Re: [At-Large] [NA-Discuss] [FWD: RE: [ALAC-Announce] Meeting Invitation / Discussion on Domain Names Registered Using Private/Proxy Services / 14.12.09 @ 18:00 UTC]
You wrote: "If you want to create a system of internet business licenses, feel free to propose it." Good idea. -----Original Message-----
From: Karl Auerbach <karl@cavebear.com> Sent: Dec 15, 2009 11:55 AM To: at-large@atlarge-lists.icann.org Subject: Re: [At-Large] [NA-Discuss] [FWD: RE: [ALAC-Announce] Meeting Invitation / Discussion on Domain Names Registered Using Private/Proxy Services / 14.12.09 @ 18:00 UTC]
On 12/15/2009 07:51 AM, Beau Brendler wrote:
Karl, you wrote:
"well established legal due processes and protections."
And in the case of a Russian-mob operated chain of sites that sell vicodin (or a version thereof) all over the world to anyone who will pay, using registrations obtained in the US with false WHOIS data, where exactly is the "well established legal due processes and protections"?
If you think the activity is illicit then make a complaint to law enforcement.
Don't turn ICANN into the Protocol Police.
You also wrote:
"ICANN is being used as a private hired gun through which everyone from the trademark industry to "consumer advocates" are trying to create an e-vigilante shortcut"
Nice, though rather dated, rhetorical flourish,
Should I have said "iVigilante"?
but I think we are
talking about encouraging the contracted-party-dominated ICANN community to abide by and enforce its own policies or contractual provisions on WHOIS data.
There is certainly no agreement that whois is even a valid system at all. It is a system that has nearly zero technical operational value and exists only because it is a carry-forward of the kind of club-roster that we used back in the early 1970's.
If you want to create a system of internet business licenses, feel free to propose it.
Once you've looked at the umpteenth one of
these types of sites protected by private proxy registration, you get a little bit discouraged.
That's why law enforcement has investigatory powers, but those powers are subject to a body of due-process constraints.
There is much danger is allowing the kind of power to an actor, such as ICANN, that is not constrained by due process or ill equipped to act as a private law enforcement body - just look at Xe, nee Blackwater.
For instance, there are a lot of scientology folks out there who would love for you to succeed in your endeavor - because next year they will follow the road you are creating to have ICANN locate and punish noisy skeptics.
And some of the highly radical anti-abortion crowd would just love to use ICANN to find the personal information about certain doctors and their staff.
ICANN's role is to assure that the internet domain name system is stable, meaning that DNS query packets are accurately, quickly, and reliably turned into DNS response packets.
We already have law enforcement and consumer protection agencies with powers and procedures to deal with the issue you raise.
If they are not solving the problem you perceive, then fix them. But don't break ICANN.
--karl--
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/at-large_atlarge-lists.icann...
At-Large Official Site: http://atlarge.icann.org
On 12/15/2009 09:34 AM, Beau Brendler wrote:
You wrote:
"If you want to create a system of internet business licenses, feel free to propose it."
Good idea.
Horray! Out of argument comes agreement. Now we have something on which we can go forward. I *do* support the idea that there be some sort of internet business license that is coupled to an obligation to have real and meaningful information about who or what is behind the business, where it legally exists, and how it may be contacted for both informal and formal communications. To me that would vastly clarify the issue of whois privacy and make it easier to define the privacy rights and disclosure obligations, if any, of individuals who are not also acting in a business capacity versus the obligations of people and aggregate entities that are. There are, of course, a few nits - for example, some things that some countries treat as religious bodies others treat as commercial cults. (I suspect that we all know who I am referring to.) I don't see the need for there to be a single entity that issues these licenses, not does it have to be a governmental body. And I believe that ICANN's role would not be that of a licensor but rather to base its whois policy on whether one has a license or not from a recognized authority. (We can foresee that there will be fights over who gets that nod of recognition.) I do have concern that there are those, such as the pharmacies you note, who may be scofflaws and simply not obtain such a license from wherever such licenses might be obtained. On the other hand, I see a pressure that could coerce people to engage with various business license system - I can readily imagine web browser plugins that check the various license databases and put up a warning marker, much as they already do for un-rooted SSL certificates and passwords over non-HTTPS connections, when someone is interacting with a website. Doing this so that it isn't as heavy handed as, for instance, Firefox handling of non-rooted certificates, might take some inventive thinking. How this ties into SSL certificates and how to prevent it from becoming yet another Verisign dominated market (I don't foresee these licenses as being available for free) are matters that I have not thought about. --karl--
Hi Karl,
"If you want to create a system of internet business licenses, feel free to propose it."
Horray! Out of argument comes agreement. Now we have something on which we can go forward.
Indeed,
I *do* support the idea that there be some sort of internet business license that is coupled to an obligation to have real and meaningful information about who or what is behind the business, where it legally exists, and how it may be contacted for both informal and formal communications.
To me that would vastly clarify the issue of whois privacy and make it easier to define the privacy rights and disclosure obligations, if any, of individuals who are not also acting in a business capacity versus the obligations of people and aggregate entities that are.
Agreed. But it's been argued by many that framing the disclosure versus privacy debate as a WHOIS matter is missing the point. WHOIS is a protocol and a data format. It's an implementation, not a right or obligation. There are, of course, a few nits - for example, some things that some
countries treat as religious bodies others treat as commercial cults. (I suspect that we all know who I am referring to.)
I would think that there will also be some opponents to the idea of treating personal domain ownership differently from business-owned ones. Come to think of it, finding opponents to this idea will not be difficult.
I don't see the need for there to be a single entity that issues these licenses, not does it have to be a governmental body. And I believe that ICANN's role would not be that of a licensor but rather to base its whois policy on whether one has a license or not from a recognized authority. (We can foresee that there will be fights over who gets that nod of recognition.)
I do have concern that there are those, such as the pharmacies you note, who may be scofflaws and simply not obtain such a license from wherever such licenses might be obtained.
Getting this universally accepted will certainly be a lengthy and uphill battle, but perhaps there is a window of opportunity offered in ICANN's attempt to create an optional "high security zone" certification for new gTLDs. http://mm.icann.org/pipermail/hstld-ag/2009-December/000001.html One of the reasons I'm on the HSZ advisory group (one of only two from At-Large and there's nobody from NCSG, amidst a mob of contracted parties) is to ensure that such a certification enforce some kind of ownership-information accuracy regime as part of the certification. Originally I thought of that as WHOIS accuracy but it doesn't have to be in that form. What about advancing the notion that a HSZ must have some method of registration / licensing, handled by the registry (or its agent) but enforced at the registrar level? (Ie, a business has to get registered/licensed from the registry before it can buy a domain from one of its registrars? Then, for instance, the registry can have its domains audited against the registered/licensed owner list. The timeline for this is not compressed; the AG doesn't expect to have much done by Nairobi. So we have time to thrash through the license concept and then build support for it. On the other hand, I see a pressure that could coerce people to engage with
various business license system - I can readily imagine web browser plugins that check the various license databases and put up a warning marker, much as they already do for un-rooted SSL certificates and passwords over non-HTTPS connections, when someone is interacting with a website. Doing this so that it isn't as heavy handed as, for instance, Firefox handling of non-rooted certificates, might take some inventive thinking.
We may not be able to force browser developers to do what we want. But that's what plugins are for. :-) - Evan
participants (3)
-
Beau Brendler -
Evan Leibovitch -
Karl Auerbach