatory and span all registrars and registries.
Should a proxy have been used that accept registrations for domains where no registration data is required of the registrant, only the funds for the domain, that proxy provider will be held liable for any harm done by that domain (we have been seeing a lot of these providers of late)
The proxy provider itself may not be registered via another proxy provider. A proxy provider must have a physical address at the stated location.
5. The data subject should be given notice of the access, including the identity of the accessor and the content of the accusation. The data subject would have the right to make that accusation and the identity of the accessor public.
Not sure how that would work for law enforcement and like legitimate bodies.
6. On a periodic basis the log of access should be processed so that the name of each accessor, and the number of accesses made, is published to the public. This will help identify access trolls.
Naturally the accessor has the same rights as the registrant. As such he is also allowed to use proxy providers. Based on the work some inquirers do ,they might have more reason to use such mechanism as mere personal privacy, rather personal safety.