Fwd: WHOIS Policy Review Team Final Report
FYI. IMHO, the Final Report offers improved clarity and crispness in language. A few additions/clarifications from the preliminary report peaks interest: 1. WHOIS must be established as a strategic priority for ICANN. They doubled down by providing some definitive [and guiding!] recommendations to the Board to that objective. 2. Explicitly valorize the finding of widespread interest/convergence of WHOIS matters in the global community by recommending a fulsome outreach initiative. 3. Makes an explicit connection between anticipated improved compliance with a different reporting structure for ICANN Compliance that compels greater accountability from ICANN Board for outcomes, coupled with more transparent operations. 4. Declares in favour of " *a clear, unambiguous and enforceable chain of * *contractual agreements with registries, registrars, and registrants to require the **provision and maintenance of accurate WHOIS data*.". Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report - Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= ** [image: ICANN] <http://www.icann.org/> News Alert http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report 11 May 2012 *Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:* Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations<http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf> * to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:* http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en... This message was sent to carlton.samuels@gmail.com from: ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601 Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...>
+1 to all that Carlton said. - Evan On 13 May 2012 17:26, Carlton Samuels <carlton.samuels@gmail.com> wrote:
FYI. IMHO, the Final Report offers improved clarity and crispness in language. A few additions/clarifications from the preliminary report peaks interest:
1. WHOIS must be established as a strategic priority for ICANN. They doubled down by providing some definitive [and guiding!] recommendations to the Board to that objective.
2. Explicitly valorize the finding of widespread interest/convergence of WHOIS matters in the global community by recommending a fulsome outreach initiative.
3. Makes an explicit connection between anticipated improved compliance with a different reporting structure for ICANN Compliance that compels greater accountability from ICANN Board for outcomes, coupled with more transparent operations.
4. Declares in favour of " *a clear, unambiguous and enforceable chain of **contractual agreements with registries, registrars, and registrants to require the **provision and maintenance of accurate WHOIS data*.".
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations<http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf> * to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:* http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...>
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Evan Leibovitch Toronto Canada Em: evan at telly dot org Sk: evanleibovitch Tw: el56
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that. --Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations<http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf> * to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:* http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...>
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/
Carlton On what basis would you endorse it? I'm not sure what my position is in this group (am I member? An interloper?) but I'd be very wary of fully endorsing something like that without a very well reasoned rationale Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel/ Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ________________________________________ From: whois-wg-bounces@atlarge-lists.icann.org [whois-wg-bounces@atlarge-lists.icann.org] on behalf of Wendy Seltzer [wendy@seltzer.com] Sent: 14 May 2012 09:24 To: Carlton Samuels Cc: <whois-wg@atlarge-lists.icann.org>; At-Large Worldwide Subject: Re: [WHOIS-WG] Fwd: WHOIS Policy Review Team Final Report On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that. --Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations<http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf> * to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:* http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...>
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/ _______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
On what basis would you endorse it?
It has a concrete list of things for ICANN to do. It avoids going into the usual weeds, e.g., full anonymity for criminals vs. full proccess service for trademark lawyers, while still making some progress there. Assuming you believe that ALAC's job is to represent the interests of Internet users in general and not just us vanity registrants, it's an important step to making the Internet more reliable for normal users. The fake Vuitton spammer is a good example of where correct WHOIS would help. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
Michele: Any other position would be both ahistorical and worse, demonstrate a touch of schizophrenia. A review of previous ALAC statements pertaining and our intervention on the RT initiative in particular should suffice. In fact, look close enough and you'd find some movement in this final report to the ALAC's pronounced view. The At-Large community on principle keeps an open shop. This WG, like all others sponsored by the At-Large, accepts input from anywhere and everywhere. I invite all who would be opposed to the views reported by the RT - or for that matter the ALAC's recorded position! - to record your own considered reasons on the wiki. Know that they shall be acknowledged. Kind regards, - Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Mon, May 14, 2012 at 3:35 AM, Michele Neylon :: Blacknight < michele@blacknight.ie> wrote:
Carlton
On what basis would you endorse it?
I'm not sure what my position is in this group (am I member? An interloper?) but I'd be very wary of fully endorsing something like that without a very well reasoned rationale
Regards
Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel/ Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
________________________________________ From: whois-wg-bounces@atlarge-lists.icann.org [ whois-wg-bounces@atlarge-lists.icann.org] on behalf of Wendy Seltzer [ wendy@seltzer.com] Sent: 14 May 2012 09:24 To: Carlton Samuels Cc: <whois-wg@atlarge-lists.icann.org>; At-Large Worldwide Subject: Re: [WHOIS-WG] Fwd: WHOIS Policy Review Team Final Report
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that.
--Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations< http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf
* to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:*
http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <
http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki:
https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/ _______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
On 14/05/12 21:44, Carlton Samuels wrote:
Michele: Any other position would be both ahistorical and worse, demonstrate a touch of schizophrenia. A review of previous ALAC statements pertaining and our intervention on the RT initiative in particular should suffice.
Historically, going back to the interim ALAC, this group had a strong pro-privacy stance. I noticed over the last 2 or 3 years that the statements evolved in the opposite direction, possibly under the influence of some who have a business interest in an open-to-anyone WHOIS. Historically, the ALAC cared for all individuals, even those registering domain names. Now, the latter are told to move on to NCUC.
In fact, look close enough and you'd find some movement in this final report to the ALAC's pronounced view.
Indeed. At long last, the need for some privacy system is acknowledged, even going as suggesting to regulate privacy providers. Now, I actually wish I can live long enough to see this implemented some way or another. We had more than 10 years to do that, and we didn't. There is no sign this is going to happen any time soon. Speaking of regulating privacy providers, I do not understand why the review team did not suggest to allow registrars only to provide these privacy services as an integral part of their registration service. One would just need to update the RAA. Many registrars already provide this service. Others could join in. There would be no need to regulate yet another bunch of new players. If the registrars are serious in their privacy services, there might even be no need for proxy services at all. Patrick
On Tue, May 15, 2012 at 06:38:43AM +0200, Patrick Vande Walle wrote:
Speaking of regulating privacy providers, I do not understand why the review team did not suggest to allow registrars only to provide these privacy services as an integral part of their registration service.
The RT did found, that there is currently no regulation - not even a definition - of proxy and privacy services. While doing a review, the team is not allowed to making policy, but to point out the gaps in the current situation. The hopefully starting policy development process will provide multiple suggestions (incl. yours) and decide following the well established processes.
another bunch of new players. If the registrars are serious in their privacy services, there might even be no need for proxy services at all.
Privacy and proxy differs fundamentally: - Privacy does hide special contact details, but not the registrant itself. - A proxy (as seen by ICANN) does not even exist: The proxy service *is* the registrant - taking the data literally. The "real registrant" signed a contract with the proxy (i.e. a lawyer), but this does not appear in the contractual relationship accessible to ICANN. You might consider the following example: A company wants to launch a new brand or product and therefore registers the corresponding domain names. Using a privacy server the name of the company will still visible. Using a proxy service, some unknown agent will "own" the domains.
On 15 May 2012, at 05:38, Patrick Vande Walle wrote:
On 14/05/12 21:44, Carlton Samuels wrote:
Michele: Any other position would be both ahistorical and worse, demonstrate a touch of schizophrenia. A review of previous ALAC statements pertaining and our intervention on the RT initiative in particular should suffice.
Historically, going back to the interim ALAC, this group had a strong pro-privacy stance. I noticed over the last 2 or 3 years that the statements evolved in the opposite direction, possibly under the influence of some who have a business interest in an open-to-anyone WHOIS.
Historically, the ALAC cared for all individuals, even those registering domain names. Now, the latter are told to move on to NCUC.
In fact, look close enough and you'd find some movement in this final report to the ALAC's pronounced view.
Indeed. At long last, the need for some privacy system is acknowledged, even going as suggesting to regulate privacy providers. Now, I actually wish I can live long enough to see this implemented some way or another. We had more than 10 years to do that, and we didn't. There is no sign this is going to happen any time soon.
Speaking of regulating privacy providers, I do not understand why the review team did not suggest to allow registrars only to provide these privacy services as an integral part of their registration service. One would just need to update the RAA.
That's oversimplifying things Offering privacy services is risky as you will get embroiled in legal battles, UDRPs etc etc
Many registrars already provide this service.
No. Many registrars offer the service via another corporate entity. Most privacy services are NOT offered by the same entity as the registrar
Others could join in. There would be no need to regulate yet another bunch of new players. If the registrars are serious in their privacy services, there might even be no need for proxy services at all.
That final statement makes no sense to me. Regards Michele Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On 15 May 2012 00:38, Patrick Vande Walle <patrick@vande-walle.eu> wrote:
Historically, going back to the interim ALAC, this group had a strong pro-privacy stance.
Oh, you mean the all-appointed, no-ALS-or-RALO ALAC? That's telling.
I noticed over the last 2 or 3 years that the statements evolved in the opposite direction, possibly under the influence of some who have a business interest in an open-to-anyone WHOIS.
Please offer evidence of ANY such business interests within At-Large and especially ALAC. Such baseless, gossip-level accusations are demeaning to the debate. Indeed I would suggest the opposite, that it is the influx of non-insider involvement in ALAC, thanks to the ALS-RALO structure, that has led to the shift in position. It is my perspective that the most assertive proponents for WHOIS accountability within At-Large are amongst its least conflicted. Historically, the ALAC cared for all individuals, even those registering
domain names. Now, the latter are told to move on to NCUC.
To use the same terminology, there is nobody "caring" for the interests of non-registrant end users except At-Large; registrants have other, more-direct channels into ICANN policy development. And it has only been recently that anyone here has acknowledged the reality that registrants and end users have different, sometimes competing interests. WHOIS accuracy and reliability is one of those realms in which the interests diverge significantly. In fact, look close enough and you'd find some movement in this final
report to the ALAC's pronounced view.
Indeed. At long last, the need for some privacy system is acknowledged, even going as suggesting to regulate privacy providers.
Exactly. ALAC has never been anti-privacy. But privacy and anonymity are not synonymous, and the provision of privacy is not properly delivered by obfuscating WHOIS information. -- Evan Leibovitch Toronto Canada Em: evan at telly dot org Sk: evanleibovitch Tw: el56
Hi, Actually without SOIs from all ALAC and RALO leaders we have no idea who may our may not have commercial or other interest. Also since a commercial entity can become an ALS, it is difficult to make a sweeping statement that there are no underlying commercial interests. I fear that perhaps thou doth protest too much. I always worry when I see such an indignant response to a question about hidden motives. avri Evan Leibovitch <evan@telly.org> wrote:
On 15 May 2012 00:38, Patrick Vande Walle <patrick@vande-walle.eu> wrote:
Historically, going back to the interim ALAC, this group had a strong pro-privacy stance.
Oh, you mean the all-appointed, no-ALS-or-RALO ALAC? That's telling.
I noticed over the last 2 or 3 years that the statements evolved in the opposite direction, possibly under the influence of some who have a business interest in an open-to-anyone WHOIS.
