[ncsg-policy] Proposed NCUC Comments on the WHOIS Review Team Discussion Paper

Nicolas Adam nickolas.adam at GMAIL.COM
Fri Jul 22 21:13:37 CEST 2011


Dear all, Timothe

You are not becoming even less popular at all, I always look forward to 
reading your thoughtful and detailed posts.

I believe Nuno was referring in his message to the "responsibilities" 
rejoinder that you gave my "rights" points.

You were right to submit that responsabilities are always part and 
parcel of rights systems, and we would be wiser to dwell in the details 
of applications of rights and privileges more than i did in my first reply.

I take full responsibility for bringing the analogy and i should have 
known better ;)

But there was a part of my original reply that addressed the question of 
the balance reached IF we would go with point 14 as is (i am not 
convinced i am not in agreement with you here). I asked

"won't the unreachable party be the one ultimately penalized by the stabilizing actions
of network operators? And if so, and granted that anonymity does indeed put
pressure on network operators, isn't the balance achieved one where network
operators have a hard(er) job but where anonymous registrants mostly support
the risk of potentially drastic actions by network operators striving to
keep things going?"

Now i fully understand that a whois privacy issue goes to a wider set of 
issues than merely privacy rights and the pragmatics of network 
maintenance. For example, it also needs to be balanced against the 
incentives it would bring about for cybersquatting/name highjacking.

I say it is too bad that the deadline is so close. I hope to have 
something more constructive to say later tonight.

