Slashdot Mirror
Congress Eyes Whois Crackdown
Decius6i5 writes "The Washington Post is reporting on a Congressional hearing in which it was proposed that putting false or misleading information in your DNS whois record should be a federal crime. Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.' The article claims 'Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names.' Its funny, I don't recall the RIAA having any trouble tracking down P2P users whose IP addresses didn't have any DNS names associated with them at all. This isn't the first time the issue has been raised in Congress but apparently Congress hasn't gotten any more clued after several hearings."
Yes, there are criminals with false WHOIS records.
And, at the same time, the WHOIS database is a feeding trough for spammers and scammers, encouraging otherwise honest people to put false information into their WHOIS records just to keep those spammers and scammers from getting their names, email addresses, snail mail addresses, phone numbers, fax numbers, mothers' maiden names, and whatever else their registrars ask for.
I could create a brand new, non-obvious email address on one of my domain accounts and put it in as the Admin Contact for a record I own, and use that email address absolutely nowhere else, and I bet that within three months that email address would be getting buckets full of spam.
There's an old saying you still see on bumper stickers, "When guns are outlawed, only outlaws will have guns." While that idea might be more accurately stated as "When guns are outlawed, only outlaws will accidentally shoot their own kids," the original sentiment holds for WHOIS, that is to say, "When falsified WHOIS data is outlawed, only outlaws will falsify their WHOIS data."
If the RIAA and MPAA can't find the fake WHOIS record owners, how is the government going to track down the WHOIS record owners and punish them? Why waste time passing a law that, in the end, only punishes honest people who would rather not give their unlisted home phone numbers out when buying a domain name for their kids?
You are in error. No-one is screaming. Thank you for your cooperation.
Does Verisign control the WHOIS database? Since they are a US company, is that what gives the US the right to patrol that database? If not Verisign, who? Will the US rules be applied to other countries? This is legislation that will not be enforcable!
Write your senators or representatives, via snail mail or fax and inform them of this issue, especially if they are members of the revelant committees.
Wow I had no idea this was even being considered for illigality. I do it just to throw off any spam or junkmail that may come of it.
Wow. Either the spammers get my info from the Whois database or the RIAA can't track down some pirates.
Which do I choose?
Arrr....
So is my senator going to come over to my house and sort my spam email and junk snail mail that I get from my whois records?
...focusing on the real issues, and not spending so much time on that whole "terrorist" thing.
The WHOIS database provides contact information that is necessary for the proper operation of the world wide web. It is not only registrars that need access to this information, if you have a complaint about a domain, and the registrar for said domain is the same company, who do you go to for contact information.
False or missing information in whois records is already a problem that helps (for instance) spammers hide their contact information from people with legitimate reasons to contact them. If you get no response from the contact listed in the domain's SOA record, abuse, admin, webmaster, postmaster, etc, and there is no contact information posted on the site (or false contact information), what do you do? You check out the WHOIS record for the domain. If the info that's supposed to be there is present and accurate, you have a way to contact somebody, if it isn't, you have ammo for asking the registrar to suspend the domain registration, and if *they* won't, you have ammo to ask ICANN to suspend the registrar's activities.
Unfortunately, people don't realize the reason that WHOIS records exist, which is to provide contact information. That's the WHOLE reason. Removing that information makes the WHOIS database useless.
CMDRTACO CHECK YOUR EMAIL!
...all that's going to happen is that people are going to put in correct information, and then make it unlisted. When the people in Congress are given the analogy with the phone system (ie, unlisted numbers) it will become a matter of subpeonas, and then for the courts in the cases of infringement, as it should be.
libertarianswag.com
- false WHOIS information
- false email headers
- spoofed IP addresses
- misleading web pop-ups
- spyware authors
- technomorons who install spyware
- coverage of mydoom by the BBC
- jj's boobs
Ceci n'est pas une signature
About 4 years ago. I registered "whitearyanresistance.com", org and net. I put a nice little cgi in place that sent people to random sites sites like blacksonblondes.com, algore2000.com, NAMBLA and so forth.
Next step was to modify the cgi to regurgitate the IP address where the user got a message that said..
Your IP Address: xx.xx.xx.xx has been recorded for forwarding to the proper authorities. Have a nice day
Then I got tired of picking on Tom Metzger and his retarded ilk and just donated the domains to another group (not the W.A.R.).
You bet your ass I used fake info in my WHOIS then.
I do wonder though if there are legitimate cases of where people run sites where it's best to not know the identity. Much in the same way that an abused woman could never call home from a shelter because her husband who beats her would know where she is thanks to caller ID.
Maybe the Chinese Communists would send goons to whack all the Falun Gong website owners or something (I'm sure you have better examples).
"The Government must play a greater role in punishing those who conceal their identities online, particularly when they do so in furtherance of a serious federal criminal offense or in violation of a federally protected intellectual property right," Smith said...
So - that sentence can end at the first comma, and be no less accurate in representing his opinion.
Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries...
'Of the corporations, by the corporations and for the corporations'
The bill would not affect people who are trying to safeguard their privacy because it
only makes it a crime to submit false registration data when it is done to help commit a
crime...
Now if we could only keep that pesky concept of what constitutes a "crime" from continually
expanding...
<grrr>
The bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime, said Mark Bohannon, senior vice president for public policy at the Software & Information Industry Association, which supports the bill.
Oh, fer Pete's sake, Taco. Would it really hurt all that much to give a full, accurate blurb on this one?