Please offer evidence of ANY such business interests within At-Large and especially ALAC. Such baseless, gossip-level accusations are demeaning to the debate. Indeed I would suggest the opposite, that it is the influx of non-insider involvement in ALAC, thanks to the ALS-RALO structure, that has led to the shift in position. It is my perspective that the most assertive proponents for WHOIS accountability within At-Large are amongst its least conflicted.
Historically, the ALAC cared for all individuals, even those registering
domain names. Now, the latter are told to move on to NCUC.
To use the same terminology, there is nobody "caring" for the interests of non-registrant end users except At-Large; registrants have other, more-direct channels into ICANN policy development. And it has only been recently that anyone here has acknowledged the reality that registrants and end users have different, sometimes competing interests. WHOIS accuracy and reliability is one of those realms in which the interests diverge significantly.
In fact, look close enough and you'd find some movement in this final
report to the ALAC's pronounced view.
Indeed. At long last, the need for some privacy system is acknowledged, even going as suggesting to regulate privacy providers.
Exactly. ALAC has never been anti-privacy. But privacy and anonymity are not synonymous, and the provision of privacy is not properly delivered by obfuscating WHOIS information.
-- Evan Leibovitch Toronto Canada
Em: evan at telly dot org Sk: evanleibovitch Tw: el56 _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 15 May 2012 08:21, Avri Doria <avri@acm.org> wrote:
Actually without SOIs from all ALAC and RALO leaders we have no idea who may our may not have commercial or other interest.
It always helps to fact-check before making accusations. A number of the participants in this discussion, proponents of WHOIS accuracy and supporters of the RT report, have already published SOIs -- including myself<https://community.icann.org/display/gnsosoi/Evan+Leibovitch+SOI>, Carlton <https://community.icann.org/display/gnsosoi/Carlton+Samuels+SOI>and Alan <https://community.icann.org/display/gnsosoi/Alan+Greenberg+SOI>. And ALAC has already engaged the ICANN staffer who designed the GNSO SOI system to do the same for ALAC. Patrick's specific accusation is that commercial intrerests have swayed the ALAC position in favour of WHOIS accuracy. I have challenged that accusation, and offer contrary evidence. In the meantime, I am still awaiting confirmation from Patrick which At-Large leaders -- or even non-leader membership -- has demonstrated any of the motives that form his accusation.
Also since a commercial entity can become an ALS, it is difficult to make a sweeping statement that there are no underlying commercial interests.
It always helps to fact-check before making accusations. The current guidelines<http://www.atlarge.icann.org/correspondence/structures-app.htm>about ALS criteria preclude commercial entities. ALSs must be membership-based organizations. Those members may themselves be commercial entities, but the ALS itself must be primarily engaged in serving its membership. There is no demand for non-profit incorporation since that designation is not globally universal or accessible. These are minimum criteria, I am aware of at least one ALS that was denied membership in recent memory because its aims were deemed by the RALO to be too commercial.
I fear that perhaps thou doth protest too much. I always worry when I see such an indignant response to a question about hidden motives.
And worries can be as completely baseless as accusations. If there are hidden motives, by all means let's expose them. Given the current atmosphere regarding conflicts of interests within ICANN, exposure of agendas is heartily welcomed by many including me. But to do so requires more than an evidence-free guess. - Evan
Patrick's specific accusation is that commercial intrerests have swayed the ALAC position in favour of WHOIS accuracy.
Since the main beneficiaries of the current messed up WHOIS are fake drug spammers, fake bank phishers, and their ilk, Patrick owes us documentation that he is not on their payroll. Fair's fair. R's, John
Hi, Well, 3 out of how many SOI? But it its a start. Congratulaions on leading the way by following GNSO procedures on their open working groups. And I am glad to hear that ALAC its going to submit itself to such transparency. I think it will help with ALAC credibility. Once we have SOIs from all ALAC and RALO leaders we will all be able to see the truth of the issue for ourselves. As for commercial vs noncommercial, many organizations may be non commercial, yet have a commercial focus, for sample, a chamber of commerce g not that I am accusing any region of having a chamber of commerce as a member. Then again it its not like the ALSs are all that active, so this its probably not that pressing an issue at this point. As for worries being baseless, how well I know. I think many of the worries about whois abuse may well be relatively baseless given the number of good actor registrations. It does not do to punish the overwhelming majority because of worries about the few. avri Evan Leibovitch <evan@telly.org> wrote:
On 15 May 2012 08:21, Avri Doria <avri@acm.org> wrote:
Actually without SOIs from all ALAC and RALO leaders we have no idea who may our may not have commercial or other interest.
It always helps to fact-check before making accusations.
A number of the participants in this discussion, proponents of WHOIS accuracy and supporters of the RT report, have already published SOIs -- including myself<https://community.icann.org/display/gnsosoi/Evan+Leibovitch+SOI>, Carlton <https://community.icann.org/display/gnsosoi/Carlton+Samuels+SOI>and Alan <https://community.icann.org/display/gnsosoi/Alan+Greenberg+SOI>. And ALAC has already engaged the ICANN staffer who designed the GNSO SOI system to do the same for ALAC.
Patrick's specific accusation is that commercial intrerests have swayed the ALAC position in favour of WHOIS accuracy. I have challenged that accusation, and offer contrary evidence. In the meantime, I am still awaiting confirmation from Patrick which At-Large leaders -- or even non-leader membership -- has demonstrated any of the motives that form his accusation.
Also since a commercial entity can become an ALS, it is difficult to make a sweeping statement that there are no underlying commercial interests.
It always helps to fact-check before making accusations.
The current guidelines<http://www.atlarge.icann.org/correspondence/structures-app.htm>about ALS criteria preclude commercial entities. ALSs must be membership-based organizations. Those members may themselves be commercial entities, but the ALS itself must be primarily engaged in serving its membership. There is no demand for non-profit incorporation since that designation is not globally universal or accessible. These are minimum criteria, I am aware of at least one ALS that was denied membership in recent memory because its aims were deemed by the RALO to be too commercial.
I fear that perhaps thou doth protest too much. I always worry when I see such an indignant response to a question about hidden motives.
And worries can be as completely baseless as accusations.
If there are hidden motives, by all means let's expose them. Given the current atmosphere regarding conflicts of interests within ICANN, exposure of agendas is heartily welcomed by many including me. But to do so requires more than an evidence-free guess.
- Evan _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Dear Avri, On 15/05/2012 17:04, Avri Doria wrote :
Well, 3 out of how many SOI? But it its a start. Congratulaions on leading the way by following GNSO procedures on their open working groups. And I am glad to hear that ALAC its going to submit itself to such transparency. I think it will help with ALAC credibility. Once we have SOIs from all ALAC and RALO leaders we will all be able to see the truth of the issue for ourselves.
I am glad you're happy about this. ICANN IT is currently working with the ALAC to duplicate the semi-automated SOI system which was developed for the GNSO, the aim being to extend SOIs to all who partake in leading At-Large working group. In the meantime, transparency is being kept thanks to an interim set of pages on: https://community.icann.org/x/t67bAQ Kind regards, Olivier
Historically, going back to the interim ALAC, this group had a strong pro-privacy stance. I noticed over the last 2 or 3 years that the statements evolved in the opposite direction, possibly under the influence of some who have a business interest in an open-to-anyone WHOIS.
It's true, when I arrived on the interim ALAC, it was firmly fixated on vanity registrants. I think I was among the first to push it toward thinking about the other billion non-registrants. If you can only imagine that the ALAC is paying attention to the people it was created to represent because someone was been paid off, that's really rather sad. R's, John
Dear Patrick: Your intervention is curiously confusing since it begins by alleging a position to this ALAC that you later on appear to junk. In the last little while, I have 'held the pen' more often than not on ALAC WHOIS Statements. I believe the statements I have crafted faithfully reflect the consensus opinion of the At-Large. Furthermore, if you examine them closely, you will see a concession to privacy interests and our consistent recommendation for a policy position that acknowledge these. We agree to disagree respecting your view on privacy vis-a-vis WHOIS. Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out. All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS". If you should be taken seriously, this person is fingered as responsible for this reversal of fortune to your position. Clarity is an absolute requirement here. Or you might otherwise be fairly accused of a blood libel. And a demand for redress of grievance. Kind regards, - Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Mon, May 14, 2012 at 11:38 PM, Patrick Vande Walle < patrick@vande-walle.eu> wrote:
On 14/05/12 21:44, Carlton Samuels wrote:
Michele: Any other position would be both ahistorical and worse, demonstrate a touch of schizophrenia. A review of previous ALAC statements pertaining and our intervention on the RT initiative in particular should suffice.
Historically, going back to the interim ALAC, this group had a strong pro-privacy stance. I noticed over the last 2 or 3 years that the statements evolved in the opposite direction, possibly under the influence of some who have a business interest in an open-to-anyone WHOIS.
Historically, the ALAC cared for all individuals, even those registering domain names. Now, the latter are told to move on to NCUC.
In fact, look close enough and you'd find some movement in this final report to the ALAC's pronounced view.
Indeed. At long last, the need for some privacy system is acknowledged, even going as suggesting to regulate privacy providers. Now, I actually wish I can live long enough to see this implemented some way or another. We had more than 10 years to do that, and we didn't. There is no sign this is going to happen any time soon.
Speaking of regulating privacy providers, I do not understand why the review team did not suggest to allow registrars only to provide these privacy services as an integral part of their registration service. One would just need to update the RAA. Many registrars already provide this service. Others could join in. There would be no need to regulate yet another bunch of new players. If the registrars are serious in their privacy services, there might even be no need for proxy services at all.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
Dear Carlton, I don't know what Patrick was thinking, but it's possible he was referring to the fact that the ALAC position on Whois is nearly indistinguishable from the wish list of the trademark lobby, which has in the past fielded and funded a supposedly independent groups to push their agenda. I do not believe that to be the case now, as I have been following this list long enough to understand that the majority of the participants in this group are true believers. The flaw in the position of the Whois Policy Review Team is quite simple: only the most idiotic of criminals would provide real Whois information, and without comparison of state-issued documents to registration information, there is no way to reliably check it. I don't believe anyone is suggesting that domain registrants need to provide notarized signatures (although now that I think of it notaries are also easily bribed). Without that final check, however, the Whois policy as proposed would impose inconvenience and cost on legitimate registrants (the vast majority), and assault some basic human freedoms (such as privacy) in order to achieve what I believe is completely illusory "accuracy." Criminals regularly counterfeit identification documents and even currency -- how hard would it be to fake a Whois record? Despite the cost imposed on registrants, increased Whois accuracy won't catch any criminals. But it will make it easier for trademark trolls to slice and dice Whois data. Antony On May 15, 2012, at 8:07 AM, Carlton Samuels wrote:
Dear Patrick: Your intervention is curiously confusing since it begins by alleging a position to this ALAC that you later on appear to junk.
