One of the recommendations of the IRTP-B Policy Development Process (PDP) was for the GNSO to investigate requiring all gTLD Registries to use a "Thick" Whois. With thick Whois, all of the Whois information related to a registration is maintained by the Registry. With "Thin" Whois, the only information maintained by the Registry is the current status of the registration and identification of who the sponsoring Register is; the rest of the information and specifically that related to the Registrant is kept by the Registrar, making Whois a widely distributed database. Currently most Registries use thick Whois, and thick Whois is required for all gTLDs to be created under the new gTLD program. The only Registries that use thin Whois are operated by Verisign, but these of course include .com and .net which constitute the majority of gTLD registrations. In response to the IRTP-B recommendation, the GNSO requested and Issue Report and a preliminary version is now available and has been posted for public comment. Comments on this document will be received until 30 December, 2011. See http://www.icann.org/en/public-comment/thick-whois-preliminary-report-21nov1.... The report confirms that the issue is within the scope of ICANN and the GNSO and recommends that the GNSO initiate a Policy Development Process on the issue. The primary purpose of this comment period is to ensure that the Issue Report does indeed address all of the relevant aspects of the issue. However, it will likely also be the only formal opportunity for the ALAC to state whether it recommends that a PDP should be initiated or not. I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
In iks.lists.icann.at-large, you wrote:
I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
I'd strongly suggest to move to thin WHOIS approaches whererver possible. Thick WHOIS services requires privacy violations as well as violations of various local laws by transfering personal data outside of the jursidiction of the domain name holder. ICANN already started a thin WHOIS services by introducing whois.iana.org. In the thin WHOIS approach each WHOIS server only reports the necessary data in the associated registry (i.e. DS entries as well as Glue for NS, AAAA, A) and information about the contract on which the data was inserted or modified. Because the contract information contains a referal to the next WHOIS server, the chain of responsibility can be followed easily. Sorry, thick WHOIS is a thick mistake (especially for an "end user" stakeholder like AtLarge). PS: Please forgive me to not using the terminology from SAC051.
At 22/11/2011 03:25 AM, Lutz Donnerhacke wrote:
In iks.lists.icann.at-large, you wrote:
I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
I'd strongly suggest to move to thin WHOIS approaches whererver possible. Thick WHOIS services requires privacy violations as well as violations of various local laws by transfering personal data outside of the jursidiction of the domain name holder.
ICANN already started a thin WHOIS services by introducing whois.iana.org. In the thin WHOIS approach each WHOIS server only reports the necessary data in the associated registry (i.e. DS entries as well as Glue for NS, AAAA, A) and information about the contract on which the data was inserted or modified. Because the contract information contains a referal to the next WHOIS server, the chain of responsibility can be followed easily.
Sorry, thick WHOIS is a thick mistake (especially for an "end user" stakeholder like AtLarge).
PS: Please forgive me to not using the terminology from SAC051.
Thick Whois is required for all new gTLDs. Has At-Large/ALAC ever put in a recommendation that ICANN specify Thin Whois instead for all new gTLDs? Alan
Thick Whois is required for all new gTLDs. Has At-Large/ALAC ever put in a recommendation that ICANN specify Thin Whois instead for all new gTLDs?
No, since that's about the most egregiously anti-consumer pro-crime recomnmendation it could make. It would also make it clear that the ALAC is stuck in about 1996. For every vanity domain holder who's worried that he will get more spam, there are hundreds or thousands of domains used by criminals. If we believe we have responsibility to the vast majority of Internet users who use domains and will never register one, the more accountability for domain holders, the better. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
On 22 November 2011 03:25, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
In iks.lists.icann.at-large, you wrote:
I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
I'd strongly suggest to move to thin WHOIS approaches whererver possible. Thick WHOIS services requires privacy violations as well as violations of various local laws by transfering personal data outside of the jursidiction of the domain name holder.
I disagree strongly. Thin WHOIS allows domain owners to hide from people who may have been harmed by actions on their site(s). Internet domains are, by their nature, public instruments to be used to help people find Internet content. This is one area in which privacy, by and large is the realm of people hiding from (what I believe to be) legitimate investigation. I do not believe that, in this case, the public should be denied information available to law enforcement. I would remind that At-Large is charged with protecting the interests of Internet end users, not registrants. Registrants have an interest in being able to hide. End users have an interest in domain owner accountability and transparency. I favour thick WHOIS. - Evan
In iks.lists.icann.at-large, you wrote:
On 22 November 2011 03:25, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
I'd strongly suggest to move to thin WHOIS approaches whererver possible. Thick WHOIS services requires privacy violations as well as violations of various local laws by transfering personal data outside of the jursidiction of the domain name holder.
I disagree strongly.
So, let's agree to disagree.
Thin WHOIS allows domain owners to hide from people who may have been harmed by actions on their site(s).
No, thin WHOIS provides you the chain of responsibility down to the reseller which has the real contract with the domain owner. If there is a fraudulent player in the chain you obtain the next responsible partner and the nature of the contract from the thin WHOIS approach. With thick WHOIS, you only have an invalidate record in the database. You have to speak to compliance, which in term speak with the registry in order to find out, which registrar might be responsible for validating the data from the reseller backend better ...
Internet domains are, by their nature, public instruments to be used to help people find Internet content. This is one area in which privacy, by and large is the realm of people hiding from (what I believe to be) legitimate investigation. I do not believe that, in this case, the public should be denied information available to law enforcement.
Law enforcement is a big problem with thick WHOIS: They are often not even allowed to access the data, but use WHOIS services to circumvent the national laws which should restrict themself. OTOH if the crime investigated is major, why do you believe that the WHOIS data is correct? It would be more than silly for a criminal to use the correct information in preparing a crime. So LAE reports, that they can't use WHOIS services for real crime at all. They even have to assume, that the registar in question is run/paid by the criminals. LAE love to use WHOIS services for very low level crime, but in this case they bypass the international accepted rules for cooperation. So please let me state, tha especially Law enforcement is one of the real non-users of WHOIS services (if they would work according local law).
I would remind that At-Large is charged with protecting the interests of Internet end users, not registrants. Registrants have an interest in being able to hide. End users have an interest in domain owner accountability and transparency.
You deny end users the right to take part in the Internet. You define end users to fulfill the role of a sole customer only. I do disagree with this classification.
On 22 November 2011 11:15, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
In iks.lists.icann.at-large, you wrote:
On 22 November 2011 03:25, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
No, thin WHOIS provides you the chain of responsibility down to the reseller which has the real contract with the domain owner.
The reseller is merely the provider of the domain. There are very few industries I can think of in which the reseller is expected to maintain publicly-accessible information on the owner.
If there is a fraudulent player in the chain you obtain the next responsible partner and the nature of the contract from the thin WHOIS approach.
I don't owe a reseller a rationale of why I need the domain owner's information. In the case of existing identity proxies such as automobile license plates, it is government not industry that maintains contact information and it is usually a criminal offense to maintain false information. That may be a reasonable alternative but should be discussed further in an At-Large context.
With thick WHOIS, you only have an invalidate record in the database.
Maintaining an invalidate record is an act of fraud and should be treated as one.
Internet domains are, by their nature, public instruments to be used to help people find Internet content. This is one area in which privacy, by and large is the realm of people hiding from (what I believe to be) legitimate investigation. I do not believe that, in this case, the public should be denied information available to law enforcement.
Law enforcement is a big problem with thick WHOIS
That is a policy issue which can -- and should -- be solved.
I would remind that At-Large is charged with protecting the interests of Internet end users, not registrants. Registrants have an interest in being able to hide. End users have an interest in domain owner accountability and transparency.
You deny end users the right to take part in the Internet.
End users do not buy domains. Their level of participation is at a different level and they are not part of the ICANN food chain.
I do disagree with this classification.
You are welcome to disagree, but the role of At-Large is now fairly well defined in the ICANN bylaws and that is what we work with. There are many other constituencies within ICANN who are charged with speaking for registrants. At-Large is the only body within ICANN that speaks for end-users who are adversely impacted by opaque and unaccountable domain ownership information. - Evan
On 22/11/11 17:34, Evan Leibovitch wrote:
End users do not buy domains. Their level of participation is at a different level and they are not part of the ICANN food chain.
I do disagree with this classification. You are welcome to disagree, but the role of At-Large is now fairly well defined in the ICANN bylaws and that is what we work with. There are many other constituencies within ICANN who are charged with speaking for registrants. At-Large is the only body within ICANN that speaks for end-users who are adversely impacted by opaque and unaccountable domain ownership information.
