Cogent. I have one or two quibbles - the first one, how would one affirm the registrant's identity? - but this, Karl, provides the substrate for a fairly well-balanced regime between privacy and 'need to know' requirements. Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= On Sat, Jan 8, 2011 at 6:53 PM, Karl Auerbach <karl@cavebear.com> wrote:
On 01/08/2011 02:37 PM, Roberto Gaetano wrote:
I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public. ...the example of car registration: a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public. Actually, I am not aware of any national car registry in which you can access this information without proving that you need it, and qualify yourself. I have not yet heard a convincing argument on why the domain names have to be treated differently.
You've hit on an important point. But first let me make a minor detour...
<begin detour>
If you check the registration of my primary automobile you won't find my name anywhere. There are layers of corporate identities between my name and the name on my automobile registration.
That is neither illicit nor does it oppose the social policies that justify automobile registration.
"Ownership" is a distinct concept from that of "control". There are quite legitimate reasons why ownership (or control) might be indirected through layers of intermediaries. Moreover, there are cases, such as when a person has acquired an automobile on the basis of a loan there are separate and distinct legal and beneficial ownership rights.
<end detour>
The drum beat for privacy busting private regulation of domain name registrations is driven by the desire by various people, some driven by good intent (such as the anti-spam community), some driven by more selfish motives (such as the intellectual property protection [as distinguished from the intellectual property creation] industry). Those groups would dispense with the nuisance of balanced due-process to the data subject.
It is long past time to introduce some balance back into the equation:
For years I have advocated that penetration of domain registrations should require the person making the request do several things:
1. They should announce their identity, personal and organizational (including contact information), and proofs of that identity, which would be recorded, permanently, into an access log.
2. A bond (small, perhaps $100) should be posted to indemnify the data subject should the access be ill founded, vexatious, or made with reckless disregard of facts known, or readily knowable to, the accessor. (There are lots of ways that this requirement could be streamlined to accommodate the needs of consumers - for example the bond could be waived for the first 10 accesses during any 12 month period.)
3. They should make a concise and concrete accusation, into the permanent log, that states why they believe rights they process towards the domain name are being violated. This accusation must be backed by evidence. This accusation could act as an estoppel against the accessor making contrary assertions at a later date.
4. They should be required to enter into a legally binding agreement, with the data subject being granted explicit third party beneficiary rights of enforcement, that constrains the use of the data obtained so that it may not be further disseminated or used for any other purpose than to initiate a dialog with the data subject on the question whether the accusation is well founded or specious.
5. The data subject should be given notice of the access, including the identity of the accessor and the content of the accusation. The data subject would have the right to make that accusation and the identity of the accessor public.
6. On a periodic basis the log of access should be processed so that the name of each accessor, and the number of accesses made, is published to the public. This will help identify access trolls.
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org