In the last little while, I have 'held the pen' more often than not on ALAC WHOIS Statements. I believe the statements I have crafted faithfully reflect the consensus opinion of the At-Large. Furthermore, if you examine them closely, you will see a concession to privacy interests and our consistent recommendation for a policy position that acknowledge these.
We agree to disagree respecting your view on privacy vis-a-vis WHOIS. Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS". If you should be taken seriously, this person is fingered as responsible for this reversal of fortune to your position.
Clarity is an absolute requirement here. Or you might otherwise be fairly accused of a blood libel. And a demand for redress of grievance.
Kind regards, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Mon, May 14, 2012 at 11:38 PM, Patrick Vande Walle < patrick@vande-walle.eu> wrote:
On 14/05/12 21:44, Carlton Samuels wrote:
Michele: Any other position would be both ahistorical and worse, demonstrate a touch of schizophrenia. A review of previous ALAC statements pertaining and our intervention on the RT initiative in particular should suffice.
Historically, going back to the interim ALAC, this group had a strong pro-privacy stance. I noticed over the last 2 or 3 years that the statements evolved in the opposite direction, possibly under the influence of some who have a business interest in an open-to-anyone WHOIS.
Historically, the ALAC cared for all individuals, even those registering domain names. Now, the latter are told to move on to NCUC.
In fact, look close enough and you'd find some movement in this final report to the ALAC's pronounced view.
Indeed. At long last, the need for some privacy system is acknowledged, even going as suggesting to regulate privacy providers. Now, I actually wish I can live long enough to see this implemented some way or another. We had more than 10 years to do that, and we didn't. There is no sign this is going to happen any time soon.
Speaking of regulating privacy providers, I do not understand why the review team did not suggest to allow registrars only to provide these privacy services as an integral part of their registration service. One would just need to update the RAA. Many registrars already provide this service. Others could join in. There would be no need to regulate yet another bunch of new players. If the registrars are serious in their privacy services, there might even be no need for proxy services at all.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On Tue, May 15, 2012 at 09:16:04AM -0700, Antony Van Couvering wrote:
I don't know what Patrick was thinking, but it's possible he was referring to the fact that the ALAC position on Whois is nearly indistinguishable from the wish list of the trademark lobby
True ... sad, but true.
The flaw in the position of the Whois Policy Review Team is quite simple: only the most idiotic of criminals would provide real Whois information, and without comparison of state-issued documents to registration information, there is no way to reliably check it.
That's only true with a thick whois model. The thin whois model, which reveals the contract information down the reseller chain, is much more stable and reliable even in the case of a "compromised" registar (might be run by organized crime itself). You might have a look at this thin whois model by asking whois.iana.org. The real charm of this approach is, that the data does not need to leave the place where they are needed to establish the business itself. So the access restrictions can and must be derived from local law, which causes a much better privacy protection (at least for EU) than an centralized thick whois database, searchable by everyone who can pay or cry for. Yes I do hear the cry for "use cases". So the suggestion came up to urge ICANN to run a central, multilingual interface(!) to query and access the distributed data sources. Why should ICANN operate the service? Simply because they *have* the contracts which allows them to query the databases at any rate and to any detail level, they need. Nobody else can prevent to be blocked out by various resellers or registrars. Such a block would render this interface useless. Unfortunly this recommendation did not make it to the final report, only a crippled version dealing with an uninteresting case of gTLD strangeness. I was unable to fight better for this idea. Sorry.
If I were criminally-minded, I would simply use IDNs, which are essentially unsearchable as far I understand. For a perspective on how a verified whois would work in practice (and on how useless it would be, and how much it would cost) see a recent article from a domainer publication: http://domainnamewire.com/2012/05/15/heres-what-law-enforcement-wants-you-to... Antony On May 15, 2012, at 1:23 PM, Lutz Donnerhacke wrote:
On Tue, May 15, 2012 at 09:16:04AM -0700, Antony Van Couvering wrote:
I don't know what Patrick was thinking, but it's possible he was referring to the fact that the ALAC position on Whois is nearly indistinguishable from the wish list of the trademark lobby
True ... sad, but true.
The flaw in the position of the Whois Policy Review Team is quite simple: only the most idiotic of criminals would provide real Whois information, and without comparison of state-issued documents to registration information, there is no way to reliably check it.
That's only true with a thick whois model. The thin whois model, which reveals the contract information down the reseller chain, is much more stable and reliable even in the case of a "compromised" registar (might be run by organized crime itself).
You might have a look at this thin whois model by asking whois.iana.org.
The real charm of this approach is, that the data does not need to leave the place where they are needed to establish the business itself. So the access restrictions can and must be derived from local law, which causes a much better privacy protection (at least for EU) than an centralized thick whois database, searchable by everyone who can pay or cry for.
Yes I do hear the cry for "use cases". So the suggestion came up to urge ICANN to run a central, multilingual interface(!) to query and access the distributed data sources.
Why should ICANN operate the service? Simply because they *have* the contracts which allows them to query the databases at any rate and to any detail level, they need. Nobody else can prevent to be blocked out by various resellers or registrars. Such a block would render this interface useless.
Unfortunly this recommendation did not make it to the final report, only a crippled version dealing with an uninteresting case of gTLD strangeness.
I was unable to fight better for this idea. Sorry.
On 15 May 2012 17:10, Antony Van Couvering <avc@namesatwork.com> wrote:
http://domainnamewire.com/2012/05/15/heres-what-law-enforcement-wants-you-to...
"Adding these verification steps will certainly increase the cost of domain registrations and lead to massive cart abandonment at domain registrars" Not everyone sees that as a Bad Thing. - Evan
Are you saying it's your stated aim, or that of ALAC, to discourage domain registrations? On May 15, 2012, at 2:35 PM, Evan Leibovitch wrote:
On 15 May 2012 17:10, Antony Van Couvering <avc@namesatwork.com> wrote:
http://domainnamewire.com/2012/05/15/heres-what-law-enforcement-wants-you-to...
"Adding these verification steps will certainly increase the cost of domain registrations and lead to massive cart abandonment at domain registrars"
Not everyone sees that as a Bad Thing.
- Evan _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
No. On 15 May 2012 17:50, Antony Van Couvering <avc@avc.vc> wrote:
Are you saying it's your stated aim, or that of ALAC, to discourage domain registrations?
On May 15, 2012, at 2:35 PM, Evan Leibovitch wrote:
On 15 May 2012 17:10, Antony Van Couvering <avc@namesatwork.com> wrote:
http://domainnamewire.com/2012/05/15/heres-what-law-enforcement-wants-you-to...
"Adding these verification steps will certainly increase the cost of domain registrations and lead to massive cart abandonment at domain registrars"
Not everyone sees that as a Bad Thing.
- Evan _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Evan Leibovitch Toronto Canada Em: evan at telly dot org Sk: evanleibovitch Tw: el56
Dear Antony: Thanks for your thoughtful response. I have no doubt what you say on criminal intent and behaviour is both reasonable and logical. I'm equally certain that the status quo cannot be the answer. I am even willing to posit the trademark trolls of your example bears with all of us an equal share of risk from faulty WHOIS data. If you review the Thin vs. Thick WHOIS argument, proponents of the thin model implies a direct causal relationship between record accuracy and model implemented. That is too much knowing of the 'state of mind' of criminals for my comfort. So it appears that what separates us is framing an effective solution, beginning with actionable data and information. Real world experience tells me that the efficacy of any defensive regime in this case rests on the sanctions associated with violation. And yes, the cost/benefit analysis of implementation should inform the likelihood of implementation of any solution. Any effective response will require the solution place the hurt where it belongs, with the perp. This means it will have to identify and co-opt the money trail, separating the perp from its utility. I suspect this is where the parties to the problem are even further apart. Kind regards, - Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Tue, May 15, 2012 at 11:16 AM, Antony Van Couvering <avc@namesatwork.com>wrote:
Dear Carlton,
I don't know what Patrick was thinking, but it's possible he was referring to the fact that the ALAC position on Whois is nearly indistinguishable from the wish list of the trademark lobby, which has in the past fielded and funded a supposedly independent groups to push their agenda. I do not believe that to be the case now, as I have been following this list long enough to understand that the majority of the participants in this group are true believers.
The flaw in the position of the Whois Policy Review Team is quite simple: only the most idiotic of criminals would provide real Whois information, and without comparison of state-issued documents to registration information, there is no way to reliably check it. I don't believe anyone is suggesting that domain registrants need to provide notarized signatures (although now that I think of it notaries are also easily bribed). Without that final check, however, the Whois policy as proposed would impose inconvenience and cost on legitimate registrants (the vast majority), and assault some basic human freedoms (such as privacy) in order to achieve what I believe is completely illusory "accuracy." Criminals regularly counterfeit identification documents and even currency -- how hard would it be to fake a Whois record?
Despite the cost imposed on registrants, increased Whois accuracy won't catch any criminals. But it will make it easier for trademark trolls to slice and dice Whois data.
Antony
On May 15, 2012, at 8:07 AM, Carlton Samuels wrote:
Dear Patrick: Your intervention is curiously confusing since it begins by alleging a position to this ALAC that you later on appear to junk.
In the last little while, I have 'held the pen' more often than not on ALAC WHOIS Statements. I believe the statements I have crafted faithfully reflect the consensus opinion of the At-Large. Furthermore, if you examine them closely, you will see a concession to privacy interests and our consistent recommendation for a policy position that acknowledge these.
We agree to disagree respecting your view on privacy vis-a-vis WHOIS. Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS". If you should be taken seriously, this person is fingered as responsible for this reversal of fortune to your position.
Clarity is an absolute requirement here. Or you might otherwise be fairly accused of a blood libel. And a demand for redress of grievance.
Kind regards, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Mon, May 14, 2012 at 11:38 PM, Patrick Vande Walle < patrick@vande-walle.eu> wrote:
On 14/05/12 21:44, Carlton Samuels wrote:
Michele: Any other position would be both ahistorical and worse, demonstrate a touch of schizophrenia. A review of previous ALAC statements pertaining and our intervention on the RT initiative in particular should suffice.
Historically, going back to the interim ALAC, this group had a strong pro-privacy stance. I noticed over the last 2 or 3 years that the statements evolved in the opposite direction, possibly under the influence of some who have a business interest in an open-to-anyone WHOIS.
Historically, the ALAC cared for all individuals, even those registering domain names. Now, the latter are told to move on to NCUC.
In fact, look close enough and you'd find some movement in this final report to the ALAC's pronounced view.
Indeed. At long last, the need for some privacy system is acknowledged, even going as suggesting to regulate privacy providers. Now, I actually wish I can live long enough to see this implemented some way or another. We had more than 10 years to do that, and we didn't. There is no sign this is going to happen any time soon.
Speaking of regulating privacy providers, I do not understand why the review team did not suggest to allow registrars only to provide these privacy services as an integral part of their registration service. One would just need to update the RAA. Many registrars already provide this service. Others could join in. There would be no need to regulate yet another bunch of new players. If the registrars are serious in their privacy services, there might even be no need for proxy services at all.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
The flaw in the position of the Whois Policy Review Team is quite simple: only the most idiotic of criminals would provide real Whois information,
Having worked with a fair number of law enforcement people on actual Internet crime, I can say that you might be surprised. R's, John
Really John? Next thing you will be telling me is that criminals would video their crimes and put the video on Youtube and tweet their crimes.
