<html>
<head>
<meta content="text/html; charset=ISO-8859-7"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Dear all, Timothe<br>
<br>
You are not becoming even less popular at all, I always look forward
to reading your thoughtful and detailed posts.<br>
<br>
I believe Nuno was referring in his message to the
"responsibilities" rejoinder that you gave my "rights" points. <br>
<br>
You were right to submit that responsabilities are always part and
parcel of rights systems, and we would be wiser to dwell in the
details of applications of rights and privileges more than i did in
my first reply. <br>
<br>
I take full responsibility for bringing the analogy and i should
have known better ;)<br>
<br>
But there was a part of my original reply that addressed the
question of the balance reached IF we would go with point 14 as is
(i am not convinced i am not in agreement with you here). I asked <br>
<br>
<pre wrap="">"won't the unreachable party be the one ultimately penalized by the stabilizing actions
of network operators? And if so, and granted that anonymity does indeed put
pressure on network operators, isn't the balance achieved one where network
operators have a hard(er) job but where anonymous registrants mostly support
the risk of potentially drastic actions by network operators striving to
keep things going?"</pre>
Now i fully understand that a whois privacy issue goes to a wider
set of issues than merely privacy rights and the pragmatics of
network maintenance. For example, it also needs to be balanced
against the incentives it would bring about for cybersquatting/name
highjacking. <br>
<br>
I say it is too bad that the deadline is so close. I hope to have
something more constructive to say later tonight.<br>
<br>
Still tentatively,<br>
<br>
Nicolas<br>
<br>
On 7/22/2011 12:57 PM, Timothe Litt wrote:
<blockquote cite="mid:34B4147F5F4B4CCEBAA1CFD0484EF215@sb.litts.net"
type="cite">
<meta content="text/html; charset=ISO-8859-7"
http-equiv="Content-Type">
<meta name="GENERATOR" content="MSHTML 8.00.6001.19088">
<div dir="ltr" align="left"><span class="744485715-22072011"><font
color="#0000ff" face="Arial" size="2">Nuno,</font></span></div>
<div dir="ltr" align="left"><span class="744485715-22072011"></span> </div>
<div dir="ltr" align="left"><span class="744485715-22072011"><font
color="#0000ff" face="Arial" size="2">I think that you are
addressing a different issue. Let's stick to the subject at
hand. I didn't pick the driving analogy (Nicolas did), but
it isn't a bad one. We can use any other, but the
underlying issue remains. I'll attempt to differentiate my
comments from your remarks.</font></span></div>
<div dir="ltr" align="left"><span class="744485715-22072011"></span> </div>
<div dir="ltr" align="left"><span class="744485715-22072011"><font
color="#0000ff" face="Arial" size="2">I <strong>support</strong>
full access to the internet by everyone, everywhere, any
time - I do not see how you reached the opposite
conclusion. </font></span></div>
<div dir="ltr" align="left"><span class="744485715-22072011"></span> </div>
<div dir="ltr" align="left"><span class="744485715-22072011"><font
color="#0000ff" face="Arial" size="2">Requiring that people
who <strong>choose</strong> to register a domain name are
contactable <strong>does not</strong> deny anyone access to
the internet or the information published thereon. You
don't need a domain name to access the internet - any ISP,
internet cafe, or thousands of other access points suffice.
You also do not need a domain name to freely publish on the
internet - hosting services (web, ftp and other) abound -
many at zero cost. </font></span></div>
<div dir="ltr" align="left"><span class="744485715-22072011"></span> </div>
<div dir="ltr" align="left"><span class="744485715-22072011"><font
color="#0000ff" face="Arial" size="2"><strong>If you
register a domain name, you are becoming part of the
network infrastructure</strong> - and that requires that
you be contactable. Perhaps it's that your domain name
isn't resolvable from some part of the world - or has
invalid signatures that cause web browsing to fail, is
supplying poisoned cache records, or is supporting a DDOS
attack. Or your mail server is generating spam. Whether
you personally operate those servers, or contract someone
else to do so for your domain - once you register a domain
name, you are responsible for having them operate
responsibly. And "responsibly" isn't subjective - it's the
subject of the RFCs and standards that make the nework
function. This is <strong>not</strong> religion, politics,
morality or personal hygiene. If you register a domain name
and do not live up to your responsbilities, the privilege of
having a domain name, like that of driving, can be revoked.
