9th Circuit Court ruling on ICANN Contract.
The 9th circuit has ruled that the section 3.7.7.3 of the registrar/registrant contract has no meaning. This is a result of the no third party beneficiary provision of section 5.10 of the contract. This not only eliminates the issue for spam liability, but the issue for copyright or trademark infringement. Under the 9th circuit interpretation, I can use domains by proxy to hide my identity when I register and profit from barbiedoll.com to host pirated movies, despite being provided this evidence, that Domains has no requirement to disclose this information. http://www.scribd.com/doc/45487838/Balsam-v-Tucows-No-09-17625-9th-Cir-Dec-1...
Hi, This is alternately called Intermediate Liability Protection which many of us believe is an essential component of most Internet Freedoms, and therefore something that needs to be protected. Your use of barbiedolls.com issue should be handled under normal fraud statutes using due process and under UDRP etc... a. On 19 Dec 2010, at 13:19, Bill Silverstein wrote:
The 9th circuit has ruled that the section 3.7.7.3 of the registrar/registrant contract has no meaning. This is a result of the no third party beneficiary provision of section 5.10 of the contract.
This not only eliminates the issue for spam liability, but the issue for copyright or trademark infringement. Under the 9th circuit interpretation, I can use domains by proxy to hide my identity when I register and profit from barbiedoll.com to host pirated movies, despite being provided this evidence, that Domains has no requirement to disclose this information.
http://www.scribd.com/doc/45487838/Balsam-v-Tucows-No-09-17625-9th-Cir-Dec-1...
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
And how would you do that under the UDRP, Avri? I can see Mattel trying it, but not you. Even then Mattel would have to prove bad faith usage of the name. However consider that "doll" may mean many things. "Barbie" may be the claimed host master. In fact Barbie is a common form of Barabara, which was indeed the orgins of the Barbie in Barbie Doll. As for fraud statutes, that may be a bit more difficult. Which country's statutes? What if the website is hosted in a country that has no respect for copyright issues, likewise the registrar? Yet we are seeing this every day and very deliberately so. On 2010/12/19 21:37, Avri Doria wrote:
Hi,
This is alternately called Intermediate Liability Protection which many of us believe is an essential component of most Internet Freedoms, and therefore something that needs to be protected.
Your use of barbiedolls.com issue should be handled under normal fraud statutes using due process and under UDRP etc...
a.
On 19 Dec 2010, at 13:19, Bill Silverstein wrote:
The 9th circuit has ruled that the section 3.7.7.3 of the registrar/registrant contract has no meaning. This is a result of the no third party beneficiary provision of section 5.10 of the contract.
This not only eliminates the issue for spam liability, but the issue for copyright or trademark infringement. Under the 9th circuit interpretation, I can use domains by proxy to hide my identity when I register and profit from barbiedoll.com to host pirated movies, despite being provided this evidence, that Domains has no requirement to disclose this information.
http://www.scribd.com/doc/45487838/Balsam-v-Tucows-No-09-17625-9th-Cir-Dec-1...
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 19 Dec 2010, at 15:07, Derek Smythe wrote:
And how would you do that under the UDRP, Avri?
I can see Mattel trying it, but not you.
Exactly. If enough of us complain to Mattel (is that who makes it) they will do something.
Even then Mattel would have to prove bad faith usage of the name. However consider that "doll" may mean many things. "Barbie" may be the claimed host master. In fact Barbie is a common form of Barabara, which was indeed the orgins of the Barbie in Barbie Doll.
Good point. Well since we perhaps all do recognize Barbie as a generic these days - Caribou Barbie anyone? Perhaps the example is not all that valid to start with.
As for fraud statutes, that may be a bit more difficult. Which country's statutes? What if the website is hosted in a country that has no respect for copyright issues, likewise the registrar? Yet we are seeing this every day and very deliberately so.
Well that is the sort of thing that government should be working on instead of spending their time chasing after Internet governance that is beyond their ken - standardizing their anti-fraud statutes. and then Interpol, instead of persecuting freedom of information advocates can spend their efforts finding and arresting fraudulent web site operators wherever they may reside. Law enforcement is not supposed to be easy, and it is time that those who are responsible for it, do the hard work and use the wealth of laws they already have on the books instead of trying to find easy ways out using the internet in ways the destroy it. a.
On 2010/12/19 22:36, Avri Doria wrote:
On 19 Dec 2010, at 15:07, Derek Smythe wrote:
And how would you do that under the UDRP, Avri?
I can see Mattel trying it, but not you.
Exactly. If enough of us complain to Mattel (is that who makes it) they will do something.
Reality shows that this does not always work like that. Common sense would dictate that a responsible brand owner would be up in arms at the abuse of his mark, however it does not always happen this way. All to often they only concentrate on domains and websites that affect them directly, not the public.
Even then Mattel would have to prove bad faith usage of the name. However consider that "doll" may mean many things. "Barbie" may be the claimed host master. In fact Barbie is a common form of Barabara, which was indeed the orgins of the Barbie in Barbie Doll.
Good point. Well since we perhaps all do recognize Barbie as a generic these days - Caribou Barbie anyone? Perhaps the example is not all that valid to start with.
For the UDRP, it was a good example. But what about scourtofjustice.com? Here the UDRP does not apply, though the domain is not registered by the claimed registrant and used for a courier scam?
As for fraud statutes, that may be a bit more difficult. Which country's statutes? What if the website is hosted in a country that has no respect for copyright issues, likewise the registrar? Yet we are seeing this every day and very deliberately so.
Well that is the sort of thing that government should be working on instead of spending their time chasing after Internet governance that is beyond their ken - standardizing their anti-fraud statutes. and then Interpol, instead of persecuting freedom of information advocates can spend their efforts finding and arresting fraudulent web site operators wherever they may reside. Law enforcement is not supposed to be easy, and it is time that those who are responsible for it, do the hard work and use the wealth of laws they already have on the books instead of trying to find easy ways out using the internet in ways the destroy it.
Despite what you may say, many dedicated and competent law enforcement officials are working hard and working overtime to protect the average internet user. However time is a limited resource and finances (tax payers' money) are constrained. A five minute crime may take five years to it's conclusion in a court. In those 5 years are hours and hours of time spent on investigation and prosecution by many people. The cost associated with just one such case can be frightening. In essence law enforcement simply do not have the resources to investigate each and every crime, despite clear fraud. Consider: Criminal shopfront: domain: $10 (includes registrant protection) hosting: $5 Instant fake shopfront total: $15 Victims: Losses = loss of each of a number of victims (mostly unreported), mostly reported not really investigated. Prosecution: 2 to 5 yrs of LE resources At the end of the day, LE costs are paid for by tax payers. So do you spend of hundreds of thousands of dollars investigating a twenty thousand dollars loss? No, LE uses stats to track the worst of the worst and concentrate on that. That is also why we hear phrases such as "Loss under (amount), loss above (amount)" and investigations tend to lean towards the higher amounts. Yes, some government officials do abuse their powers, there is no denying that. However that normally makes headlines, a petty criminal that used a $10 domain to defraud people out of $20,000 not, or rather not often. It is interesting that law enforcement are relying more and more on public groups/companies/etc to assist. This is a reflection of the workload these people are faced with. Now another fact: Most registrars know this. Derek
a.
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
The reality of this issue is that the normal internet user, be it a small business or an individual, has not real protection on the internet. The registrar is held blameless and the victim of internet abuse cannot hold him liable. ICANN is not interested in abuse issues, it is outside their gambit despite creating an environment ideal for abuse. As for law enforcement, law enforcement only deals with the most serious issues. A simple reality is they are absolutely flooded with ongoing issues. That does leave the normal internet user vulnerable to exploitation. Derek On 2010/12/19 20:19, Bill Silverstein wrote:
The 9th circuit has ruled that the section 3.7.7.3 of the registrar/registrant contract has no meaning. This is a result of the no third party beneficiary provision of section 5.10 of the contract.
This not only eliminates the issue for spam liability, but the issue for copyright or trademark infringement. Under the 9th circuit interpretation, I can use domains by proxy to hide my identity when I register and profit from barbiedoll.com to host pirated movies, despite being provided this evidence, that Domains has no requirement to disclose this information.
http://www.scribd.com/doc/45487838/Balsam-v-Tucows-No-09-17625-9th-Cir-Dec-1...
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
The reality of this issue is that the normal internet user, be it a small business or an individual, has not real protection on the internet.
This is my exact point. The
The registrar is held blameless and the victim of internet abuse cannot hold him liable. This is not an issue of the registrar being held liable, but the privacy protection service (the registrant) being held liable. While the registrant being a privacy protection service is not the same, it essentially is.
ICANN is not interested in abuse issues, it is outside their gambit despite creating an environment ideal for abuse.
As for law enforcement, law enforcement only deals with the most serious issues. A simple reality is they are absolutely flooded with ongoing issues.
That does leave the normal internet user vulnerable to exploitation.
Derek
On 2010/12/19 20:19, Bill Silverstein wrote:
The 9th circuit has ruled that the section 3.7.7.3 of the registrar/registrant contract has no meaning. This is a result of the no third party beneficiary provision of section 5.10 of the contract.
This not only eliminates the issue for spam liability, but the issue for copyright or trademark infringement. Under the 9th circuit interpretation, I can use domains by proxy to hide my identity when I register and profit from barbiedoll.com to host pirated movies, despite being provided this evidence, that Domains has no requirement to disclose this information.
http://www.scribd.com/doc/45487838/Balsam-v-Tucows-No-09-17625-9th-Cir-Dec-1...
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 19 Dec 2010, at 19:51, Derek Smythe wrote: Derek
The reality of this issue is that the normal internet user, be it a small business or an individual, has not real protection on the internet.
The flipside to this is that registrants have a right to privacy and a degree of protection. The "normal" user wants to be able to register and use domain names without publishing their private details. Yes we all know there are criminals out there, but there are plenty of other ways to get to them other than WHOIS of a domain name.
The registrar is held blameless and the victim of internet abuse cannot hold him liable.
Which is correct in my view. If I sold kitchen knives and you happened to use one to commit murder it wouldn't be reasonable to hold me liable UNLESS I had sold you the knife to commit murder ..
ICANN is not interested in abuse issues, it is outside their gambit despite creating an environment ideal for abuse.
That is a wonderfully inflammatory statement
As for law enforcement, law enforcement only deals with the most serious issues.
Which is normal. It's not up to law enforcement to go around enforcing IP interests.
A simple reality is they are absolutely flooded with ongoing issues.
That does leave the normal internet user vulnerable to exploitation.
You could extend the same logic to the offline / tangible / real world .. Taken to its logical (though somewhat perverse) conclusion then we should all be hiding in bunkers. Regards Michele PS: The only time I've been a victim of crimes has been offline - wallets stolen, cars vandalised and debit cards skimmed .. Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon PS: Check out our latest offers on domains & hosting: http://domainoffers.me/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On 19 Dec 2010, at 19:51, Derek Smythe wrote:
Derek
The reality of this issue is that the normal internet user, be it a small business or an individual, has not real protection on the internet.
The flipside to this is that registrants have a right to privacy and a degree of protection. The "normal" user wants to be able to register and use domain names without publishing their private details.
Yes we all know there are criminals out there, but there are plenty of other ways to get to them other than WHOIS of a domain name.
Ok. How? And why should there be a need? If you buy a house, but put it under my name to avoid a judgment against you, can you cry when the IRS (the US taxing authority) seizes the house because my outstanding tax bill?
The registrar is held blameless and the victim of internet abuse cannot hold him liable.
Which is correct in my view.
If I sold kitchen knives and you happened to use one to commit murder it wouldn't be reasonable to hold me liable UNLESS I had sold you the knife to commit murder ..
No, and yours is a bad analogy. A better analogy: I buy a car and register it under my name because I live in a cheaper area to insure and have a better driving record so the insurance and tax cost would be half of what it would be if you registered it (or maybe that you are hiding it from your 6 ex-wifes wanting alimony and child support). But, you gave me the money for the car and you are the one paying the bill and driving it. If you then run over the little old lady in the crosswalk while drunk, I am the one sued because the car is owned by me not you. Here, the privacy
ICANN is not interested in abuse issues, it is outside their gambit despite creating an environment ideal for abuse.
That is a wonderfully inflammatory statement
So what? Does that make the statement inaccurate?
As for law enforcement, law enforcement only deals with the most serious issues.
Which is normal. It's not up to law enforcement to go around enforcing IP interests.
No, that is why there are civil courts.
A simple reality is they are absolutely flooded with ongoing issues.
That does leave the normal internet user vulnerable to exploitation.
You could extend the same logic to the offline / tangible / real world ..
Taken to its logical (though somewhat perverse) conclusion then we should all be hiding in bunkers.
No, but if someone takes money from you so that you can hide assets why should they be surprised when sued because of the abusing relating to those assets?
On 22 Dec 2010, at 12:33, Bill Silverstein wrote:
Yes we all know there are criminals out there, but there are plenty of other ways to get to them other than WHOIS of a domain name. Ok. How? And why should there be a need?
If you buy a house, but put it under my name to avoid a judgment against you, can you cry when the IRS (the US taxing authority) seizes the house because my outstanding tax bill?
Well leaving aside the validity of a Tax Authority will such a capability. It they went through due legal process and determined that you were the legal owner of that house and that you had done something wrong under the law that merited the removal of your property, then unless I could show a legal instrument that showed that despite this the house was still mine, no I would not have a legal basis for complaint. As for 'can you cry' i think people always have the right to cry (unless of course you are a woman and in politics.) As for the ability to cry, that is an individual thing that often has medical causes. Personally I thought the knives analogy was a good one. a.
On 12/22/2010 09:33 AM, Bill Silverstein wrote:
On 19 Dec 2010, at 19:51, Derek Smythe wrote:
Yes we all know there are criminals out there, but there are plenty of other ways to get to them other than WHOIS of a domain name. Ok. How? And why should there be a need?
If you buy a house, but put it under my name to avoid a judgment against you, can you cry when the IRS (the US taxing authority) seizes the house because my outstanding tax bill?