The flaw in the position of the Whois Policy Review Team is quite simple: only the most idiotic of criminals would provide real Whois information,
Having worked with a fair number of law enforcement people on actual Internet crime, I can say that you might be surprised.
R's, John
http://www.youtube.com/results?search_query=crime+on+camera On 15 May 2012 20:00, Bill Silverstein <icann-list@sorehands.com> wrote:
Really John?
Next thing you will be telling me is that criminals would video their crimes and put the video on Youtube and tweet their crimes.
The flaw in the position of the Whois Policy Review Team is quite simple: only the most idiotic of criminals would provide real Whois information,
Having worked with a fair number of law enforcement people on actual Internet crime, I can say that you might be surprised.
R's, John
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Well, Bill, the guy from Montreal who hacked up his victim and mailed his body parts to various parties did just that... Darlene A. Thompson Community Access Program Administrator Nunavut Dept. of Education / N-CAP P.O. Box 1000, Station 910 Iqaluit, NU X0A 0H0 Phone: (867) 975-5631 Fax: (867) 975-5610 E-mail: dthompson@gov.nu.ca -----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Bill Silverstein Sent: Tuesday, May 15, 2012 11:01 PM To: At-Large Worldwide Subject: Re: [At-Large] [WHOIS-WG] Fwd: WHOIS Policy Review Team Final Report Really John? Next thing you will be telling me is that criminals would video their crimes and put the video on Youtube and tweet their crimes.
The flaw in the position of the Whois Policy Review Team is quite simple: only the most idiotic of criminals would provide real Whois information,
Having worked with a fair number of law enforcement people on actual Internet crime, I can say that you might be surprised.
R's, John
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large At-Large Official Site: http://atlarge.icann.org
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see. I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV. Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere. Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs. Patrick
Patrick: I would still like to know who your gut tells is the Svengali directing ALAC positions on the WHOIS issue. For the record, my SOI is and remains public information; no conflicts. What I find personally irritating is the notion you espouse that I, myself, could be 'directed' to a position! It is galling because if this was the case, I would have wasted the literally hundreds of hours I've spent reading and cross-checking documents/sources to shape a position! With respect, you might wish to review this business of taking your gut as bellewether to a blood libel. Not good. Best, - Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle <patrick@vande-walle.eu
wrote:
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
Dear Carlton, While I agree that in general it is unwise, and often unfair, to speculate on the motives of participants, I do think several of Patrick's points are quite valid - an open Whois is a gold mine for spammers, salespeople, and identity thieves, particularly when the information is verified/correct. Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement? Also, did it consider the difference between correct information and the public display of correct information? One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner. If law enforcement has a reason to view private information, then it could be provided to them. I think very few people would object to that. One very important element of compliance is to get buy-in from the affected parties. Everything we know about consumers is that they don't like putting their private information out on the Internet for everyone to see. The wave of protests over information sharing by Facebook is a good example of this. My personal view is that if the parties were serious about coming to a workable solution, they would examine options like this, and they wouldn't poo-poo other sides' objections. For instance, registrars should not, as they sometimes have, contend that law enforcement has no need for quick access to information. The other side should not dismiss as worthy of consideration the very substantial cost to verifying information, both directly and in terms of retooling systems, particularly when these costs *will* get passed along to the consumers. This last consideration is not just about domain name registrants -- many registrars are also web hosting and email providers, and they may be more likely to pass along their costs in one of these (or other) areas rather than just raise the price of domain names. I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan that, while it may be on point with its criticisms of ICANN, will not in my opinion lead to a workable solution. It is more likely, if enacted, to lead to court battles, leaving consumers to deal with a broken system in the meantime. With best regards, Antony On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
Patrick: I would still like to know who your gut tells is the Svengali directing ALAC positions on the WHOIS issue.
For the record, my SOI is and remains public information; no conflicts. What I find personally irritating is the notion you espouse that I, myself, could be 'directed' to a position!
It is galling because if this was the case, I would have wasted the literally hundreds of hours I've spent reading and cross-checking documents/sources to shape a position!
With respect, you might wish to review this business of taking your gut as bellewether to a blood libel. Not good.
Best, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle <patrick@vande-walle.eu
wrote:
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 16 May 2012 13:57, Antony Van Couvering <avc@avc.vc> wrote:
Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement?
Again, the confusion over the term "consumers". To ICANN's warped thinking, "consumers" means registrants (ie, consumers of ICANN-sourced products). To the DoC and the rest of the world, "consumers" means end-users -- the 99% of whom will never own a first or second level domain, but use the Internet to obtain goods and services. As a registrant who maintains accurate contact details, I'm not convinced that it it does, I'm unconvinced by the complaints about harm. And most of the world's consumers are unaffected by even that, but they do stand to benefit by more effective law enforcement. - Evan
Also, did it consider the difference between correct information and the public display of correct information? One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner. If law enforcement has a reason to view private information, then it could be provided to them. I think very few people would object to that.
One very important element of compliance is to get buy-in from the affected parties. Everything we know about consumers is that they don't like putting their private information out on the Internet for everyone to see. The wave of protests over information sharing by Facebook is a good example of this.
My personal view is that if the parties were serious about coming to a workable solution, they would examine options like this, and they wouldn't poo-poo other sides' objections. For instance, registrars should not, as they sometimes have, contend that law enforcement has no need for quick access to information. The other side should not dismiss as worthy of consideration the very substantial cost to verifying information, both directly and in terms of retooling systems, particularly when these costs *will* get passed along to the consumers. This last consideration is not just about domain name registrants -- many registrars are also web hosting and email providers, and they may be more likely to pass along their costs in one of these (or other) areas rather than just raise the price of domain names.
I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan that, while it may be on point with its criticisms of ICANN, will not in my opinion lead to a workable solution. It is more likely, if enacted, to lead to court battles, leaving consumers to deal with a broken system in the meantime.
With best regards,
Antony
On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
Patrick: I would still like to know who your gut tells is the Svengali directing ALAC positions on the WHOIS issue.
For the record, my SOI is and remains public information; no conflicts. What I find personally irritating is the notion you espouse that I, myself, could be 'directed' to a position!
It is galling because if this was the case, I would have wasted the literally hundreds of hours I've spent reading and cross-checking documents/sources to shape a position!
With respect, you might wish to review this business of taking your gut as bellewether to a blood libel. Not good.
Best, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle < patrick@vande-walle.eu
wrote:
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Evan Leibovitch Toronto Canada Em: evan at telly dot org Sk: evanleibovitch Tw: el56
I hear what you're saying, but many people who have domain name registrations are also consumers, and many non-registrants may become one. I understand the emphasis by At Large groups on non-registrants, but I would hope that people here will recognize that domain names ownership has a large potential for growth, and hence many non-registrants today may become registrants tomorrow. If, as I expect, the use of domain names becomes much less difficult, then a transition into a system that is not harmful to registrants will be beneficial to them. I have learned that it is often inaccurate to generalize about what people want from my own preferences and experiences. It turns out that I am different and better informed about domain names, spam, etc. than most people. Therefore I try not to take my own preferences and convictions as any guide. Antony On May 16, 2012, at 11:14 AM, Evan Leibovitch wrote:
On 16 May 2012 13:57, Antony Van Couvering <avc@avc.vc> wrote:
Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement?
Again, the confusion over the term "consumers".
To ICANN's warped thinking, "consumers" means registrants (ie, consumers of ICANN-sourced products). To the DoC and the rest of the world, "consumers" means end-users -- the 99% of whom will never own a first or second level domain, but use the Internet to obtain goods and services.
As a registrant who maintains accurate contact details, I'm not convinced that it it does, I'm unconvinced by the complaints about harm. And most of the world's consumers are unaffected by even that, but they do stand to benefit by more effective law enforcement.
- Evan
Also, did it consider the difference between correct information and the public display of correct information? One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner. If law enforcement has a reason to view private information, then it could be provided to them. I think very few people would object to that.
One very important element of compliance is to get buy-in from the affected parties. Everything we know about consumers is that they don't like putting their private information out on the Internet for everyone to see. The wave of protests over information sharing by Facebook is a good example of this.
My personal view is that if the parties were serious about coming to a workable solution, they would examine options like this, and they wouldn't poo-poo other sides' objections. For instance, registrars should not, as they sometimes have, contend that law enforcement has no need for quick access to information. The other side should not dismiss as worthy of consideration the very substantial cost to verifying information, both directly and in terms of retooling systems, particularly when these costs *will* get passed along to the consumers. This last consideration is not just about domain name registrants -- many registrars are also web hosting and email providers, and they may be more likely to pass along their costs in one of these (or other) areas rather than just raise the price of domain names.
I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan that, while it may be on point with its criticisms of ICANN, will not in my opinion lead to a workable solution. It is more likely, if enacted, to lead to court battles, leaving consumers to deal with a broken system in the meantime.
With best regards,
Antony
On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
Patrick: I would still like to know who your gut tells is the Svengali directing ALAC positions on the WHOIS issue.
For the record, my SOI is and remains public information; no conflicts. What I find personally irritating is the notion you espouse that I, myself, could be 'directed' to a position!
It is galling because if this was the case, I would have wasted the literally hundreds of hours I've spent reading and cross-checking documents/sources to shape a position!
With respect, you might wish to review this business of taking your gut as bellewether to a blood libel. Not good.
Best, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle < patrick@vande-walle.eu
wrote:
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Evan Leibovitch Toronto Canada
Em: evan at telly dot org Sk: evanleibovitch Tw: el56 _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Good evening: Having reviewed, perforce, the more recent contributions to this debate, i was surprised to find that I had already commented: http://forum.icann.org/lists/whoisrt-discussion-paper/ http://forum.icann.org/lists/whoisrt-discussion-paper/msg00015.html Those comments merited a footnote in the "RT" report, nothing more. Otherwise, apparently ignored. On the substance, one could write a great deal, but it has all been said before, repeatedly, during the past 14 years. In the "RT" report, I noticed in particular: " ... 66% of the 21 [ ccTLD] registries surveyed allow the addresses of private individuals to be hidden from the public WHOIS service. " and "the ICANN community may be able to benefit from the sharing of good practices with regard to ccTLD WHOIS, particularly those registries who operate in a legislated data protection environment." For the rest, I would urge: 1. Distinguish between data accuracy (Yes) and public availability of data (No) 2. Eschew the misleading use of the term "consumers". Apart from the fact that information on the Internet is never "consumed", "consumers" refer to the general public. Other matters have already been addressed in the above post. Regards CW PS: For those of us who are still struggling with the ICANN website, the WHOIS Review Team's report is at: http://www.icann.org/en/news/announcements/announcement-11may12-en.htm I confess that I still haven't found the draft ALAC statement which we seem to be arguing about. Carlton? On 16 May 2012, at 20:14, Evan Leibovitch wrote:
Hi, On additonal ppoint I would like to add. Most of us come from countries where the state is a relatively good actor and is not like to show up at our houses in the middle of the night to torture us for the things we have said on our web/blog sites. Unfortuantely far too many people come from states where whois information freely avaialble on the net can cost them and their families their well being or their lives. So when a registration is in a country other than their own, not only should their information not be served up on a platter to abusive law enforcement, it should not be easily available without proper due process, with all opportunity provided to protect the users who see the Internet as their tool for achiving freedom. It is all well and good to protect consumers from fraud, but this must not be done at the expense of those fighting for freedom to either be who they are, e.g. gay registrants who live in countries that imprison the gay, or those fighting the freedom to speak to power. I know will will quickly rejoin that one does NEED a domina name to speak to power or to blog about freedom, but many feel they do, and who are wee to say that this is not the case. I think that when At-Large thinks about protecting users it must think not only of the user whose major threat is fraud, but must also think s of users living under repressive regimes. Protecting users does not mean only protecting consumers. The public interest of the user is not identical to the public interst of the consumer. avri Antony Van Couvering <avc@avc.vc> wrote:
Dear Carlton,
While I agree that in general it is unwise, and often unfair, to speculate on the motives of participants, I do think several of Patrick's points are quite valid - an open Whois is a gold mine for spammers, salespeople, and identity thieves, particularly when the information is verified/correct.
Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement?
Also, did it consider the difference between correct information and the public display of correct information? One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner. If law enforcement has a reason to view private information, then it could be provided to them. I think very few people would object to that.
One very important element of compliance is to get buy-in from the affected parties. Everything we know about consumers is that they don't like putting their private information out on the Internet for everyone to see. The wave of protests over information sharing by Facebook is a good example of this.
My personal view is that if the parties were serious about coming to a workable solution, they would examine options like this, and they wouldn't poo-poo other sides' objections. For instance, registrars should not, as they sometimes have, contend that law enforcement has no need for quick access to information. The other side should not dismiss as worthy of consideration the very substantial cost to verifying information, both directly and in terms of retooling systems, particularly when these costs *will* get passed along to the consumers. This last consideration is not just about domain name registrants -- many registrars are also web hosting and email providers, and they may be more likely to pass along their costs in one of these (or other) areas rather than just raise the price of domain names.
I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan that, while it may be on point with its criticisms of ICANN, will not in my opinion lead to a workable solution. It is more likely, if enacted, to lead to court battles, leaving consumers to deal with a broken system in the meantime.
With best regards,
Antony
On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
Patrick: I would still like to know who your gut tells is the Svengali directing ALAC positions on the WHOIS issue.
For the record, my SOI is and remains public information; no conflicts. What I find personally irritating is the notion you espouse that I, myself, could be 'directed' to a position!
It is galling because if this was the case, I would have wasted the literally hundreds of hours I've spent reading and cross-checking documents/sources to shape a position!
With respect, you might wish to review this business of taking your gut as bellewether to a blood libel. Not good.
Best, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle <patrick@vande-walle.eu
wrote:
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Unfortuantely far too many people come from states where whois information freely avaialble on the net can cost them and their families their well being or their lives.
There are certainly countries with oppressive governments. But anyone who would ask a person in a situation like that to depend on some random registrar or registry's privacy policy to keep them from being disappeared would be an idiot. As has been noted about a zillion times before, people in such a situation would need to find a trusted intermediary to arrange for web or mail hosting and internet access, and if they want a domain, the intermediary can arrange for that, too. Unlike many (perhaps all) of the other people in this argument, I'm not speaking hypothetically. There is a widely used spam blacklist called the CBL at cbl.abuseat.org, which criminal spammers dislike enough to have made death threats against the person who operates it. Real, no kidding, law enforcement investigated death threats. If you check the WHOIS info for abuseat.org, you will find actual contact information. If you call the phone number, which is in California, a polite person will answer. If you ask nicely, she will take a message for the CBL. The person who runs the CBL is in a different country, and she most definitely will not provide the person's name or what country it is. This is the reality. I cannot imagine why people are making the same arguements that were an insult to our intelligence in 1998, and haven't improved with time. R's, John
Unfortuantely far too many people come from states where whois information freely avaialble on the net can cost them and their families their well being or their lives.
There are certainly countries with oppressive governments. But anyone who would ask a person in a situation like that to depend on some random registrar or registry's privacy policy to keep them from being disappeared would be an idiot.
This is not hypothetical. See http://www.informationweek.com/news/201802784
R's, John
Additionally, the argument that spammers will use other people identity to register domain is specious. You can ask Robert Soloway about this. I tracked one of the domains used by what appears to be his spam. It turned out that the person listed in the whois had no idea about the domain name, and it a credit card used without authorization. I put that person in touch with someone I knew at the FBI. A few months later, Soloway was arrested.
On 17 May 2012 01:02, Avri Doria <avri@acm.org> wrote:
Most of us come from countries where the state is a relatively good actor and is not like to show up at our houses in the middle of the night to torture us for the things we have said on our web/blog sites. Unfortuantely far too many people come from states where whois information freely avaialble on the net can cost them and their families their well being or their lives.[...]
This logic demands the unfounded and erroneous assumption that one requires a first- or second-level ICANN-authorized domain in order to speak on the Internet. Most end users -- including those who wish to use the Internet to buy, sell, speak, listen, write or read -- will never need to buy domain to accomplish their objectives. I understand that there are many in ICANN -- including some on this list with vested interests -- who see every Internet end-user as a potential registrant. (This, of course, helps to explain the difficulty within ICANN of distinguishing consumers from end users, because every end user is considered a potential "consumer" of domain names.) Not everyone shares the view that this approach is universally beneficial, let alone necessary, for anyone outside the domain industry. in my day job -- the one that has nothing to do with Internet governance and keeps me grounded outside this bubble -- I work with academic studies in refugee research. This role brings me in frequent contact with refugees who have stories to tell, but who would be in substantial danger (along with their families) should these stories could be traced to them. We (and other places) do quite well telling those stories while protecting identities. (NB: the strategy does NOT require giving every refugee -- or even every refugee camp -- their own domain name.) So I don't need to be lectured on using the Internet to provide free speech; I can assert with some real-life experience -- as opposed to mere debating logic -- that the DNS need not play *any* special role in providing or protecting sensitive and dangerous speech on the Internet. The abuse of WHOIS for protection of criminals is real. The rationale in favour of maintaining abuse of WHOIS as *necessary* to protect sensitive speech is theoretical and provably wrong. - Evan
So when a registration is in a country other than their own, not only should their information not be served up on a platter to abusive law enforcement, it should not be easily available without proper due process, with all opportunity provided to protect the users who see the Internet as their tool for achiving freedom. It is all well and good to protect consumers from fraud, but this must not be done at the expense of those fighting for freedom to either be who they are, e.g. gay registrants who live in countries that imprison the gay, or those fighting the freedom to speak to power.
I know will will quickly rejoin that one does NEED a domina name to speak to power or to blog about freedom, but many feel they do, and who are wee to say that this is not the case. I think that when At-Large thinks about protecting users it must think not only of the user whose major threat is fraud, but must also think s of users living under repressive regimes.
Protecting users does not mean only protecting consumers. The public interest of the user is not identical to the public interst of the consumer.
avri
Antony Van Couvering <avc@avc.vc> wrote:
Dear Carlton,
While I agree that in general it is unwise, and often unfair, to speculate on the motives of participants, I do think several of Patrick's points are quite valid - an open Whois is a gold mine for spammers, salespeople, and identity thieves, particularly when the information is verified/correct.
Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement?
Also, did it consider the difference between correct information and the public display of correct information? One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner. If law enforcement has a reason to view private information, then it could be provided to them. I think very few people would object to that.
One very important element of compliance is to get buy-in from the affected parties. Everything we know about consumers is that they don't like putting their private information out on the Internet for everyone to see. The wave of protests over information sharing by Facebook is a good example of this.
My personal view is that if the parties were serious about coming to a workable solution, they would examine options like this, and they wouldn't poo-poo other sides' objections. For instance, registrars should not, as they sometimes have, contend that law enforcement has no need for quick access to information. The other side should not dismiss as worthy of consideration the very substantial cost to verifying information, both directly and in terms of retooling systems, particularly when these costs *will* get passed along to the consumers. This last consideration is not just about domain name registrants -- many registrars are also web hosting and email providers, and they may be more likely to pass along their costs in one of these (or other) areas rather than just raise the price of domain names.
I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan that, while it may be on point with its criticisms of ICANN, will not in my opinion lead to a workable solution. It is more likely, if enacted, to lead to court battles, leaving consumers to deal with a broken system in the meantime.
With best regards,
Antony
On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
Patrick: I would still like to know who your gut tells is the Svengali directing ALAC positions on the WHOIS issue.
For the record, my SOI is and remains public information; no conflicts. What I find personally irritating is the notion you espouse that I, myself, could be 'directed' to a position!
It is galling because if this was the case, I would have wasted the literally hundreds of hours I've spent reading and cross-checking documents/sources to shape a position!
With respect, you might wish to review this business of taking your gut as bellewether to a blood libel. Not good.
Best, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle <patrick@vande-walle.eu
wrote:
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Evan Leibovitch Toronto Canada Em: evan at telly dot org Sk: evanleibovitch Tw: el56
Somehow I expected this reply. First many people do require registration to get a place that allows them to speak. Second, even when a site is provided for others, keeping that site up requires protection from repressive regimes. Third, who are you to determine what people need? Fourth, I expect you will tell me next that people can use Google Facebook etc. Other than not wishing to become a shill for google et al; one can't count on those services for privacy; when they want the business of a regime they will give all the information the regime asks for. Often the only option is one's own registration and hosting service in a third country. You claim to speak for the world's users, but you do so from the safety of a relatively . please don't assume that the conditions that prevail for you have any relation to the rest of the world. I know registrants are not the only users, but they are indeed users. Don't sacrifice them on the altar of rich comfortable country consumerism. avri Evan Leibovitch <evan@telly.org> wrote:
On 17 May 2012 01:02, Avri Doria <avri@acm.org> wrote:
Most of us come from countries where the state is a relatively good actor and is not like to show up at our houses in the middle of the night to torture us for the things we have said on our web/blog sites. Unfortuantely far too many people come from states where whois information freely avaialble on the net can cost them and their families their well being or their lives.[...]
This logic demands the unfounded and erroneous assumption that one requires a first- or second-level ICANN-authorized domain in order to speak on the Internet.
Most end users -- including those who wish to use the Internet to buy, sell, speak, listen, write or read -- will never need to buy domain to accomplish their objectives. I understand that there are many in ICANN -- including some on this list with vested interests -- who see every Internet end-user as a potential registrant. (This, of course, helps to explain the difficulty within ICANN of distinguishing consumers from end users, because every end user is considered a potential "consumer" of domain names.)