At USD 15 a year, anyone can buy domain names, even individuals. You can even get email hosting and a blog included at that price. Hence, there are no reason why the At-Large should not care about these individual Internet users. If there was a ICANN constituency or AC representing the interests of individual domain names registrants, I would be most interested to know which one. Patrick
Evan Leibovitch, Toronto Canada Em: evan at telly dot org Sk: evanleibovitch Tw: el56 On 22 November 2011 11:52, Patrick Vande Walle <patrick@vande-walle.eu>wrote:
At USD 15 a year, anyone can buy domain names, even individuals. You can even get email hosting and a blog included at that price. Hence, there are no reason why the At-Large should not care about these individual Internet users.
The distinction is one of function, not price. The proportion of the Internet-using public that owns a domain is extremely small. You do not need to own a domain to participate on the Internet, to create or to consume.
If there was a ICANN constituency or AC representing the interests of individual domain names registrants, I would be most interested to know which one.
The Non-Commercial User Constituency (of GNSO) welcomes individual members and has an explicit mandate to represent registrants. You've been around ICANN long enough that I'm surprised you were not aware of this. - Evan
Good afternoon: I must say that I am inclined towards Evan's point of view. The "thick" Whois model was initially developed to correct the mistakes of the NSI/VSGN era. It is still valid. It is used for most gTLDs and for ccTLDs. I am not convinced that it is time to change. I shall read other contributions to this thread with interest. Regards, CW On 22 Nov 2011, at 16:38, Evan Leibovitch wrote:
On 22 November 2011 03:25, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
In iks.lists.icann.at-large, you wrote:
I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
I'd strongly suggest to move to thin WHOIS approaches whererver possible. Thick WHOIS services requires privacy violations as well as violations of various local laws by transfering personal data outside of the jursidiction of the domain name holder.
I disagree strongly.
Thin WHOIS allows domain owners to hide from people who may have been harmed by actions on their site(s).
Internet domains are, by their nature, public instruments to be used to help people find Internet content. This is one area in which privacy, by and large is the realm of people hiding from (what I believe to be) legitimate investigation. I do not believe that, in this case, the public should be denied information available to law enforcement.
I would remind that At-Large is charged with protecting the interests of Internet end users, not registrants. Registrants have an interest in being able to hide. End users have an interest in domain owner accountability and transparency.
I favour thick WHOIS.
- Evan _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
I agree with evan. Rgds, McTim On Nov 22, 2011 6:39 PM, "Evan Leibovitch" <evan@telly.org> wrote:
On 22 November 2011 03:25, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
In iks.lists.icann.at-large, you wrote:
I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
I'd strongly suggest to move to thin WHOIS approaches whererver possible. Thick WHOIS services requires privacy violations as well as violations of various local laws by transfering personal data outside of the jursidiction of the domain name holder.
I disagree strongly.
Thin WHOIS allows domain owners to hide from people who may have been harmed by actions on their site(s).
Internet domains are, by their nature, public instruments to be used to help people find Internet content. This is one area in which privacy, by and large is the realm of people hiding from (what I believe to be) legitimate investigation. I do not believe that, in this case, the public should be denied information available to law enforcement.
I would remind that At-Large is charged with protecting the interests of Internet end users, not registrants. Registrants have an interest in being able to hide. End users have an interest in domain owner accountability and transparency.
I favour thick WHOIS.
- Evan _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 22/11/11 16:38, Evan Leibovitch wrote:
I would remind that At-Large is charged with protecting the interests of Internet end users, not registrants. Registrants have an interest in being able to hide. End users have an interest in domain owner accountability and transparency.
I favour thick WHOIS.
To me, the basic question is not if the WHOIS is thick or thin, but rather who queries my domain name, when and for what purpose and how I can be sure that the data is used by the right people for lawful purposes in a proportionate manner. In any case, criminals will continue to put invalid data in the WHOIS, whether thick or thin. Cheating on identity is nothing new. This has been the case for as long as mankind has existed. As for the Internet end users registering domain names, I do not think we have any figures of what percentage actually know what WHOIS is, let alone know that their private phone number, home address is available for everyone to see. If registrars added a big warning in red letters on their web site saying so, rather than 10 pages long legalese, they would lose a lot of potential sales in gTLDs. Patrick
Evan Leibovitch, Toronto Canada Em: evan at telly dot org Sk: evanleibovitch Tw: el56 On 22 November 2011 11:44, Patrick Vande Walle <patrick@vande-walle.eu>wrote:
In any case, criminals will continue to put invalid data in the WHOIS, whether thick or thin. Cheating on identity is nothing new.
Yes. But clearly ICANN complaince has neither the resources nor the will to prevent this. It ought to be brought to the realm of conventional laws such as fraud. If registrars added a big warning in red letters on their web site saying
so, rather than 10 pages long legalese, they would lose a lot of potential sales in gTLDs.
Maximizing sales of gTLDs is not, as far as I know, a strategic objective of the At-Large Community. - Evan
On 11/22/2011 07:38 AM, Evan Leibovitch wrote:
Internet domains are, by their nature, public instruments to be used to help people find Internet content.
I strongly disagree. A domain name is a sequence of keys into a distributed database of records or several types ranging from text to addresses to crypto keys to lat/long coordinates. For instance I have the text of the Magna Carta stored in DNS records. Those records may be, and often are, opaque and meaningful only to a few people, for example address records that contain addresses in private IP address spaces. And by using the phrase "find internet content" you are conflating the internet, to which the DNS pertains, with the much smaller thing called the World Wide Web. The real technical problem is that on the internet there is not a uniform scheme of identification and authentication of identity. Thus on the world wide web (and on the net in general) connections are made on the presumption that a domain name mapping is somehow more than a hint. What people are doing on the net today is as if they grabbed a telephone book, looked up a physician, dialed the number, and then without any validation that they are actually talking to the physician they blurt out their deep secrets. In real life real people have long since learned that when a telephone call is made that one of the first steps performed is a degree of validation that the other party is who he/she is believed to be. We don't do that on the internet - it is a flaw in the architecture of the net. We do have IPsec, but we don't use it. And TLS is often one way or not validated back to a trusted certificate authority. Instead the burden has been lain onto the domain name system; and it is a job that the DNS was never intended to perform and which it does poorly. This is one area in which privacy, by
and large is the realm of people hiding from (what I believe to be) legitimate investigation. I do not believe that, in this case, the public should be denied information available to law enforcement.
That would be a terrible idea. Law enforcement people are bound, or at least in theory are bound by rules, laws, constitutional limitations that do no apply to private individuals.
I would remind that At-Large is charged with protecting the interests of Internet end users, not registrants. Registrants have an interest in being able to hide. End users have an interest in domain owner accountability and transparency.
Registrants are end-users too. I suspect that most domain name registrants don't appreciate condemnation without a trial adducing specific facts and acts that prove that they are guilty of specific unlawful acts. So I do not accept the notion that because name registrants are, in your opinion, possibly able to commit ill acts that they should lose rights accorded to others. --karl--
On 22 November 2011 13:39, Karl Auerbach <karl@cavebear.com> wrote:
A domain name is a sequence of keys into a distributed database of records or several types ranging from text to addresses to crypto keys to lat/long coordinates. For instance I have the text of the Magna Carta stored in DNS records.
That's nice... but most people neither know this can be done nor care. If the DNS was a suitable or effective way for people to transmit the Magna Carta, people would use it. But they don't. So this example demonstrates nothing.
Those records may be, and often are, opaque and meaningful only to a few people, for example address records that contain addresses in private IP address spaces.
I would gently remind tha this discussion was generically about WHOIS. If you want to jump onto a single point of mine to score points over an obscure discussion of how many things you can legally jam into a DNS record, go ahead. But that's not what this debate is about, which is the use of WHOIS to help identify points of contact for internet content providers. And by using the phrase "find internet content" you are conflating
the internet, to which the DNS pertains, with the much smaller thing called the World Wide Web.
That's your own bias overlaid on what I said and not at all what was intended. The real technical problem This is not a technical problem. It's a public policy problem.
What people are doing on the net today is as if they grabbed a telephone book, looked up a physician, dialed the number, and then without any validation that they are actually talking to the physician they blurt out their deep secrets.
Of course, what we have on the Internet is a willful manipulation of phone books so that the physician's phone listing -- may divert you to an off-shore data center charged with sounding like your doctor's office in order to extract your health insurance information. The phone book maker disclaims any wrongdoing and has no resources to validate its own listings. Enforcing an accurate and thick WHOIS allows you to have some clue that the entity that created that directory entry is legit, either before or after the fact.
In real life real people have long since learned that when a telephone call is made that one of the first steps performed is a degree of validation that the other party is who he/she is believed to be.
Yes, and because of that we eradicated any problems from phone scams decades ago. :-P There are problems with phone directories, but the directory publisher can be held accountable for accuracy. There are far more problems with the ICANN-administered namespace, in which an entire industry has been created to sell as many directory entries as possible regardless of the number of destinations. I would be quite happy if ICANN were held liable for allowing WHOIS entries to be knowingly incomplete or incorrect. It might change the relationship ICANN has with its contracted parties. Instead the burden has been lain onto the domain name system; and it is a
job that the DNS was never intended to perform and which it does poorly.