Are we going to become an internet of vigilante justice? One can always construct a case to justify the destruction of privacy, particularly the privacy of natural people. And for each of those cases there are probably thousands of counter examples that are never uttered. Civil plaintiffs and criminal prosecutors ought to be required to initiate proper judicially overseen discovery or obtain proper subpoenaes and warrants asking "whose your daddy". Unless they do they don't, at least in my book, get much credit for arguments that privacy gets in their way. I've heard too many internet vigilantes justify the metaphoric noose because proper procedure and trial would be too slow and troublesome. I'm all for hanging the evil doers high - see http://www.cavebear.com/cbblog-archives/000236.html - but only after proper and fair process. --karl--
On 12/22/2010 09:33 AM, Bill Silverstein wrote:
On 19 Dec 2010, at 19:51, Derek Smythe wrote:
Yes we all know there are criminals out there, but there are plenty of other ways to get to them other than WHOIS of a domain name. Ok. How? And why should there be a need?
If you buy a house, but put it under my name to avoid a judgment against you, can you cry when the IRS (the US taxing authority) seizes the house because my outstanding tax bill?
Are we going to become an internet of vigilante justice?
It is not vigilante justice to know the identity of the owner of a domain name.
One can always construct a case to justify the destruction of privacy, particularly the privacy of natural people. And for each of those cases there are probably thousands of counter examples that are never uttered.
Civil plaintiffs and criminal prosecutors ought to be required to initiate proper judicially overseen discovery or obtain proper subpoenaes and warrants asking "whose your daddy". Unless they do they don't, at least in my book, get much credit for arguments that privacy gets in their way.
The problem is, especially when trying to track spammers, is that is this a misguided bad actor sending spam from advertising one site, or is this a criminal organization sending advertising for thousands of sites? While both may be in violation of the law(s), the efficient use of resources would be to go after the criminal organization. If you cannot determine the difference, ie. using the proxy services, it impedes enforcement. If your wallet was stolen, would the police do anything more than take a report? Now, if your wallet was stolen by the same person who stole 50 other wallets, would the police take action?
I've heard too many internet vigilantes justify the metaphoric noose because proper procedure and trial would be too slow and troublesome.
How is having the court holding the registered domain name holder (the proxy service in this case) liable be considered vigilantism? What is the purpose of section 3.7.7.3 if it is not to hold the registered name holder (the proxy service) liable for the use of the domain name, if they have provided some evidence to the proxy service that the domain name is being used for illegal activity?
I'm all for hanging the evil doers high - see http://www.cavebear.com/cbblog-archives/000236.html - but only after proper and fair process.
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 12/22/2010 10:40 AM, Bill Silverstein wrote:
It is not vigilante justice to know the identity of the owner of a domain name.
Oh yes indeed it is. It is most definitely vigilante action to take away the right of an accused - merely on the basis of that accusation. In this case the rights are those of privacy and due process.
The problem is, especially when trying to track spammers, is that is this a misguided bad actor sending spam from advertising one site, or is this a criminal organization sending advertising for thousands of sites?
The burden of making the case ought to be on the one making the accusation - of do we want the kind of "justice" that Kafka described in "The Trial"? --karl--
Hi, I think that civilian groups helping the police with investigations is fine, just like i think individuals helping the public see inside Cultures of Secrecy is a good thing. There is definitely room for citizen activism. What is critical is that any activities by the group of civilian helpers be within the rule of law and that it be the proper authorities operating under law that is within the binding International principles of human rights that are the ones to take action after due process. Information, as long as it is not the personal information of natural persons or on other very tightly circumscribed security topics as defined in International covenants and treaties, is good and should be distributed by anyone to everyone. And so those who collect information on people they consider the DNS bad guys should be free to publish it. And while they need to be careful that the information is true or else they may have to deal with defamation and libel charges, they should be free to investigate and publish what they discover. a. On 23 Dec 2010, at 17:14, Karl Auerbach wrote:
On 12/22/2010 10:40 AM, Bill Silverstein wrote:
It is not vigilante justice to know the identity of the owner of a domain name.
Oh yes indeed it is. It is most definitely vigilante action to take away the right of an accused - merely on the basis of that accusation. In this case the rights are those of privacy and due process.
The problem is, especially when trying to track spammers, is that is this a misguided bad actor sending spam from advertising one site, or is this a criminal organization sending advertising for thousands of sites?
The burden of making the case ought to be on the one making the accusation - of do we want the kind of "justice" that Kafka described in "The Trial"?
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 12/22/2010 10:40 AM, Bill Silverstein wrote:
It is not vigilante justice to know the identity of the owner of a domain name.
Oh yes indeed it is. It is most definitely vigilante action to take away the right of an accused - merely on the basis of that accusation. In this case the rights are those of privacy and due process.
Oh no. You are inserting a right here where there is none. The right to privacy regarding the ownership of a domain name. Anonymous speech does not equate to anonymous domain name registration. The registration of a domain requires the owner of the domain to correctly identify oneself to the public when registering the domain name.
On 12/23/2010 03:31 PM, Bill Silverstein wrote:
On 12/22/2010 10:40 AM, Bill Silverstein wrote:
It is not vigilante justice to know the identity of the owner of a domain name.
Oh yes indeed it is. It is most definitely vigilante action to take away the right of an accused - merely on the basis of that accusation. In this case the rights are those of privacy and due process.
Oh no. You are inserting a right here where there is none. The right to privacy regarding the ownership of a domain name. Anonymous speech does not equate to anonymous domain name registration.
That makes no sense - people have a Federal Constitutional right to privacy - See Griswold v Connecticut. The method you are espousing takes that right, runs it through the shredder, and dismisses the loss on the basis that the ends justify the means.
The registration of a domain requires the owner of the domain to correctly identify oneself to the public when registering the domain name.
"requires" - sez who? A non-responsive answer would be "a self-proclaimed regulator such as ICANN". Self-proclaimation hardly constitutes a legitimate form of "requires". Otherwise I could hereby proclaim myself as the emperor of the universe - with equal legitimacy. --karl--
Oh no. You are inserting a right here where there is none. The right to privacy regarding the ownership of a domain name. Anonymous speech does not equate to anonymous domain name registration.
That makes no sense - people have a Federal Constitutional right to privacy - See Griswold v Connecticut.
Of course they do, but it is an absurd leap to conclude that this somehow gives people a right to register domains anonymously. It is entirely possible for people to use the Internet without one's own vanity domain, as evidenced by the fact that about 99.9% of Internet users have never registered a domain and never will. A look at the venomous screeds found in any web site's comment section will confirm that the lack of a vanity domain is no bar to anonymous speech.
The registration of a domain requires the owner of the domain to correctly identify oneself to the public when registering the domain name.
"requires" - sez who? A non-responsive answer would be "a self-proclaimed regulator such as ICANN". Self-proclaimation hardly constitutes a legitimate form of "requires".
If you want to register in ICANN's TLDs, you have to play by ICANN's rules. If you prefer some other TLDs, or some other DNS root, you know where to find them. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
On 12/24/2010 08:26 PM, John R. Levine wrote:
If you want to register in ICANN's TLDs, you have to play by ICANN's rules. If you prefer some other TLDs, or some other DNS root, you know where to find them.
Over the holiday break I'm working on code to revive the old "GrassRoots" tool. (I'm calling my implementation "GrassRoots2".) What GrassRoots does is to gather information about top level domain offerings - whether ICANN approved or not - into a catalog. The user then gets to pick and chose which TLDs he/she wants - and in the case of multiple TLDs with the same name the user gets to pick which one of the contesting providers. Then the user pushes a button and voila, a root zone file (and other related configuration files) are generated that can be plopped into an instance of Bind so that it acts as the user's own root server (which can be then offered to friends and family as well.) That way the top level domains that a user wants in his view of the internet landscape is a decision made by the user without a lord o' names organization. It makes top level domains into products that obtain market share and "shelf space" in root zones on the basis of user choice rather than top-down mandates from bodies such as ICANN. My code (in Python) will be published under a Python-like (i.e. non viral) open source license. (I'm not sure when I'm going to be done - It's kinda slow slogging - I'm rather far offshore right now, with rather thin [and long latency] links, and my ability to do testing is kinda limited.) --karl--
Happy new year to all. Let me add a late comment to this thread. I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public. This is not a new debate, but it still comes in waves, without substantial changes in the opinions of the different parties. Years ago, I think it was at the Tunis/Carthage (2003?), we had this discussion and I replied to Marilyn Cade making the example of car registration: a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public. Actually, I am not aware of any national car registry in which you can access this information without proving that you need it, and qualify yourself. I have not yet heard a convincing argument on why the domain names have to be treated differently. Cheers, Roberto
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Bill Silverstein Sent: Friday, 24 December 2010 00:32 To: At-Large Worldwide Subject: Re: [At-Large] 9th Circuit Court ruling on ICANN Contract.
On 12/22/2010 10:40 AM, Bill Silverstein wrote:
It is not vigilante justice to know the identity of the owner of a domain name.
Oh yes indeed it is. It is most definitely vigilante action to take away the right of an accused - merely on the basis of that accusation. In this case the rights are those of privacy and due process.
Oh no. You are inserting a right here where there is none. The right to privacy regarding the ownership of a domain name. Anonymous speech does not equate to anonymous domain name registration.
The registration of a domain requires the owner of the domain to correctly identify oneself to the public when registering the domain name.
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 01/08/2011 02:37 PM, Roberto Gaetano wrote:
I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public. ...the example of car registration: a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public. Actually, I am not aware of any national car registry in which you can access this information without proving that you need it, and qualify yourself. I have not yet heard a convincing argument on why the domain names have to be treated differently.
You've hit on an important point. But first let me make a minor detour... <begin detour> If you check the registration of my primary automobile you won't find my name anywhere. There are layers of corporate identities between my name and the name on my automobile registration. That is neither illicit nor does it oppose the social policies that justify automobile registration. "Ownership" is a distinct concept from that of "control". There are quite legitimate reasons why ownership (or control) might be indirected through layers of intermediaries. Moreover, there are cases, such as when a person has acquired an automobile on the basis of a loan there are separate and distinct legal and beneficial ownership rights. <end detour> The drum beat for privacy busting private regulation of domain name registrations is driven by the desire by various people, some driven by good intent (such as the anti-spam community), some driven by more selfish motives (such as the intellectual property protection [as distinguished from the intellectual property creation] industry). Those groups would dispense with the nuisance of balanced due-process to the data subject. It is long past time to introduce some balance back into the equation: For years I have advocated that penetration of domain registrations should require the person making the request do several things: 1. They should announce their identity, personal and organizational (including contact information), and proofs of that identity, which would be recorded, permanently, into an access log. 2. A bond (small, perhaps $100) should be posted to indemnify the data subject should the access be ill founded, vexatious, or made with reckless disregard of facts known, or readily knowable to, the accessor. (There are lots of ways that this requirement could be streamlined to accommodate the needs of consumers - for example the bond could be waived for the first 10 accesses during any 12 month period.) 3. They should make a concise and concrete accusation, into the permanent log, that states why they believe rights they process towards the domain name are being violated. This accusation must be backed by evidence. This accusation could act as an estoppel against the accessor making contrary assertions at a later date. 4. They should be required to enter into a legally binding agreement, with the data subject being granted explicit third party beneficiary rights of enforcement, that constrains the use of the data obtained so that it may not be further disseminated or used for any other purpose than to initiate a dialog with the data subject on the question whether the accusation is well founded or specious. 5. The data subject should be given notice of the access, including the identity of the accessor and the content of the accusation. The data subject would have the right to make that accusation and the identity of the accessor public. 6. On a periodic basis the log of access should be processed so that the name of each accessor, and the number of accesses made, is published to the public. This will help identify access trolls. --karl--
Mostly agreed Karl, good ideas you have, but some pointers since the person making the request has the same rights as the registrant: On 2011/01/09 01:53, Karl Auerbach wrote:
On 01/08/2011 02:37 PM, Roberto Gaetano wrote:
I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public. ...the example of car registration: a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public. Actually, I am not aware of any national car registry in which you can access this information without proving that you need it, and qualify yourself. I have not yet heard a convincing argument on why the domain names have to be treated differently.
You've hit on an important point. But first let me make a minor detour...
<begin detour>
If you check the registration of my primary automobile you won't find my name anywhere. There are layers of corporate identities between my name and the name on my automobile registration.
That is neither illicit nor does it oppose the social policies that justify automobile registration.
A natural vs a legal person, both quite acceptable, however never a fictious person as we find in domain registrations.
"Ownership" is a distinct concept from that of "control". There are quite legitimate reasons why ownership (or control) might be indirected through layers of intermediaries. Moreover, there are cases, such as when a person has acquired an automobile on the basis of a loan there are separate and distinct legal and beneficial ownership rights.
<end detour>
The drum beat for privacy busting private regulation of domain name registrations is driven by the desire by various people, some driven by good intent (such as the anti-spam community), some driven by more selfish motives (such as the intellectual property protection [as distinguished from the intellectual property creation] industry). Those groups would dispense with the nuisance of balanced due-process to the data subject.
I would love to know the ratio of IP vs anti-fraud (spam is a bit yesterday, let's expand it to other nefarious domain uses as well) domain issues. I will not dwell into the overlapping area of IP and fraudulent abuse such as bank spoof domains and other lookalike names.
It is long past time to introduce some balance back into the equation:
For years I have advocated that penetration of domain registrations should require the person making the request do several things:
1. They should announce their identity, personal and organizational (including contact information), and proofs of that identity, which would be recorded, permanently, into an access log.
As long as the same requirements are put on registrants (also see point 6).
2. A bond (small, perhaps $100) should be posted to indemnify the data subject should the access be ill founded, vexatious, or made with reckless disregard of facts known, or readily knowable to, the accessor. (There are lots of ways that this requirement could be streamlined to accommodate the needs of consumers - for example the bond could be waived for the first 10 accesses during any 12 month period.)
The same for the registrant, he should also post a bond. If any allegations are found to be justified, there should be punitive measures in place.
