Congressional Comittee Mulls WHOIS Data Integrity

← Back to Stories (view on slashdot.org)

Congressional Comittee Mulls WHOIS Data Integrity

Posted by timothy on Wednesday May 22, 2002 @01:45AM from the whatever-it-is-let's-pass-a-law dept.

Alien54 writes: "The US Congress Subcommittee on Courts, the Internet, and Intellectual Property is holding a hearing today on "The Accuracy and Integrity of the WHOIS DATABASE." This is specifically on HR 4640, "To provide criminal penalties for providing false information in registering a domain name on the Internet." - - You can hear live audio of the hearing here on the weekly schedule page (NB windows media). Strangely, this had passed throught hands of the House Subcommittee on Crime, Terrorism, and Homeland Security which is involved in a number of things on interest to Slashdot readers." (Visit Thomas and type in "HR 4640" in the query box to read more on this bill.)

12 of 20 comments (clear)

Min score:

Reason:

Sort:

I refuse. by inkfox · 2002-05-22 01:52 · Score: 2

I refuse to provide fully accurate information until there are criminal penalties for spamming and junk-mailing registered individuals.

--
Says the RIAA: When you EQ, you're stealing bass!
1. Re:I refuse. by fmaxwell · 2002-05-22 02:03 · Score: 2
  
  I refuse to provide fully accurate information until there are criminal penalties for spamming and junk-mailing registered individuals.
  
  If the law passes, you could refuse to comply as an act of civil disobedience. You could be tried, found guilty, and jailed. But you would be a hero to privacy advocates.
  
  On the other hand, I'd love to be able to phone the jerk who owns www.herbal-viagra.com at 3:00AM to ask why he spammed me. It would be super to be able call the DNS provider for a spammer and have them take down the spammer's web site because he forged the contact information.
2. Re:I refuse. by isorox · 2002-05-22 02:19 · Score: 2
  
  So personal domain registrations have your own personal phone number on, ready for malicsious calls etc.
  
  Any bets we'll have Bill's number for microsoft.com? Or even a 24 hour number?
3. Re:I refuse. by fmaxwell · 2002-05-22 02:57 · Score: 4, Informative
  
  Had you, or the editors of Slashdot, actually taken the time to read the bill you would have discovered that it only prohibits falsification of the information with the intent to defraud. The following is the entire text of the bill:
  
  A BILL
  
  To provide criminal penalties for providing false information in registering a domain name on the Internet.
  
  Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
  
  SECTION 1. CRIMINAL PENALTIES FOR FALSE INFORMATION IN REGISTRATION OF DOMAIN NAMES.
  
  (a) IN GENERAL- Chapter 47 of title 18, United States Code, is amended by adding at the end the following new section:
  
  `Sec. 1037. Fraudulent information in registering domain name
  
  `(a) OFFENSE- Whoever knowingly and with intent to defraud provides material and misleading false contact information to a domain name registrar, domain name registry, or other domain name registration authority in registering a domain name shall be fined under this title or imprisoned not more than 5 years, or both.
  
  `(b) DEFINITIONS- In this section--
  
  `(1) the term `domain name' means any alphanumeric designation which is registered with or assigned by a domain name registrar, domain name registry, or other domain name registration authority as part of an electronic address on the Internet; and
  
  `(2) the term `Internet' has the meaning given that term in section 230(f)(1) of the Communications Act of 1034 (47 U.S.C. 230(f)(1)).'.
  
  (b) CONFORMING AMENDMENT- The table of sections for chapter 47 of title 18, United States Code, is amended by adding at the end the following new item:
  
  `1037. Fraudulent information in registering domain name.'.
  
  Next time you hear about a bill in Congress, read the bill before you get your panties in a twist.
4. Re:I refuse. by ShaunC · 2002-05-23 09:39 · Score: 2
  
  Had you, or the editors of Slashdot, actually taken the time to read the bill you would have discovered that it only prohibits falsification of the information with the intent to defraud
  I don't see how that narrows things down any. Intent to defraud who, and how so? That's not explained. Intent to get a domain for free by using someone else's credit card? It doesn't say that. Intent to hide who's behind 0daywarez.com by putting 31337 Cherry Lane in the WHOIS database? It doesn't say that. Intent to avoid getting junkmail postcards from competing registrars and webhosting companies? It doesn't make an exception for that.
  
  The current language allows the courts to interpret "intent to defraud" any way they like. If this bill passes, I guarantee you that the first prosecutor to land a case in court will be claiming that entering false information is intent to defraud. And if I were the courts, I'd buy it. After all, when you type the fake information in, you know it's fake and you're doing it intentionally, presumably to prevent others from knowing who really owns the domain.
  