And yet... we work with the toolkit we have, and thick WHOIS already exists. It would serve its purpose fine if kept accurate. Flawed but workable.
I would remind that At-Large is charged with protecting the interests of Internet end users, not registrants. Registrants have an interest in being able to hide. End users have an interest in domain owner accountability and transparency.
Registrants are end-users too.
Yes, just like people who work for -- or own shares in -- registries and registrars are end-users too. But, like them, registrants already have their voice within ICANN elsewhere. Just because industry employees and shareholders and domainers are end-users too doesn't mean that their interests are the same as that of the much greater public that has no interest in buying or selling domain names. At-Large seeks to represent those who don't have a voice elsewhere. This is one issue in which the interests of end users don't match with the interests of registrants, so it is in the interests of registrants to blur the distinction, game the debate, and then plead innocent when ICANN is accused with being out of touch with the rest of society.
I suspect that most domain name registrants don't appreciate condemnation without a trial adducing specific facts and acts that prove that they are guilty of specific unlawful acts.
Requiring accurate identity info elsewhere -- whether related to passports, drivers licenses, newspaper mastheads, union memberships, credit cards or elsewhere -- does not presume guilt. Nor does a requirement for accurate thick WHOIS. - Evan
On 11/22/2011 02:22 PM, Evan Leibovitch wrote:
On 22 November 2011 13:39, Karl Auerbach <karl@cavebear.com> wrote:
A domain name is a sequence of keys into a distributed database of records or several types ranging from text to addresses to crypto keys to lat/long coordinates. For instance I have the text of the Magna Carta stored in DNS records.
That's nice... but most people neither know this can be done nor care. If the DNS was a suitable or effective way for people to transmit the Magna Carta, people would use it. But they don't. So this example demonstrates nothing.
You said "Internet domains are, by their nature, public instruments to be used to help people find Internet content." That is a misrepresentation of the technology of DNS. You can pretend that a rock is a duck but that does not make it a duck. Most people don't know the difference between a URL/URI and a domain name either, but that does not make them the same thing. If one wants to be engaged in a real and meaningful discussion of governance of the internet it is useful if one has a solid, and accurate, sense of what the technology of the internet is rather than what one wants it to be.
I would gently remind tha this discussion was generically about WHOIS.
Yes, but I was responding to your blunt assertion that "Internet domains are .. public instruments", an assertion with which I strongly disagree. And it is an assertion that is outside of the topic of Whois.
And by using the phrase "find internet content" you are conflating
the internet, to which the DNS pertains, with the much smaller thing called the World Wide Web.
That's your own bias overlaid on what I said and not at all what was intended.
Then, please, next time please make it clear that you intend to discuss the use of domain names solely in the context of the world-wide-web, and more particularly, the world-wide-web as used by humans using web browsers rather than the mass of HTTP/HTTPS based access used by machine-to-machine communications without human intervention. On the internet domain names are used much many things beyond human browsing of the world wide web. Yet the assertions that are being made are based on an implicit, and incorrect, assertion that the world wide web and the internet are the same.
What people are doing on the net today is as if they grabbed a telephone book, looked up a physician, dialed the number, and then without any validation that they are actually talking to the physician they blurt out their deep secrets.
Of course, what we have on the Internet is a willful manipulation of phone books so that the physician's phone listing -- may divert you to an off-shore data center charged with sounding like your doctor's office in order to extract your health insurance information. The phone book maker disclaims any wrongdoing and has no resources to validate its own listings.
And if one is silly enough to presume that the number one dials will inexorably and infallibly gets one to a doctor with a duty of confidentiality, then that person is naive. Most people in the real world understand through experience that the telephone system - and telephone books - are flawed. And we as humans tend to identify and authenticate, even if only implicitly through our sense of voice recognition, that we have reached the correct opposite party. That has not become a habit on the net for two reasons - First was that the technology wasn't there for most people when we started the web in 1995 (but it could be now) and secondly that many domain name people and ICANN have spread the false word that the domain name system is "authoritative" when it is in fact not authoritative at all but is merely a hint. Some have been mislead by the fact that in the DNS protocol there is an "authoritative answer" bit. The "authoritative answer" bit in DNS responses merely means that the answer came from a server which directly knows the data rather than having obtained it by what amounts to DNS hearsay. The "authoritative answer" bit has nothing do with the actual usability of the resource record content that is returned.
Enforcing an accurate and thick WHOIS allows you to have some clue that the entity that created that directory entry is legit, either before or after the fact.
Sonme of us believe that there ought not to be a domain name whois at all; that if one wants to penetrate into the business records of a domain registration that one ought to: - Demonstrate, in writing and into a permanent log visible to the registrant, the requester's identity and credentials. - Make a written claim, that is also recorded in a permanent log visible to the registrant, that a legally cognizable harm to the requester has been committed by the registrant. - Provide, again into the permanent log, some degree of evidence (beyond mere assertions) to back up that claim. - Deposit some money to compensate the registrant for his/her troubles if that claim proves to false and made with reckless disregard of the facts. - Pay for the cost of the access and record-keeping. - Be denied from making contradictory or inconsistent claims at a later time or against another accused party. --karl--
On 22 November 2011 17:58, Karl Auerbach <karl@cavebear.com> wrote:
Enforcing an accurate and thick WHOIS allows you to have some clue that the entity that created that directory entry is legit, either before or after the fact.
Sonme of us believe that there ought not to be a domain name whois at all;
That "us" is almost exclusively registrants, a set of vested interests within ICANN whose voices are heard through their own representative constituencies. That we now have such a lack of compliance in (and respect for) WHOIS indicates that such interests have held sway so far. But this is At-Large, whose members have no voice elsewhere within ICANN. Most people who use the Internet and don't own domains do not, in my experience, share the sentiment above. I welcome the opportunity to confirm or refute this, but as yet I haven't found one non-domain-owning individual who believes that such a regime to be suitable. And I've asked many. It is oft (and increasingly) claimed outside ICANN that it is wildly out of touch with the world at large ... this is a perfect example. - Evan
On 11/22/2011 03:53 PM, Evan Leibovitch wrote:
Sonme of us believe that there ought not to be a domain name whois at all;
That "us" is almost exclusively registrants, a set of vested interests
That's a rather pejorative way to dismiss the privacy concerns of over 100,000,000 registrants.
within ICANN whose voices are heard through their own representative constituencies. That we now have such a lack of compliance in (and respect for) WHOIS indicates that such interests have held sway so far.
That's one conclusion. The other, and the one that I believe is more accurate is that many people, perhaps even a majority, who have domain names believe that their relationships with their registrars are none of ICANN's business. The word for that is "privacy". I am amazed with the notion that the ALAC, which purports to represent "the internet user" is so unquestioningly willing to require that the privacy of those users be sacrificed to satisfy the prying eyes of anyone who wants to look 24x7x365. I put forward a balanced equation that under which those who want to look at Whois have to make a demonstration of harm and leave their name. That's not as good or as balanced in which that demonstration of harm is adjudged by a disinterested third party, but at least it's a lot better than the system we have today. So why don't even want to consider a system in which someone who wants to look at Whois has to leave his name, make a claim, backed by evidence, that a legally cognizable harm has occurred, and leave some $$ on deposit to cover the costs to the registrant in case that claim turns out to be made with fraudulent intent or with reckless disregard of the truth?
But this is At-Large, whose members have no voice elsewhere within ICANN.
And whose fault is that - Internet users once had a real voice, a real vote. Most people who use the Internet and don't own domains do not, in my
experience, share the sentiment above.
OK, let's put it to a vote. Oops, there's no mechanism to do that. Most people these days don't bother with domain names any more - they use Facebook or other social net logins. And it is sad that even Facebook has better privacy protections for its users than ICANN does for domain name registrants. I welcome the opportunity to confirm
or refute this, but as yet I haven't found one non-domain-owning individual who believes that such a regime to be suitable. And I've asked many.
Maybe you should ask people whether they are willing to have their - or their family's - names, addresses, phone numbers, affiliations, and business relationships put into a worldwide database? Do you have children? Have you ever considered that parents might consider the Whois to be a Megan's Law List in reverse - in which ICANN requires parents to publish publish the names and addresses of prospective victims to predators? --karl--
On 22 November 2011 20:57, Karl Auerbach <karl@cavebear.com> wrote:
That "us" is almost exclusively registrants, a set of vested interests
That's a rather pejorative way to dismiss the privacy concerns of over 100,000,000 registrants.
It's your choice to be insulted. The description is appropriate, even if it makes one uncomfortable. BTW, is that count of 100M registrants.... or registrations? Maybe you should ask people whether they are willing to have their - or
their family's - names, addresses, phone numbers, affiliations, and business relationships put into a worldwide database?