3. They should make a concise and concrete accusation, into the permanent log, that states why they believe rights they process towards the domain name are being violated. This accusation must be backed by evidence. This accusation could act as an estoppel against the accessor making contrary assertions at a later date
Semi agreed. Those accusations should be recorded and be held for at least a period of five years. The records of accusations should be available to to all parties; law enforcement, recognized anti-abuse groups, registrars, registries etc). Just remember the accusation may not only be against the domain name, but may span a range of issues (botnets herders, fake shopfronts ...) Should the accusation be found to be correct, the registrar or his agent shall upon request by the accuser, also supply all other domain names registered to the same party. This may also be used at other registrars/privacy proxies and like.
4. They should be required to enter into a legally binding agreement, with the data subject being granted explicit third party beneficiary rights of enforcement, that constrains the use of the data obtained so that it may not be further disseminated or used for any other purpose than to initiate a dialog with the data subject on the question whether the accusation is well founded or specious.
The data should also be allowed to be shared with legal authorities and recognized anti-abuse groups, along with any pertinent data (also accusation in point 3). A response is required from the data subject in 24 to 48 hrs maximum for a legal person, 7 days for a natural person. If no such response is forthcoming, the data will be made available as if an affirmative response was received. Should the registration data be found to be grossly inaccurate (bogus registration details, identity theft etc) then all domains linked to those grossly inaccurate registration details will immediately be suspended. This requirement will be mandatory and span all registrars and registries. Should a proxy have been used that accept registrations for domains where no registration data is required of the registrant, only the funds for the domain, that proxy provider will be held liable for any harm done by that domain (we have been seeing a lot of these providers of late) The proxy provider itself may not be registered via another proxy provider. A proxy provider must have a physical address at the stated location.
5. The data subject should be given notice of the access, including the identity of the accessor and the content of the accusation. The data subject would have the right to make that accusation and the identity of the accessor public.
Not sure how that would work for law enforcement and like legitimate bodies.
6. On a periodic basis the log of access should be processed so that the name of each accessor, and the number of accesses made, is published to the public. This will help identify access trolls.
Naturally the accessor has the same rights as the registrant. As such he is also allowed to use proxy providers. Based on the work some inquirers do ,they might have more reason to use such mechanism as mere personal privacy, rather personal safety.
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Derek
Sigh. In what fantasy world do you imagine that there is a process to implement this? Also, in this world, we routinely identify and turn off a thousand or more domains at a time used by criminals, so make sure it scales. If you're saying I have to post a $100,000 bond to track down a pillz spammer, no thanks. On the other hand, if you're proposing that people have to appear in person to a government official and verify their identity before they can register a domain, that's not a bad idea. R's, John
For years I have advocated that penetration of domain registrations should require the person making the request do several things:
1. They should announce their identity, personal and organizational (including contact information), and proofs of that identity, which would be recorded, permanently, into an access log. As long as the same requirements are put on registrants (also see point 6).
2. A bond (small, perhaps $100) should be posted to indemnify the data subject should the access be ill founded, vexatious, or made with reckless disregard of facts known, or readily knowable to, the accessor. (There are lots of ways that this requirement could be streamlined to accommodate the needs of consumers - for example the bond could be waived for the first 10 accesses during any 12 month period.)
The same for the registrant, he should also post a bond. If any allegations are found to be justified, there should be punitive measures in place.
3. They should make a concise and concrete accusation, into the permanent log, that states why they believe rights they process towards the domain name are being violated. This accusation must be backed by evidence. This accusation could act as an estoppel against the accessor making contrary assertions at a later date
Semi agreed. Those accusations should be recorded and be held for at least a period of five years. The records of accusations should be available to to all parties; law enforcement, recognized anti-abuse groups, registrars, registries etc). Just remember the accusation may not only be against the domain name, but may span a range of issues (botnets herders, fake shopfronts ...)
Should the accusation be found to be correct, the registrar or his agent shall upon request by the accuser, also supply all other domain names registered to the same party. This may also be used at other registrars/privacy proxies and like.
4. They should be required to enter into a legally binding agreement, with the data subject being granted explicit third party beneficiary rights of enforcement, that constrains the use of the data obtained so that it may not be further disseminated or used for any other purpose than to initiate a dialog with the data subject on the question whether the accusation is well founded or specious.
The data should also be allowed to be shared with legal authorities and recognized anti-abuse groups, along with any pertinent data (also accusation in point 3). A response is required from the data subject in 24 to 48 hrs maximum for a legal person, 7 days for a natural person. If no such response is forthcoming, the data will be made available as if an affirmative response was received.
Should the registration data be found to be grossly inaccurate (bogus registration details, identity theft etc) then all domains linked to those grossly inaccurate registration details will immediately be suspended. This requirement will be mandatory and span all registrars and registries.
Should a proxy have been used that accept registrations for domains where no registration data is required of the registrant, only the funds for the domain, that proxy provider will be held liable for any harm done by that domain (we have been seeing a lot of these providers of late)
The proxy provider itself may not be registered via another proxy provider. A proxy provider must have a physical address at the stated location.
5. The data subject should be given notice of the access, including the identity of the accessor and the content of the accusation. The data subject would have the right to make that accusation and the identity of the accessor public.
Not sure how that would work for law enforcement and like legitimate bodies.
6. On a periodic basis the log of access should be processed so that the name of each accessor, and the number of accesses made, is published to the public. This will help identify access trolls.
Naturally the accessor has the same rights as the registrant. As such he is also allowed to use proxy providers. Based on the work some inquirers do ,they might have more reason to use such mechanism as mere personal privacy, rather personal safety.
Exactly. How can you put all the responsibility and risk on one party, yet have no risk on the other side for those pill spammers/money mules/.... I post a $100,000, get no reply from data registrant, as such no access too the data. In the meantime the address in the registration is fake, a groups of trees (as was the case for a privacy proxy). Or the provider is a one stop shop - send money only and an email address, no registration data required, we give you a domain and hosting (and access to our own attorneys in obscure offshore jurisdictions). Derek On 2011/01/09 20:37, John R. Levine wrote:
Sigh. In what fantasy world do you imagine that there is a process to implement this?
Also, in this world, we routinely identify and turn off a thousand or more domains at a time used by criminals, so make sure it scales.
If you're saying I have to post a $100,000 bond to track down a pillz spammer, no thanks.
On the other hand, if you're proposing that people have to appear in person to a government official and verify their identity before they can register a domain, that's not a bad idea.
R's, John
For years I have advocated that penetration of domain registrations should require the person making the request do several things:
1. They should announce their identity, personal and organizational (including contact information), and proofs of that identity, which would be recorded, permanently, into an access log. As long as the same requirements are put on registrants (also see point 6).
2. A bond (small, perhaps $100) should be posted to indemnify the data subject should the access be ill founded, vexatious, or made with reckless disregard of facts known, or readily knowable to, the accessor. (There are lots of ways that this requirement could be streamlined to accommodate the needs of consumers - for example the bond could be waived for the first 10 accesses during any 12 month period.)
The same for the registrant, he should also post a bond. If any allegations are found to be justified, there should be punitive measures in place.
3. They should make a concise and concrete accusation, into the permanent log, that states why they believe rights they process towards the domain name are being violated. This accusation must be backed by evidence. This accusation could act as an estoppel against the accessor making contrary assertions at a later date
Semi agreed. Those accusations should be recorded and be held for at least a period of five years. The records of accusations should be available to to all parties; law enforcement, recognized anti-abuse groups, registrars, registries etc). Just remember the accusation may not only be against the domain name, but may span a range of issues (botnets herders, fake shopfronts ...)
Should the accusation be found to be correct, the registrar or his agent shall upon request by the accuser, also supply all other domain names registered to the same party. This may also be used at other registrars/privacy proxies and like.
4. They should be required to enter into a legally binding agreement, with the data subject being granted explicit third party beneficiary rights of enforcement, that constrains the use of the data obtained so that it may not be further disseminated or used for any other purpose than to initiate a dialog with the data subject on the question whether the accusation is well founded or specious.
The data should also be allowed to be shared with legal authorities and recognized anti-abuse groups, along with any pertinent data (also accusation in point 3). A response is required from the data subject in 24 to 48 hrs maximum for a legal person, 7 days for a natural person. If no such response is forthcoming, the data will be made available as if an affirmative response was received.
Should the registration data be found to be grossly inaccurate (bogus registration details, identity theft etc) then all domains linked to those grossly inaccurate registration details will immediately be suspended. This requirement will be mandatory and span all registrars and registries.
Should a proxy have been used that accept registrations for domains where no registration data is required of the registrant, only the funds for the domain, that proxy provider will be held liable for any harm done by that domain (we have been seeing a lot of these providers of late)
The proxy provider itself may not be registered via another proxy provider. A proxy provider must have a physical address at the stated location.
5. The data subject should be given notice of the access, including the identity of the accessor and the content of the accusation. The data subject would have the right to make that accusation and the identity of the accessor public.
Not sure how that would work for law enforcement and like legitimate bodies.
6. On a periodic basis the log of access should be processed so that the name of each accessor, and the number of accesses made, is published to the public. This will help identify access trolls.
Naturally the accessor has the same rights as the registrant. As such he is also allowed to use proxy providers. Based on the work some inquirers do ,they might have more reason to use such mechanism as mere personal privacy, rather personal safety.
At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 01/09/2011 11:04 AM, Derek Smythe wrote:
How can you put all the responsibility and risk on one party, yet have no risk on the other side for those pill spammers/money mules/....
The argument you are making is one that essentially says "because there is a danger that some actors might use their free speech rights to do things that I do not like that, therefore, we must remove the 'free' from 'free speech'." I do not accept accusations as proof that a person is "spammers/money mules/". I kind of prefer accusation to be merely a first step in a process. Given events of the last few days in which people have been killed or shot for expressing opinions I see a greater need than ever to assure that those who use the internet to be able, if they chose, to have privacy protections that may be broken only upon fair procedures - certainly not on mere accusation (or, as today, mere curiosity.) Personally I'd have wished that I could have added to my list of steps that the accuser's statements and evidence be weighed by a human magistrate. But I left that out in a bow to speed over fairness. Was it you who mentioned law enforcement? I always forget to mention that parallel to the process I outline that there are other procedures available to law enforcement and governmental authorities; I generally assume that those exist and transcend the kind of private mechanisms that exist under ICANN. And I generally assume (increasing, it seems, incorrectly) that these law enforcement and governmental procedures honor some sort of due process. --karl--
The argument you are making is one that essentially says "because there is a danger that some actors might use their free speech rights to do things that I do not like that, therefore, we must remove the 'free' from 'free speech'."
Perhaps my dictionary is out of date, but I'm pretty sure that "vanity domains" are not spelled "free speech". This argument was silly in the 1990s, and it's beyond absurd now. You do not need a second level domain to speak. You have never needed a second level domain to speak. You never will need a second level domain to speak. So I won't insult everyone's intelligence by wasting more time on it. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
Karl, you have probably heard the expression "junk in junk out".
The argument you are making is one that essentially says "because there is a danger that some actors might use their free speech rights to do things that I do not like that, therefore, we must remove the 'free' from 'free speech'."
It's not a case of "because there
is a danger", it is happening right now. Read the news.
Better yet, If you are to truly represent ALL user interests, I suggest you reach out to the relevant law enforcement officials in your area and have a long conversation with them. Ask specifically what role domain names play in internet abuse. You have this idea that good people should now pay good money for fictitious data? Why should I pay good money for data that does not even exist? Let us do a quick reality check: http://www.mediaon.com/Real-Whois-Protection
We never ask for any personal details except an email address (which can be created anonymously like www.SecMail.in). Accounts are setup using usernames that are randomly generated. There will be no whois information if someone does a search on your domain name. We will not even show anyone the email address you signed up with. We accept a number of easy payment providers including accepting cash by post which gives you 100% anonymity.
You may also wish to read up on how they set up their domain contacts. Incidentally, the German authorities have numerous victims to users of this provider's practices (selling non existent goods on fake shopfronts). This group use their own in house registrar. Their "allowed or denied" page has changed drastically in the past year, but not due to legal intervention. This is just one such example of many. Let us take this one step further, a proxy provider with an incomplete address, which was at first totally invalid, later changed to an address does not check out and the provider is unknown at the address. Now the proxy themselves use another proxy for their own domain. If you wish to obtain fake identification documents or stolen credit card details complete with names, social security numbers, addresses etc, this same provider mentioned has just the clientele you wish to support if you require either. As for law enforcement, yes, I was the one that mentioned them. For a minute, remember the world does not end on US shores, we are now talking world wide. While some law enforcement authorities do talk to one another, this is by no means globally. In fact as you may or may not have heard, the internet is even used in cyber wars between countries. http://www.scmagazineus.com/russia-confirms-involvement-with-estonia-ddos-at... Do you think that Estonia and Russian authorities will exchange data under such circumstances? You also need to consider local laws, not necessarily mine or yours, that does not reflect the realities of what is now possible on the internet. There is a lot that would be good for the average internet user, however that has to start with a credible whois system with real and not fictitious data - as John hinted at.
On the other hand, if you're proposing that people have to appear in person to a government official and verify their identity before they can register a domain, that's not a bad idea.
The days when there was trust on the net is long gone and the proportion of bad actors is growing, that small minority making it bad for all. The domain industry has a choice, either self regulation or government regulation - and we all know how things go then. We have already cried foul on this same mailing group when government involvement has happened. Why did the USA change the rules for .us domains? I believe if it was not for non-governmental groups, many self funded (not the governments, not the domain industry, in fact out of individual pockets), we would have already crossed that point where we would be deprived of what you consider a right. Derek On 2011/01/09 22:40, Karl Auerbach wrote:
On 01/09/2011 11:04 AM, Derek Smythe wrote:
How can you put all the responsibility and risk on one party, yet have no risk on the other side for those pill spammers/money mules/....
The argument you are making is one that essentially says "because there is a danger that some actors might use their free speech rights to do things that I do not like that, therefore, we must remove the 'free' from 'free speech'."
I do not accept accusations as proof that a person is "spammers/money mules/". I kind of prefer accusation to be merely a first step in a process.
Given events of the last few days in which people have been killed or shot for expressing opinions I see a greater need than ever to assure that those who use the internet to be able, if they chose, to have privacy protections that may be broken only upon fair procedures - certainly not on mere accusation (or, as today, mere curiosity.)
