Derek Smythe wrote:
I have long suggested that any one who makes an inquiry into the whois data should be obligated to leave an electric "calling card" record that informs the data subject of the name, identity...
We have a perfect world vs a real world scenario here.
In theory the answer would be yes of course. In reality it may not be a good idea.
While the objections you raise are valid, it seems to me that the easier answer is to say that if someone tries to make an inquiry of the whois system and who is unable himself/herself to provide an easily authenticated identification, then the query should be flatly denied (although a record of the attempt should be kept so that the data subject can see how many times a failed assult on his/her privacy has been made.) How might one be authenticated? One place is the already existing bulk whois system in which real money has been handed over - ICANN could keep a list of those people and with a bit of extra stuff (something akin to the CSV on the back of a credit card) list could be used to authenticate whois queriers. Other places could be a set of digital keys - like the ever expanding interlocking ring of PGP/GPG keys. Then there could be the slowly growing (some may say stagnating) reputation services. The burden of proving an authentic ID ought to fall upon the person making the query; we ought not to sacrifice privacy on the altar of the querier's convenience. If the querier can't meet that burden then he/she should be sent packing, which is an aptly ironic result considering that the querier was most trying to penetrate the identity of the domain name. --karl--