This is WHOIS. All we're talking about is contact info for a domain. Not relationships. Not affiliations. Not blood types. Let's not over-dramatize.
Do you have children? Have you ever considered that parents might consider the Whois to be a Megan's Law List in reverse - in which ICANN requires parents to publish publish the names and addresses of prospective victims to predators?
I invoke Godwin's Law By Proxy. This is now the third time in an ICANN setting in which I've heard "if you don't agree with my PoV you must be a supporter of pedophilia", and it's become extremely tiresome. - Evan
Do you have children? Have you ever considered that parents might consider the Whois to be a Megan's Law List in reverse - in which ICANN requires parents to publish publish the names and addresses of prospective victims to predators?
Sigh. See previous comments about ducks.
This is now the third time in an ICANN setting in which I've heard "if you don't agree with my PoV you must be a supporter of pedophilia", and it's become extremely tiresome.
You know, I spend a certain amount of time working with real cops who deal with real crime, including child abuse images. Your consistent refusal to even consider the consequences of your PoV are tiresome in the extreme. R's, John
This is now the third time in an ICANN setting in which I've heard "if you don't agree with my PoV you must be a supporter of pedophilia", and it's become extremely tiresome.
You know, I spend a certain amount of time working with real cops who deal with real crime, including child abuse images. Your consistent refusal to even consider the consequences of your PoV are tiresome in the extreme.
I have had limited experience dealing with law enforcement. In 2006 ago, I received spam from Soloway, he used a credit card from someone in Cambridge. I put the victim in touch with someone I knew at the FBI in Boston. If I didn't have access to that whois information, Soloway may never had been arrested.
On 11/22/2011 03:53 PM, Evan Leibovitch wrote:
Sonme of us believe that there ought not to be a domain name whois at all;
That "us" is almost exclusively registrants, a set of vested interests
That's a rather pejorative way to dismiss the privacy concerns of over 100,000,000 registrants. These are registrant of domain names, domain names which by the current rules require that they provide accurate whois/ownership information.
within ICANN whose voices are heard through their own representative constituencies. That we now have such a lack of compliance in (and respect for) WHOIS indicates that such interests have held sway so far.
That's one conclusion. The other, and the one that I believe is more accurate is that many people, perhaps even a majority, who have domain names believe that their relationships with their registrars are none of ICANN's business. The word for that is "privacy".
No, the word for that is violating the terms of the registration agreement, a contract which they voluntarily entered into. There is multiple ways to have a blog and/or e-mail address which does not require them to register their domain name. Just like buying real property in most counties within the USA, buying a domain name requires the identification of the owner of that property.
I am amazed with the notion that the ALAC, which purports to represent "the internet user" is so unquestioningly willing to require that the privacy of those users be sacrificed to satisfy the prying eyes of anyone who wants to look 24x7x365.
Are you amazed with the notion that the ALAC, which purports to represent "the internet user" is so unquestioningly willing to require that people who register domain names take responsibility for their use of their domain names? Having a domain name is not a human right.
I put forward a balanced equation that under which those who want to look at Whois have to make a demonstration of harm and leave their name. That's not as good or as balanced in which that demonstration of harm is adjudged by a disinterested third party, but at least it's a lot better than the system we have today. What is the standard for "demonstration of harm?" Is is receiving spam? Is it doing a whois lookup to confirm the identify of a company and their web site? Who is to guaranty the accuracy of that information?
So why don't even want to consider a system in which someone who wants to look at Whois has to leave his name, make a claim, backed by evidence, that a legally cognizable harm has occurred, and leave some $$ on deposit to cover the costs to the registrant in case that claim turns out to be made with fraudulent intent or with reckless disregard of the truth?
And will this person be required to pay for the harm caused by their domain or actions related to that domain?
But this is At-Large, whose members have no voice elsewhere within ICANN.
And whose fault is that - Internet users once had a real voice, a real vote.
Most people who use the Internet and don't own domains do not, in my
experience, share the sentiment above.
Maybe you should ask people whether they are willing to have their - or their family's - names, addresses, phone numbers, affiliations, and business relationships put into a worldwide database?
By registering a domain, they answered that question in the affirmative.
Do you have children? Have you ever considered that parents might consider the Whois to be a Megan's Law List in reverse - in which ICANN requires parents to publish publish the names and addresses of prospective victims to predators?
That is just hyperbole.
On 11/22/2011 07:21 PM, Bill Silverstein wrote:
On 11/22/2011 03:53 PM, Evan Leibovitch wrote:
Sonme of us believe that there ought not to be a domain name whois at all;
That "us" is almost exclusively registrants, a set of vested interests
That's a rather pejorative way to dismiss the privacy concerns of over 100,000,000 registrants. These are registrant of domain names, domain names which by the current rules require that they provide accurate whois/ownership information.
These rules may be, and ought to be changed. They are not carved in stone. As I mentioned before, it is very sad that Facebook gives more respect to privacy than does ICANN. --karl--
While this may be considered an interesting thread by some, it is WAY off topic. The question on the table is not whether DNS is the right vehicle, whether Whois is the right methodology, nor how public or private Whois should be. The question on the table is whether .com , .net and a few others should use "Thick" Whois or "Thin" Whois (as currently defined/designed). And more immediately, whether the Issue Report just published focuses on the correct issues related to this sole topic. For the record, At-large and ALAC do consider issues relevant to Registrants. If we didn't, we would not have championed the Post-Expiration Domain Name Recovery (PEDNR) PDP. The benefits of PEDNR will accrue primarily to Registrants, with end users benefiting primarily as a result of websites, e-mail addresses and other uses of domain names not disappearing unexpectedly. However, many of us who are involved in At-Large do tend to take an end-user perspective on issues where it is judged that registrant rights are at odds with the rights/needs of the general non-registrant user or the public interest. Alan At 22/11/2011 08:57 PM, Karl Auerbach wrote:
On 11/22/2011 03:53 PM, Evan Leibovitch wrote:
Sonme of us believe that there ought not to be a domain name whois at all;
That "us" is almost exclusively registrants, a set of vested interests
That's a rather pejorative way to dismiss the privacy concerns of over 100,000,000 registrants.
within ICANN whose voices are heard through their own representative constituencies. That we now have such a lack of compliance in (and respect for) WHOIS indicates that such interests have held sway so far.
That's one conclusion. The other, and the one that I believe is more accurate is that many people, perhaps even a majority, who have domain names believe that their relationships with their registrars are none of ICANN's business. The word for that is "privacy".
I am amazed with the notion that the ALAC, which purports to represent "the internet user" is so unquestioningly willing to require that the privacy of those users be sacrificed to satisfy the prying eyes of anyone who wants to look 24x7x365.
I put forward a balanced equation that under which those who want to look at Whois have to make a demonstration of harm and leave their name. That's not as good or as balanced in which that demonstration of harm is adjudged by a disinterested third party, but at least it's a lot better than the system we have today.
So why don't even want to consider a system in which someone who wants to look at Whois has to leave his name, make a claim, backed by evidence, that a legally cognizable harm has occurred, and leave some $$ on deposit to cover the costs to the registrant in case that claim turns out to be made with fraudulent intent or with reckless disregard of the truth?
But this is At-Large, whose members have no voice elsewhere within ICANN.
And whose fault is that - Internet users once had a real voice, a real vote.
Most people who use the Internet and don't own domains do not, in my
experience, share the sentiment above.
OK, let's put it to a vote. Oops, there's no mechanism to do that.
Most people these days don't bother with domain names any more - they use Facebook or other social net logins.
And it is sad that even Facebook has better privacy protections for its users than ICANN does for domain name registrants.
I welcome the opportunity to confirm
or refute this, but as yet I haven't found one non-domain-owning individual who believes that such a regime to be suitable. And I've asked many.
Maybe you should ask people whether they are willing to have their - or their family's - names, addresses, phone numbers, affiliations, and business relationships put into a worldwide database?
Do you have children? Have you ever considered that parents might consider the Whois to be a Megan's Law List in reverse - in which ICANN requires parents to publish publish the names and addresses of prospective victims to predators?
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Thin Whois is an historical abomination - it was slipped through by Network Solutions as a way to keep all the customer data for themselves when their monopoly was broken up. It is bad for legitimate searchers, because registrars may or may not be findable or helpful It is bad for privacy, because registrars are less secure -- plus I'm sure some of them have been mining their own whois data and either using it themselves or spamming. It's very bad for registrants (assuming anyone in ALAC cares) because in a business failure, your records of what you own, in what name, etc., are all gone. Whatever your policy position, a thick Whois is better because then policy can be applied to it. Antony On Nov 22, 2011, at 8:22 PM, Alan Greenberg wrote:
While this may be considered an interesting thread by some, it is WAY off topic.