That doesn't prevent you from using the internet without one
- or using postal mail or the telephone. </font></span></div>
<div dir="ltr" align="left"><span class="744485715-22072011"></span> </div>
<div dir="ltr" align="left"><span class="744485715-22072011"><font
color="#0000ff" face="Arial" size="2">The "crooks" to whom I
referred are the people who seek to destabilize the network
for fun, and increasingly for profit. The identity thieves,
SPAM generators, virus senders, robonet creators, denial of
service attackers/extortion specialists, malicious
trespassers, information thieves and purveyors of fraud.
All these activities violate the network's standards - as
well as criminal law in most jurisdictions. I don't think
you are one of these - nor should you be supporting a policy
that makes it easier for them to conduct their activites
beyond any means of contact. </font></span></div>
<div dir="ltr" align="left"><span class="744485715-22072011"></span> </div>
<div dir="ltr" align="left"><span class="744485715-22072011"><font
color="#0000ff" face="Arial" size="2"><strong>I support
individual privacy</strong>. I am sensitve to the needs
of those whose personal safety is at risk if their location
were disclosed, as well as of those (including myself) who
simply value privacy for its own sake. As a result, <strong>I
support proxy services as a means of safeguarding</strong>
the <strong>privacy</strong> of those who want to register
domain names, <strong>while providing for stable network
operations and accountability</strong>. I do not propose
to dictate that a particular proxy service must be used. It
is the registrant's choice whether to use one, and which one
to use. I only insist that proxy services, like registrars,
meet minimum service standards. Specifically, that the
people behind the proxy actually be contactable through them
in a timely maner. And, that a proxy service disclose the
extent of privacy protection that it provides. That's
hardly putting people in jail. It's a pretty minimal
requrement.</font></span></div>
<div dir="ltr" align="left"><span class="744485715-22072011"></span> </div>
<div><font color="#0000ff" face="Arial" size="2"><span
class="744485715-22072011">I<strong> support internet
freedom of expression and universal access</strong>, which
are only possible when a stable network exists. Those who <strong>choose</strong>
to become part of the network's operation - "even" by
registering a domain name - assume the responsiblity and the
duty to meet the standards required for it to deliver those
benefits to everyone. If you can't discharge those
responsibilites/duties, you can not register a domain name.
(But you can access the internet through others.)</span></font></div>
<div><font color="#0000ff" face="Arial" size="2"><span
class="744485715-22072011"></span></font> </div>
<div><font color="#0000ff" face="Arial" size="2"><span
class="744485715-22072011">
<div dir="ltr" align="left"><span class="744485715-22072011"><font
color="#0000ff" face="Arial" size="2">The draft
recomendation under item 14 proposes that registrants
be allowed to provide no contact, or fraudlent contact
information. This is totally unacceptable. And for
NCSG to endorse this recomendation is irresponsible,
for the reasons given here and in my previous notes.
<strong>It must not be put forth as drafted.</strong></font></span></div>
</span></font></div>
<div><!-- Converted from text/plain format --></div>
<div><span class="744485715-22072011"><font color="#0000ff"
face="Arial" size="2">Other issues of internet
access/freedom are valuable, but should not be confounded
with this issue - please use another thread.</font></span></div>
<div><br>
</div>
<p><font size="2"><!-- Converted from text/plain format --></font></p>
<font size="2">
<p><font size="2">Timothe Litt<br>
ACM Distinguished Engineer<br>
---------------------------------------------------------<br>
This communication may not represent the ACM or my
employer's views,<br>
if any, on the matters discussed.<br>
<br>
</font> </p>
</font>
<p><font size="2"> </font> </p>
<div> </div>
<br>
<div dir="ltr" class="OutlookMessageHeader" align="left"
lang="en-us">
<hr tabindex="-1">
<font face="Tahoma" size="2"><b>From:</b> <a class="moz-txt-link-abbreviated" href="mailto:nuno.mgarcia@gmail.com">nuno.mgarcia@gmail.com</a>
[<a class="moz-txt-link-freetext" href="mailto:nuno.mgarcia@gmail.com">mailto:nuno.mgarcia@gmail.com</a>] <b>On Behalf Of </b>Nuno
Garcia<br>
<b>Sent:</b> Friday, July 22, 2011 11:39<br>
<b>To:</b> Timothe Litt<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:NCSG-NCUC-DISCUSS@listserv.syr.edu">NCSG-NCUC-DISCUSS@listserv.syr.edu</a><br>
<b>Subject:</b> Re: [ncsg-policy] Proposed NCUC Comments on
the WHOIS Review Team Discussion Paper<br>
</font><br>
</div>
Hi all, hi Timothe,
<div><br>
</div>
<div>Allow me to disagree with some of the things you say bellow,
mostly because I think the comparison you chose is not adequate.</div>
<div><br>
</div>
<div>In the Information Society we are all trying to build, to
prevent someone from accessing information in the manner it is
published is a violation of some of the basic Human Rights (and
I mean the ones from the charter of rights published some 50
years ago by the UN).</div>
<div><br>
</div>
<div>Let me explain: some governenments and almost all companies
publish information that is critical to a responsible
citizenship in the web, sometimes only in the web, many times
free on the web but payable everywhere else.</div>
<div><br>
</div>
<div>To put it bluntly, in Europe, the access to Internet is view