Not everyone shares the view that this approach is universally beneficial, let alone necessary, for anyone outside the domain industry.
in my day job -- the one that has nothing to do with Internet governance and keeps me grounded outside this bubble -- I work with academic studies in refugee research. This role brings me in frequent contact with refugees who have stories to tell, but who would be in substantial danger (along with their families) should these stories could be traced to them. We (and other places) do quite well telling those stories while protecting identities. (NB: the strategy does NOT require giving every refugee -- or even every refugee camp -- their own domain name.)
So I don't need to be lectured on using the Internet to provide free speech; I can assert with some real-life experience -- as opposed to mere debating logic -- that the DNS need not play *any* special role in providing or protecting sensitive and dangerous speech on the Internet.
The abuse of WHOIS for protection of criminals is real. The rationale in favour of maintaining abuse of WHOIS as *necessary* to protect sensitive speech is theoretical and provably wrong.
- Evan
So when a registration is in a country other than their own, not only should their information not be served up on a platter to abusive law enforcement, it should not be easily available without proper due
process,
with all opportunity provided to protect the users who see the Internet as their tool for achiving freedom. It is all well and good to protect consumers from fraud, but this must not be done at the expense of those fighting for freedom to either be who they are, e.g. gay registrants who live in countries that imprison the gay, or those fighting the freedom to speak to power.
I know will will quickly rejoin that one does NEED a domina name to speak to power or to blog about freedom, but many feel they do, and who are wee to say that this is not the case. I think that when At-Large thinks about protecting users it must think not only of the user whose major threat is fraud, but must also think s of users living under repressive regimes.
Protecting users does not mean only protecting consumers. The public interest of the user is not identical to the public interst of the consumer.
avri
Antony Van Couvering <avc@avc.vc> wrote:
Dear Carlton,
While I agree that in general it is unwise, and often unfair, to speculate on the motives of participants, I do think several of Patrick's points are quite valid - an open Whois is a gold mine for spammers, salespeople, and identity thieves, particularly when the information is verified/correct.
Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement?
Also, did it consider the difference between correct information and the public display of correct information? One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner. If law enforcement has a reason to view private information, then it could be provided to them. I think very few people would object to that.
One very important element of compliance is to get buy-in from the affected parties. Everything we know about consumers is that they don't like putting their private information out on the Internet for everyone to see. The wave of protests over information sharing by Facebook is a good example of this.
My personal view is that if the parties were serious about coming to a workable solution, they would examine options like this, and they wouldn't poo-poo other sides' objections. For instance, registrars should not, as they sometimes have, contend that law enforcement has no need for quick access to information. The other side should not dismiss as worthy of consideration the very substantial cost to verifying information, both directly and in terms of retooling systems, particularly when these costs *will* get passed along to the consumers. This last consideration is not just about domain name registrants -- many registrars are also web hosting and email providers, and they may be more likely to pass along their costs in one of these (or other) areas rather than just raise the price of domain names.
I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan that, while it may be on point with its criticisms of ICANN, will not in my opinion lead to a workable solution. It is more likely, if enacted, to lead to court battles, leaving consumers to deal with a broken system in the meantime.
With best regards,
Antony
On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
Patrick: I would still like to know who your gut tells is the Svengali directing ALAC positions on the WHOIS issue.
For the record, my SOI is and remains public information; no conflicts. What I find personally irritating is the notion you espouse that I, myself, could be 'directed' to a position!
It is galling because if this was the case, I would have wasted the literally hundreds of hours I've spent reading and cross-checking documents/sources to shape a position!
With respect, you might wish to review this business of taking your gut as bellewether to a blood libel. Not good.
Best, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle <patrick@vande-walle.eu
wrote:
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Evan Leibovitch Toronto Canada
Em: evan at telly dot org Sk: evanleibovitch Tw: el56 _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 17 May 2012 03:19, Avri Doria <avri@acm.org> wrote:
First many people do require registration to get a place that allows them to speak.
In the absence of evidence I consider this core assumption to be utterly baseless, while contrary evidence (that people are able to speak without registration) exists in abundance. I'm part of projects that are enabling people to speak anonymously from refugee camps using SMS messages sent from cellphones with SIM cards paid in cash. We're working on a mechanism to turn those SMS messages into blog postings automatically injected into a Drupal site. No new domains needed. And while some may find it easier to work on refining their work through a login on a Drupal site, even that "registration" is not required.
Second, even when a site is provided for others, keeping that site up requires protection from repressive regimes.
As would registrars.
Third, who are you to determine what people need?
For one, being placed in real life situations -- not theoretical -- where I have had to find media vehicles for people that were out of the reach of repressive governments. So, I've been in situations where I have *had* to make determination on what people need. I haven't had the luxury of presuming what they need as a rhetorical argument; wrong decisions mean people get hurt. And so far nobody has. Those experiences don't mean the same solution will work for all. But they well refute the wishful thinking that domain registration is necessary to convey protected speech.
Fourth, I expect you will tell me next that people can use Google Facebook etc.
I wish I could be a mind reader like that to know what people will answer. But I don't, so I'll fall back on logic and fact rather than needlessly personalizing things. In the meantime, I would never advocate the likes of Facebook, Google, Wordpress, Blogger, etc for expressions of dangerous speech, and I never have. That would be dumb. So I guess mind reading doesn't always work. I'm thinking more along the low-tech lines of trusted and sympathetic clergy, lawyers, journalists, aid workers and other proxies, which have their own online channels that do not require new domains. There are some news outlets I trust to protect sources better than most registrars, and the entire New York Times churns all of its output through a single second-level domain with (what looks to be) valid WHOIS. Their writers don't all have their own domains.
You claim to speak for the world's users, but you do so from the safety of a relatively . please don't assume that the conditions that prevail for you have any relation to the rest of the world.
I claim to speak for nobody but me. My kids won't even let me order for them in a restaurant. I simply say what I do as someone with real life roles in protecting real people who say dangerous things, witnessing a parade of of free-speech arguments that my own experience tells me is built on sand. Repeating wishful thinking multiple times doesn't constitute evidence. So as the free-speech argument against reliable WHOIS continues to demonstrate that it has never been based on anything solid, I guess the resort to ad hominems is unfortunate but understandable. - Evan
Categorizing an answer as coming from a particular cultural point of view its not an example of ad hominem, so I reject your response by accusation, though I am becoming acclimated to it. And I make no apology for my concern for the privacy concerns of users who live under repression or for my insistence that this concern be taken into account by the at-large and by our regional leaders in the ALAC. avri Evan Leibovitch <evan@telly.org> wrote:
So as the free-speech argument against reliable WHOIS continues to demonstrate that it has never been based on anything solid, I guess the resort to ad hominems is unfortunate but understandable.
- Evan _______________________________________________
As I said before. There are technical management needs to have contact information available. This is a matter for ICANN best practice and contractual relationships. The other data points should be referenced to respective jurisdictions of the registries and registrars. This seems better territory for co-ordination, and best practice through ICANN. Jurisdictions can differentiate themselves in regards balances in privacy and law enforcement and so on to attract registries, registrars and registrants and users. This is why I think it is a mistake to recommend to the ICANN board a "regulatory" role to this level of depth , which is what I read in the report. I'm not convinced the world needs a one size fits all approach. Rather the contrary seems the case. Christian de Larrinaga On 17 May 2012, at 07:28, Evan Leibovitch <evan@telly.org> wrote:
On 17 May 2012 01:02, Avri Doria <avri@acm.org> wrote:
Most of us come from countries where the state is a relatively good actor and is not like to show up at our houses in the middle of the night to torture us for the things we have said on our web/blog sites. Unfortuantely far too many people come from states where whois information freely avaialble on the net can cost them and their families their well being or their lives.[...]
This logic demands the unfounded and erroneous assumption that one requires a first- or second-level ICANN-authorized domain in order to speak on the Internet.
Most end users -- including those who wish to use the Internet to buy, sell, speak, listen, write or read -- will never need to buy domain to accomplish their objectives. I understand that there are many in ICANN -- including some on this list with vested interests -- who see every Internet end-user as a potential registrant. (This, of course, helps to explain the difficulty within ICANN of distinguishing consumers from end users, because every end user is considered a potential "consumer" of domain names.)
Not everyone shares the view that this approach is universally beneficial, let alone necessary, for anyone outside the domain industry.
in my day job -- the one that has nothing to do with Internet governance and keeps me grounded outside this bubble -- I work with academic studies in refugee research. This role brings me in frequent contact with refugees who have stories to tell, but who would be in substantial danger (along with their families) should these stories could be traced to them. We (and other places) do quite well telling those stories while protecting identities. (NB: the strategy does NOT require giving every refugee -- or even every refugee camp -- their own domain name.)
So I don't need to be lectured on using the Internet to provide free speech; I can assert with some real-life experience -- as opposed to mere debating logic -- that the DNS need not play *any* special role in providing or protecting sensitive and dangerous speech on the Internet.
The abuse of WHOIS for protection of criminals is real. The rationale in favour of maintaining abuse of WHOIS as *necessary* to protect sensitive speech is theoretical and provably wrong.
- Evan
So when a registration is in a country other than their own, not only should their information not be served up on a platter to abusive law enforcement, it should not be easily available without proper due process, with all opportunity provided to protect the users who see the Internet as their tool for achiving freedom. It is all well and good to protect consumers from fraud, but this must not be done at the expense of those fighting for freedom to either be who they are, e.g. gay registrants who live in countries that imprison the gay, or those fighting the freedom to speak to power.
I know will will quickly rejoin that one does NEED a domina name to speak to power or to blog about freedom, but many feel they do, and who are wee to say that this is not the case. I think that when At-Large thinks about protecting users it must think not only of the user whose major threat is fraud, but must also think s of users living under repressive regimes.
Protecting users does not mean only protecting consumers. The public interest of the user is not identical to the public interst of the consumer.
avri
Antony Van Couvering <avc@avc.vc> wrote:
Dear Carlton,
While I agree that in general it is unwise, and often unfair, to speculate on the motives of participants, I do think several of Patrick's points are quite valid - an open Whois is a gold mine for spammers, salespeople, and identity thieves, particularly when the information is verified/correct.
Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement?
Also, did it consider the difference between correct information and the public display of correct information? One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner. If law enforcement has a reason to view private information, then it could be provided to them. I think very few people would object to that.
One very important element of compliance is to get buy-in from the affected parties. Everything we know about consumers is that they don't like putting their private information out on the Internet for everyone to see. The wave of protests over information sharing by Facebook is a good example of this.
My personal view is that if the parties were serious about coming to a workable solution, they would examine options like this, and they wouldn't poo-poo other sides' objections. For instance, registrars should not, as they sometimes have, contend that law enforcement has no need for quick access to information. The other side should not dismiss as worthy of consideration the very substantial cost to verifying information, both directly and in terms of retooling systems, particularly when these costs *will* get passed along to the consumers. This last consideration is not just about domain name registrants -- many registrars are also web hosting and email providers, and they may be more likely to pass along their costs in one of these (or other) areas rather than just raise the price of domain names.