The question on the table is not whether DNS is the right vehicle, whether Whois is the right methodology, nor how public or private Whois should be. The question on the table is whether .com , .net and a few others should use "Thick" Whois or "Thin" Whois (as currently defined/designed). And more immediately, whether the Issue Report just published focuses on the correct issues related to this sole topic.
For the record, At-large and ALAC do consider issues relevant to Registrants. If we didn't, we would not have championed the Post-Expiration Domain Name Recovery (PEDNR) PDP. The benefits of PEDNR will accrue primarily to Registrants, with end users benefiting primarily as a result of websites, e-mail addresses and other uses of domain names not disappearing unexpectedly. However, many of us who are involved in At-Large do tend to take an end-user perspective on issues where it is judged that registrant rights are at odds with the rights/needs of the general non-registrant user or the public interest.
Alan
At 22/11/2011 08:57 PM, Karl Auerbach wrote:
On 11/22/2011 03:53 PM, Evan Leibovitch wrote:
Sonme of us believe that there ought not to be a domain name whois at all;
That "us" is almost exclusively registrants, a set of vested interests
That's a rather pejorative way to dismiss the privacy concerns of over 100,000,000 registrants.
within ICANN whose voices are heard through their own representative constituencies. That we now have such a lack of compliance in (and respect for) WHOIS indicates that such interests have held sway so far.
That's one conclusion. The other, and the one that I believe is more accurate is that many people, perhaps even a majority, who have domain names believe that their relationships with their registrars are none of ICANN's business. The word for that is "privacy".
I am amazed with the notion that the ALAC, which purports to represent "the internet user" is so unquestioningly willing to require that the privacy of those users be sacrificed to satisfy the prying eyes of anyone who wants to look 24x7x365.
I put forward a balanced equation that under which those who want to look at Whois have to make a demonstration of harm and leave their name. That's not as good or as balanced in which that demonstration of harm is adjudged by a disinterested third party, but at least it's a lot better than the system we have today.
So why don't even want to consider a system in which someone who wants to look at Whois has to leave his name, make a claim, backed by evidence, that a legally cognizable harm has occurred, and leave some $$ on deposit to cover the costs to the registrant in case that claim turns out to be made with fraudulent intent or with reckless disregard of the truth?
But this is At-Large, whose members have no voice elsewhere within ICANN.
And whose fault is that - Internet users once had a real voice, a real vote.
Most people who use the Internet and don't own domains do not, in my
experience, share the sentiment above.
OK, let's put it to a vote. Oops, there's no mechanism to do that.
Most people these days don't bother with domain names any more - they use Facebook or other social net logins.
And it is sad that even Facebook has better privacy protections for its users than ICANN does for domain name registrants.
I welcome the opportunity to confirm
or refute this, but as yet I haven't found one non-domain-owning individual who believes that such a regime to be suitable. And I've asked many.
Maybe you should ask people whether they are willing to have their - or their family's - names, addresses, phone numbers, affiliations, and business relationships put into a worldwide database?
Do you have children? Have you ever considered that parents might consider the Whois to be a Megan's Law List in reverse - in which ICANN requires parents to publish publish the names and addresses of prospective victims to predators?
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
* Antony Van Couvering wrote:
Thin Whois is an historical abomination - it was slipped through by Network Solutions as a way to keep all the customer data for themselves when their monopoly was broken up.
It is bad for legitimate searchers, because registrars may or may not be findable or helpful
It is bad for privacy, because registrars are less secure -- plus I'm sure some of them have been mining their own whois data and either using it themselves or spamming.
It's very bad for registrants (assuming anyone in ALAC cares) because in a business failure, your records of what you own, in what name, etc., are all gone.
Whatever your policy position, a thick Whois is better because then policy can be applied to it.
I'd like to comment this claims with the only approbriate word: FUD.
Sorry you feel that way. I've been saying the same thing since 1998. As FUD it has been remarkably ineffective. Sent from my iPhone On Nov 23, 2011, at 2:47, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
* Antony Van Couvering wrote:
Thin Whois is an historical abomination - it was slipped through by Network Solutions as a way to keep all the customer data for themselves when their monopoly was broken up.
It is bad for legitimate searchers, because registrars may or may not be findable or helpful
It is bad for privacy, because registrars are less secure -- plus I'm sure some of them have been mining their own whois data and either using it themselves or spamming.
It's very bad for registrants (assuming anyone in ALAC cares) because in a business failure, your records of what you own, in what name, etc., are all gone.
Whatever your policy position, a thick Whois is better because then policy can be applied to it.
I'd like to comment this claims with the only approbriate word: FUD. _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 22 November 2011 23:22, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
The question on the table is not whether DNS is the right vehicle, whether Whois is the right methodology, nor how public or private Whois should be. The question on the table is whether .com , .net and a few others should use "Thick" Whois or "Thin" Whois (as currently defined/designed). And more immediately, whether the Issue Report just published focuses on the correct issues related to this sole topic.
Thanks for bringing this back on track, Alan.
For the record, At-large and ALAC do consider issues relevant to Registrants. If we didn't, we would not have championed the Post-Expiration Domain Name Recovery (PEDNR) PDP. The benefits of PEDNR will accrue primarily to Registrants, with end users benefiting primarily as a result of websites, e-mail addresses and other uses of domain names not disappearing unexpectedly. However, many of us who are involved in At-Large do tend to take an end-user perspective on issues where it is judged that registrant rights are at odds with the rights/needs of the general non-registrant user or the public interest.
+1 - Evan
In iks.lists.icann.at-large, you wrote:
On 22 November 2011 17:58, Karl Auerbach <karl@cavebear.com> wrote:
Sonme of us believe that there ought not to be a domain name whois at all;
That "us" is almost exclusively registrants
Please do not claim your personal view as "the AtLarge view". Counterexample to your current claim: http://www.iks-jena.de/eng/Blog/That-s-the-way-it-always-have-been
But this is At-Large, whose members have no voice elsewhere within ICANN. Most people who use the Internet and don't own domains do not, in my experience, share the sentiment above.
I do not follow you in your view of AtLarge. Sorry.
On 2011-11-22, at 2:58 PM, Karl Auerbach wrote:
Sonme of us believe that there ought not to be a domain name whois at all; that if one wants to penetrate into the business records of a domain registration that one ought to:
- Demonstrate, in writing and into a permanent log visible to the registrant, the requester's identity and credentials.
- Make a written claim, that is also recorded in a permanent log visible to the registrant, that a legally cognizable harm to the requester has been committed by the registrant.
- Provide, again into the permanent log, some degree of evidence (beyond mere assertions) to back up that claim.
- Deposit some money to compensate the registrant for his/her troubles if that claim proves to false and made with reckless disregard of the facts.
- Pay for the cost of the access and record-keeping.
- Be denied from making contradictory or inconsistent claims at a later time or against another accused party.
I'd love to hear from anyone else who believes any of this. On second thought, maybe I wouldn't. Just for the record, CAUCE supports a complete implementation of Thick WHOIS, without qualification nor exception. the vast majority of investigations into abuse of hundreds of millions of end users that happens daily is predicated upon the use of clear and complete WHOIS data, by security researchers, not law enforcement. It is our work tht is then passed on to LEA for consideration. Yes, WHOIS data is faked. But there are patterns and repetition within the data that allow us to identify criminals. Obfuscating the data particularly along the inane lines noted above will force any kind of security work to grind to a halt; domains are becoming an ever-more important vector for research in an IPv6 world. I'll warn anyone who is considering thin to also consider these facts. I'm wondering - for any of those who tout the privacy concerns of domain owners, why you hold them in higher regard than the privacy concerns of victims of spamming, phishing, malware, and identity theft, let alone more egregious activities. I'm also wondering have you ever conducted an abuse investigation yourselves, or i this just theoretical for you? -- Neil Schwartzman Executive Director CAUCE : The Coalition Against Unsolicited Commercial Email http://cauce.org http://twitter.com/cauce IM: caucecanada Tel.: +1 (303) 800 6345 I'd love to hear from anyone else who believes any of this.
* Neil Schwartzman wrote:
I'm wondering - for any of those who tout the privacy concerns of domain owners, why you hold them in higher regard than the privacy concerns of victims of spamming, phishing, malware, and identity theft, let alone more egregious activities. I'm also wondering have you ever conducted an abuse investigation yourselves, or i this just theoretical for you?
None of us is allowed to bypass the local law, just because we like to do so. There were various and heated policitcal controversies for decades to find a balance between privacy and maintaining social order. And one of the outcomes of those debates is: Yes, privacy outlaws low level crime by default.
2011/11/24 Lutz Donnerhacke <lutz@iks-jena.de>
None of us is allowed to bypass the local law, just because we like to do so. There were various and heated policitcal controversies for decades to find a balance between privacy and maintaining social order.
This is not about social order, it's about accountability. I appreciate the previous reference made that notes that real estate ownership in most countries is public information. So society has had no problems with public access to contact information for real addresses, Why should the rules be different for virtual addresses? And one of the outcomes of those debates is: Yes, privacy outlaws low
level crime by default.