by legislators as as important as the access to electricity,
water and health.</div>
<div><br>
</div>
<div>Please don't get me wrong, I too am a strong advocate of
responsible citizenship. <br>
<br>
</div>
<div>Yet I am not ever in favou that this group takes on the
responsabilities or tries to impose or define responsabilities
onto its represented elements. There are authorities for that
and that would be way out of our powers. </div>
<div><br>
</div>
<div>I propose that if that is the case, we build a charter of
rights and responsabilities for a responsible cyber-citizenship
(or whatever name you find more suitable).</div>
<div><br>
</div>
<div>Let me know explain why the example you chose is ill formed.</div>
<div><br>
</div>
<div>If a driver misbehaves you may prevent him from driving, not
as a punishment, but as a mean to safeguard all other users of
public roads.</div>
<div><br>
</div>
<div>Again, the government may prevent him from driving, but
unless the offense was a crime, it cannot prevent him from using
public transportation, or walking. </div>
<div><br>
</div>
<div>What you propose is somehow similar to put the citizen in a
jail where he cannot move or has limited movements.</div>
<div><br>
</div>
<div>On another aspect, the Internet (capital I), is a privilede,
and a right. A right that derives from the fact that the
information it contains is public domain. A right like reading a
newspaper, or listening to the news and the music in the radio
or watching TV.</div>
<div><br>
</div>
<div>The Internet is the mean through which many of the rights
described in the Human Rights Charter are made available to us.</div>
<div><br>
</div>
<div>And may I add, even risking to be one of the "crooks" you
mention: we should never take this discussion to the point where
we define who is a crook and who isn't. This is a very very very
dangerous path and this is not the way we should go. In no time
we will be discussing religion, moral, and other extremely
personal and subjective things.</div>
<div><br>
</div>
<div>I hope to have contributed to this discussion.</div>
<div>Warm regards from Portugal,</div>
<div><br>
</div>
<div>Nuno Garcia</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div class="gmail_quote">2011/7/22 Timothe Litt <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:litt@acm.org">litt@acm.org</a>></span><br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px
0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">At the
risk of becoming even less popular, let's see where your
analogy<br>
takes us:<br>
<br>
Like driving, a network presence, including a domain name,
is a privilege<br>
and not an absolute right.<br>
<br>
On the roads, there are standards of behavior that are
enforced for the<br>
safety and convenience of all. And vehicles must have tags
that identify<br>
the owner/operator. An unidentified vehicle strewing sharp
objects (or<br>
explosives) down the road is a problem for everyone. While
it will<br>
eventually be stopped, the damage it causes is amplified by
the amount of<br>
time that it takes to identify it. So we have registration
tags... And<br>
those who drive sufficiently irresponsibly have their
privilege revoked -<br>
even if it means they lose their livelihood.<br>
<br>
The internet is a far more complex machine. With the
privilege of becoming<br>
a part of that machine come some responsibilities. Being
able to be<br>
contacted when, through error, malfunction, or malicious
intent one has a<br>
negative impact on the machine and/or its users is a basic
responsibility.<br>
And those "network operators" aren't (just) some big
anonymous corporation<br>
staffed by paid technicians; they're also individuals with
their one PC<br>
running their own mail/web/dns server - because they don't
want to entrust<br>
their personal data to the whims of some ISP. Burdening
"them" is burdening<br>
"us". And it's hard enough for "us" to get "them" to take
action against<br>
bad actors when we can identify them - when we can't, it's
virtually<br>
impossible.<br>
<br>
Reachability via proxy provides anonymity sufficient for
protecting the<br>
privacy needs of virtually anyone who needs to be part of
the network. Just<br>
like the vehicle whose registration address is a trust or
corporation's<br>
attorney. That scheme protects those with the need (or
simply desire) for<br>
privacy. The strength of the proxy can be adjusted to need
- providing it<br>
still provides access. So maybe you trust your
government-run ISP to proxy<br>
your contact information - or maybe you employ an attorney
in a state on the<br>
other side of the world with different privacy laws and a
private army. I<br>
don't care which - as long as I can communicate thru the
proxy to someone<br>
who can fix or diagnose a problem. And as long as failure
to<br>
respond/cooperate allows the privilege of being part of the
network to be<br>
terminated - with due process (and lots of "reasonable" in
the definitions).<br>
<br>
Providing fraudulent/no contact information is not
consistent with being a<br>
good citizen. Proxies provide an adequate alternative, with
sufficient<br>
privacy protection for those who need/desire it.<br>
<br>
We (NCUC) can't be just about "rights"; responsibilities are
part of<br>
citizenship too. We should not be advocating bad
citizenship, or making it<br>
"officially acceptable". It's bad for the network. It's
bad for our<br>
credibility as an organization of responsible people. It's
even bad for<br>
good people who think it in their interest to be unreachable
- because they<br>
can lose domain names, connectivity and operational help.