Still tentatively,

Nicolas

On 7/22/2011 12:57 PM, Timothe Litt wrote:
> Nuno,
> I think that you are addressing a different issue.  Let's stick to the 
> subject at hand.  I didn't pick the driving analogy (Nicolas did), but 
> it isn't a bad one.  We can use any other, but the underlying issue 
> remains.  I'll attempt to differentiate my comments from your remarks.
> I *support* full access to the internet by everyone, everywhere, any 
> time - I do not see how you reached the opposite conclusion.
> Requiring that people who *choose* to register a domain name are 
> contactable *does not* deny anyone access to the internet or the 
> information published thereon.  You don't need a domain name to access 
> the internet - any ISP, internet cafe, or thousands of other access 
> points suffice.  You also do not need a domain name to freely publish 
> on the internet - hosting services (web, ftp and other) abound - many 
> at zero cost.
> *If you register a domain name, you are becoming part of the network 
> infrastructure* - and that requires that you be contactable.  Perhaps 
> it's that your domain name isn't resolvable from some part of the 
> world - or has invalid signatures that cause web browsing to fail, is 
> supplying poisoned cache records, or is supporting a DDOS attack.  Or 
> your mail server is generating spam.  Whether you personally operate 
> those servers, or contract someone else to do so for your domain - 
> once you register a domain name, you are responsible for having them 
> operate responsibly.  And "responsibly" isn't subjective - it's the 
> subject of the RFCs and standards that make the nework function.  This 
> is *not* religion, politics, morality or personal hygiene.  If you 
> register a domain name and do not live up to your responsbilities, the 
> privilege of having a domain name, like that of driving, can be 
> revoked.  That doesn't prevent you from using the internet without one 
> - or using postal mail or the telephone.
> The "crooks" to whom I referred are the people who seek to destabilize 
> the network for fun, and increasingly for profit.  The identity 
> thieves, SPAM generators, virus senders, robonet creators, denial of 
> service attackers/extortion specialists, malicious trespassers, 
> information thieves and purveyors of fraud.  All these activities 
> violate the network's standards - as well as criminal law in most 
> jurisdictions.  I don't think you are one of these - nor should you be 
> supporting a policy that makes it easier for them to conduct their 
> activites beyond any means of contact.
> *I support individual privacy*.  I am sensitve to the needs of those 
> whose personal safety is at risk if their location were disclosed, as 
> well as of those (including myself) who simply value privacy for its 
> own sake.  As a result, *I support proxy services as a means of 
> safeguarding* the *privacy* of those who want to register domain 
> names, *while providing for stable network operations and 
> accountability*.  I do not propose to dictate that a particular proxy 
> service must be used.  It is the registrant's choice whether to use 
> one, and which one to use.  I only insist that proxy services, like 
> registrars, meet minimum service standards.  Specifically, that the 
> people behind the proxy actually be contactable through them in a 
> timely maner.  And, that a proxy service disclose the extent of 
> privacy protection that it provides.  That's hardly putting people in 
> jail.  It's a pretty minimal requrement.
> I*support internet freedom of expression and universal access*, which 
> are only possible when a stable network exists.  Those who *choose* to 
> become part of the network's operation - "even" by registering a 
> domain name - assume the responsiblity and the duty to meet the 
> standards required for it to deliver those benefits to everyone.  If 
> you can't discharge those responsibilites/duties, you can not register 
> a domain name.  (But you can access the internet through others.)
> The draft recomendation under item 14 proposes that registrants be 
> allowed to provide no contact, or fraudlent contact information.  This 
> is totally unacceptable.  And for NCSG to endorse this recomendation 
> is irresponsible, for the reasons given here and in my previous notes. 
> *It must not be put forth as drafted.*
> Other issues of internet access/freedom are valuable, but should not 
> be confounded with this issue - please use another thread.
>
> Timothe Litt
> ACM Distinguished Engineer
> ---------------------------------------------------------
> This communication may not represent the ACM or my employer's views,
> if any, on the matters discussed.
>
>
> ------------------------------------------------------------------------
> *From:* nuno.mgarcia at gmail.com [mailto:nuno.mgarcia at gmail.com] *On 
> Behalf Of *Nuno Garcia
> *Sent:* Friday, July 22, 2011 11:39
> *To:* Timothe Litt
> *Cc:* NCSG-NCUC-DISCUSS at listserv.syr.edu
> *Subject:* Re: [ncsg-policy] Proposed NCUC Comments on the WHOIS 
> Review Team Discussion Paper
>
> Hi all, hi Timothe,
>
> Allow me to disagree with some of the things you say bellow, mostly 
> because I think the comparison you chose is not adequate.
>
> In the Information Society we are all trying to build, to prevent 
> someone from accessing information in the manner it is published is a 
> violation of some of the basic Human Rights (and I mean the ones from 
> the charter of rights published some 50 years ago by the UN).
>
> Let me explain: some governenments and almost all companies publish 
> information that is critical to a responsible citizenship in the web, 
> sometimes only in the web, many times free on the web but payable 
> everywhere else.
>
> To put it bluntly, in Europe, the access to Internet is view by 
> legislators as as important as the access to electricity, water and 
> health.
>
> Please don't get me wrong, I too am a strong advocate of responsible 
> citizenship.
>
> Yet I am not ever in favou that this group takes on the 
> responsabilities or tries to impose or define responsabilities onto 
> its represented elements. There are authorities for that and that 
> would be way out of our powers.
>
> I propose that if that is the case, we build a charter of rights and 
> responsabilities for a responsible cyber-citizenship (or whatever name 
> you find more suitable).
>
> Let me know explain why the example you chose is ill formed.
>
> If a driver misbehaves you may prevent him from driving, not as a 
> punishment, but as a mean to safeguard all other users of public roads.
>
> Again, the government may prevent him from driving, but unless the 
> offense was a crime, it cannot prevent him from using public 
> transportation, or walking.
>
> What you propose is somehow similar to put the citizen in a jail where 
> he cannot move or has limited movements.
>
> On another aspect, the Internet (capital I), is a privilede, and a 
> right. A right that derives from the fact that the information it 
> contains is public domain. A right like reading a newspaper, or 
> listening to the news and the music in the radio or watching TV.
>
> The Internet is the mean through which many of the rights described in 
> the Human Rights Charter are made available to us.
>
> And may I add, even risking to be one of the "crooks" you mention: we 
> should never take this discussion to the point where we define who is 