As has been detailed in real-world evidence provided by multiple people in this thread, domain privacy is *demonstrated* to be an enabler of crime. Your PoV is based on theory and wishful thinking; theirs is based on actual investigations and dealing with the consequences of hidden or obfuscated WHOIS. - Evan
On 24/11/11 16:59, Evan Leibovitch wrote:
I appreciate the previous reference made that notes that real estate ownership in most countries is public information. So society has had no problems with public access to contact information for real addresses, Why should the rules be different for virtual addresses?
Over here, if you want to access real estate ownership , you have to file a request with an official registry through a legal officer (notary). It is not available for everyone over the Internet. It is public, yes. But it will take you some effort to get the information. This is by design.
Your PoV is based on theory and wishful thinking; theirs is based on actual investigations and dealing with the consequences of hidden or obfuscated WHOIS.
Interestingly, the European Court of Justice ruled today, in a unrelated case, that privacy is a fundamental right that cannot be superseded by other interests, and certainly not in a disproportionate manner. Of course, ICANN is a USG contractor and most of the gTLDs are based in the US. Hence, US laws apply. I admit that claims that the current policy is "breaking the law" or unconstitutional do not hold water, because these contracts between registries and registrants in gTLDs are legal from a US POV. The extend to which these contract provisions are binding when the sale happens outside the US remains to be tested in court. AFAIK, no-one has ever sued an European registrar about these contract terms. I guess registrants prefer to go the ccTLD route if they have privacy concerns, rather than spending thousands in a court case. You will notice that the one gTLD based in the UK has other WHOIS policies, respecting local and EU laws on privacy. I have yet to hear a complaint that their policy is preventing LEAs to do their work. Patrick
Interestingly, the European Court of Justice ruled today, in a unrelated case, that privacy is a fundamental right that cannot be superseded by other interests, and certainly not in a disproportionate manner.
As you say, unrelated. But nice, very nice. http://curia.europa.eu/jcms/upload/docs/application/pdf/2011-11/cp110126en.p... http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=Submit&numaff=C... -- James S. Tyre Law Offices of James S. Tyre 10736 Jefferson Blvd., #512 Culver City, CA 90230-4969 310-839-4114/310-839-4602(fax) jstyre@jstyre.com Policy Fellow, Electronic Frontier Foundation https://www.eff.org
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge- lists.icann.org] On Behalf Of Patrick Vande Walle Sent: Thursday, November 24, 2011 9:58 AM To: At-Large Worldwide Subject: Re: [At-Large] Issue Report on Thick Whois
On 24/11/11 16:59, Evan Leibovitch wrote:
I appreciate the previous reference made that notes that real estate ownership in most countries is public information. So society has had no problems with public access to contact information for real addresses, Why should the rules be different for virtual addresses?
Over here, if you want to access real estate ownership , you have to file a request with an official registry through a legal officer (notary). It is not available for everyone over the Internet. It is public, yes. But it will take you some effort to get the information. This is by design.
Your PoV is based on theory and wishful thinking; theirs is based on actual investigations and dealing with the consequences of hidden or obfuscated WHOIS.
Interestingly, the European Court of Justice ruled today, in a unrelated case, that privacy is a fundamental right that cannot be superseded by other interests, and certainly not in a disproportionate manner.
Of course, ICANN is a USG contractor and most of the gTLDs are based in the US. Hence, US laws apply. I admit that claims that the current policy is "breaking the law" or unconstitutional do not hold water, because these contracts between registries and registrants in gTLDs are legal from a US POV. The extend to which these contract provisions are binding when the sale happens outside the US remains to be tested in court. AFAIK, no-one has ever sued an European registrar about these contract terms. I guess registrants prefer to go the ccTLD route if they have privacy concerns, rather than spending thousands in a court case.
You will notice that the one gTLD based in the UK has other WHOIS policies, respecting local and EU laws on privacy. I have yet to hear a complaint that their policy is preventing LEAs to do their work.
Patrick
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 11/24/2011 07:59 AM, Evan Leibovitch wrote:
... that real estate ownership in most countries is public information.
That is an urban legend. It is easy, and in fact quite common, for the actual beneficial ownership of land to be masked. For example, near where I live a beach - Martin's Beach - has been acquired and even governmental bodies are having trouble finding out who the real owner is. --karl--
On 11/24/2011 07:59 AM, Evan Leibovitch wrote:
... that real estate ownership in most countries is public information.
That is an urban legend.
No, it is not an urban legend. It is a fact. It is an urban legend as a person is not allowed to file bankruptcy when they have much more assets then liabilities.
It is easy, and in fact quite common, for the actual beneficial ownership of land to be masked. Yes, but the list owner can still be held liable for the property. But technically, the masking is still not providing false information. If the listed owner of the property decided to screw over the beneficial owner, they may be able to. The old example of the father transferring, property to the son to avoid creditors, but the judge will refuse to return the property from the son back to the father.
For example, near where I live a beach - Martin's Beach - has been acquired and even governmental bodies are having trouble finding out who the real owner is.
That may be true, but if there is a listed owner, and there a judgment against listed owner, the property could be taken by lien.
On 11/24/2011 07:24 PM, Bill Silverstein wrote:
On 11/24/2011 07:59 AM, Evan Leibovitch wrote:
... that real estate ownership in most countries is public information.
That is an urban legend.
No, it is not an urban legend. It is a fact.
Ah contradiction rather than debate - have you seen the Monty Python sketch about this? I'll give you an assignment - show me the record in the public archives that shows the controlling beneficial ownership of the property known as "Martin's Beach" near Half Moon Bay California. I anticipate that the most you will find is an intermediary corporate shell that has legal title but which is itself controlled by others who are unknown. (You might find news reports suggesting a name of a person behind the shells, but if you find a public record you will have done better than our local governmental bodies and journalists.) Real property (interests in land), by the way, tends to have special treatment under must common law regimes. That is for historical reasons. And quite frequently access to the actual content of those records requires a visit to a governmental office, presentation of identity, and often payment of a fee. Records of ownership of other forms of property are frequently not subject to any governmental record much less a record that is made available to the public.
For example, near where I live a beach - Martin's Beach - has been acquired and even governmental bodies are having trouble finding out who the real owner is.
That may be true, but if there is a listed owner, and there a judgment against listed owner, the property could be taken by lien.
Yes, but that means that the Sherif serves only the legal owner and the land is sold at auction. The actual controlling beneficial owner may never be known or notified of this event. And that has nothing to do with the claim that you made that the ownership of land "in most countries is public information". The more important point is this: I believe in due process, I do not believe in guilt, judgment and execution on the basis of mere, unsubstantiated, untested accusation. You seem to be advocating that justice on the internet is satisfied by guilt upon accusation with automatic execution of sentence. Or to put it more directly, you seem to be advocating a regime in which domain name owners are guilty simply because they are domain name owners and that the sentence rendered is that they lose privacy. --karl--
Ah contradiction rather than debate - have you seen the Monty Python sketch about this?
I'll give you an assignment - show me the record in the public archives that shows the controlling beneficial ownership of the property known as "Martin's Beach" near Half Moon Bay California.
Oh, OK. You're arguing that since there is one instance in which the required owner information in real estate registries isn't there, the whole idea of asking for any owner information at all is a waste of time. I've noticed at least one time in the past when you've made an argument that was factually wrong, hence ... Bye.
On 11/25/2011 05:01 PM, John R. Levine wrote:
Ah contradiction rather than debate - have you seen the Monty Python sketch about this?
I'll give you an assignment - show me the record in the public archives that shows the controlling beneficial ownership of the property known as "Martin's Beach" near Half Moon Bay California.
Oh, OK. You're arguing that since there is one instance in which the required owner information in real estate registries isn't there, the whole idea of asking for any owner information at all is a waste of time.
A claim was made that land records are universally public - I demonstrated a counter example and thus showed that that claim is false. The larger issue, of course, is that you and others are arguing guilt-by-class: that name registrants are, necessarily to be treated as criminals even without accusation, even without presentation of facts, even without trial of those facts before an impartial observer. And from that guilt you strip domain name registrants of privacy rights. In other words: But for the fact that one acquires a domain name a person is stripped of privacy protections. This forfeiture occurs even if that person never even uses that domain name. That's not due process. Instead it is something from Savonarola. It is no wonder that people are moving their web presence to relative privacy havens, like Facebook. It is indeed sad that compared to ICANN, Facebook is considered a better protector of privacy. There has also been presented an argument that registrants have given away privacy because of the terms of their registration agreements. Given that ICANN is a monopoly provider the registration agreement is essentially a contract of adhesion - a weak vehicle - and far from a real arms-length negotiated agreement. --karl--
The larger issue, of course, is that you and others are arguing guilt-by-class: that name registrants are, necessarily to be treated as criminals even without accusation, even without presentation of facts, even without trial of those facts before an impartial observer.
