On 12/17/2009 07:14 PM, John R. Levine wrote: I know people who use WHOIS info to deal with scams and frauds on a
daily basis. If you're saying that we're lying, it's hard to have a discussion.
Vigilante justice was also used at times to deal with scams and frauds, but we've learned that that kind of rough process meant that innocent people were too often strung-up along with the horse thieves. Kafka's book "The Trial" begins with a line saying that someone, someone who is never identified, has been asking unknown questions about Joseph K. Whois is right out of Kafka - unknown people dig through our private information for unknown reasons (although clearly the trademark people do it a lot to make accusations.) It would make sense, and also meet a modicum of polite behaviour, if those who are making inquiries into whois left a calling card so that those who are being data-mined at least know the identity of the data-miner. To be a bit more explicit: Whois access rules should be such that anyone who accesses the whois data should be required, as a pre-condition, to: 1. Leave their own identity and contact information, along with authentication of that identity and contact information. 2. Leave a statement stating the particulars, reasons, and factual basis upon which they are making the inquiry - if they can not state reasons then access ought to be denied. This list of reasons and facts could serve a kind of estoppel function should the data-miner use the whois data for another reason. 3. Agree to a privacy policy, with third party beneficiary rights in the data subject, that strongly restricts what use may be made of the data and requiring destruction of the copied data after a period of time. This information should be sent to the data subject so that the domain name owner can know, unlike the unfortunate Joseph K., who is asking questions about him and why. And a summary list of those making data inquiries should be periodically published to the public so that we all can see who are those who are making a large number of whois inquiries and thus who we might reasonably begin to suspect of data mining. --karl--