2011/1/31 Lutz Donnerhacke <lutz@iks-jena.de>:
As an AtLarge delegate to the whois review team, I'd like to keep you informed. Of course I'll not talk about interna, but give you background about my activities.
http://wwwneu.iks-jena.de/eng/Blog/That-s-the-way-it-always-have-been or http://wwwneu.iks-jena.de/Blog/Das-war-schon-immer-so
Lutz, you make three assertions: 1. "Coming from AtLarge I do not have to follow economic interests or law enforcement needs, I'd even could ignore the laws itself by expressing end user concerns. I'll not deal with the discussions here or tell stories from the desk, that would only cause trouble." but then go on to comment about LEA use of WHOIS data: "Whois information are rubbishy for law enforcement. Serious crime will not give their real name to start their activities, they use stolen credit cards and forged identities. All those internet service providers and resellers out there can easily be fooled by serious criminals. And real criminals do run their own provider services itself. Nobody would even consider such a worldwide identification scheme for normal internet access today." "Whois information is unusable for law enforcement. Current Whois services are often used to solve low level internet crime." Every time we have heard from law enforcement, there is ongoing and legitimate use of WHOIS, and it does manage to be very useful. At present time, I am involved with two cases, one a spamming case, and the other a phishing incident. In both instances, WHOIS has proven to be very helpful. Despite your dismissing WHOIS as not being useful, I can state unequivocally that this is incorrect. The spammer has left dozens of clues that have allowed us to identify the individual behind the incident, and with the phishers, WHOIS allowed us to protectively block tens of millions of very malicious (malware payload) phishing emails from hitting their intended targets. WHOIS is also used by researchers who assist law enforcement in their preparation of cases. This happens daily, constantly. Obviously, I am unable to speak with specifics in either case at present time, but it is with 100% assuredness that I can say that without WHOIS, we would find it impossible to file charges. As it is, we are much more further along in that regard. Neil Schwartzman Executive Director, CAUCE