I have to say that whoever is paying you to say this nonsense is certainly getting his money's worth. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
On 11/25/2011 06:42 PM, John R. Levine wrote:
The larger issue, of course, is that you and others are arguing guilt-by-class: that name registrants are, necessarily to be treated as criminals even without accusation, even without presentation of facts, even without trial of those facts before an impartial observer.
I have to say that whoever is paying you to say this nonsense is certainly getting his money's worth.
Nobody is paying me anything for this - I figure that the rule of law deserves to be protected for free. --karl--
The larger issue, of course, is that you and others are arguing guilt-by-class: that name registrants are, necessarily to be treated as criminals even without accusation, even without presentation of facts, even without trial of those facts before an impartial observer. I have to say that whoever is paying you to say this nonsense is certainly getting his money's worth.
Regards, John Levine,
John, I don't think that Karl is being paid, but is misguided. His position that privacy is absolute and be A "broken" is after there has been a ruling of guilt. Of course, he no longer flies in planes, or has a drivers license, or a credit card, or has a bank account, or owns property, buys things at stores which inspects receipts or bags, or walks in the street with his face uncovered because to do that, he must sacrifice some level of privacy for each of those activities.
On 11/25/2011 07:27 PM, Bill Silverstein wrote:
I don't think that Karl is being paid, but is misguided.
If my dislike of vigilante methods is "misguided" then I am very, very glad to be misguided. And I am very sad to learn that those who are, what is the opposite of "misguided"? "guided"? .. That those who are "guided" apparently believe that everyone not waving their flag is a presumptive criminal who deserves no protection or rights. Why do you shy from a procedure in which those who accuse would be required to identify themselves, to be required to state their accusal, and be required to provide at least a modicum of proof to support that accusal? Why do you shy from a principle which has been one of the foundation stones of western concepts of justice for centuries? --karl--
On 11/25/2011 07:27 PM, Bill Silverstein wrote:
I don't think that Karl is being paid, but is misguided.
If my dislike of vigilante methods is "misguided" then I am very, very glad to be misguided.
"vigilante" - a private individual who legally or illegally punishes an alleged lawbreaker, or participates in a group which metes out extralegal punishment to an alleged lawbreaker. From Oxford English Dictionary. Karl, you are misusing the term vigilante. The identification of a wrongdoer is not punishment of the wrongdoer. My using whois information as one part of the identification of a spammer so as to file lawsuits against spammers is not extrajudicial. My using whois information to gather information on a spammer, sufficient to bother law enforcement authorities is not vigilantism.
And I am very sad to learn that those who are, what is the opposite of "misguided"? "guided"? .. That those who are "guided" apparently believe that everyone not waving their flag is a presumptive criminal who deserves no protection or rights.
The only thing necessary for the triumph of evil is for good men to do nothing.
Why do you shy from a procedure in which those who accuse would be required to identify themselves, to be required to state their accusal, and be required to provide at least a modicum of proof to support that accusal? Because they are not accused. Because given the ease of having multiple domain name names, and that having to do this for each domain name is impracticable. This is moreso true where there is no requirement for validating this information, except in China.
Why do you shy from a principle which has been one of the foundation stones of western concepts of justice for centuries?
You are misstating the principal. As stated before, there are many places where there are requirements of compelled disclosure when securing the exclusive property rights rights, creating a new company, having a publicly traded company.
A claim was made that land records are universally public - I demonstrated a counter example and thus showed that that claim is false.
No, the claim is correct. You provide an example where the information is obfuscated. If the claim was correct, there would be no need for obfuscation.
The larger issue, of course, is that you and others are arguing guilt-by-class: that name registrants are, necessarily to be treated as criminals even without accusation, even without presentation of facts, even without trial of those facts before an impartial observer.
No, again this is not an issue of guilt, but an issue of responsible parties and parties in control. No different from corporate registrations, copyright registrations, trademark registrations, property records. There is no guilt associated with this, but that the party who is the contact/responsible party should be made public for the purpose of contact, licensing, or liability.
And from that guilt you strip domain name registrants of privacy rights.
In other words: But for the fact that one acquires a domain name a person is stripped of privacy protections.
This forfeiture occurs even if that person never even uses that domain name.
That's not due process. Instead it is something from Savonarola It is no wonder that people are moving their web presence to relative privacy havens, like Facebook. It is indeed sad that compared to ICANN, Facebook is considered a better protector of privacy. So. This means there is choice. There are other choices, such as wordpress.
There has also been presented an argument that registrants have given away privacy because of the terms of their registration agreements. Given that ICANN is a monopoly provider the registration agreement is essentially a contract of adhesion - a weak vehicle - and far from a real arms-length negotiated agreement.
It is required that a candidate for government office is required to publicly identify themselves, does that mean that they are a class that has been deemed criminal. Never mind, bad example. As the other owners identified above, they are not deemed classes of criminals, but it has been determined that their identities and contact information should available to the public.
--karl--
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
* Neil Schwartzman wrote:
I'm wondering - for any of those who tout the privacy concerns of domain owners, why you hold them in higher regard than the privacy concerns of victims of spamming, phishing, malware, and identity theft, let alone more egregious activities. I'm also wondering have you ever conducted an abuse investigation yourselves, or i this just theoretical for you?
None of us is allowed to bypass the local law, just because we like to do so. There were various and heated policitcal controversies for decades to find a balance between privacy and maintaining social order.
And one of the outcomes of those debates is: Yes, privacy outlaws low level crime by default.
Lutz, You, and others, seem to forget that this is not a privacy issue. The whois information is VOLUNTARILY provided as contractually required to register a domain name. I tend to doubt the law of any country prevents a person from VOLUNTARILY making public information in exchange for something of perceived value. Karl had not disputed this, so I believe that I am correct that in the USA and many other jurisdictions make public the ownership of real property. Domain names are in essence the "real property" of the internet. With wordpress.com, and other free and paid blogging sites there is no requirement that one has a domain name to put forth opinions and viewpoints. What do you consider low level crimes? Identity theft? child pornography, sex slavery?
On 24/11/11 15:32, Neil Schwartzman wrote:
Just for the record, CAUCE supports a complete implementation of Thick WHOIS, without qualification nor exception. the vast majority of investigations into abuse of hundreds of millions of end users that happens daily is predicated upon the use of clear and complete WHOIS data, by security researchers, not law enforcement. It is our work tht is then passed on to LEA for consideration.
I have no problem with LEAs outsourcing this research to external experts. As long as the agreements are clear, there are written commitments to confidentiality, and all that, it is fine. I am sure these experts would not oppose entering into agreements with registries to access the data. This is already the case for .tel. and could be expanded to other gTLDs. That will certainly happen with the upcoming gTLDs that will be based in Europe. The bottom line is to be sure that the professional performing the research is well-intentioned. By making the data public, you also allow criminals to access it.
I'm wondering - for any of those who tout the privacy concerns of domain owners, why you hold them in higher regard than the privacy concerns of victims of spamming, phishing, malware, and identity theft, let alone more egregious activities.
Again, as long as the LEAs or their contracted experts do this investigation, it is fair to provide them with access to the information. If they have reasonable clues that one person is performing malicious activities, it is fair to investigate their WHOIS records. However, explain to me why my neighbour would need to know which domain names I have registered.
I'm also wondering have you ever conducted an abuse investigation yourselves, or i this just theoretical for you?
No. I did not conduct any abuse investigation. I have no standing to do so. I am just an ordinary citizen. I trust the relevant authorities to do this job. Patrick
On 24/11/11 15:32, Neil Schwartzman wrote:
I'm also wondering have you ever conducted an abuse investigation yourselves, or i this just theoretical for you?
No. I did not conduct any abuse investigation. I have no standing to do so. I am just an ordinary citizen. I trust the relevant authorities to do this job.
Patrick
In the USA and many cities, the public are asked to provide police with tips and information. I have done investigations myself and provided information to the FBI, the FTC, and the IRS. I tracked whois information for spam advertising Robert Soloway's sites. This whois information was for a person who didn't know what the unauthorized domain name registration charge was. I explained it to him, and put him in touch with a specific person at the FBI and later Soloway was arrested. Without access to the whois information, I would not have been able to put provide the information to the FBI and they would not have done anything about a simple spam complaint.
On 11/24/2011 10:35 AM, Bill Silverstein wrote:
In the USA and many cities, the public are asked to provide police with tips and information.
