Wild-west hyperbole aside, I would be glad to leave a "calling card" of some sort after accessing someone's WHOIS data for journalistic purposes, just like I'd be happy (and required by professional standards) to identify myself with a source. Of course, doing this in dealing with someone who has something to hide would just send them off to the shadows to blind-register. -----Original Message-----

From: Karl Auerbach <karl@cavebear.com> Sent: Dec 17, 2009 10:35 PM To: at-large@atlarge-lists.icann.org Subject: Re: [At-Large] Couldn't have done this without WHOIS

On 12/17/2009 07:14 PM, John R. Levine wrote: I know people who use WHOIS info to deal with scams and frauds on a

...

daily basis. If you're saying that we're lying, it's hard to have a discussion.

Vigilante justice was also used at times to deal with scams and frauds, but we've learned that that kind of rough process meant that innocent people were too often strung-up along with the horse thieves.

Kafka's book "The Trial" begins with a line saying that someone, someone who is never identified, has been asking unknown questions about Joseph K.

Whois is right out of Kafka - unknown people dig through our private information for unknown reasons (although clearly the trademark people do it a lot to make accusations.)

It would make sense, and also meet a modicum of polite behaviour, if those who are making inquiries into whois left a calling card so that those who are being data-mined at least know the identity of the data-miner.

To be a bit more explicit:

Whois access rules should be such that anyone who accesses the whois data should be required, as a pre-condition, to:

1. Leave their own identity and contact information, along with authentication of that identity and contact information.

2. Leave a statement stating the particulars, reasons, and factual basis upon which they are making the inquiry - if they can not state reasons then access ought to be denied. This list of reasons and facts could serve a kind of estoppel function should the data-miner use the whois data for another reason.

3. Agree to a privacy policy, with third party beneficiary rights in the data subject, that strongly restricts what use may be made of the data and requiring destruction of the copied data after a period of time.

This information should be sent to the data subject so that the domain name owner can know, unlike the unfortunate Joseph K., who is asking questions about him and why.

And a summary list of those making data inquiries should be periodically published to the public so that we all can see who are those who are making a large number of whois inquiries and thus who we might reasonably begin to suspect of data mining.

--karl--

_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/at-large_atlarge-lists.icann...

At-Large Official Site: http://atlarge.icann.org