Personally I'd have wished that I could have added to my list of steps that the accuser's statements and evidence be weighed by a human magistrate. But I left that out in a bow to speed over fairness.
Was it you who mentioned law enforcement?
I always forget to mention that parallel to the process I outline that there are other procedures available to law enforcement and governmental authorities; I generally assume that those exist and transcend the kind of private mechanisms that exist under ICANN. And I generally assume (increasing, it seems, incorrectly) that these law enforcement and governmental procedures honor some sort of due process.
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 01/09/2011 02:49 PM, Derek Smythe wrote:
Let us do a quick reality check:
We never ask for any personal details except an email address (which can be created anonymously like www.SecMail.in). Accounts are setup using usernames that are randomly generated. There will be no whois information if someone does a search on your domain name. We will not even show anyone the email address you signed up with. We accept a number of easy payment providers including accepting cash by post which gives you 100% anonymity.
You missed an example even more close at hand: http://eweregistry.cavebear.com/ (It's still an unimplemented concept; there's no engine behind the website.)
As for law enforcement, yes, I was the one that mentioned them.
For a minute, remember the world does not end on US shores
A fact for which many people are thankful. We seem to be engaged in a game in which the needs of "law enforcement" are being used as an excuse to open personal data to everyone, law enforcement or not. Here in the US law enforcement bodies are hindered by some things we call the Fifth and Sixth amendments. Private people are not. If we are going to use the argument that "law enforcement" needs trump everything than perhaps here in the US we ought to dispense with the those constitutional provisions and let law enforcement act with the same unhindered abandon as private actors. Instead we compensate by giving law enforcement bodies special powers and procedures, procedures that are constrained by 'due process' limits, that are not available to private actors. As a consequence of these kinds of differences it is not a valid argument to use the needs of law enforcement to bootstrap the penetration of privacy by private actors.
The days when there was trust on the net is long gone and the proportion of bad actors is growing, that small minority making it bad for all.
The road you are stepping onto is one that would shackle all speakers, whether on the internet or not. I am not disagreeing with you on many of the points you are making - but I am saying that those who accuse another must be subject to a process that gives the accused the presumption of innocence and a fair forum in which the accusation and defense may be measured. --karl--
Karl, I have no objection to them doing this, if they are liable as the registrant.
On 01/09/2011 02:49 PM, Derek Smythe wrote:
Let us do a quick reality check:
We never ask for any personal details except an email address (which can be created anonymously like www.SecMail.in). Accounts are setup using usernames that are randomly generated. There will be no whois information if someone does a search on your domain name. We will not even show anyone the email address you signed up with. We accept a number of easy payment providers including accepting cash by post which gives you 100% anonymity.
You missed an example even more close at hand:
http://eweregistry.cavebear.com/
(It's still an unimplemented concept; there's no engine behind the website.)
As for law enforcement, yes, I was the one that mentioned them.
For a minute, remember the world does not end on US shores
A fact for which many people are thankful.
We seem to be engaged in a game in which the needs of "law enforcement" are being used as an excuse to open personal data to everyone, law enforcement or not.
Here in the US law enforcement bodies are hindered by some things we call the Fifth and Sixth amendments. Private people are not. If we are going to use the argument that "law enforcement" needs trump everything than perhaps here in the US we ought to dispense with the those constitutional provisions and let law enforcement act with the same unhindered abandon as private actors.
Instead we compensate by giving law enforcement bodies special powers and procedures, procedures that are constrained by 'due process' limits, that are not available to private actors.
As a consequence of these kinds of differences it is not a valid argument to use the needs of law enforcement to bootstrap the penetration of privacy by private actors.
The days when there was trust on the net is long gone and the proportion of bad actors is growing, that small minority making it bad for all.
The road you are stepping onto is one that would shackle all speakers, whether on the internet or not.
I am not disagreeing with you on many of the points you are making - but I am saying that those who accuse another must be subject to a process that gives the accused the presumption of innocence and a fair forum in which the accusation and defense may be measured.
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 9 January 2011 18:31, Karl Auerbach <karl@cavebear.com> wrote:
We seem to be engaged in a game in which the needs of "law enforcement" are being used as an excuse to open personal data to everyone, law enforcement or not.
The flip side of openness is accountability. Freedom of speech is usually accompanied by the requirement to be responsible for what one says. It is not a defense to, say, slander, to argue that one's right to privacy entitles you to say anything about anyone then duck for cover behind a wall of obfuscation. As a result, newspapers have traditionally not allowed unsigned letters to be published -- while most will respect a request to withhold the signature, the newspaper will still retain it in case *it* is sued. The car analogy was used earlier. I'm not aware of any jurisdiction on earth that doesn't have government-issued plates used to identify a cars owner. It is usually illegal to have incorrect identity information attached to license plate data. Proxies (such as leasing or rental agencies) are common, but they maintain accurate records regarding possession (if not ownership) of the car at any particular time. And as far as I know, access to car-ownership data is used not just by law enforcement but also by insurance companies, credit bureaus, etc. While such access is explicitly acknowledged by the owner, it's usually given in order to get access to something else (insurance, credit, etc). Furthermore, I would note that many jurisdictions make a distinction between commercial and non-commercial use of cars. In most North American jurisdictions, the license plates are a different colour and there are different fees and requirements,. Anyone who was in Cartagena must have noticed that all commercial vehicles -- not just taxis -- had their license plate number painted on the sides. Where I live in Ontario, Canada, commercial vehicles *must* display the name of the vehicle's owner on the side. (Most tractor-trailer cabs going interstate do this.) Why can't these principles -- widely understood in other realms, including those that value privacy -- be adapted for DNS? My own view, based on this is that: - It should be a criminal offence to have incorrect information attached to a WHOIS entry - While proxies may be used, the proxy listed must be legally responsible to have accurate info on the owner - Owners may grant (non-law-enforcement) access to their info by contract and proxies must honour such requests - Commercial domain operators (that is, those who use websites on those domains to conduct transactions or display advertising) may not use proxies What is the argument against this? What right to privacy -- or to obfuscate their identify -- exists for those who engage in financial transactions? (Outside of Switzerland, that is) - Evan
On 01/10/2011 06:52 AM, Evan Leibovitch wrote:
The car analogy was used earlier. I'm not aware of any jurisdiction on earth that doesn't have government-issued plates used to identify a cars owner.
Try California. I just learned about a week ago that California issues anonymous license plates to judges, prison guards (and their families), police officers, members of the legislature, etc. They look just like regular personal license plates except that it takes something akin to an act of god to penetrate them. And they are usually registered to a governmental body that adds another layer of isolation in that once the agency is found it takes yet more work to get the agency to reveal the person. This kind of plate was revealed because the "Fast Trak" (electronic pass for toll highways and bridges) records showed certain cars with huge numbers of unpaid tolls - which could not be collected because the plates were anonymous even to the governmental toll authorities and their collection ("law enforcement") arm.
- It should be a criminal offence to have incorrect information attached to a WHOIS entry
Criminal? That raises this discussion to a qualitatively different level. Criminal labels are usually reserved for things that we generally feel are morally culpable. And the criminal label raises a new suite of enforcement concerns - are you ready (in the US) for jury trials, beyond-reasonable-doubt standards, and a unanimous jury requirement? Also, criminal matters are not usually allowed to be prosecuted by private persons but must be left to the discretion of a district attorney.
What is the argument against this? What right to privacy -- or to obfuscate their identify -- exists for those who engage in financial transactions? (Outside of Switzerland, that is)
Not just Switzerland - way being proposed for selling of shares of Facebook in the US is one in which an intermediary bundles anonymous ownership into one giant share, thus keeping the ownership of Facebook before a statutory trigger level of 500 person. There's nothing intrinsically wrong with hiding ones identity - if nothing else what would super heros do in their movies? ;-) --karl--
On 10 January 2011 12:38, Karl Auerbach <karl@cavebear.com> wrote:
On 01/10/2011 06:52 AM, Evan Leibovitch wrote:
The car analogy was used earlier. I'm not aware of any jurisdiction on earth that doesn't have government-issued plates used to identify a cars owner.
Try California.
That sounds like the exception that proves the rule, especially since this particular bypass seems aimed to specifically enable lawmakers to elude the laws they bestow on everyone else.
- It should be a criminal offence to have incorrect information
attached
to a WHOIS entry
Criminal? That raises this discussion to a qualitatively different level. Criminal labels are usually reserved for things that we generally feel are morally culpable.
Fine by me.
And the criminal label raises a new suite of enforcement concerns - are you ready (in the US) for jury trials, beyond-reasonable-doubt standards, and a unanimous jury requirement?
Such standards seem reasonable for non-Internet instances of alleged fraud. What makes (accusations of) providing false identity information for WHOIS exempt from similar penalties related to business registration, political sponsorship, drivers licenses or passports?
Also, criminal matters are not usually allowed to be prosecuted by private persons but must be left to the discretion of a district attorney.
Again, fine by me. Put another way ... it is my position that lying on one's WHOIS is a crime against the broader society, including those yet to be lured as well as those who have already been affected. Such offense need not wait for (or require the legal resources of) a single individual to confront it. These are definitely instances that justify "the people versus [...]". If ICANN can't demand accuracy through its contracted relationships, governments will eventually enforce it themselves -- further weakening ICANN's position as a primary agent of stability and security.
What is the argument against this? What right to privacy -- or to obfuscate
their identify -- exists for those who engage in financial transactions? (Outside of Switzerland, that is)
Not just Switzerland - way being proposed for selling of shares of Facebook in the US is one in which an intermediary bundles anonymous ownership into one giant share, thus keeping the ownership of Facebook before a statutory trigger level of 500 person.
Indeed. And the very awareness of this proposed move has regulators scrambling to close that loophole. There's nothing intrinsically wrong with hiding ones identity - if
nothing else what would super heros do in their movies? ;-)
All they need is a pair of glasses. - Evan
Try California.
That sounds like the exception that proves the rule, especially since this particular bypass seems aimed to specifically enable lawmakers to elude the laws they bestow on everyone else.
This is a very useful example for several reasons. First, it's not anonymous, it's pseudonymous. The DMV knows exactly who these plates are issued to, they're just not telling. Second, it reminds us that if the proxy that knows who the registrant is doesn't cooperate, they might as well be anonymous. And third, even though these registrants are carefully vetted upstanding members of society, they're still routinely abused. Anonymity encourages anti-social behavior. I can't imagine why anyone would think this was an argument in favor of anonymous vanity domains. R's, John
On 01/11/2011 10:20 AM, John Levine wrote:
Try California.
That sounds like the exception that proves the rule, especially since this particular bypass seems aimed to specifically enable lawmakers to elude the laws they bestow on everyone else.
This is a very useful example for several reasons.
First, it's not anonymous, it's pseudonymous. The DMV knows exactly who these plates are issued to, they're just not telling.
Not quite - here in California the DMV does not necessarily know the person to whom an automobile plate is bound, rather it merely knows the gov't agency in which that person is located. Once the DMV is penetrated to find the agency, the agency must be induced to part with the next link in the chain.
And third, even though these registrants are carefully vetted upstanding members of society, they're still routinely abused. Anonymity encourages anti-social behavior.
It also encourages socially positive behavior, such as perhaps in some countries enabling one to speak out for the repeal of certain religious laws without risking assassination by one's security team. It is also a recognition that what is good for the goose is good for the gander - that corporate forms have many ways to hide identity, so why ought that be denied to flesh-and-blood people?
I can't imagine why anyone would think this was an argument in favor of anonymous vanity domains.
Let's remove the argumentative bias begin by dropping the conclusionary and pejorative adjective "vanity". Names like "John" and "Karl" are, to a degree, mere vanities when compared to being identified by a generated unique number. Names like "ICANN" and "IBM" are also vanities compared to a generated corporation number. There are endless reasons why people and corporate aggregates like having a memorable name, vanity being one (and "vanity" not necessarily being bad except in eyes of people like Savonarola.) Once we remove that adjective the question then becomes "should anonymous" domains be permitted? I like your word "pseudonymous" as it better expresses the state I want to obtain - which is anonymous to a degree, but penetrable under the right conditions and in accord with the right procedures. --karl--
On 11 January 2011 13:47, Karl Auerbach <karl@cavebear.com> wrote:
It also encourages socially positive behavior, such as perhaps in some countries enabling one to speak out for the repeal of certain religious laws without risking assassination by one's security team.
I continue to be bewildered by the baseless assertion that one cannot have speak freely on the Internet without owning a domain. - Evan
On 01/11/2011 02:25 PM, Evan Leibovitch wrote:
On 11 January 2011 13:47, Karl Auerbach <karl@cavebear.com> wrote:
It also encourages socially positive behavior, such as perhaps in some countries enabling one to speak out for the repeal of certain religious laws without risking assassination by one's security team.
I continue to be bewildered by the baseless assertion that one cannot have speak freely on the Internet without owning a domain.
And I likewise am bewildered by the assumption that only those willing to be named deserve stability for the pointers to and hosting of their speech. --Wendy
On 01/11/2011 11:25 AM, Evan Leibovitch wrote:
I continue to be bewildered by the baseless assertion that one cannot have speak freely on the Internet without owning a domain.
Sure - but lack of a domain name is a handicap. By way of analogy - One can speak freely without owning a TV network (such as Fox News), but it sure makes your voice a lot louder if you have one. Similarly one can speak on the net without a domain name, but that means giving up a lot of decibels in the form of search engine listings, historical persistence, reputation, cross-linkage with other forms of speech/media, control of the message, etc. And by forcing individuals to give up their power of being anonymous with a domain name that one thereby gives greater power to aggregate structures - largely corporations - that can easily launder their identity through any number of intermediaries. It's sort of like stuffing a rag into the mouths of individuals on the internet while giving a megaphone to others. --karl--
The answer to this is a thundering "so what?" The right to free speech is not accompanied anywhere by the obligation of anyone to provide a soapbox. Never has been -- just as the inability to find a publisher does not constitute censorship. I'd you want to talk about media concentration or the difficulty to be heard, go ahead. But that's no longer a free speech argument. So please stop phrasing it as such. - Evan (sent from my Android phone) On 2011-01-11 4:50 PM, "Karl Auerbach" <karl@cavebear.com> wrote: On 01/11/2011 11:25 AM, Evan Leibovitch wrote:
I continue to be bewildered by the baseless assert... Sure - but lack of a domain name is a handicap.