Not a new practice, but one that has a history. For instance consider the following first sentence from a book about the effects of the practice of "provid[ing] police with tips and information": "Someone must have been telling lies about Josef K., he knew he had done nothing wrong but, one morning, he was arrested." The Trial, by Franz Kafka
On 11/24/2011 06:32 AM, Neil Schwartzman wrote:
I'm wondering - for any of those who tout the privacy concerns of domain owners, why you hold them in higher regard than the privacy concerns of victims
You missed the point - which is that everyone deserves due process, that everyone deserves the right not to be presumed guilty upon mere accusation. Your method strikes me of presuming that all domain name owners are presumed to be evil and guilty and thus any accusation, in fact no accusation whatsoever, is enough to penetrate their privacy. --karl--
On 22 Nov 2011, at 15:38, Evan Leibovitch wrote:
On 22 November 2011 03:25, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
In iks.lists.icann.at-large, you wrote:
I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
I'd strongly suggest to move to thin WHOIS approaches whererver possible. Thick WHOIS services requires privacy violations as well as violations of various local laws by transfering personal data outside of the jursidiction of the domain name holder.
I disagree strongly.
Thin WHOIS allows domain owners to hide from people who may have been harmed by actions on their site(s).
Evan thick vs thin is down to who stores and displays the whois data, not the amount of data being displayed You can have as much, or as little, whois data on a .com as you would on a .org Regards Michele Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
thick vs thin is down to who stores and displays the whois data, not the amount of data being displayed
You can have as much, or as little, whois data on a .com as you would on a .org
Hypothetically, you're right. In reality, we all know that the quality of thin WHOIS ranges from about the same as thick down to nothing at all. Given ICANN's limited ability to do compliance, the chances of them getting a thousand thin WHOIS registrars to behave is far less than the chances of a somewhat smaller number of thick WHOIS registries. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly PS: Even if ICANN goes ahead with hundreds of new TLDs, it is unlikely that there will be as many as a dozen underlying registries.
Alan I'm pro thick whois but only where policy locally can support proxy registration services on proviso there are processes to deal with specific cases of abuse (technical, administrative, ownership). This needs to be local so that local jurisdictions can establish their own flavour of policies and provide registrants and users with choice and information. Imposing a one size fits all global policy on all localities tends to lead to technical suspensions of domains due to registration inaccuracies (deliberate or not) rather than for the underlying problem behaviour. This has the capacity to increase instabilities in the DNS. Choice for users and registrants depends largely on maintaining an Internet environment where local policies have room to effectively exist and be available to users globally. Many domain owners have legitimate reasons to need privacy. This need for privacy where it exists should not be used a rationale by Registry or Registrar operators to control (own) as a trade secret the information in their registries. It should in my view be there to support registrants within an environment of local safeguards for users. A PDP should re-address the importance of the local dimensions for Internet Policy development and management in my view. In other words be bottom up not simply in developing a policy but most importantly in its day to day management. Christian On 22 Nov 2011, at 01:08, Alan Greenberg wrote:
One of the recommendations of the IRTP-B Policy Development Process (PDP) was for the GNSO to investigate requiring all gTLD Registries to use a "Thick" Whois.
With thick Whois, all of the Whois information related to a registration is maintained by the Registry. With "Thin" Whois, the only information maintained by the Registry is the current status of the registration and identification of who the sponsoring Register is; the rest of the information and specifically that related to the Registrant is kept by the Registrar, making Whois a widely distributed database.
Currently most Registries use thick Whois, and thick Whois is required for all gTLDs to be created under the new gTLD program. The only Registries that use thin Whois are operated by Verisign, but these of course include .com and .net which constitute the majority of gTLD registrations.
In response to the IRTP-B recommendation, the GNSO requested and Issue Report and a preliminary version is now available and has been posted for public comment. Comments on this document will be received until 30 December, 2011. See http://www.icann.org/en/public-comment/thick-whois-preliminary-report-21nov1....
The report confirms that the issue is within the scope of ICANN and the GNSO and recommends that the GNSO initiate a Policy Development Process on the issue.
The primary purpose of this comment period is to ensure that the Issue Report does indeed address all of the relevant aspects of the issue. However, it will likely also be the only formal opportunity for the ALAC to state whether it recommends that a PDP should be initiated or not.
I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Thanks. Regarding proxy registrations, some people read the current contracts as not allowing them, but that is moot at this point, since they have been going on for a long time now and ICANN has never tried to stop them. Certainly for .net and .com, it is far too late to put the genie back in the bottle. So no change from thin to thick whois is going to alter the current situation. Or at least, that is how I read it. Alan At 28/11/2011 05:35 AM, Christian de Larrinaga wrote:
Alan
I'm pro thick whois but only where policy locally can support proxy registration services on proviso there are processes to deal with specific cases of abuse (technical, administrative, ownership). This needs to be local so that local jurisdictions can establish their own flavour of policies and provide registrants and users with choice and information.
Imposing a one size fits all global policy on all localities tends to lead to technical suspensions of domains due to registration inaccuracies (deliberate or not) rather than for the underlying problem behaviour. This has the capacity to increase instabilities in the DNS. Choice for users and registrants depends largely on maintaining an Internet environment where local policies have room to effectively exist and be available to users globally.
Many domain owners have legitimate reasons to need privacy. This need for privacy where it exists should not be used a rationale by Registry or Registrar operators to control (own) as a trade secret the information in their registries. It should in my view be there to support registrants within an environment of local safeguards for users.
A PDP should re-address the importance of the local dimensions for Internet Policy development and management in my view. In other words be bottom up not simply in developing a policy but most importantly in its day to day management.
Christian
On 22 Nov 2011, at 01:08, Alan Greenberg wrote:
One of the recommendations of the IRTP-B Policy Development Process (PDP) was for the GNSO to investigate requiring all gTLD Registries to use a "Thick" Whois.
With thick Whois, all of the Whois information related to a registration is maintained by the Registry. With "Thin" Whois, the only information maintained by the Registry is the current status of the registration and identification of who the sponsoring Register is; the rest of the information and specifically that related to the Registrant is kept by the Registrar, making Whois a widely distributed database.
Currently most Registries use thick Whois, and thick Whois is required for all gTLDs to be created under the new gTLD program. The only Registries that use thin Whois are operated by Verisign, but these of course include .com and .net which constitute the majority of gTLD registrations.
In response to the IRTP-B recommendation, the GNSO requested and Issue Report and a preliminary version is now available and has been posted for public comment. Comments on this document will be received until 30 December, 2011. See
http://www.icann.org/en/public-comment/thick-whois-preliminary-report-21nov1....
The report confirms that the issue is within the scope of ICANN and the GNSO and recommends that the GNSO initiate a Policy Development Process on the issue.
The primary purpose of this comment period is to ensure that the Issue Report does indeed address all of the relevant aspects of the issue. However, it will likely also be the only formal opportunity for the ALAC to state whether it recommends that a PDP should be initiated or not.
I have not yet reviewed the document in sufficient depth to say whether I feel that it is complete, but on an initial review, it looks fine. My personal belief is that the ALAC should strongly support the initiation of a PDP on this issue.
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
* Alan Greenberg wrote:
Thanks. Regarding proxy registrations, some people read the current contracts as not allowing them, but that is moot at this point, since they have been going on for a long time now and ICANN has never tried to stop them. Certainly for .net and .com, it is far too late to put the genie back in the bottle. So no change from thin to thick whois is going to alter the current situation. Or at least, that is how I read it.
It's a matter of interpretation. Proxies "replace" the Domain owner, so they *are* the domain holder in the contract model of ICANN. OTOH privacy services hide some of the required records in the WHOIS data. Lacking a formal definition within ICANN, privacy services produce incorrect entries.
Will ICANN contracts really take precedence over local laws and regulations? I can see Proxies acting as trustees of registrants and this being regularised locally to support both user choice and user security in a local context. As trustees Proxies should be recognisably trustable and this tends to suggest they have to sit at the local jurisdictional layer in terms of policy. So my point is that ICANN needs to make space so that local policy can flourish and spend its efforts on co-ordination, best practice more than on prescription. Christian On 28 Nov 2011, at 17:09, Lutz Donnerhacke wrote:
* Alan Greenberg wrote:
Thanks. Regarding proxy registrations, some people read the current contracts as not allowing them, but that is moot at this point, since they have been going on for a long time now and ICANN has never tried to stop them. Certainly for .net and .com, it is far too late to put the genie back in the bottle. So no change from thin to thick whois is going to alter the current situation. Or at least, that is how I read it.
It's a matter of interpretation. Proxies "replace" the Domain owner, so they *are* the domain holder in the contract model of ICANN. OTOH privacy services hide some of the required records in the WHOIS data. Lacking a formal definition within ICANN, privacy services produce incorrect entries. _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
participants (14)
-
Alan Greenberg -
Antony Van Couvering -
Bill Silverstein -
Christian de Larrinaga -
Christopher Wilkinson -
Evan Leibovitch -
James S. Tyre -
John R. Levine -
Karl Auerbach -
Lutz Donnerhacke -
McTim -
Michele Neylon :: Blacknight -
Neil Schwartzman -
Patrick Vande Walle