I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan that, while it may be on point with its criticisms of ICANN, will not in my opinion lead to a workable solution. It is more likely, if enacted, to lead to court battles, leaving consumers to deal with a broken system in the meantime.
With best regards,
Antony
On May 16, 2012, at 10:00 AM, Carlton Samuels wrote:
Patrick: I would still like to know who your gut tells is the Svengali directing ALAC positions on the WHOIS issue.
For the record, my SOI is and remains public information; no conflicts. What I find personally irritating is the notion you espouse that I, myself, could be 'directed' to a position!
It is galling because if this was the case, I would have wasted the literally hundreds of hours I've spent reading and cross-checking documents/sources to shape a position!
With respect, you might wish to review this business of taking your gut as bellewether to a blood libel. Not good.
Best, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Wed, May 16, 2012 at 1:55 AM, Patrick Vande Walle <patrick@vande-walle.eu
wrote:
On 15/05/12 17:07, Carlton Samuels wrote:
Your position condemns ordinary users who are hurt by bad actors to do without the basic information to initiate redress of grievance. Undoubtedly WHOIS information to a class of better informed interlocutors could likely be fruitful. But information discrimination of the kind suggested against victims of dissolute behaviours adds insult to injury. Count me out.
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
All aside, I am curious as to the identity of the individual allegedly of outsize influence "who have a business interest in an open-to-anyone WHOIS".
This is more a gut feeling based on past posts that the result of an investigation. Frankly, I would have absolutely no issue if people made a living in fighting spam, counterfeit goods or generally investigate criminal activities. As long as this is transparent to the rest of the community. Indeed, I think Evan's suggestion to publish SOIs is a good starting point. I have not done so, because I am not in a leadership position, but I would have no issue to do it, if required. Maybe this should be extended to all members of the WGs.
Patrick
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Evan Leibovitch Toronto Canada
Em: evan at telly dot org Sk: evanleibovitch Tw: el56 _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On Wed, May 16, 2012 at 10:57:21AM -0700, Antony Van Couvering wrote:
Did the review team look at the relative harm, and likelihood of harm, to consumers from spamming vs. the benefits gained by making things easier for law enforcement?
Yes.
Also, did it consider the difference between correct information and the public display of correct information? One undeniable benefit of not publicly displaying private information (e.g., address, phone number) is that people are far more likely to provide correct information if they're not worried about stalkers and thieves showing up at their house, or salesmen calling them during dinner. If law enforcement has a reason to view private information, then it could be provided to them. I think very few people would object to that.
Yes, and I did (and do) object even to the current collection of WHOIS. I do believe, that WHOIS is illegal at all and should be terminated as soon as possible: http://www.iks-jena.de/eng/Blog/That-s-the-way-it-always-have-been You can imagine how this position survived the report generation process. YOu did read the report ... Compare yourself.
I would hope that the At Large community could help facilitate a solution that answers to the needs of the affected parties, including consumers, rather than provide a blanket endorsement to a plan ...
If AtLarge can't follow me to prohbit WHOIS services, there are several levels of "improvements" over the current system: 1) Insist on an ultra thin WHOIS system, which only shows the contractual relationships down the reseller chain (starting at whois.iana.org). This system would prevent export of private data into different legal systems. So the local laws can be used to regulate the access to WHOIS at any given place. 2) Insist on workable privacy services as decribed in the WHOIS RT report. Proxy services are for companies which try to hide new trademarks before publishing them, so those services are not relevant to the "end user". Sorry, I'm biased.
Patrick I have no official standing in ALAC apart from my posts here. However; * I have zero commercial interests in the registry business. * I have a few domains that I registered as an ordinary user. * I have been fighting abuse on the net since 1999, although I have been involved in IT since 1981. * My dealings are with any that will assist in protecting the ordinary internet consumer and the internet users. * In the process I work narrowly with victims and law enforcement. * I also communicate with registrars and other internet service providers on a regular abuse related basis. I will reply to your comments inline. On 5/16/2012 8:55 AM, Patrick Vande Walle wrote:
A fully open, public WHOIS condemns honest domain name registrants to be hurt by bad actors, like spammers. Being harassed on the phone, and see personal details exposed for all to see.
Interestingly the only people to have harvested my details for abusive reasons have been rouge registrars trying to sell me domain names I dropped and similar domains in different TLDs and ccTLDs. However a closed whois system will do more harm with the "current mechanisms and implementations". Place note the last part of the phrase.
I have no doubt experts in cybercrime would find the useful clues in the WHOIS. I am all in favour of giving them access to the information they need, as long as they clearly identify themselves, the work they do and be transparent who they work for, have a code of conduct, etc. However, I consider that exposing the private details of millions of honest individual domain name registrants to chase a few thousand criminals, who would fake their contact details anyway, is disproportionate from a human rights POV.
Taking the current status quo of the WHOIS system as a starting point; Despite the data available in both thick and thin registries, with more honest peoples' details exposed than the many fake details of a few, those few cause more harm to the general internet populace and affected third parties than harm is done to the registrants. The current failing is the willingness to allow and tolerance for invalid whois details in the registries, being another enabler in internet fraud.
Note also that other registries, mostly ccTLDs, have privacy policies. Yet, they do not have more issues with counterfeiting and spam than the main gTLDs have. What is disappointing is that ICANN (both the corporation and the community) does not want to question the model they use and learn from best practices developed elsewhere.
Admittedly the abuse is less, yet all ccTLDs are also not equal. Where we find stricter registration requirements, the abuse is less. Where we find more tolerant policies, an abuse report with evidence suffices to have the domain cancelled. Yet the .com .org .info are most popular with the abuse as far as I see, but also for the bulk the most difficult to have abuse curbed. It is also easy to say the abuse is at the hosting side. Yet a domain is can be an instrument in crime. Unlike another tool that can be used for crime where you have to be local to the victim and as such subject to the same laws of the land, a domain used in international crime is remote from the victim and separate disparate laws apply.
Lastly, we should really distinguish between data collection and data display. The current ICANN WHOIS policy does not. Collecting private details is legitimate. Displaying them to everyone is not. I doubt there are many countries where one can consult the car registration database or obtain the details of an unlisted phone number without showing the right credentials to access that data. Why should the domain name database be any different ?
Actually physical presence allows you to do a lot with the correct evidence, including obtaining the details. Virtual presence is the problem. Why do the Europeans that are unhappy, not support the European ccTLDs? In my country my details are also visible if I register a domain here. The international domains are just that - international and international rules should apply. How deal with the situation if someone in reality from West Africa registers a domain with an address in the USA at a Chinese registrar via a reseller in India paying by Western Union, hosts in Malaysia, defrauds someone in Belgium? Incidentally he uses AnchorFree that does not keep logs to connect to Yahoo for emails. Then money mules and money laundering follows to retrieve the proceeds of fraud. (I am referring to real issues here!). If the domain registration details was not publicly visible, also due to the smaller loss this would have been swept under the carpet as a an isolated incident and the victim become a statistic. The victim would have had no justice. However due to historic information in the public domain and search engines, you suddenly find the registrant, despite the fake whois, is also responsible for other losses and has registered similar domains in the past. Whois details are a way of linking related incident across different domains and countries. Suddenly all those smaller losses adds up and law enforcement becomes extremely interested. This has happened many times in the past and will happen again. Additionally new suspicious domains can be identified and links to past events, allowing for actioning BEFORE the scammer has time to defraud. Likewise I could use many more of these examples of how whois is used for the public good. As a caveat - the first time more than a few users discovered they were victims to identity theft and credit card fraud, was when I contacted them after finding their details in domain registration details. One victim was alerted even before she received her statement and could act immediately. Many registrars also appreciates such information as they incur less losses later. Small bonuses. ....
Patrick
The issue at hand is no checks are done at registration time apart from ensuring valid payments, yet when we see the result and the consequences, we want to treat domains as valuable. The problem is "junk in, junk out". The Louis Vuitton issue is a good case in point. Simply removing public whois visibility from the current mess, would simply inflate costs to other third parties and even further strain scare resources, law enforcement included. Domain abuse will become more rife and will be to the detriment of each and every user. Currently the public can check and point out issues. These issues allow registrars to do further checks and also to protect themselves and the public. This does also make a small difference for the better if the registrar lives up to the spirit of the RAA. Sadly too few do in the TLD space. However, if ICANN were to start enforcing their own policies and immediately start ensuring the sanctioning any party where there is clear evidence of fake registration details with "potential" harm (lock domain and disable DNS until resolution?), also requiring for more verification, we would suddenly start seeing a totally different picture. We are currently in a chicken-and-eggs situation. Were we to implement stricter quality assurances at registration time and third party abuse clauses, malicious domain counts would drop. Were domains abused, there would be more accountability and those responsible easier traceable. The cost to the abusers would sharply rise and would would have a more stabilizing effect on the net. Hopefully in three years time we can once again have this discussion with less controversy. But we have to start somewhere. Sadly I'm not holding my breath. Derek
On 14 May 2012 04:24, Wendy Seltzer <wendy@seltzer.com> wrote:
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that.
Nice to hear from you, Wendy. On what basis do you advise not recommending it? I found the report's approach to be very appropriate, especially from the view of non-registrant end-users. And I fully agree with John's comment about a more reliable and trustworthy name system. The case against reliability and in favour of obfuscation is weak at best. - Evan
--Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations< http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf
* to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:*
http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <
http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki:
https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/ _______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki: https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Evan Leibovitch Toronto Canada Em: evan at telly dot org Sk: evanleibovitch Tw: el56
I would like to hear more from Wendy. Regards, Omar 2012/5/14 Evan Leibovitch <evan@telly.org>:
On 14 May 2012 04:24, Wendy Seltzer <wendy@seltzer.com> wrote:
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that.
Nice to hear from you, Wendy.
On what basis do you advise not recommending it? I found the report's approach to be very appropriate, especially from the view of non-registrant end-users. And I fully agree with John's comment about a more reliable and trustworthy name system. The case against reliability and in favour of obfuscation is weak at best.
- Evan
Dear Wendy: So noted. I would encourage you to lay out the reasoning for your position to this list as well as on the wiki. Kind regards, - Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Mon, May 14, 2012 at 3:24 AM, Wendy Seltzer <wendy@seltzer.com> wrote:
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that.
--Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations< http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf
* to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:*
http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <
http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki:
https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/
On 05/14/2012 03:46 PM, Carlton Samuels wrote:
Dear Wendy: So noted.
I would encourage you to lay out the reasoning for your position to this list as well as on the wiki.