By way of analogy - One can speak freely without owning a TV network (such as Fox News), but it sure makes your voice a lot louder if you have one. Similarly one can speak on the net without a domain name, but that means giving up a lot of decibels in the form of search engine listings, historical persistence, reputation, cross-linkage with other forms of speech/media, control of the message, etc. And by forcing individuals to give up their power of being anonymous with a domain name that one thereby gives greater power to aggregate structures - largely corporations - that can easily launder their identity through any number of intermediaries. It's sort of like stuffing a rag into the mouths of individuals on the internet while giving a megaphone to others. --karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-li...
Hi, I tend to see it as a freedom of speech/expression of argument, so am sorry, but will not stop phrasing it as such. It is not for ICANN, you, me or j-random government out there to tell people what forms of speech and expression they may use and may not use. In many places it is difficult to find a platform that will not turn you into the police for expressing opinions that are contra the government. Being able to register one's own 2nd level name, and to do so in a country that that is not your own (i.e. a country where due process is respected and meaningful, as opposed to being a farce as it is in so many places) and to keep from having personal details published where a tortuous government can find them, may be the best if not only way for some to have freedom of speech. Looking at it another way, saying that there is Blog therefore you don't need second level names is almost as if we were saying people don't have a right to publish political essays outside their own country, because the have the right to send letters to their local newspaper. If individuals anywhere are allowed to have 2nd level names, then individuals everywhere have that right as well, and have the right to have their private details protected by due process of a law that lives up to the requirements in the treaties and covenants such as those referred to as the International Bill of Rights (IBR e.g. UDHR, ICCPR). a. On 11 Jan 2011, at 17:02, Evan Leibovitch wrote:
The answer to this is a thundering "so what?"
The right to free speech is not accompanied anywhere by the obligation of anyone to provide a soapbox. Never has been -- just as the inability to find a publisher does not constitute censorship.
I'd you want to talk about media concentration or the difficulty to be heard, go ahead. But that's no longer a free speech argument. So please stop phrasing it as such.
- Evan (sent from my Android phone)
On 2011-01-11 4:50 PM, "Karl Auerbach" <karl@cavebear.com> wrote:
On 01/11/2011 11:25 AM, Evan Leibovitch wrote:
I continue to be bewildered by the baseless assert... Sure - but lack of a domain name is a handicap.
By way of analogy - One can speak freely without owning a TV network (such as Fox News), but it sure makes your voice a lot louder if you have one.
Similarly one can speak on the net without a domain name, but that means giving up a lot of decibels in the form of search engine listings, historical persistence, reputation, cross-linkage with other forms of speech/media, control of the message, etc.
And by forcing individuals to give up their power of being anonymous with a domain name that one thereby gives greater power to aggregate structures - largely corporations - that can easily launder their identity through any number of intermediaries.
It's sort of like stuffing a rag into the mouths of individuals on the internet while giving a megaphone to others.
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-li... _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best, Khaled
Khaled, You must be feeling some very powerful emotions to watch your society open up. I hope, in solidarity with you, that it continues to improve and that freedom of expression takes root in Tunisia. You have many friends in this struggle, please count me as one of them. With my best regards, Antony On Jan 13, 2011, at 3:40 PM, Khaled KOUBAA wrote:
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Antony, Many thanks, Tunisian youth has given their blood. Every days was a bloody day for us during the last 2 weeks. I have the fire near my house since now 3 days. We had had a very bad and dark days. And finally people won : Liberty, democracy and accountability. This what the President itself said and ensured. http://www.tap.info.tn/en/index.php?option=com_content&task=view&id=13922&It... Hope that we will open up a new era in the Arab region. Khaled Le 14/01/2011 01:03, Antony Van Couvering a écrit :
Khaled,
You must be feeling some very powerful emotions to watch your society open up. I hope, in solidarity with you, that it continues to improve and that freedom of expression takes root in Tunisia. You have many friends in this struggle, please count me as one of them.
With my best regards,
Antony
On Jan 13, 2011, at 3:40 PM, Khaled KOUBAA wrote:
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Hi Khaled, This is actually getting some attention in the United States tech press, which usually examines only news within 25 miles of San Francisco or New York: http://www.readwriteweb.com/archives/protests_arrests_killings_in_tunisia_th... Exciting and hopeful times where you are! Antony On Jan 13, 2011, at 4:21 PM, Khaled KOUBAA wrote:
Antony, Many thanks, Tunisian youth has given their blood. Every days was a bloody day for us during the last 2 weeks. I have the fire near my house since now 3 days. We had had a very bad and dark days. And finally people won : Liberty, democracy and accountability. This what the President itself said and ensured. http://www.tap.info.tn/en/index.php?option=com_content&task=view&id=13922&It... Hope that we will open up a new era in the Arab region.
Khaled
Le 14/01/2011 01:03, Antony Van Couvering a écrit :
Khaled,
You must be feeling some very powerful emotions to watch your society open up. I hope, in solidarity with you, that it continues to improve and that freedom of expression takes root in Tunisia. You have many friends in this struggle, please count me as one of them.
With my best regards,
Antony
On Jan 13, 2011, at 3:40 PM, Khaled KOUBAA wrote:
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Dear Khaled, I wish you, Tijani and our other Tunisian friends strength and courage in these times. It is unfortunate that the situation had to reach to this breaking point in order for politicians to listen and change to be forthcoming. The latest trend has been for Governments (in several regions) to pass legislation to restrict media and erode privacy, this is a sad example of how the citizenry are forced to react. I sincerely wish all Governments will reflect on Tunisia tonight and let us pray that stability is returned and promises kept. You are in my thoughts Cintra Sooknanan On Thu, Jan 13, 2011 at 8:25 PM, Antony Van Couvering <avc@namesatwork.com>wrote:
Hi Khaled,
This is actually getting some attention in the United States tech press, which usually examines only news within 25 miles of San Francisco or New York:
http://www.readwriteweb.com/archives/protests_arrests_killings_in_tunisia_th...
Exciting and hopeful times where you are!
Antony
On Jan 13, 2011, at 4:21 PM, Khaled KOUBAA wrote:
Antony, Many thanks, Tunisian youth has given their blood. Every days was a bloody day for us during the last 2 weeks. I have the fire near my house since now 3 days. We had had a very bad and dark days. And finally people won : Liberty, democracy and accountability. This what the President itself said and ensured.
http://www.tap.info.tn/en/index.php?option=com_content&task=view&id=13922&It...
Hope that we will open up a new era in the Arab region.
Khaled
Le 14/01/2011 01:03, Antony Van Couvering a écrit :
Khaled,
You must be feeling some very powerful emotions to watch your society open up. I hope, in solidarity with you, that it continues to improve and that freedom of expression takes root in Tunisia. You have many friends in this struggle, please count me as one of them.
With my best regards,
Antony
On Jan 13, 2011, at 3:40 PM, Khaled KOUBAA wrote:
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Congratulations! I have followed the few reports about the goings-on in Tunisia, and I am really happy to read this from you! Regards, Manuel
On Jan 13, 2011, at 3:40 PM, Khaled KOUBAA wrote:
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Regards Manuel Schneider Wikimedia CH - Verein zur Förderung Freien Wissens Wikimedia CH - Association for the advancement of free knowledge www.wikimedia.ch
I have followed the news reports and am impressed some concrete actions are already taking place. Let's see how this evolves. Will the Internet surveillance and credentials stealing stop ? Freedom of expression can mean different things to different people. Therevis lotsvof work ahead for your Chapter! Cheers Patrick "Khaled KOUBAA" <khaled.koubaa@topnet.tn> wrote:
Hi all, After very dark days, tonight Tunisia is living a historic moment after
the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Best regards, Cordialement, Patrick Vande Walle -- Sent from a mobile device. Apologies for the typos and the brevity.
Amazing!!!! Hope one day the clown we have in Venezuela does the same José -----Mensaje original----- De: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] En nombre de Khaled KOUBAA Enviado el: jueves, 13 de enero de 2011 07:10 p.m. Para: at-large@atlarge-lists.icann.org Asunto: [At-Large] A huge day for Internet in Tunisia Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best, Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large At-Large Official Site: http://atlarge.icann.org
I had the honour and pleasure to be invited to the "Festival International de l'Internet" in summer 2009, representing the Board of ICANN. I was impressed in particular by a couple of things, that I could witness in practice, and that I could discuss with the people over there. First, the concept that they wanted to bring the internet where people were, not waiting for the people to come where the internet geeks were, and second, the idea that it was not sufficient to bring the internet to the large cities, but that the connectivity had to be extended to reach rural areas. The festival was held in El Kantaoui, a place that is crowded in summer with people on vacation. That addressed the first point: people were there relaxed, had time to browse the stands, and were getting contacted more and better than in a conference hall. I found there people that were enthusiastic about the internet, stands that were dedicated to specific groups of people (I remember in particular a stand for elderly people, where the concept was that they have specific needs that have also to be addressed). All this to say that I was impressed by the potential growth of the internet in Tunisia, the interest that the subject was getting by the population, and the innovative ideas of the organizers. Incidentally, Tijani was part of the organization, and managed to introduce me to a lot of people with whom I had very interesting conversations (besides showing me the place where I could buy the best harissa I have ever had!!!). I am sure that now, with the situation evolving towards more freedom of the media, the internet will see further development. I hope that our friends in Tunisia (Khaled? Tijani? Others?) will have the opportunity to use this powerful tool to support the change. I saw this evening a reportage on the French television on Tunisia that was telling also about the new freedom of the press, with journalists that were describing the changes. I found that it was a pity that they did not mention the internet. But I am sure that our people and ALS there will work to make sure that the internet will be one of the drivers for the change. Cheers, Roberto
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Khaled KOUBAA Sent: Friday, 14 January 2011 00:40 To: at-large@atlarge-lists.icann.org Subject: [At-Large] A huge day for Internet in Tunisia
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Roberto and all, For those who don't know Tunisia : Tunisia: Small country, great nation. First Arab country that abolished slavery in 1848. First Arab country to establish a constitution in 1861. First Arab country to abolish polygamy in 1956. First Arab country to legalize abortion in 1973. Tunisia is the first Arab country to kick out its dictator and this without the help of any foreign nation! Today Tunisia has reached a critical and important point in its history after succeeding in its revolution. President Ben Ali has left the country, and government has collapsed leaving the country in an unpredictable situation. A new “Coalition Government” has been announced bringing old dissidents and Human Rights activists in team with a main focus of preparing a democratic transition. Friday January 14th 2011, I have been inside the huge protestants in front of the ministry of Interior and I witnessed brave people asking clearly their dictator to leave. Since then Tunisian retrieved their freedom lost many years and began interesting politics. Young people went on the street asking for more n and more social change without being politically coached. I have witnessed, and have been part, of the strength of the "real" Tunisian Internet community to use Internet and Web 2.0 ( Blogs, Video, Facebook, Twitter, … ) to support the revolution and everyday’s riots showing to the world what’s happening due to a lack of official local media coverage. My life has been different during these days : my house is in a hot spot; near El Aouina Army Casern and just between the Airport and the US Embassy. So I took my wife to her father house, and I stayed alone during 5 days. Everything was different each day; night riots with fire shooting between protestants and police during the first 2 days , near helicopter surveillance between army and snipers belonging to Ben Ali Presidential militia during the last 3days. I have never felt the importance of the security before that. It was the same feeling that had the Tunisian people which led them to go out and organize “Population committees” in each city to protect each city from Ben Ali militia. @ Roberto, I want to say that havn't seen the real Internet community but only what the old regime want to make you see. You have not seen any of our problems. The festival was their to choose a "Miss Net" and not to discuss Net Neutrality issue. A word that was forbidden even to be mentioned. Tunisian Internet community is free today and will soon show to the world what we are capable to accomplish. Vive Internet and thank you Vint and Internet pioneers to gave us this wonderful tool that helped our revolution. From the free Tunisia Khaled Koubaa Le 20/01/2011 00:46, Roberto Gaetano a écrit :
I had the honour and pleasure to be invited to the "Festival International de l'Internet" in summer 2009, representing the Board of ICANN. I was impressed in particular by a couple of things, that I could witness in practice, and that I could discuss with the people over there. First, the concept that they wanted to bring the internet where people were, not waiting for the people to come where the internet geeks were, and second, the idea that it was not sufficient to bring the internet to the large cities, but that the connectivity had to be extended to reach rural areas. The festival was held in El Kantaoui, a place that is crowded in summer with people on vacation. That addressed the first point: people were there relaxed, had time to browse the stands, and were getting contacted more and better than in a conference hall. I found there people that were enthusiastic about the internet, stands that were dedicated to specific groups of people (I remember in particular a stand for elderly people, where the concept was that they have specific needs that have also to be addressed). All this to say that I was impressed by the potential growth of the internet in Tunisia, the interest that the subject was getting by the population, and the innovative ideas of the organizers. Incidentally, Tijani was part of the organization, and managed to introduce me to a lot of people with whom I had very interesting conversations (besides showing me the place where I could buy the best harissa I have ever had!!!). I am sure that now, with the situation evolving towards more freedom of the media, the internet will see further development. I hope that our friends in Tunisia (Khaled? Tijani? Others?) will have the opportunity to use this powerful tool to support the change. I saw this evening a reportage on the French television on Tunisia that was telling also about the new freedom of the press, with journalists that were describing the changes. I found that it was a pity that they did not mention the internet. But I am sure that our people and ALS there will work to make sure that the internet will be one of the drivers for the change. Cheers, Roberto
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Khaled KOUBAA Sent: Friday, 14 January 2011 00:40 To: at-large@atlarge-lists.icann.org Subject: [At-Large] A huge day for Internet in Tunisia
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Friday 14/01/2011 , Tunisia Independence day :) A video for you : http://www.youtube.com/watch?v=FeLT2PEmnDI Le 20/01/2011 13:24, Khaled KOUBAA a écrit :
Roberto and all, For those who don't know Tunisia : Tunisia: Small country, great nation. First Arab country that abolished slavery in 1848. First Arab country to establish a constitution in 1861. First Arab country to abolish polygamy in 1956. First Arab country to legalize abortion in 1973. Tunisia is the first Arab country to kick out its dictator and this without the help of any foreign nation! Today Tunisia has reached a critical and important point in its history after succeeding in its revolution. President Ben Ali has left the country, and government has collapsed leaving the country in an unpredictable situation. A new “Coalition Government” has been announced bringing old dissidents and Human Rights activists in team with a main focus of preparing a democratic transition. Friday January 14th 2011, I have been inside the huge protestants in front of the ministry of Interior and I witnessed brave people asking clearly their dictator to leave. Since then Tunisian retrieved their freedom lost many years and began interesting politics. Young people went on the street asking for more n and more social change without being politically coached. I have witnessed, and have been part, of the strength of the "real" Tunisian Internet community to use Internet and Web 2.0 ( Blogs, Video, Facebook, Twitter, … ) to support the revolution and everyday’s riots showing to the world what’s happening due to a lack of official local media coverage. My life has been different during these days : my house is in a hot spot; near El Aouina Army Casern and just between the Airport and the US Embassy. So I took my wife to her father house, and I stayed alone during 5 days. Everything was different each day; night riots with fire shooting between protestants and police during the first 2 days , near helicopter surveillance between army and snipers belonging to Ben Ali Presidential militia during the last 3days. I have never felt the importance of the security before that. It was the same feeling that had the Tunisian people which led them to go out and organize “Population committees” in each city to protect each city from Ben Ali militia.