  IANAL, nor am I the courts. Nor do I like this bill. I own a lot of domains and I don't want my full name and address available to the general public anywhere, much less in the WHOIS database.
  
  Shaun
  
  --
  Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
5. Re:I refuse. by fmaxwell · 2002-05-23 12:03 · Score: 2
  
  The current language allows the courts to interpret "intent to defraud" any way they like.
  
  The word "defraud" is already defined in countless legal cases and dictionaries:
  
  To take something from by fraud
  
  So, unless you are using your domains to trick people into providing you with money, goods, valuables, or services, you're safe.
  
  It is clear to courts, judges, juries, and legislators what is meant by the term "defraud." It cannot be redefined every time a new bill is introduced. Besides, you'd probably just want a definition of each word used in the definition of the word "defraud." What do you mean by "take"? What specific things are meant by "something"? What is your definition of "fraud"? It would be endless.
6. Re:I refuse. by fmaxwell · 2002-05-23 12:44 · Score: 2
  
  I realized that I did not address one of your points, so I'm double-replying:
  
  After all, when you type the fake information in, you know it's fake and you're doing it intentionally, presumably to prevent others from knowing who really owns the domain.
  
  Fraud requires that you take something from the victim, not just trick them.
  
  * Getting $500 from an old woman to replace the "muffler bearings" in her car would be defrauding her.
  
  * Claiming that you own a Ferrari when you actually own a 1974 Gremlin is not fraud.
  
  * Registering the domain "miracle-cancer-cure.com" with false contact info and then tricking cancer victims into paying you $50/pill for what are really Vitamin E tablets would be fraud and would put you in violation of the proposed law.
  
  * Simply registering "spam-free-zone.org" with a false contact information would not put you afoul of the proposed law.
  
  Hope that clears up the meaning of the term "defraud."
Who controls WHOIS? by n-baxley · 2002-05-22 03:21 · Score: 2

Does Verisign control the WHOIS database? Since they are a US company, is that what gives the US the right to patrol that database? If not Verisign, who? Will the US rules be applied to other countries? This is legislation that will not be enforcable!

--

THIS SPACE FOR RENT
How about the WWW or Linux by isaac · 2002-05-22 03:32 · Score: 2

The internet's extension outside the U.S. predicated the birth of the world-wide-web, which was created by Tim Berners-Lee, a high-energy physicist at CERN in Switzerland. It also allowed the early development of Linux back when Linus Torvalds lived in Finland.

Maybe YOU don't care for the WWW or for Linux, but both have brought "most U.S. users" more "gain" than "pain."

I won't mod you down - I feel the need to call you a twit explicitly, rather than by implication.

-Isaac

--
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
1. Re:How about the WWW or Linux by isaac · 2002-05-23 02:38 · Score: 2
  
  I am sure that extending the Internet to the whole world sped the development of the web. But to pretend that we would still be limited to Gopher and FTP had the Internet not been internationalized is simply a denial of reality. Had Tim Berners-Lee not "invented the web", someone else would have.
  
  You're right! I'm sure AOL would have come up with something nice for us. Or maybe Compuserve. Of course, you can pretty much forget about creating your own content under those systems, but who wants that ability?
  As to Linux, I used BBSs before the web was available. Collaborative software development worked that way, too.
  
  Sorry, not on the same scale - not even the same order of magnitude. Fidonet didn't work *that* well.
  -Isaac
  
  --
  I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Re:Here we go again... by zangdesign · 2002-05-22 06:01 · Score: 2

Look, dumbass, it's pretty obvious that the law would apply to people inside the US borders and not those outside the US borders. There's just as big a problem with false registration inside our country as out of it.

So now the ball's in your court to get people in YOUR country to not provide false information, oh, but wait, no one from your country EVER does anything unethical do they?

--
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
Already the case in the UK... by Bazzargh · 2002-05-22 06:09 · Score: 2

for the .ltd.uk and .plc.uk domain names. See here for details.
Names within .ltd and .plc have to match names of companies registered at Companies House in the UK. Apart from the laws against misrepresentation quoted on the page linked to above, companies are bound by law to register the home addresses of directors, and you can get this information from Companies House (not as easy as WHOIS, but its there).
I'd like large chunks of the net to stay anonymous and all that, but equally I'd like it if more of the net was like this - you can actually determine who you're dealing with 'in meatspace' because the registrar has the law on his side.
Technically, SSL certificates are supposed to help with this whole trust issue (which is what it boils down to - businesses have to earn trust to make sales) - but the CAs themselves are not trustworthy. How much for a certificate issued by the Consumer Association or Greenpeace?