The only people<br>
it's good for are the crooks/bad actors. And NCUC should
not be helping to<br>
make their lives easier.<br>
<br>
It's a choice to be part of the network, just as it's a
choice to become a<br>
licensed driver. Those who can't/won't accept the rules of
good citizenship<br>
can employ others to network - or drive - for them. (Yes,
bad/unreasonable<br>
rules can/should be fought. This isn't one.)<br>
<br>
We don't tolerate unlicensed drivers or unregistered
vehicles - or vandalism<br>
of others' vehicles and roads. And while we allow proxy
registration of<br>
vehicles, driver's licenses have a verifiable name, contact
address and<br>
photo. Perhaps that's a sacrifice of some absolutist sense
of "liberty",<br>
but it does make our transportation system work (more or
less). I don't<br>
think it unreasonable to expect the same of those on the
network of<br>
electrons as of those on the network of roads.<br>
<div class="im"><br>
Timothe Litt<br>
ACM Distinguished Engineer<br>
---------------------------------------------------------<br>
This communication may not represent the ACM or my
employer's views,<br>
if any, on the matters discussed.<br>
<br>
<br>
-----Original Message-----<br>
From: NCSG-NCUC [mailto:<a moz-do-not-send="true"
href="mailto:NCSG-NCUC-DISCUSS@LISTSERV.SYR.EDU">NCSG-NCUC-DISCUSS@LISTSERV.SYR.EDU</a>]
On Behalf Of<br>
</div>
Nicolas Adam<br>
<div class="im">Sent: Thursday, July 21, 2011 22:09<br>
To: <a moz-do-not-send="true"
href="mailto:NCSG-NCUC-DISCUSS@LISTSERV.SYR.EDU">NCSG-NCUC-DISCUSS@LISTSERV.SYR.EDU</a><br>
Subject: Re: [ncsg-policy] Proposed NCUC Comments on the
WHOIS Review Team<br>
Discussion Paper<br>
<br>
</div>
<div>
<div class="h5">I guess in principle (or in theory, if
you'd prefer) i would be tempted to<br>
say that privacy trumps the pragmatics of efficient
network maintenance, but<br>
i'm not so sure that I get the whole technical challenge
of actually keeping<br>
the stuff working ... so....<br>
<br>
If i may venture a question, at the risk of exposing my
ignorance: what if<br>
something needs be dealt with and you can't reach a
responsible person. In<br>
the end, depending on the gravity of the situation of
course, won't the<br>
unreachable party be the one ultimately penalized by the
stabilizing actions<br>
of network operators? And if so, and granted that
anonymity does indeed put<br>
pressure on network operators, isn't the balance
achieved one where network<br>
operators have a hard(er) job but where anonymous
registrants mostly support<br>
the risk of potentially drastic actions by network
operators striving to<br>
keep things going?<br>
<br>
Because frankly whois rules cannot be made to easily
protect every person<br>
protected by a restraining order, that would be
overreaching, in my opinion.<br>
Privacy, in a twisted but important sense, give us a
"right"<br>
to misbehave in my opinion. It's what gives value to
good behavior. Any<br>
system that makes it practically impossible to misbehave
(think cars with<br>
built-in police radars) sap the value of good behavior
right out of life. I<br>
believe this argument was made often ¯ whether from a
moral, legal,<br>
political or economical point of view ¯ under the rubric
of "liberty".<br>
<br>
Tentatively,<br>
<br>
Nicolas<br>
<br>
On 7/21/2011 8:17 AM, Timothe Litt wrote:<br>
> Although I support most of the proposed comments, I
disagree with<br>
> recommendation 14.<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</body>
</html>