@ Roberto, I want to say that havn't seen the real Internet community but only what the old regime want to make you see. You have not seen any of our problems. The festival was their to choose a "Miss Net" and not to discuss Net Neutrality issue. A word that was forbidden even to be mentioned. Tunisian Internet community is free today and will soon show to the world what we are capable to accomplish.
Vive Internet and thank you Vint and Internet pioneers to gave us this wonderful tool that helped our revolution.
From the free Tunisia
Khaled Koubaa
Le 20/01/2011 00:46, Roberto Gaetano a écrit :
I had the honour and pleasure to be invited to the "Festival International de l'Internet" in summer 2009, representing the Board of ICANN. I was impressed in particular by a couple of things, that I could witness in practice, and that I could discuss with the people over there. First, the concept that they wanted to bring the internet where people were, not waiting for the people to come where the internet geeks were, and second, the idea that it was not sufficient to bring the internet to the large cities, but that the connectivity had to be extended to reach rural areas. The festival was held in El Kantaoui, a place that is crowded in summer with people on vacation. That addressed the first point: people were there relaxed, had time to browse the stands, and were getting contacted more and better than in a conference hall. I found there people that were enthusiastic about the internet, stands that were dedicated to specific groups of people (I remember in particular a stand for elderly people, where the concept was that they have specific needs that have also to be addressed). All this to say that I was impressed by the potential growth of the internet in Tunisia, the interest that the subject was getting by the population, and the innovative ideas of the organizers. Incidentally, Tijani was part of the organization, and managed to introduce me to a lot of people with whom I had very interesting conversations (besides showing me the place where I could buy the best harissa I have ever had!!!). I am sure that now, with the situation evolving towards more freedom of the media, the internet will see further development. I hope that our friends in Tunisia (Khaled? Tijani? Others?) will have the opportunity to use this powerful tool to support the change. I saw this evening a reportage on the French television on Tunisia that was telling also about the new freedom of the press, with journalists that were describing the changes. I found that it was a pity that they did not mention the internet. But I am sure that our people and ALS there will work to make sure that the internet will be one of the drivers for the change. Cheers, Roberto
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Khaled KOUBAA Sent: Friday, 14 January 2011 00:40 To: at-large@atlarge-lists.icann.org Subject: [At-Large] A huge day for Internet in Tunisia
Hi all, After very dark days, tonight Tunisia is living a historic moment after the President speech. The President has ensured that he will not be candidate for the 2014 election. He ensured that all freedom of expression and speech will be open to all. Internet is really open there is no web site closed. I am know watching for the first time of my life "real" opposition leaders on governmental TV Tunisie7. I am positivist because I know that this is a real window for better situation. Best,
Khaled _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Khaled,
@ Roberto, I want to say that havn't seen the real Internet community but only what the old regime want to make you see. You have not seen any of our problems. The festival was their to choose a "Miss Net" and not to discuss Net Neutrality issue. A word that was forbidden even to be mentioned. Tunisian Internet community is free today and will soon show to the world what we are capable to accomplish.
I am aware of this. I was invited, with another couple of guests, to be in the jury of Miss Net, and we were also taken to a place where a community center was being opened, full of portraits of Ben Ali, and with all the ingredients that I know well for having seen them in different countries around the world. However, what I was talking about was a different thing, which is how on one hand there was an effort to reach out to people (even if the driving force for this effort might have been the need for getting popular consensus) and on the other hand the real interest of the people for the internet (even if this was the interest for the tool without the slightest understanding of issues like net neutrality). I am fully aware that I have not seen (m)any of the problems of the Tunisian internauts, but I think I have enough experience to see things beyond the scenery that is proposed to me in the foreground. Indeed there has been smoke, and there have been mirrors, but that does not mean that I saw only that. All this to say that my (limited) observation during that most enjoyable experience leads me to agree with your statement that the Tunisian Internet community "will soon show to the world what we are capable to accomplish". Last but not least, a word of caution: not always those who claim that they are going to change everything have really the intention of doing it. The Tunisian Internet community must therefore remain vigilant to check that the change is really happening. Cheers, Roberto
I am fully aware that I have not seen (m)any of the problems of the Tunisian internauts, but I think I have enough experience to see things beyond the scenery that is proposed to me in the foreground. I am sure you do have it my friend. Last but not least, a word of caution: not always those who claim that they are going to change everything have really the intention of doing it. The Tunisian Internet community must therefore remain vigilant to check that the change is really happening.
I do you agree with. But just to let you know that already 2 of the actual "Transition Government" has Twitter accounts and they began today to tweet their days and their work. It isn't a fascinating change :)
I continue to be bewildered by the baseless assertion that one cannot have speak freely on the Internet without owning a domain.
Sure - but lack of a domain name is a handicap.
You know, it's not 1995 any more. Maybe it's time to see whether anything has changed since then. People speak in vast amounts on the Internet. There are, by most estimates, hundreds of millions of blogs and personal sites hosted at places like Blogger, Typepad, Wordpress and (perish forbid) Facebook. Most of those blogs have their very own domain names, approximately none of which was provided by an ICANN registrar. They're all subdomains of the blog site, e.g., weeklysift.blogspot.com written by a friend of mine. It's true, you're at Google's mercy with a blogspot subdomain, but given the choice of depending on Google for a 3LD or depending on Godaddy for a 2LD, I don't see any reason to prefer one over the other. Furthermore, as I've said about a million times already, domains are useless without hosting and connectivity, which are at least as much of a challenge as picking a domain name. For a good example of this, look at the recent saga of Wikileaks. People have beaten up on them in all sorts of ways, Amazon cancelling their hosting, Paypal cutting off their contributions, but have you heard anything about losing their domain? As it happens, wikileaks.org has been hijacked and wikileaks.info was recently registered by someone who is not Wikileaks, and as best we can tell is a Russian crimeware gang at heihachi.net. (Compare the cruddy looking site at mirror.wikileaks.info to any of the 1400 real mirrors mostly at 3LDs like wikileaks.sharegroundz.com and wikileaks.gvoice.eu.) Few people even know or care about the hijacked domain; it doesn't matter, since they can find Wikileaks anyway. There are plenty of important issues that ICANN needs to address. Anonymous vanity domains isn't one of them. "When the facts change, I change my mind. What do you do, sir?"* Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly * - a quote from a famous economist everyone should recognize
Since we appear to have both an inability to distinguish between anonymity and pseudonyms, and we're still making the false equivalence between vanity domains and speech, there's no point in wasting more time here. R's, John On Tue, 11 Jan 2011, Karl Auerbach wrote:
On 01/11/2011 10:20 AM, John Levine wrote:
Try California.
That sounds like the exception that proves the rule, especially since this particular bypass seems aimed to specifically enable lawmakers to elude the laws they bestow on everyone else.
This is a very useful example for several reasons.
First, it's not anonymous, it's pseudonymous. The DMV knows exactly who these plates are issued to, they're just not telling.
Not quite - here in California the DMV does not necessarily know the person to whom an automobile plate is bound, rather it merely knows the gov't agency in which that person is located. Once the DMV is penetrated to find the agency, the agency must be induced to part with the next link in the chain.
And third, even though these registrants are carefully vetted upstanding members of society, they're still routinely abused. Anonymity encourages anti-social behavior.
It also encourages socially positive behavior, such as perhaps in some countries enabling one to speak out for the repeal of certain religious laws without risking assassination by one's security team.
It is also a recognition that what is good for the goose is good for the gander - that corporate forms have many ways to hide identity, so why ought that be denied to flesh-and-blood people?
I can't imagine why anyone would think this was an argument in favor of anonymous vanity domains.
Let's remove the argumentative bias begin by dropping the conclusionary and pejorative adjective "vanity". Names like "John" and "Karl" are, to a degree, mere vanities when compared to being identified by a generated unique number. Names like "ICANN" and "IBM" are also vanities compared to a generated corporation number. There are endless reasons why people and corporate aggregates like having a memorable name, vanity being one (and "vanity" not necessarily being bad except in eyes of people like Savonarola.)
Once we remove that adjective the question then becomes "should anonymous" domains be permitted?
I like your word "pseudonymous" as it better expresses the state I want to obtain - which is anonymous to a degree, but penetrable under the right conditions and in accord with the right procedures.
Karl wrote:
I like your word "pseudonymous" as it better expresses the state I want to obtain - which is anonymous to a degree, but penetrable under the right conditions and in accord with the right procedures.
Can this be a starting principle on which we can agree, although I see that we have wide differences in appreciating on what the "right procedures" might be? R.
I like your word "pseudonymous" as it better expresses the state I want to obtain - which is anonymous to a degree, but penetrable under the right conditions and in accord with the right procedures.
Can this be a starting principle on which we can agree, although I see that we have wide differences in appreciating on what the "right procedures" might be?
Since ICANN has never allowed anonymous registrations, I don't see how this is anything other than noting the status quo. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
John, You are incorrect, ICANN allows anonymous registration. They placed the no third party beneficiary into the contract, but they also do not bother with enforcement. Therefore, they allow it by ignoring it.
Since ICANN has never allowed anonymous registrations, I don't see how this is anything other than noting the status quo.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
You are incorrect, ICANN allows anonymous registration. They placed the no third party beneficiary into the contract, but they also do not bother with enforcement. Therefore, they allow it by ignoring it.
I agree that ICANN has never meaningfully enforced their agreements other than they parts about payment. But they do have the tools now to disallow anonymous domains if they chose to use them. R's, John
On 01/09/2011 10:37 AM, John R. Levine wrote:
Sigh. In what fantasy world do you imagine that there is a process to implement this?
It could be done with an automated system that requires a credit card for posting the bond and a couple of web forms to collect the information from the person making the inquiry - and it would need something behind that form to do a mild analysis of the input to try to weed out nonsense input. This kind of system could easily be tiered so that big-time investigators could have a way to cover a lot of domains at one time - for instance intellectual property protection firms could have a pre-established inquiry account, be pre-identified, and a blanket bond. If those who are penetrating people's privacy are allowed are excused on the grounds that "it is just too troublesome" then I don't have much concern if domain name registrants similarly find it just too troublesome to make up registration information or hid it behind layers of impenetrable corporate structures.
On the other hand, if you're proposing that people have to appear in person to a government official and verify their identity before they can register a domain, that's not a bad idea.
It's kind of moving that way isn't it? I find it too bad that that kind of requirement is not required here in the US for things, such as weapons, that have rather more lethal potential than a domain name. --karl--
Sigh. In what fantasy world do you imagine that there is a process to implement this?
It could be done with an automated system that requires a credit card for posting the bond and a couple of web forms to collect the information from the person making the inquiry -
Ah, that fantasy world. Here in the real world, bad guys have an unlimited supply of stolen credit cards. Good guys outside of the G20 have no credit cards at all, but of course who cares about them when our goal is to protect our vanity domain registrants from getting spam.
If those who are penetrating people's privacy are allowed are excused on the grounds that "it is just too troublesome" then I don't have much concern if domain name registrants similarly find it just too troublesome to make up registration information or hid it behind layers of impenetrable corporate structures.
Given that the vast majority of new domain names are registered for malicious purposes, and ICANN and the registration community is much more interested in maximizing their revenue stream than doing anything related to the public good, I expect that we'll be moving toward a whitelisted DNS, in which the resolvers that people use only return answers for domains that are vetted by some third party. (If you think I'm kidding, look at some of the recent proposals from the Internet Software Consortium that maintains BIND, the most widely used DNS software.) Be careful what you ask for, and all that. R's, John
On 01/09/2011 02:00 PM, John R. Levine wrote:
...I expect that we'll be moving toward a whitelisted DNS, in which the resolvers that people use only return answers for domains that are vetted by some third party. (If you think I'm kidding, look at some of the recent proposals from the Internet Software Consortium that maintains BIND, the most widely used DNS software.)