> a crook and who isn't. This is a very very very dangerous path and 
> this is not the way we should go. In no time we will be discussing 
> religion, moral, and other extremely personal and subjective things.
>
> I hope to have contributed to this discussion.
> Warm regards from Portugal,
>
> Nuno Garcia
>
>
> 2011/7/22 Timothe Litt <litt at acm.org <mailto:litt at acm.org>>
>
>     At the risk of becoming even less popular, let's see where your
>     analogy
>     takes us:
>
>     Like driving, a network presence, including a domain name, is a
>     privilege
>     and not an absolute right.
>
>     On the roads, there are standards of behavior that are enforced
>     for the
>     safety and convenience of all.  And vehicles must have tags that
>     identify
>     the owner/operator.  An unidentified vehicle strewing sharp
>     objects (or
>     explosives) down the road is a problem for everyone.  While it will
>     eventually be stopped, the damage it causes is amplified by the
>     amount of
>     time that it takes to identify it.  So we have registration
>     tags...  And
>     those who drive sufficiently irresponsibly have their privilege
>     revoked -
>     even if it means they lose their livelihood.
>
>     The internet is a far more complex machine.  With the privilege of
>     becoming
>     a part of that machine come some responsibilities.  Being able to be
>     contacted when, through error, malfunction, or malicious intent
>     one has a
>     negative impact on the machine and/or its users is a basic
>     responsibility.
>     And those "network operators" aren't (just) some big anonymous
>     corporation
>     staffed by paid technicians; they're also individuals with their
>     one PC
>     running their own mail/web/dns server - because they don't want to
>     entrust
>     their personal data to the whims of some ISP.  Burdening "them" is
>     burdening
>     "us".  And it's hard enough for "us" to get "them" to take action
>     against
>     bad actors when we can identify them - when we can't, it's virtually
>     impossible.
>
>     Reachability via proxy provides anonymity sufficient for
>     protecting the
>     privacy needs of virtually anyone who needs to be part of the
>     network.  Just
>     like the vehicle whose registration address is a trust or
>     corporation's
>     attorney.  That scheme protects those with the need (or simply
>     desire) for
>     privacy.  The strength of the proxy can be adjusted to need -
>     providing it
>     still provides access.  So maybe you trust your government-run ISP
>     to proxy
>     your contact information - or maybe you employ an attorney in a
>     state on the
>     other side of the world with different privacy laws and a private
>     army.  I
>     don't care which - as long as I can communicate thru the proxy to
>     someone
>     who can fix or diagnose a problem.  And as long as failure to
>     respond/cooperate allows the privilege of being part of the
>     network to be
>     terminated - with due process (and lots of "reasonable" in the
>     definitions).
>
>     Providing fraudulent/no contact information is not consistent with
>     being a
>     good citizen.  Proxies provide an adequate alternative, with
>     sufficient
>     privacy protection for those who need/desire it.
>
>     We (NCUC) can't be just about "rights"; responsibilities are part of
>     citizenship too.  We should not be advocating bad citizenship, or
>     making it
>     "officially acceptable".  It's bad for the network.  It's bad for our
>     credibility as an organization of responsible people.  It's even
>     bad for
>     good people who think it in their interest to be unreachable -
>     because they
>     can lose domain names, connectivity and operational help.  The
>     only people
>     it's good for are the crooks/bad actors.  And NCUC should not be
>     helping to
>     make their lives easier.
>
>     It's a choice to be part of the network, just as it's a choice to
>     become a
>     licensed driver.  Those who can't/won't accept the rules of good
>     citizenship
>     can employ others to network - or drive - for them.  (Yes,
>     bad/unreasonable
>     rules can/should be fought.  This isn't one.)
>
>     We don't tolerate unlicensed drivers or unregistered vehicles - or
>     vandalism
>     of others' vehicles and roads.  And while we allow proxy
>     registration of
>     vehicles, driver's licenses have a verifiable name, contact
>     address and
>     photo.  Perhaps that's a sacrifice of some absolutist sense of
>     "liberty",
>     but it does make our transportation system work (more or less).  I
>     don't
>     think it unreasonable to expect the same of those on the network of
>     electrons as of those on the network of roads.
>
>     Timothe Litt
>     ACM Distinguished Engineer
>     ---------------------------------------------------------
>     This communication may not represent the ACM or my employer's views,
>     if any, on the matters discussed.
>
>
>     -----Original Message-----
>     From: NCSG-NCUC [mailto:NCSG-NCUC-DISCUSS at LISTSERV.SYR.EDU
>     <mailto:NCSG-NCUC-DISCUSS at LISTSERV.SYR.EDU>] On Behalf Of
>     Nicolas Adam
>     Sent: Thursday, July 21, 2011 22:09
>     To: NCSG-NCUC-DISCUSS at LISTSERV.SYR.EDU
>     <mailto:NCSG-NCUC-DISCUSS at LISTSERV.SYR.EDU>
>     Subject: Re: [ncsg-policy] Proposed NCUC Comments on the WHOIS
>     Review Team
>     Discussion Paper
>
>     I guess in principle (or in theory, if you'd prefer) i would be
>     tempted to
>     say that privacy trumps the pragmatics of efficient network
>     maintenance, but
>     i'm not so sure that I get the whole technical challenge of
>     actually keeping
>     the stuff working ... so....
>
>     If i may venture a question, at the risk of exposing my ignorance:
>     what if
>     something needs be dealt with and you can't reach a responsible
>     person. In
>     the end, depending on the gravity of the situation of course,
>     won't the
>     unreachable party be the one ultimately penalized by the
>     stabilizing actions
>     of network operators? And if so, and granted that anonymity does
>     indeed put
>     pressure on network operators, isn't the balance achieved one
>     where network
>     operators have a hard(er) job but where anonymous registrants
>     mostly support
>     the risk of potentially drastic actions by network operators
>     striving to
>     keep things going?
>
>     Because frankly whois rules cannot be made to easily protect every
>     person
>     protected by a restraining order, that would be overreaching, in
>     my opinion.
>     Privacy, in a twisted but important sense, give us a "right"
>     to misbehave in my opinion. It's what gives value to good
>     behavior. Any
>     system that makes it practically impossible to misbehave (think
>     cars with
>     built-in police radars) sap the value of good behavior right out
>     of life. I
>     believe this argument was made often ― whether from a moral, legal,
>     political or economical point of view ― under the rubric of "liberty".
>
>     Tentatively,
>
>     Nicolas
>
>     On 7/21/2011 8:17 AM, Timothe Litt wrote:
>     > Although I support most of the proposed comments, I disagree with
>     > recommendation 14.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20110722/deb8cd99/attachment-0001.html>


More information about the Ncuc-discuss mailing list