I have asked for a redline of the report against its draft version, but in the meantime, repeat the NCSG's concerns that privacy should be given much more substantial weight in the WHOIS analysis: http://forum.icann.org/lists/whois-rt-draft-final-report/msg00020.html The report should explicitly recommend that WHOIS policy recognize that registrants, both individual and organizations, commercial and non-commercial, have a legitimate interest in, and in many jurisdictions the legal right to, the privacy of their personal data. In the normative discussion, privacy should be given equivalent emphasis to accuracy. It would be instructive in this regard to reference the OECD privacy guidelines, agreed to by all OECD member countries with input from business and civil society. Data accuracy (or 'quality') is considered by OECD members to be of equal importance to purpose specification, use limitation and security safeguards, none of which factors are supported by Whois as it currently operates. (OECD Guideline reference: http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html ) It is as important that registrants have privacy as that their data be accurately recorded. At the moment, the report appears, from its emphasis on access and accuracy, to discount those privacy concerns that are accepted by all OECD member states and participating business and civil society actors as having equal importance. --Wendy
Kind regards, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Mon, May 14, 2012 at 3:24 AM, Wendy Seltzer <wendy@seltzer.com> wrote:
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that.
--Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations< http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf
* to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:*
http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <
http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki:
https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/
I've not read the report carefully, but seems very many efforts made to discuss with law enforcement, comprehensive outreach to the that community. Much less mention of data protection/privacy commissioners. Interested to know if data protection commissioners were consulted on the final draft before it was released. Adam On Thu, May 17, 2012 at 6:47 PM, Wendy Seltzer <wendy@seltzer.com> wrote:
On 05/14/2012 03:46 PM, Carlton Samuels wrote:
Dear Wendy: So noted.
I would encourage you to lay out the reasoning for your position to this list as well as on the wiki.
I have asked for a redline of the report against its draft version, but in the meantime, repeat the NCSG's concerns that privacy should be given much more substantial weight in the WHOIS analysis:
http://forum.icann.org/lists/whois-rt-draft-final-report/msg00020.html The report should explicitly recommend that WHOIS policy recognize that registrants, both individual and organizations, commercial and non-commercial, have a legitimate interest in, and in many jurisdictions the legal right to, the privacy of their personal data.
In the normative discussion, privacy should be given equivalent emphasis to accuracy. It would be instructive in this regard to reference the OECD privacy guidelines, agreed to by all OECD member countries with input from business and civil society. Data accuracy (or 'quality') is considered by OECD members to be of equal importance to purpose specification, use limitation and security safeguards, none of which factors are supported by Whois as it currently operates. (OECD Guideline reference: http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html )
It is as important that registrants have privacy as that their data be accurately recorded. At the moment, the report appears, from its emphasis on access and accuracy, to discount those privacy concerns that are accepted by all OECD member states and participating business and civil society actors as having equal importance.
--Wendy
Kind regards, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Mon, May 14, 2012 at 3:24 AM, Wendy Seltzer <wendy@seltzer.com> wrote:
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that.
--Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations< http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf
* to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:*
http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <
http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki:
https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/ _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
As far as I know the answer is no. avri Adam Peake <ajp@glocom.ac.jp> wrote:
I've not read the report carefully, but seems very many efforts made to discuss with law enforcement, comprehensive outreach to the that community. Much less mention of data protection/privacy commissioners. Interested to know if data protection commissioners were consulted on the final draft before it was released.
Adam
On Thu, May 17, 2012 at 6:47 PM, Wendy Seltzer <wendy@seltzer.com> wrote:
On 05/14/2012 03:46 PM, Carlton Samuels wrote:
Dear Wendy: So noted.
I would encourage you to lay out the reasoning for your position to this list as well as on the wiki.
I have asked for a redline of the report against its draft version, but in the meantime, repeat the NCSG's concerns that privacy should be given much more substantial weight in the WHOIS analysis:
http://forum.icann.org/lists/whois-rt-draft-final-report/msg00020.html
The report should explicitly recommend that WHOIS policy recognize that registrants, both individual and organizations, commercial and non-commercial, have a legitimate interest in, and in many jurisdictions the legal right to, the privacy of their personal data.
In the normative discussion, privacy should be given equivalent emphasis to accuracy. It would be instructive in this regard to reference the OECD privacy guidelines, agreed to by all OECD member countries with input from business and civil society. Data accuracy (or 'quality') is considered by OECD members to be of equal importance to purpose specification, use limitation and security safeguards, none of which factors are supported by Whois as it currently operates. (OECD Guideline reference:
http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
)
It is as important that registrants have privacy as that their data be accurately recorded. At the moment, the report appears, from its emphasis on access and accuracy, to discount those privacy concerns that are accepted by all OECD member states and participating business and civil society actors as having equal importance.
--Wendy
Kind regards, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Mon, May 14, 2012 at 3:24 AM, Wendy Seltzer <wendy@seltzer.com>
wrote:
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that
the
ALAC
issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that.
--Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm
------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations<
http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf
* to the ICANN Board and this document has been posted for public
comment.
*Public Comment Box Link:*
http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA
90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <
http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki:
https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/ _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On Thu, May 17, 2012 at 7:48 PM, Avri Doria <avri@acm.org> wrote:
As far as I know the answer is no.
Then perhaps ALAC could ask. Privacy's significant concern for many At Large participants. Adam
avri
Adam Peake <ajp@glocom.ac.jp> wrote:
I've not read the report carefully, but seems very many efforts made to discuss with law enforcement, comprehensive outreach to the that community. Much less mention of data protection/privacy commissioners. Interested to know if data protection commissioners were consulted on the final draft before it was released.
Adam
On Thu, May 17, 2012 at 6:47 PM, Wendy Seltzer <wendy@seltzer.com> wrote:
On 05/14/2012 03:46 PM, Carlton Samuels wrote:
Dear Wendy: So noted.
I would encourage you to lay out the reasoning for your position to this list as well as on the wiki.
I have asked for a redline of the report against its draft version, but in the meantime, repeat the NCSG's concerns that privacy should be given much more substantial weight in the WHOIS analysis:
http://forum.icann.org/lists/whois-rt-draft-final-report/msg00020.html
The report should explicitly recommend that WHOIS policy recognize that registrants, both individual and organizations, commercial and non-commercial, have a legitimate interest in, and in many jurisdictions the legal right to, the privacy of their personal data.
In the normative discussion, privacy should be given equivalent emphasis to accuracy. It would be instructive in this regard to reference the OECD privacy guidelines, agreed to by all OECD member countries with input from business and civil society. Data accuracy (or 'quality') is considered by OECD members to be of equal importance to purpose specification, use limitation and security safeguards, none of which factors are supported by Whois as it currently operates. (OECD Guideline reference:
http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
)
It is as important that registrants have privacy as that their data be accurately recorded. At the moment, the report appears, from its emphasis on access and accuracy, to discount those privacy concerns that are accepted by all OECD member states and participating business and civil society actors as having equal importance.
--Wendy
Kind regards, - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Mon, May 14, 2012 at 3:24 AM, Wendy Seltzer <wendy@seltzer.com>
wrote:
On 05/13/2012 05:26 PM, Carlton Samuels wrote:
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that
the
ALAC
issue a statement fully endorsing the recommendations of the Final Report
As a member of the WG, I recommend against that.
--Wendy
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm
------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations<
http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf
* to the ICANN Board and this document has been posted for public
comment.
*Public Comment Box Link:*
http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA
90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <
http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...
_______________________________________________ WHOIS-WG mailing list WHOIS-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/whois-wg
WHOIS WG Wiki:
https://community.icann.org/display/atlarge/At-Large+Whois+Policy
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/
-- Wendy Seltzer -- wendy@seltzer.org +1 617.863.0613 Fellow, Yale Law School Information Society Project Fellow, Berkman Center for Internet & Society at Harvard University http://wendy.seltzer.org/ https://www.chillingeffects.org/ https://www.torproject.org/ http://www.freedom-to-tinker.com/ _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Firstly I would like to thank all those spending so much time and energy on developing this report. Secondly I want to remonstrate. ALAC should not be encouraging ICANN to expand its scope as regulator in areas which really need to be done in local jurisdictions. Is it not possible for an activity near ICANN to recommend ICANN co-ordinates globally to establish best practices and education for local implementation around the world? I can see the point where WHOIS data for technical management can usefully be defined globally but I can't see that it is ever going to wash to "regulate" at ICANN matters that reasonably have to be decided and implemented via local regulators and legislatures such as management of privacy, law enforcement and similar over beneficial ownerships and similar. If people think this needs to be "regulated" at ICANN then this report does not provide the evidence. best Christian On 13 May 2012, at 22:26, Carlton Samuels wrote:
FYI. IMHO, the Final Report offers improved clarity and crispness in language. A few additions/clarifications from the preliminary report peaks interest:
1. WHOIS must be established as a strategic priority for ICANN. They doubled down by providing some definitive [and guiding!] recommendations to the Board to that objective.
2. Explicitly valorize the finding of widespread interest/convergence of WHOIS matters in the global community by recommending a fulsome outreach initiative.
3. Makes an explicit connection between anticipated improved compliance with a different reporting structure for ICANN Compliance that compels greater accountability from ICANN Board for outcomes, coupled with more transparent operations.
4. Declares in favour of " *a clear, unambiguous and enforceable chain of * *contractual agreements with registries, registrars, and registrants to require the **provision and maintenance of accurate WHOIS data*.".
Speaking as Chair of the At-Large WHOIS WG, I shall recommend that the ALAC issue a statement fully endorsing the recommendations of the Final Report - Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
** [image: ICANN] <http://www.icann.org/> News Alert
http://www.icann.org/en/news/announcements/announcement-11may12-en.htm ------------------------------ WHOIS Policy Review Team Final Report
11 May 2012
*Forum Announcement:* Comment Period Opens on *Date:* 11 May 2012 * Categories/Tags:*
Reviews/Improvements WHOIS Policy Transparency/Accountability *Purpose (Brief):* The WHOIS Policy Review Team, constituted under ICANN's Affirmation of Commitments (AoC) agreement with the U.S. Department of Commerce, submitted its *Final Report and Recommendations<http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf> * to the ICANN Board and this document has been posted for public comment. *Public Comment Box Link:* http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en...
This message was sent to carlton.samuels@gmail.com from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [image: iContact - Try It Free!]<http://www.icontact.com/a.pl/144186> Manage Your Subscription <http://app.icontact.com/icp/mmail-mprofile.pl?r=22552788&l=6333&s=60BX&m=882...> _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On Tue, May 15, 2012 at 03:14:56PM +0100, Christian de Larrinaga wrote:
Secondly I want to remonstrate. ALAC should not be encouraging ICANN to expand its scope as regulator in areas which really need to be done in local jurisdictions.
As a member of the RT, I have to say, that I did not manage to provide enough ressources to lobby for a more "local law respecting" document. I'm sorry.
participants (20)
-
Adam Peake -
Antony Van Couvering -
Antony Van Couvering -
Avri Doria -
Bill Silverstein -
Carlton Samuels -
cdel.firsthand.net -
Christian de Larrinaga
-
Christopher Wilkinson -
Derek Smythe -
Evan Leibovitch -
Franck Martin -
John R. Levine -
Lutz Donnerhacke -
Michele Neylon :: Blacknight -
Olivier MJ Crepin-Leblond -
Omar Kaminski -
Patrick Vande Walle -
Thompson, Darlene -
Wendy Seltzer