Slashdot Mirror
Congressional Hearings on WHOIS
-
'It seems eminently clear to me that websites conducting e-commerce have little "right to privacy". . .[however] isn't political speech worth protecting by redacting the personally identifiable contact information for the website owner?' -- Rep. Howard Berman (D-CA)
-
'Given that the compilers of marketing lists have for years used Whois registration information as a source of personal information (in some cases scavenged free, in others bought from registrars), concerns over the data privacy are well justified. Most people avoid putting their home address on their web sites, and they should be able to register a domain name without effectively giving up this precaution. The public policy objective of privacy law is to preserve the individual's right to privacy, while still permitting societal participation.' -- Dr. Jason Catlett, President and CEO, Junkbusters Corp
-
'As it stands today an accredited domain name registrar is not required to allow domain name registrants to opt-out of having their personal information provided to third parties for marketing purposes. This type of an opt-out should be provided to all registrants.' -- Lori Fena, Chairman of the Board, TrustE
-
'In 2000, the IDSA used authority provided in the Digital Millennium Copyright Act (DMCA) to achieve approximately 3000 "takedowns" of infringing material on the Internet. Over the last year we also filed 10 civil lawsuits against Internet pirates as enforcement actions on behalf of our members, assisted in additional actions brought by member companies, and made a number of criminal referrals to law enforcement. This is in addition to thousands more takedowns and numerous lawsuits initiated individually by our member companies. These accomplishments are reflective of similar successes reported by the other copyright-based industries. DMCA self-help allows us to reduce to a fraction the losses we would suffer if limited only to court-imposed process and remedies. These efforts are made much less effective without the unrestricted access we currently have to WHOIS data, including contact information regarding domain name registrants.' -- Stevan D. Mitchell Vice President, Intellectual Property Policy Interactive Digital Software Association
-
'In fact, if anything, the I[nternational]A[nti]C[ounterfeiting] C[oalition] believes that registrants should be required to improve their performance in insuring that domain name registrants provide correct and updated information. Because a person (legal or individual) voluntarily chooses to be present on the Internet, the identity and contact information of domain name registrants are entitled to no more privacy protection than are a business or home addresses in the physical world.' -- Timothy P. Trainer, President, International AntiCounterfeiting Coalition (IACC)
-
'The breadth of these issues indicates that Congress should not act too quickly. We are dealing simultaneously with intellectual property rights, privacy rights, and free speech rights and cannot simply play a legislative game of [rock, scissors, paper] to figure which one should win in the end.' -- Rep. John Conyers, Jr. (D-MI)
Additional information:
http://www.house.gov/judiciary_democrats/internetp rivacyhrgstmt71201.pdf"
Did the editors decide to replace the term "Rohambo" with the more commonly recognized term?
Lets see, yes. First I kick the house majority leader in the nuts as hard as I can....
---
/bin/fortune | slashdotsig.sh
Given that the primary purpose of WHOIS is to publish site operational points-of-contact, to aid in tracking down problems, I find interesting that none of the witnesses were representatives of Internet service providers. Apparently the committee doesn't care about whether WHOIS can serve its intended purpose (before or after any legislation which Congress might enact) - they only care about whether WHOIS can be used for unintended purposes.
I use the WHOIS database to find out who's responsible when I get spammed or when I detect a hacking attempt. Fact is, having a bunch of anonymous thirteen year old kids running around DoSing people, or having assholes kill your mail server with a million "FREE HOT XXX" messages is bad enough. If they're able to do it with impunity, nevery having to worry about their ISP getting a phone call, it'll be out of control.
We continue to discover that the trust based internet simply does not work. There are too many shitholes willing to take advantage of it. The only way we can have any sort of order is to have responsibility. Having the ability to, with one command, get a email addres, phone number, and snail mail address of someone responsible for every IP and domain on the internet is invaluable.
Jordan Bettis
``Wherever you go, there's another stupid sigfile quote.''I don't understand why the gTLD's have this ridiculous requirement to have your personal data in the whois entry. It's simply not necessary at all.
The .uk ccTLD, for example, works like this:
Every domain registered has only 4 things associated with it in the WHOIS entry (there can be more but these 4 are the only required fields):
And that's it. Now, what's the IPSTAG? Well, it's a tag for the entity (ISP/Domain Registrar usually) that controls the domain. Only fully checked and paid-up members of the NIC, Nominet, have an IPSTAG. When you register a domain, the company that you register through registers the domain with their IPSTAG. If you wish to transfer a domain to another host/ISP, you ask the existing IPSTAG holder to either transfer the IPSTAG for that domain to another IPSTAG holder, or simply change the nameservers. It is the task of the current IPSTAG holder to verify that you are who you say you are.
If there is a legal problem and someone wants to take your site/domain down, well - they contact the IPSTAG holder or the operators of the nameservers (usually these are the same people but they don't have to be). The IPSTAG holder or nameserver operators then get in touch with you, or take their own initiative in sorting the problem out - i.e. disable DNS for that domain if all other avenues fail. (under the UK Data Protection Act they cannot give your personal details out to a third party, there are severe penalties for them if they do). Of course, as with any site, an interested party could simply do a whois query on the hosted site's IP address, which will give them the owner of the netblock, who will surely be able to track down the host's owner.
The system is fully automated too - via the Automaton. The Automaton accepts email commands to change entries in the WHOIS database, but only from IPSTAG holders who have signed their email with their PGP key (every IPSTAG holder has one).
If you have a dispute about the way your IPSTAG holder has treated you, you may take your complaint to Nominet, where it will get dealt with by the Nominet committee, made up of representatives of the longest-serving IPSTAG holders (most of these are people like you and me - sysadmins and hostmasters). There are strict rules about what an IPSTAG holder may or may not do to customers and what they may or may not charge for certain services (for instance, IPSTAG holder transfer must be free), and breaking those rules is dealt with severely - usually by loss of the IPSTAG and sometimes disbarment from holding an IPSTAG in the future. Not pleasant.
Note that more information about you is stored by Nominet, but only for sending you crappy certificates. It never appears on the WHOIS entry, and under UK law cannot be given out to third parties without your permission. Billing is handled by the IPSTAG holder.
Advantages to this system:
Disadvantages: