[NCSG-NCUC-DISCUSS] [ncsg-policy] Proposed NCUC Comments on the WHOIS Review Team Discussion Paper

[Nuno Garcia]

Hi Konstantinos, hi all:

This is my point of view.

Commonly, when someone registers a name, for whatever purpose, it needs to
provide information that is a) truthful, b) verifiable, c) verified and
managed by the entity that provides/certifies the registration.

I am sure we can all agree to this, and that this the same everywhere in the
world, whatever this register means a brand, the name of a person or the
name of a company, and so on (well, maybe not so for names of pets...).

I am not so convinced about to whom the information (all the information,
some information) needs to be made available for.

And again, this is a matter of principle.

Disclosing all the information places the registrant in a vulnerable
position, disclosing only some information contributes for a secrecy status
that I fear is not consistent with the open standards (at many levels) that
we are trying to build.

So I would say that maybe the wisdom of the solution is somewhere in the
middle, either disclosing some information or disclosing information to only
some registered users...

I really do not have a clear idea on this, but I understand that most WhoIs
info has been public since always. When someone feeds its data do the
database, it knows that that info will be made public.

As to the rule of "be let alone" it is something that as just started to
rise now, and has much more traditions in the US than in Europe, as far as I
know.

I have heard that in US, not so many years ago, one had the choice of not
registering newborns (is it still so?). In Portugal, newborns are
automatically registered into the state system automatically, in the
hospital itself. In the rest of Europe the proceeding is not that much
different. So the right to be left alone does not count that much.

(now for a little offtopic, regarding the right to receive an education)
In Portugal, school is mandatory for 12 years (if you count pre-school, it
can reach 13 or 14 years), i.e., all children have to attend 12 years of
school (elementary, secondary). If a child does not attend school, social
workers will seek the family and evaluate why the child is attending school;
in most extreme cases, a court of justice is called to decide what to do.

(second off-topic regarding crooks, revolutionaries and good gus
altoghether)
History is a very promiscuous subject, it shows what the powerful of the
world want to be shown, and money, as everyone knows, has no owner. With
this I say that the revolutionaries of today are the crooks of tomorrow and
vice-versa. Moreover, revolutionaries in Afghanistan are crooks in Europe,
and good guys in Europe are crooks in Africa, and... you get the picture.

So, I really advise us to stop using these terms as they are completely
voided from an instrinsecal meaning, i.e., who am I to presume that a guy
sending spam is a crook? And can I really presume that a bank sending
advertisement emails is truly honest and acting in good faith?

Warm regards,

Nuno Garcia:.


On 24 July 2011 10:23, Konstantinos Komaitis <k.komaitis at strath.ac.uk>wrote:

>
>
> From: Nuno Garcia <ngarcia at NGARCIA.NET<mailto:ngarcia at NGARCIA.NET>>
> Reply-To: Nuno Garcia <ngarcia at NGARCIA.NET<mailto:ngarcia at NGARCIA.NET>>
> Date: Sat, 23 Jul 2011 17:58:36 +0100
> To: "NCSG-DISCUSS at LISTSERV.SYR.EDU<mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU>"
> <NCSG-DISCUSS at LISTSERV.SYR.EDU<mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU>>
> Subject: Re: [NCSG-NCUC-DISCUSS] [ncsg-policy] Proposed NCUC Comments on
> the WHOIS Review Team Discussion Paper
>
>
>
> All in all, requiring registrant information is a good principle, not
> because of good guys and bad guys, but promoting sound information in a
> database is a good principle. (we should avoid using terms such as good,
> bad, and so on). This is not a technical issue, it is an issue of
> principles.
>
> KK: I fail to understand what makes providing information such a good
> principle that we should not filter the kind of information that is
> provided. I agree that this is an issue of principles, but being an issue of
> principles we should make sure we don't expose registrants to such a degree.
> It is an issue of legal principles here. Being in Europe, I still get
> impressed with how the WHOIS is legal and I am sure colleagues in Canada
> will feel the same way. So, there is the rule of law that we need to
> remember – and this rule of law acknowledges the right to 'be let alone'.
>
> KK
>
>
>
> On 23 July 2011 16:25, Milton L Mueller <mueller at syr.edu<mailto:
> mueller at syr.edu>> wrote:
>
> If you register a domain name, you are becoming part of the network
> infrastructure - and that requires that you be contactable.
> [Milton L Mueller]
>
> This is a point that I have heard repeated endlessly by some people in the
> technical community. I don’t accept the logic here (indeed, I am not sure
> there is any logic). A domain name registration is not part of the “network
> infrastructure” by most scientific/economic definitions of “infrastructure.”
> DNS is an application. The infrastructure is the physical servers and lines
> that resolve domain names. Indeed, as you have pointed out in earlier
> messages, the DNS is not even required to maintain connectivity.
>
> But so what if it is part of the “infrastructure”? Everything connected to
> the Internet (by this logic) could be considered a “part of the network
> infrastructure.” Including this PC or my mobile phone.
>
> The idea that being connected to the internet, or having facilities
> connected to the internet, requires you to be “contactable” is not as simple
> as you make it out to be. Contactable by whom? Contactable when? Under what
> conditions?
>
> When you say that contactability is “required” you are again using words
> and concepts in a very imprecise way. Required by whom? By what? What kind
> of a “requirement” is this? A legal one? No. A contractual one? Maybe - but
> that is precisely what we are debating, whether ICANN contracts should
> require it or be amended, so in effect you are just begging the question.
>
> A lot depends on what we mean by “contactable.”
>
> In some sense, no one believes that domain registrants should not be
> contactable. Let me repeat that, because it’s vitally important that anyone
> participating in this debate understand this. NO ONE WANTS TO INSULATE
> DOMAIN REGISTRANTS FROM ALL CONTACT. The issue is what method that contact
> takes and what conditions are attached to it, and who controls the type of
> contact.
>
> You are advocating that unconditional, unrestricted contact, at all times,
> globally, for any and every purpose, including bad ones. Be brave and admit
> that.
>
> Others are arguing for applying some conditions and restrictions to access;
> perhaps the same that apply to, e.g., drivers license information, telephone
> numbers, school records, and so on. Burden of proof is on you, I think, to
> explain why having a domain name creates such an enormous, unmoderated
> obligation, such that your name, address, email should be open to global,
> unrestricted access, while having a telecom access line or a telephone
> number does not impose the same requirement.
>
> Perhaps it's that your domain name isn't resolvable from some part of the
> world - or has invalid signatures that cause web browsing to fail, is
> supplying poisoned cache records, or is supporting a DDOS attack.  Or your
> mail server is generating spam.  Whether you personally operate those
> servers, or contract someone else to do so for your domain - once you
> register a domain name, you are responsible for having them operate
> responsibly.  And "responsibly" isn't subjective - it's the subject of the
> RFCs and standards that make the nework function.  This is not religion,
> politics, morality or personal hygiene.  If you register a domain name and
> do not live up to your responsbilities, the privilege of having a domain
> name, like that of driving, can be revoked.  That doesn't prevent you from
> using the internet without one - or using postal mail or the telephone.
> [Milton L Mueller]
>
> I am afraid you are vastly overstating the value of having a Whois record
> that points to my name and email address. Having that record there does not
> guarantee that I will respond, does not guarantee that the info is accurate,
> and does not guarantee that you or anyone else will be able to fix any and
> every problem that happens. Furthermore, most of the contacting that takes
> place these days has nothing to do with the technical functioning of the
> domain – it has to do with what came to be known in earlier debates as
> “other purposes” – i.e., the desire of law enforcement and trademark lawyers
> to regulate conduct on the net. An exchange of whois data limited
> exclusively to registrars/registries and, after meeting a certain threshold,
> law enforcement, can meet most of those legitimate needs.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20110725/7d64c5a9/attachment-0001.html>