A translation (was Re: An update from the ICANN ISPCP meeting...)

Barry Shein bzs at world.std.com
Tue Oct 28 00:34:35 UTC 2014


On October 27, 2014 at 15:34 drc at virtualized.org (David Conrad) wrote:
 > Barry,
 > 
 > On Oct 27, 2014, at 10:28 AM, Barry Shein <bzs at world.std.com> wrote:
 > > Oh no! The Four Horsement of the Infocalypse!
 > 
 > Being dismissive of concerns related to illegal activities that make use of the DNS does not, of course, make those concerns go away. A number of folks make use of the registration database in attempting to address illegal activities, as such it seems to me that it would be useful if that database was accurate.

Leading with "child porn" etc as a first-mentioned motivation strikes
me as an attempt to snatch the moral high ground rather than discuss
the issues -- oh and if you disagree with me you must be ok with child
porn.

I've chased child pornographers with LEO. By and large they are very,
very careful about their identities. You're not going to just do a
WHOIS query and jot down their address and phone number and pay them a
visit.

At any rate, we can all drive at 20MPH max and think of how many
thousands of lives that would save every year...etc. Disagree? Do you
want people to die?!? And so forth.

That there's an intent or possibility to improve criminal
investigations doesn't necessarily justify the means.

And I still believe a lot of the energy behind the WHOIS rewrite has
come from the intellectual property crowd (to reduce the cost of
discovery) tho yes law enforcement loves better identity sources
particularly if it's on someone else's budget.

 > 
 > > It's the old problem,
 > 
 > Not really.
 > 
 > > crooks don't hand out business cards.
 > 
 > Registration data is used to identify registrants, not crooks. As Mark Andrews pointed out, there are uses for identifying non-crook registrants. In rare cases, registrants are crooks and while I'd agree the sophisticated crooks will find ways around any requirements for accuracy, I believe there is value to having accuracy in the general case.

You're still just repeating potential motivations rather than telling
us how these changes will accomplish those goals, and at what cost.

How is any of that being accomplished by limiting access to the WHOIS
data?

>From page 21 of the Final Report:

  "...the EWG recommends abandoning today's WHOIS model -- giving
  every user the same anonymous public access to (too often
  inaccurate) gTLD registration data. Instead, the EWG recommends a
  paradigm shift whereby gTLD registration data is collected,
  validated and disclosed for permissible purposes only, with some
  data elements being accessible only to authenticated requestors that
  are then held accountable for appropriate use."

  (me: EWG = Expert Working Group)

Ok, admittedly there's a lot more to the report than we're discussing
here and the only fair way to review it is to read it which I
recommend, again that URL:

  https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf

or

  http://tinyurl.com/kdjdu7c

Don't get me wrong, I consider it by and large well-intentioned.

But that doesn't mean we can't disagree on some recommendations.

 > 
 > Or are you arguing we should simply remove Whois as a service available to the Internet?
 > 
 > > And, again, at what cost, and to whom?
 > 
 > The cost obviously depends on the requirements and implementation.
 > 
 > The whom is and will always be the registrant.  However, for the vast majority of registrants with a handful of domains, the costs are likely to be in the pennies. Granted, for the domainers with huge portfolios, the costs may be significant, however that is a cost of doing that particular business.

What about charging those with need for access to the data?

Once we've limited access to "authenticated requestors" why not charge
a fee for that authenticated access?

That was part of my suggestion to put the public data in the DNS.

Public data accessed via the DNS is free (for some value of free, but
not usage charged.) And it has roughly the accuracy and precision we
experience today.

For more accurate data you can pay for a record request.

Up to and including presenting a court order though I would hope
that's not the common case.

 > 
 > >> That is one part of the outcome of ICANN's ongoing effort to try to fix the multiple decade long nightmare that is Whois, yes.

I don't see it as a "nightmare".

It very much reflects the spirit of the internet. Much of it is free
and voluntary and worth more than you paid for it.

It's only when some imagine some specific, valuable use that they
might become frustrated.

Shall we try to clean up google (et al) result accuracy also?

 > > It needs a public examination. This is a big change.
 > 
 > Agreed! And, in particular, it would be nice if network operators, who I believe make non-trivial use of Whois examine that change and determine whether the changes meet their requirements and if not, dare I say, participate in ICANN to make sure it does.

I don't think we're very far apart.

We just have slightly different value weightings on some points.

 > 
 > Regards,
 > -drc
 > 

-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*



More information about the NANOG mailing list