I not only anticipate that happening, but I am implementing code to help make it happen. It has always seemed to me that we ought not to fight against the desire of people to shape their view of the internet landscape to what they want it to be. Yes, that's censorship, but it is self-imposed (and hopefully voluntarily) censorship. But it is also expansive - those people who want a broader internet horizon, or a different horizon, ought not to be constrained. I'm working on reviving the "grass roots" idea that was around during the late 1990's. In that idea a user goes to a website that presents a catalog of top level domain choices, including TLD names that may be contested. The user picks a list of TLDs that he wants to compose his view of the internet landscape. The result is a set of BIND configuration files that the user can use to establish his very own personal root (which he can also make available to friends) that contains those TLDs. It also has the nice side effect of bypassing the entire chaos and fee-grabbing that surrounds ICANN's new TLDs and puts the choice where it belongs - into the hands of internet users. (Thus if there is a TLD name that is contested, it will be internet users who chose which, if either, lives or dies. And the specter of users shunning conflicted TLDs will drive the contestants to settle their dispute else both would be likely to fail.) I'm doing the code in my not-very-large amount of spare time, right now I'm working on the code to accumulate TLD offerings into an a catalog (portable in JSON format, XML will come later) of non-authoritative data. The next step will be to create the pick-and-chose mechanism and from that generate a root zone file and other BIND config files. (The hardest part I suspect will be getting the glue records contextually right.) When I get this done - which due to time constraints will certainly be no earlier than several months from now, probably later - I'll be publishing the Python code under a non-viral open source license. --karl--
Cogent. I have one or two quibbles - the first one, how would one affirm the registrant's identity? - but this, Karl, provides the substrate for a fairly well-balanced regime between privacy and 'need to know' requirements. Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= On Sat, Jan 8, 2011 at 6:53 PM, Karl Auerbach <karl@cavebear.com> wrote:
On 01/08/2011 02:37 PM, Roberto Gaetano wrote:
I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public. ...the example of car registration: a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public. Actually, I am not aware of any national car registry in which you can access this information without proving that you need it, and qualify yourself. I have not yet heard a convincing argument on why the domain names have to be treated differently.
You've hit on an important point. But first let me make a minor detour...
<begin detour>
If you check the registration of my primary automobile you won't find my name anywhere. There are layers of corporate identities between my name and the name on my automobile registration.
That is neither illicit nor does it oppose the social policies that justify automobile registration.
"Ownership" is a distinct concept from that of "control". There are quite legitimate reasons why ownership (or control) might be indirected through layers of intermediaries. Moreover, there are cases, such as when a person has acquired an automobile on the basis of a loan there are separate and distinct legal and beneficial ownership rights.
<end detour>
The drum beat for privacy busting private regulation of domain name registrations is driven by the desire by various people, some driven by good intent (such as the anti-spam community), some driven by more selfish motives (such as the intellectual property protection [as distinguished from the intellectual property creation] industry). Those groups would dispense with the nuisance of balanced due-process to the data subject.
It is long past time to introduce some balance back into the equation:
For years I have advocated that penetration of domain registrations should require the person making the request do several things:
1. They should announce their identity, personal and organizational (including contact information), and proofs of that identity, which would be recorded, permanently, into an access log.
2. A bond (small, perhaps $100) should be posted to indemnify the data subject should the access be ill founded, vexatious, or made with reckless disregard of facts known, or readily knowable to, the accessor. (There are lots of ways that this requirement could be streamlined to accommodate the needs of consumers - for example the bond could be waived for the first 10 accesses during any 12 month period.)
3. They should make a concise and concrete accusation, into the permanent log, that states why they believe rights they process towards the domain name are being violated. This accusation must be backed by evidence. This accusation could act as an estoppel against the accessor making contrary assertions at a later date.
4. They should be required to enter into a legally binding agreement, with the data subject being granted explicit third party beneficiary rights of enforcement, that constrains the use of the data obtained so that it may not be further disseminated or used for any other purpose than to initiate a dialog with the data subject on the question whether the accusation is well founded or specious.
5. The data subject should be given notice of the access, including the identity of the accessor and the content of the accusation. The data subject would have the right to make that accusation and the identity of the accessor public.
6. On a periodic basis the log of access should be processed so that the name of each accessor, and the number of accesses made, is published to the public. This will help identify access trolls.
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 2011/01/09 00:37, Roberto Gaetano wrote:
Happy new year to all. Let me add a late comment to this thread. I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public. This is not a new debate, but it still comes in waves, without substantial changes in the opinions of the different parties. Years ago, I think it was at the Tunis/Carthage (2003?), we had this discussion and I replied to Marilyn Cade making the example of car registration: a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public. Actually, I am not aware of any national car registry in which you can access this information without proving that you need it, and qualify yourself. I have not yet heard a convincing argument on why the domain names have to be treated differently. Cheers, Roberto
But then again, to register a vehicle, proof of identity is required. Also, vehicles do not traverse international borders without passing some form of customs point. At that border checkpoint, the vehicle driver's identity will be verified and it will be determined if he is allowed to pass that point. Such exit/entry will be registered. Potentially the vehicle may be inspected. Domains are used for services that span borders and are not subject to these same checks (though some are trying to implement just that). So yours is not really a good comparison. Derek
Derek Smythe wrote:
But then again, to register a vehicle, proof of identity is required.
Fine. I said that registration data for a domain name have to be complete and correct. I am not at all against the fact that the owner has to be identified by the registration authority.
Also, vehicles do not traverse international borders without passing some form of customs point. At that border checkpoint, the vehicle driver's identity will be verified and it will be determined if he is allowed to pass that point. Such exit/entry will be registered. Potentially the vehicle may be inspected. Besides the fact that there is a difference between the owner and the driver, as the great Miles Davis said: "So What?". I thought I made it clear that authorized bodies had to have access to registration information. Authorized bodies include not only the authority issuing the licence plates, but also the customs authority at the border. I maintain that it does not include the general public. I am not aware of situations in which data collected at the border checkpoint are made public. Do you?
Domains are used for services that span borders and are not subject to these same checks (though some are trying to implement just that).
Miles Davis' 32-bar statement applies here as well ;>)
So yours is not really a good comparison.
I'll leave it to the readers to judge. Cheers, R.
Derek _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 2011/01/09, Roberto Gaetano wrote:
Fine. I said that registration data for a domain name have to be complete and correct.
Apologies Roberto, quite correct, you did say so: Sadly if the domain driver was truthful at the moment, the answer to whose vehicle it was would be "I don't know" in a surprisingly high number of cases.
Derek Smythe wrote:
But then again, to register a vehicle, proof of identity is required.
Fine. I said that registration data for a domain name have to be complete and correct. I am not at all against the fact that the owner has to be identified by the registration authority.
Also, vehicles do not traverse international borders without passing some form of customs point. At that border checkpoint, the vehicle driver's identity will be verified and it will be determined if he is allowed to pass that point. Such exit/entry will be registered. Potentially the vehicle may be inspected. Besides the fact that there is a difference between the owner and the driver, as the great Miles Davis said: "So What?". I thought I made it clear that authorized bodies had to have access to registration information. Authorized bodies include not only the authority issuing the licence plates, but also the customs authority at the border. I maintain that it does not include the general public. I am not aware of situations in which data collected at the border checkpoint are made public. Do you?
Domains are used for services that span borders and are not subject to these same checks (though some are trying to implement just that).
Miles Davis' 32-bar statement applies here as well ;>)
So yours is not really a good comparison.
I'll leave it to the readers to judge.
Cheers, R.
Derek _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 01/09/2011 01:58 PM, Roberto Gaetano wrote:
Fine. I said that registration data for a domain name have to be complete and correct. I am not at all against the fact that the owner has to be identified by the registration authority.
By-the-way, the following item is relevant here to the degree that one equates domain names as an part of the machinery of free expression and dialog on the net:
http://pubcit.typepad.com/clpblog/2011/01/stanley-fish-leads-the-charge-agai...
There seems to be a tendency to draw lines between "legitimate" speech and "vanity" domains and the excesses of spammers and those who engage in clearly fraudulent misidentification of products with an ill intent of gain or harm. But the problem is that there are now clear lines, only fuzzy differences, like the difference between dawn and day. There is little doubt in my mind that there needs to be some thread through which one can be held accountable for illegal actions. But that thread ought to be hard to pull and those who pull it ought to be held to account for their own accusations and actions in so doing. In today's world I also see a strong bias in favor of corporate (and governmental) privacy and against personal privacy. We seem to be willing to jump to weaken privacy of individuals - make that privacy fall on mere accusation - while according corporate and governmental bodies vast rights to create layers upon layers of indirection and evasion. We also seem far more willing to leap to the conclusion that an accuser is right and the accused is guilty, particularly if the action is unsavory even if it is not illegal. Our rush to righteousness may have the effect of transforming Kafka's "Trial" from a novel to a fulfilled prophecy. --karl--
Hi Roberto, agreeing with you, since I am from a country where anonymousness is forbidden by the Constitution, and this not means the information of anyone is public, for me it sounds like the anonymousness just goes in the benefit of the bad guy. Government - if there where lies the fear - has thousands of opportunities to control the citizen´s life. Once is not public other person will not be able to reach it. Roberto, If you once understand it, please public it to the benefit of our knowledge. best. Vanda Scartezini Polo Consultores Associados IT Trend Alameda Santos 1470 1407,8 01418-903 São Paulo,SP, Brasil Tel + 5511 3266.6253 Mob + 55118181.1464 -----Mensagem original----- De: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] Em nome de Roberto Gaetano Enviada em: sábado, 8 de janeiro de 2011 20:38 Para: 'At-Large Worldwide' Assunto: Re: [At-Large] 9th Circuit Court ruling on ICANN Contract. Happy new year to all. Let me add a late comment to this thread. I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public. This is not a new debate, but it still comes in waves, without substantial changes in the opinions of the different parties. Years ago, I think it was at the Tunis/Carthage (2003?), we had this discussion and I replied to Marilyn Cade making the example of car registration: a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public. Actually, I am not aware of any national car registry in which you can access this information without proving that you need it, and qualify yourself. I have not yet heard a convincing argument on why the domain names have to be treated differently. Cheers, Roberto
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Bill Silverstein Sent: Friday, 24 December 2010 00:32 To: At-Large Worldwide Subject: Re: [At-Large] 9th Circuit Court ruling on ICANN Contract.
On 12/22/2010 10:40 AM, Bill Silverstein wrote:
It is not vigilante justice to know the identity of the owner of a domain name.
Oh yes indeed it is. It is most definitely vigilante action to take away the right of an accused - merely on the basis of that accusation. In this case the rights are those of privacy and due process.
Oh no. You are inserting a right here where there is none. The right to privacy regarding the ownership of a domain name. Anonymous speech does not equate to anonymous domain name registration.
The registration of a domain requires the owner of the domain to correctly identify oneself to the public when registering the domain name.
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large At-Large Official Site: http://atlarge.icann.org
Vanda, I am not sure I understand what you would like me to do. Cheers, Roberto
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Vanda UOL Sent: Tuesday, 11 January 2011 17:57 To: 'At-Large Worldwide' Subject: [At-Large] RES: 9th Circuit Court ruling on ICANN Contract.
Hi Roberto, agreeing with you, since I am from a country where anonymousness is forbidden by the Constitution, and this not means the information of anyone is public, for me it sounds like the anonymousness just goes in the benefit of the bad guy. Government - if there where lies the fear - has thousands of opportunities to control the citizen´s life. Once is not public other person will not be able to reach it. Roberto, If you once understand it, please public it to the benefit of our knowledge. best.
Vanda Scartezini Polo Consultores Associados IT Trend Alameda Santos 1470 1407,8 01418-903 São Paulo,SP, Brasil Tel + 5511 3266.6253 Mob + 55118181.1464
-----Mensagem original----- De: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] Em nome de Roberto Gaetano Enviada em: sábado, 8 de janeiro de 2011 20:38 Para: 'At-Large Worldwide' Assunto: Re: [At-Large] 9th Circuit Court ruling on ICANN Contract.
Happy new year to all. Let me add a late comment to this thread. I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public. This is not a new debate, but it still comes in waves, without substantial changes in the opinions of the different parties. Years ago, I think it was at the Tunis/Carthage (2003?), we had this discussion and I replied to Marilyn Cade making the example of car registration: a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public. Actually, I am not aware of any national car registry in which you can access this information without proving that you need it, and qualify yourself. I have not yet heard a convincing argument on why the domain names have to be treated differently. Cheers, Roberto
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Bill Silverstein Sent: Friday, 24 December 2010 00:32 To: At-Large Worldwide Subject: Re: [At-Large] 9th Circuit Court ruling on ICANN Contract.
On 12/22/2010 10:40 AM, Bill Silverstein wrote:
It is not vigilante justice to know the identity of the owner of a domain name.
Oh yes indeed it is. It is most definitely vigilante action to take away the right of an accused - merely on the basis of that accusation. In this case the rights are those of privacy and due process.
Oh no. You are inserting a right here where there is none. The right to privacy regarding the ownership of a domain name. Anonymous speech does not equate to anonymous domain name registration.
The registration of a domain requires the owner of the domain to correctly identify oneself to the public when registering the domain name.
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 08 Jan 2011, at 23:37, Roberto Gaetano wrote:
I believe that the registration of a domain requires the owner of the domain to correctly identify oneself to the registering authority, but that this information does not need necessarily to be public.
Roberto, I agree with you on the principle. However the devil is in the details and the implementation. How does the registrar unambiguously identify the registrant ? One way of doing that is by applying the same process as is being used for SSL certificates, namely paperwork. This is already being done on a global scale by the CA industry. Of course, this has a cost. That would make domains worth USD 300/year. I shiver at the consequences for the domain industry and registrants.
a car owner is obliged to provide complete and accurate information to the registration authority, but this information is not necessarily public.
Agree. Those who want information on domain name owners have to show their credentials. But again this protection has a cost. The registrar and/or the registry would have to process these requests and would transfer the costs to the registrants. The whole point is that none of the above can be done for USD20/year. What you are suggesting is a fundamental change in the domain name business. I don't necessarily disagree. But among the consequences, it would prevent many individuals from registering domain names. This bothers me a lot. Patrick
How does the registrar unambiguously identify the registrant ? One way of doing that is by applying the same process as is being used for SSL certificates, namely paperwork. This is already being done on a global scale by the CA industry. Of course, this has a cost. That would make domains worth USD 300/year. I shiver at the consequences for the domain industry and registrants.
SSL certs cost about $10 these days, and involve no meaningful identity verification. There's green bar certs, but they're down to $99 and I'm sure the usual race to the bottom will happen, leading to yet another incarnation of more expensive gold seal certs or something.
The whole point is that none of the above can be done for USD20/year. What you are suggesting is a fundamental change in the domain name business. I don't necessarily disagree. But among the consequences, it would prevent many individuals from registering domain names. This bothers me a lot.