This isn't about forcing people to use their real name when registering a domain. This is about increasing the severity of the punishment for committing online fraud. Basically, if you commit fraud using a website with faked credentials, you'll face a stiffer penalty than you would had you committed fraud on a website where you used legitimate credentials to register.
I'm not saying I've fully researched this, but it sure as hell isn't the rights-trampling orgy the blurb makes it out to be, Taco. Do your homework before posting half-informed diatribes to the front page.
Obliteracy: Words with explosions
You know, we're moving towards a world in which computer users and computers themselves are licensed, much as drivers and their cars are licensed.
Is that a good or bad thing? It has its drawbacks, but on the whole I would say good. Fewer viruses, less spam, a modicum of sense from lusers. Less anonymity, yes, but there are always tradeoffs.
Toronto-area transit rider? Rate your ride.
...like it's a big deal. This is the type of law that would only get enforced when you really piss someone off. If you're running an illegal site, you can expect that they'll heap this charge on with the 1000 others they levy against you. Without a motive like illegal activity, it's difficult to prove that you were being intentionally misleading. (Unless you're dumb enough to fill it out with "Snoopy, 10 Charlie Brown Drive, Gotham City" that is...)
Javascript + Nintendo DSi = DSiCade
Same thing they've always done..roll over and do whatever the RIAA says.
I don't want my physical address available to the world. Domain minders should collect it for billing and security reasons, but NOT for publicly-available databases.
Table-ized A.I.
i run a small, non profit politically based website with a chatboard. many people have come on the chatboard and threatened me with physical harm and worse because of my views.
and now they want me to put my real home phone number and real home address in the DNS records?
WHAT A BUNCH OF SHIT
What if I want to setup a domain name criticizing my private school? They censor the newspapers so the internet is the only medium in which that would be possible to do anonymously. Just as I could give out fliers while wearing a mask without breaking the law, I should be able to do the same thing on the internet. Additionally, there are alternatives that you can pay for as well (but costs more than putting in fake information). They shouldn't be legislating against the ways in which people conceal themselves; they should be legislating against the things that they DO while concealed! Being anonymous isn't a crime. Punish the crime, not the anonymity. Wow politicians are so stupid. No wonder the good ones turn into teachers instead.
What about the various services that will put THEIR name on your WHOIS records for a small fee? GoDaddy offers such a service... I believe it's called DomainsByProxy, or something like that... Are these services going to become illegal? Whenever I register a "potentially controversial" site (read: one where the far-fringe-right-wing lunatics might potentially come and try to bomb my house or something), I use a service like that.
Honey, I shrunk the Cygwin
but you forgot to post as AC...
When 'whois'ing your domain it gives the company's email, which gets forwarded to you (after a spam filter if you like). Same with any 'real mail' (except for junk mail if you wish).
Well worth the nominal cost (3 bucks, IIRC) at registration time.
The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars.
Selling child pornography on the internet (or off it) is a federal crime, but the FBI won't even take a report on ads for it.
Selling prescription drugs with verifying a valid presecription on the internet (or off it) is a federal crime, but the FBI won't even take a report.
Using a stolen credit card number on the internet (or off it) is a federal crime, but the FBI won't even take a report, even if you have a name and address for the perp.
Who cares if Congress enacts more federal laws that the FBI won't even take a report on?
Someone better tell them the Internet isn't restricted to the United States. see you in china
<B>note to self:</B> <I>post as html</I>
The obvious answer to "tracking down" false whois registrants is to kill their domain.
:-)
I don't agree with this idea, nor do I agree with criminalizing false "whois" I, for one, left old phone numbers and addresses on mine because I am reluctant to have that information so freely available to anybody I might flame via email.
This is excruciatingly unfair to the private citizen, while no big deal to any business with a business adress. It's akin to forcing people to have listed phone numbers.
I'm so sick of our government coming through like a steamroller driven by a pack of drunken angry midgets.
Lord knows, I might wind up in a Federal Buttslammer for having my fax number listed as 999.999.9999 in my whois db entry... of coourse that would be taking it to the extreme, but after the DMCA and the US govt's persistant display of ignorance and money grabbing from lobbyists, I have come only to expect the worst.
And the irony here is that a country that calls itself the land of the free seems to want to put anyone and everyone into it's butt-parlours for just about anything it can think up.
My rant aside, isn't there a better contribution our government could make for the sake of the internet?
Like education, so the next generation of lawmakers might actually have a shred of a clue?
Or an international council like the UN in which an open forum could be made that is a bit beyond the corporate lobbyists, if not banned from talking to corporate representitives entirely?
That kind of stuff is just as bad. Why does the government keep trying to make things that are already illegal...uh...even more illegal. If it's already illegal, making more laws that also make it illegal just waste time, and thus tax payer dollars. Try making progress, Congress.
'The Government must play a greater role in punishing those who conceal their identities online.'
...
.. You're just guilty because they don't like the way it works now ...
If there's no law against using an alias on sites because you don't want your information public
*DrugCheese rants*
Legally, anyone can make up a name and use it, it simply becomes a legal alias, when you make up a name and use it for the purpose of fraud is when it becomes a crime. Hence, the law is redundant because making up info for the purpose of fraud is already illegal, and creating legal aliases it perfectly legal and supported in case law. Also, No Fixed Address is a perfectly valid legal address. Try writing the law in a way that doesn't require everyone to disclose their primary telephone number and prevents the registration of the 7 digit telephone number for 411. