Hi John,
(...) I'm strongly opposed to requiring email or other registration in order to view thin or thick details. For the reasons outlined below, I think it's antithetical to the open and decentralized nature of the internet, and constitutes a form of internet surveillance. Is it though? Only for domain names do you have such a database. Other services on the open and decentralized internet do not seem to require it. For example the ones actually doing the abuse, e.g. users of mail and hosting services. Why should a domain name be treated differently than any other service that constitutes the internet?
First, putting aside repressive regimes, private networks and edge cases, one of the hallmark principles of the internet is that it's open; you don't have to register or justify your need to access information on the internet. And, it's decentralized. Historically, its open nature has included not only being able to see a website, but also the registration details for the website's domain name. And, whatever governments may do (which isn't the question here), there's no centralized internet surveillance or registration authority for internet users generally. You do have to justify the publication of private details. And I am sorry, but "Legitscript might need it" or even "Legitscript may not need this particular set of data but someone elses data" does not cut it as far as justifications go.
If we impose a scheme where there is a central organization with the authority to a) require registration and b) centrally control access, and c) (as has been proposed) require the user to provide a reason for their access, that organization then also has the ability to d) make judgment calls about what reasons are valid and which are not and e) maintain data on who accessed what RDS data, for what reason, for how long and why. Note also that at least one version of the EWG report said that f) the organization would be empowered to levy punitive measures against internet users who accessed more data than the RDS deems appropriate. Sounds good to me. If you want all this data on other people, why are you so shy about your own data? A journalist (or blogger) is writing an investigative article and wants to find out who is behind a domain name. If we require registration and disclosure of the reason, that in essence creates a situation where the RDS de facto is monitoring that journalist and determining if their basis for conducting the investigation is worthy. It also allows the RDS the ability to monitor the journalist's use of the domain name registration data. This potentially chills free speech. Does that reporter have a legally enforceable right to access that data? Would he have such a right to find out who rents the hosting space at hosting provider X?
* Consider a political activist who wishes to expose corruption by an elected politician and wants to access RDS information to show, for example, conflicts of interests in the politician's business operations. Once the political activist has to disclose who they are, let alone why they are accessing the information, that not only chills legitimate political activism but also potentially opens up a route for government abuse (e.g., if a government agency were able to subpoena the list of who accessed RDS information for which domain names and why).
Does that reporter have a legally enforceable right to access that data? Would he have such a right to find out who rents the hosting space at hosting provider X? Maybe a look at the tax returns of the elected politician would be more helpfull (Oops, hot topic!)
* Academic researchers periodically review Whois/RDS data; requiring them to register before reviewing data and disclose why they are doing the research potentially empowers the RDS to monitor academic research and determine its worthiness.
Should such research be possible? Does the right to academic freedom beat out the right of countless individuals to data privacy?
* Imagine that a cybercrime network is under investigation (as they are wont to be); requiring law enforcement to register -- particularly if there is a log of which domain names they reviewed RDS for -- can potentially compromise the investigation if that information is disclosed. Would registrants have the right to be informed every time that someone registered to review their RDS details?
We have not determined that yet. Let's consider that down the road along with the question if law enforcement of a particular jurisdiction should even be able to access data on a data subject in another jurisdiction. If I remember correctly, the legal authority of most law enforcement agencies ends at their national border.
For one central entity to possess that much power over internet users is something that I think we should avoid, and it's antithetical to the principles of openness and decentralization. There are other well-known solutions to spam and inappropriate contacts; forcing all other legitimate activities to grind to a screeching halt -- particular under the umbrella of a surveillance scheme -- is a cure worse than the disease. Well, I would argue that private data being public as it is now is worse than anything you proposed so far. --
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.