At 2:08 PM -0500 on 2/8/07, Wendy Seltzer wrote to a bunch of us, saying:
Here's the draft report the WHOIS task force is considering <http://forum.icann.org/lists/gnso-dow123/docUOzrntSDL0.doc>
Currently, every domain name registrant is required to enter "accurate" information in the publicly available WHOIS database, including name, address, telephone number, and email address. Those who wish not to have this personal information displayed publicly must pay extra to registrars for "proxy" services which often allow their information to be revealed anyhow when someone challenges the domain registrant's speech. I believe there are serious free speech, privacy, and anonymity concerns with the current system.
ALAC could submit comments to the Task Force and the GNSO. (As Danny Younger has noted, there are procedural problems with the PDP's lack of opportunity to consider public comment, as well as substantive problems with the proposals.)
Hi, So much of this is so entirely divergent from the stance of CAUCE and that of many online security professionals I honestly don't know where to begin, but I will try. WHOIS as it stands now offers one clue of sometimes very few when doing a spam, virus, botnet or spyware investigation. These modern-day technologies are far more serious issue regarding the *constant* breach of end-user privacy (personal identification theft and the wholesale, unabated robbery of end-user monies) than any straw man about an activist somewhere requiring a domain could ever be. The vast majority of investigators who man the ramparts in the fight against such things are not law enforcement agencies nor officials, but ad hoc groups and independents such as myself. Skilled investigators, like the people at The Spamhaus Project http://www.spamhaus.org/rokso use the evidence provided in WHOIS records (often there is a communality among them) to tie pernicious attacks on the very infrastructure of the Internet to the criminal gangs who perpetrate them. As a direct result of this work, there have been numerous takedowns of sites, blocklisting of truly evil mail streams, and follow-through with Law Enforcement Agencies. Law Enforcement Agencies, for example, many of those represented at The London Action Plan and the E.U. Contact Network of Spam Authorities (I am a sitting member of the L.A.P. but do not represent the group) are against WHOIS obfuscation. LEA rely on the unique and highly-skilled abilities of amateur investigators *heavily* in their efforts; needless to say 'amateurs' have no ability to get court orders to open the kimono of an obfuscated WHOIS record. Indeed, the courts of the world would become clogged with such requests were investigations even able to get to such a point were amateurs to be unable to do their work, and the additional lag would afford the bad guys extra time to vanish. At present there are obfuscation facilities available to activists who wish to remain anonymous, for a few dollars more than they are paying for their domain name. Moreover the domain name is an entirely optional in the expression of free speech; there are myriad ways in which one can avail oneself of a soapbox that do not require a domain. No-one 'needs' a domain name any more than they 'need' a driving permit. It is a privilege, not a right. At present time we are in a crisis situation with spam, zombie nets, viruses and spyware, and a circumstance which 'we', the good guys may well lose. Any further concession to the criminal gangs behind these attacks on us all will allow them an advantage which they will surely take; at present they are clearly in control of part, if not a majority of the net* and we cannot afford to hinder investigators who might be able to save what we all implicate ourselves with on a daily basis. In other words, obfuscate WHOIS, it will be exploited immediately and rampantly, and we might not have a network to argue about in the ensuing days. respectfully yours. * Some hysterical hand-wringing on my part: http://www.informationweek.com/research/showArticle.jhtml?articleID=19060015... and something that proves my point. Hackers Attack Key Net Traffic Computers http://hosted.ap.org/dynamic/stories/I/INTERNET_ATTACKS?SITE=WIRE&SECTION=HO... By TED BRIDIS Associated Press Writer -- == Neil Schwartzman Chair, Board of Directors CAUCE Canada: The Canadian Coalition Against Unsolicited Commercial Email Canada: +1 (514) 485-9713 US: +1 (303) 800 6345 UK: 020 8144 6345 Skype: spamfighter666 Fax: +1 (419) 793-0430 [AIM / MSN / Yahoo!]: CAUCECanada [Web]: http://cauce.ca See http://stopspamhere.ca for ways to prevent spam from hitting your inbox.