[ncsg-policy] Proposed NCUC Comments on the WHOIS Review Team Discussion Paper

[Timothe Litt]

At the risk of becoming even less popular, let's see where your analogy
takes us:

Like driving, a network presence, including a domain name, is a privilege
and not an absolute right.

On the roads, there are standards of behavior that are enforced for the
safety and convenience of all.  And vehicles must have tags that identify
the owner/operator.  An unidentified vehicle strewing sharp objects (or
explosives) down the road is a problem for everyone.  While it will
eventually be stopped, the damage it causes is amplified by the amount of
time that it takes to identify it.  So we have registration tags...  And
those who drive sufficiently irresponsibly have their privilege revoked -
even if it means they lose their livelihood.

The internet is a far more complex machine.  With the privilege of becoming
a part of that machine come some responsibilities.  Being able to be
contacted when, through error, malfunction, or malicious intent one has a
negative impact on the machine and/or its users is a basic responsibility.
And those "network operators" aren't (just) some big anonymous corporation
staffed by paid technicians; they're also individuals with their one PC
running their own mail/web/dns server - because they don't want to entrust
their personal data to the whims of some ISP.  Burdening "them" is burdening
"us".  And it's hard enough for "us" to get "them" to take action against
bad actors when we can identify them - when we can't, it's virtually
impossible. 

Reachability via proxy provides anonymity sufficient for protecting the
privacy needs of virtually anyone who needs to be part of the network.  Just
like the vehicle whose registration address is a trust or corporation's
attorney.  That scheme protects those with the need (or simply desire) for
privacy.  The strength of the proxy can be adjusted to need - providing it
still provides access.  So maybe you trust your government-run ISP to proxy
your contact information - or maybe you employ an attorney in a state on the
other side of the world with different privacy laws and a private army.  I
don't care which - as long as I can communicate thru the proxy to someone
who can fix or diagnose a problem.  And as long as failure to
respond/cooperate allows the privilege of being part of the network to be
terminated - with due process (and lots of "reasonable" in the definitions).

Providing fraudulent/no contact information is not consistent with being a
good citizen.  Proxies provide an adequate alternative, with sufficient
privacy protection for those who need/desire it.  

We (NCUC) can't be just about "rights"; responsibilities are part of
citizenship too.  We should not be advocating bad citizenship, or making it
"officially acceptable".  It's bad for the network.  It's bad for our
credibility as an organization of responsible people.  It's even bad for
good people who think it in their interest to be unreachable - because they
can lose domain names, connectivity and operational help.  The only people
it's good for are the crooks/bad actors.  And NCUC should not be helping to
make their lives easier.

It's a choice to be part of the network, just as it's a choice to become a
licensed driver.  Those who can't/won't accept the rules of good citizenship
can employ others to network - or drive - for them.  (Yes, bad/unreasonable
rules can/should be fought.  This isn't one.)

We don't tolerate unlicensed drivers or unregistered vehicles - or vandalism
of others' vehicles and roads.  And while we allow proxy registration of
vehicles, driver's licenses have a verifiable name, contact address and
photo.  Perhaps that's a sacrifice of some absolutist sense of "liberty",
but it does make our transportation system work (more or less).  I don't
think it unreasonable to expect the same of those on the network of
electrons as of those on the network of roads.

Timothe Litt
ACM Distinguished Engineer
---------------------------------------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

  
-----Original Message-----
From: NCSG-NCUC [mailto:NCSG-NCUC-DISCUSS at LISTSERV.SYR.EDU] On Behalf Of
Nicolas Adam
Sent: Thursday, July 21, 2011 22:09
To: NCSG-NCUC-DISCUSS at LISTSERV.SYR.EDU
Subject: Re: [ncsg-policy] Proposed NCUC Comments on the WHOIS Review Team
Discussion Paper

I guess in principle (or in theory, if you'd prefer) i would be tempted to
say that privacy trumps the pragmatics of efficient network maintenance, but
i'm not so sure that I get the whole technical challenge of actually keeping
the stuff working ... so....

If i may venture a question, at the risk of exposing my ignorance: what if
something needs be dealt with and you can't reach a responsible person. In
the end, depending on the gravity of the situation of course, won't the
unreachable party be the one ultimately penalized by the stabilizing actions
of network operators? And if so, and granted that anonymity does indeed put
pressure on network operators, isn't the balance achieved one where network
operators have a hard(er) job but where anonymous registrants mostly support
the risk of potentially drastic actions by network operators striving to
keep things going?

Because frankly whois rules cannot be made to easily protect every person
protected by a restraining order, that would be overreaching, in my opinion.
Privacy, in a twisted but important sense, give us a "right" 
to misbehave in my opinion. It's what gives value to good behavior. Any
system that makes it practically impossible to misbehave (think cars with
built-in police radars) sap the value of good behavior right out of life. I
believe this argument was made often ― whether from a moral, legal,
political or economical point of view ― under the rubric of "liberty".

Tentatively,

Nicolas

On 7/21/2011 8:17 AM, Timothe Litt wrote:
> Although I support most of the proposed comments, I disagree with 
> recommendation 14.