On October 27, 2014 at 15:34 drc@virtualized.org (David Conrad) wrote:
Barry,
On Oct 27, 2014, at 10:28 AM, Barry Shein <bzs@world.std.com> wrote:
Oh no! The Four Horsement of the Infocalypse!
Being dismissive of concerns related to illegal activities that make use of the DNS does not, of course, make those concerns go away. A number of folks make use of the registration database in attempting to address illegal activities, as such it seems to me that it would be useful if that database was accurate.
Leading with "child porn" etc as a first-mentioned motivation strikes me as an attempt to snatch the moral high ground rather than discuss the issues -- oh and if you disagree with me you must be ok with child porn. I've chased child pornographers with LEO. By and large they are very, very careful about their identities. You're not going to just do a WHOIS query and jot down their address and phone number and pay them a visit. At any rate, we can all drive at 20MPH max and think of how many thousands of lives that would save every year...etc. Disagree? Do you want people to die?!? And so forth. That there's an intent or possibility to improve criminal investigations doesn't necessarily justify the means. And I still believe a lot of the energy behind the WHOIS rewrite has come from the intellectual property crowd (to reduce the cost of discovery) tho yes law enforcement loves better identity sources particularly if it's on someone else's budget.
It's the old problem,
Not really.
crooks don't hand out business cards.
Registration data is used to identify registrants, not crooks. As Mark Andrews pointed out, there are uses for identifying non-crook registrants. In rare cases, registrants are crooks and while I'd agree the sophisticated crooks will find ways around any requirements for accuracy, I believe there is value to having accuracy in the general case.
You're still just repeating potential motivations rather than telling us how these changes will accomplish those goals, and at what cost. How is any of that being accomplished by limiting access to the WHOIS data?
From page 21 of the Final Report:
"...the EWG recommends abandoning today's WHOIS model -- giving every user the same anonymous public access to (too often inaccurate) gTLD registration data. Instead, the EWG recommends a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use." (me: EWG = Expert Working Group) Ok, admittedly there's a lot more to the report than we're discussing here and the only fair way to review it is to read it which I recommend, again that URL: https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf or http://tinyurl.com/kdjdu7c Don't get me wrong, I consider it by and large well-intentioned. But that doesn't mean we can't disagree on some recommendations.
Or are you arguing we should simply remove Whois as a service available to the Internet?
And, again, at what cost, and to whom?
The cost obviously depends on the requirements and implementation.
The whom is and will always be the registrant. However, for the vast majority of registrants with a handful of domains, the costs are likely to be in the pennies. Granted, for the domainers with huge portfolios, the costs may be significant, however that is a cost of doing that particular business.
What about charging those with need for access to the data? Once we've limited access to "authenticated requestors" why not charge a fee for that authenticated access? That was part of my suggestion to put the public data in the DNS. Public data accessed via the DNS is free (for some value of free, but not usage charged.) And it has roughly the accuracy and precision we experience today. For more accurate data you can pay for a record request. Up to and including presenting a court order though I would hope that's not the common case.
That is one part of the outcome of ICANN's ongoing effort to try to fix the multiple decade long nightmare that is Whois, yes.
I don't see it as a "nightmare". It very much reflects the spirit of the internet. Much of it is free and voluntary and worth more than you paid for it. It's only when some imagine some specific, valuable use that they might become frustrated. Shall we try to clean up google (et al) result accuracy also?
It needs a public examination. This is a big change.
Agreed! And, in particular, it would be nice if network operators, who I believe make non-trivial use of Whois examine that change and determine whether the changes meet their requirements and if not, dare I say, participate in ICANN to make sure it does.
I don't think we're very far apart. We just have slightly different value weightings on some points.
Regards, -drc
-- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*