I have to say it hardly bothers me at all. Look at the number of blogs and personal websites, then look at the how many of them have their own 2LDs, and divide to see what fraction has their own domains. Unless you use double precision, it rounds to zero. Personal vanity domains may have seemed important in the 1990s, but now they're largely an anachronism. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
On 01/19/2011 02:13 PM, Patrick Vande Walle wrote:
Agree. Those who want information on domain name owners have to show their credentials.
But again this protection has a cost. The registrar and/or the registry would have to process these requests and would transfer the costs to the registrants.
The registry or registrar (as appropriate for the business model) could require the person making the inquiry to pay an access fee. A couple of years ago I suggested that those who make inquiries might fall into certain classes: - Those who make a lot of inquiries as part of a business practice. This would perhaps include intellectual property protection attorneys. - Those who make a medium level of inquiries but not necessarily in a business context. This could encompass those who are semi-professional anti-spam/anti-net fraud fighters. - The j-random internet user who just wants to take an occasional look. Much of the cost of making an inquiry is that of identifying the person asking for the data. Those in the first two categories can arrange to pre-identify themselves and thus greatly reduce the per-inquiry costs that ought to be charged. This does not obviate the possible need for a charge that exists simply to slow-down those who would abuse the system through mass inquiries. --karl--
On 2010/12/22 19:18, Michele Neylon :: Blacknight wrote:
On 19 Dec 2010, at 19:51, Derek Smythe wrote:
Derek
The reality of this issue is that the normal internet user, be it a small business or an individual, has not real protection on the internet.
The flipside to this is that registrants have a right to privacy and a degree of protection. The "normal" user wants to be able to register and use domain names without publishing their private details.
Yes we all know there are criminals out there, but there are plenty of other ways to get to them other than WHOIS of a domain name.
And if the normal user registers "the largest online recruiting agency in the world" (money mules) with private whois? Or a domain used for a bank that looks remarkably like your favourite bank? Yes, there are other ways, but this was "supposed" to be one of the ways of knowing who you are dealing with. So are we to reject anything from now on, ignoring rules set, because we have a good excuse to do so? I think not.
The registrar is held blameless and the victim of internet abuse cannot hold him liable.
Which is correct in my view.
If I sold kitchen knives and you happened to use one to commit murder it wouldn't be reasonable to hold me liable UNLESS I had sold you the knife to commit murder ..
If you keep on selling knives to the same guy that has stabbed 12 people on various occasions outside your knife shop while you are aware of this?
ICANN is not interested in abuse issues, it is outside their gambit despite creating an environment ideal for abuse.
That is a wonderfully inflammatory statement
But sadly reality.
As for law enforcement, law enforcement only deals with the most serious issues.
Which is normal. It's not up to law enforcement to go around enforcing IP interests.
How did we get to IP interests? Read http://www.scribd.com/doc/45487838/Balsam-v-Tucows-No-09-17625-9th-Cir-Dec-1... again. What about cyber crime in all it's forms?
A simple reality is they are absolutely flooded with ongoing issues.
That does leave the normal internet user vulnerable to exploitation.
You could extend the same logic to the offline / tangible / real world ..
Taken to its logical (though somewhat perverse) conclusion then we should all be hiding in bunkers.
Yes and no. The issue is we are dealing with virtual parties that do not exist in many cases, using mechanisms that hides their location etc. This is extremely different to a "real world" scenario. Would you register a house/car/gun on your name for me, without having verified in depth that I'm in good standing and I am really who I say I am? What else is privacy protection in most cases? The problem at hand is not the ratio of good/bad registrants, but the environment created by current mechanisms that allow a handful of registrants to abuse domains and in general internet facilities, spoiling it for the rest of the non-malicious users. Yet LE/governments have an obligation to protect their citizens in most civilized countries and when they get involved, they tend to do so with a sledgehammer approach. Yet we want to cry foul when it happens, yet we fail to do so ourselves with self regulation? Derek
Regards
Michele
PS: The only time I've been a victim of crimes has been offline - wallets stolen, cars vandalised and debit cards skimmed ..
Mr Michele Neylon Blacknight Solutions Hosting& Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon
PS: Check out our latest offers on domains& hosting: http://domainoffers.me/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 22 Dec 2010, at 12:53, Derek Smythe wrote:
And if the normal user registers "the largest online recruiting agency in the world" (money mules) with private whois? Or a domain used for a bank that looks remarkably like your favourite bank?
Yes, there are other ways, but this was "supposed" to be one of the ways of knowing who you are dealing with.
So are we to reject anything from now on, ignoring rules set, because we have a good excuse to do so? I think not.
I do not believe there is a proxy service around that will not respond do a proper legal warrant for the information after due process has been exercised. And if there was, they would be breaking the local law. So the information is registered. And if someone is using a pseudonym to commit fraud, that too is a crime in most places. So all the avenues for knowing who you are dealing wit exist as long as the proper processes of the law are used. And since there are lots of civilian organization more than ready to help the law with their investigative process and assuming that we do not make all information leaking and whistle blowing illegal, it should be possible for the law to do its job. a.
On 2010/12/22 20:11, Avri Doria wrote: .....
So all the avenues for knowing who you are dealing wit exist as long as the proper processes of the law are used. And since there are lots of civilian organization more than ready to help the law with their investigative process and assuming that we do not make all information leaking and whistle blowing illegal, it should be possible for the law to do its job.
And that is exactly my point, do you? Reality shows not. Many times hidden under the privacy protection is bogus or ID theft details. In fact, upon learning of ID theft in a domain registration, one of the largest registrars changes the public whois to one where the registrant name still shows, but their own privacy address. They then park the domain. This is a case of a minority, as I stated previously, spoiling it for others. So imagine the time this wastes for law enforcement. Or imagine the costs in a civil case to obtain the details which are useless and virtually unverified. Imagine the time delays. I have no issue with privacy in domains, except there is no real verification mechanism. A mail to a free unverified email address is no verification. As for credit card details, the recent mentioned neighbors of wikileaks.info if a great supply for credit card details complete with social security numbers, addresses, telephone numbers etc. This leads to unaccountability as opposed to privacy. D
a. _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
How does wasting LE time equate to me disliking LE priorities? Who said anything about vigilantism? See my post dated 19 Nov 2010. On 2010/12/24 00:16, Karl Auerbach wrote:
On 12/22/2010 10:44 AM, Derek Smythe wrote:
So imagine the time this wastes for law enforcement.
If you don't like the priorities of your law enforcement officials then the answer is to change the officials, not to engage in self-help (vigilante) ad-hoc processes.
--karl-- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 22 December 2010 13:11, Avri Doria <avri@acm.org> wrote:
So all the avenues for knowing who you are dealing wit exist as long as the proper processes of the law are used.
Whose law? We already appear to have situations in which the bad guys go jurisdiction-shopping -- either by design or fortune -- to find regimes that offer the most obstacles to discovery and/or have the narrowest definition of fraud. It's the fraudsters' equivalent of incorporating in Delaware or banking in the Caymans. When the victim has to pursue the perp across national boundaries, only to find that in the bad guy's "home" victim claims have little value, "proper processes" are a cruel joke. (And heaven knows this isn't just related to Internet matters...) A big part of the problem I had with the IRT approach to trademark protection is that it sought to confer upon ICANN nearly treaty-making authority it did not (and should not) have. While ICANN can go a long way towards cleaning up the loopholes and enforcing its own agreements, it can't on its own redefine Internet fraud on a global basis. We now have precedent, for better or worse, for blocking domains at a national level. An American court order against scammer.su (or even scammer.com) might not be enforceable against a foreign registrar and foreign proxy, but those domains can be blocked by government order. You may not be able to catch the elusive bad guys but you can at least close down the local office. And now that the action has been taken once with minimal public outcry, I expect other actions -- and possibly other countries following suit. What role does ICANN have in this? Except for issues of WHOIS accuracy and enforcing its own contracts, this may be beyond scope. But ICANN has an interest, as a matter of Internet stability, in minimizing country-level blockage of domains. To that end it may have a valuable role as facilitator and advisor, where it is unable to act as regulator. Perhaps this is an opportunity for ICANN to turn the table and provide advice to governments -- or at least offer a forum where these issues can be discussed without being based on technical ignorance. Meanwhile, internally ICANN needs to clean up its WHOIS act. As Bill said, it is not vigilante justice just to know who owns a domain. -- - Evan
IIRC Zittrain wrestled with the issues of bad Internet actors in his book, and concludes that some form of crowdsourced blacklisting are the only effective way of dealing with them. Hillary Clinton, in her Internet Freedom speech, in a statement that drew surprisingly little comment, suggested that the end of Internet anonymity is the price of continued freedom. j -- --------------------------------------------------------------- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org ---------------------------------------------------------------
On 12/22/2010 10:57 AM, Evan Leibovitch wrote:
On 22 December 2010 13:11, Avri Doria<avri@acm.org> wrote:
So all the avenues for knowing who you are dealing wit exist as long as the proper processes of the law are used.
Whose law?
We already appear to have situations in which the bad guys go jurisdiction-shopping -- either by design or fortune
1. Get a domestic judgment that shows that in the eyes of a court of competent jurisdiction in your own home that a violation of your laws has occurred. 2. Take that judgment and use the laws of the foreign jurisdiction to domesticate the judgment and make it enforceable there. Step #2 may be hard and frustrating. But it is better than engaging in private feuding using ad hoc (and thus contrary to the notion of predictable justice) procedures.
We now have precedent, for better or worse, for blocking domains at a national level
That is - blocking until people decide to establish and use competing, consistent DNS roots. There is no technical or legal obstacle in the way of that happening - the only obstacle is an already eroding reluctance. --karl--
On 12/22/2010 10:57 AM, Evan Leibovitch wrote:
On 22 December 2010 13:11, Avri Doria<avri@acm.org> wrote:
So all the avenues for knowing who you are dealing wit exist as long as the proper processes of the law are used.
Whose law?
We already appear to have situations in which the bad guys go jurisdiction-shopping -- either by design or fortune
1. Get a domestic judgment that shows that in the eyes of a court of competent jurisdiction in your own home that a violation of your laws has occurred. 2. Take that judgment and use the laws of the foreign jurisdiction to domesticate the judgment and make it enforceable there. Step #2 may be hard and frustrating. But it is better than engaging in private feuding using ad hoc (and thus contrary to the notion of predictable justice) procedures.
We now have precedent, for better or worse, for blocking domains at a national level
That is - blocking until people decide to establish and use competing, consistent DNS roots. There is no technical or legal obstacle in the way of that happening - the only obstacle is an already eroding reluctance. --karl--
I do not believe there is a proxy service around that will not respond do a proper legal warrant for the information after due process has been exercised. And if there was, they would be breaking the local law.
Um, this suggests you haven't dealt with many proxy services. Try, say, privacyprotect.org who boast that they blow off all phone calls and paper mail. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
Hi, I said a request brought after due process; i.e. a court order. And if they do blow off a court order, I am sure there are consequences. But you are right, the only proxy services I deal with are the ones that protect my personal privacy. And as a user of there services I sincerely hope they only respond to court orders. Not that I believe I do anything illegal but I do want to make sure my sites are private except in so far as I out myself. a. On 22 Dec 2010, at 14:35, John R. Levine wrote:
I do not believe there is a proxy service around that will not respond do a proper legal warrant for the information after due process has been exercised. And if there was, they would be breaking the local law.
Um, this suggests you haven't dealt with many proxy services.
Try, say, privacyprotect.org who boast that they blow off all phone calls and paper mail.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Hi,
I said a request brought after due process; i.e. a court order. Which Court?
Lets say that you live in Atlanta Georgia. You register your domain name name with TuCows, and use their privacy service. You use my trademark or send me illegal spam. In the Balsam case, it is on the record that TuCows will agree to respond to a foreign (not in their jurisdiction) subpoena, but does not. Here are the options. 1. I file suit against you Los Angeles, where the harm is felt, Calder v. Jones, Pannavision v. Toppen, etc. TuCows does not respond. To get them to respond, I have to file suit in Canada. 2. I file suit in Canada, and find out it is you, then: 1. Continue in Canada, but it gets kicked because there is no jurisdiction over the parties. 2. File in Los Angeles. 3. File in Atlanta, where you are located.
And if they do blow off a court order, I am sure there are consequences.
Yes, after I spent money filing suit in Canada, TuCows will get their wrist slapped. That is what Balsam tried to do, but imputing liability under section 3.7.7.3, but the court denied it.
But you are right, the only proxy services I deal with are the ones that protect my personal privacy. And as a user of there services I sincerely hope they only respond to court orders. Not that I believe I do anything illegal but I do want to make sure my sites are private except in so far as I out myself.
a.
On 22 Dec 2010, at 14:35, John R. Levine wrote:
I do not believe there is a proxy service around that will not respond do a proper legal warrant for the information after due process has been exercised. And if there was, they would be breaking the local law.
Um, this suggests you haven't dealt with many proxy services.
Try, say, privacyprotect.org who boast that they blow off all phone calls and paper mail.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
On 22 December 2010 14:47, Avri Doria <avri@acm.org> wrote:
Hi,
I said a request brought after due process; i.e. a court order.
And if they do blow off a court order, I am sure there are consequences.
Such as....? Especially if they are outside the jurisdiction of the order...? "Contempt of court" is not just an infraction, it's an attitude. - Evan
The "normal" user wants to be able to register and use domain names without publishing their private details.
Actually, the "normal" user wants to use the Internet without being bombarded by spam and crimeware, and has no interest in registering a domain. I realize that there has been a tendency in some circles to see the ALAC as representing vanity domain registrants, but the real at-large is the vast majority of Internet users who just use it without registering anything beyond an account with their local ISP. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
participants (19)
-
Antony Van Couvering -
Avri Doria -
Bill Silverstein -
Carlton Samuels -
Cintra Sooknanan -
Derek Smythe -
Evan Leibovitch -
John Levine -
John R. Levine
-
Joly MacFie -
José Ovidio Salgueiro A. -
Karl Auerbach -
Khaled KOUBAA -
Manuel Schneider -
Michele Neylon :: Blacknight -
Patrick Vande Walle -
Roberto Gaetano -
Vanda UOL -
Wendy Seltzer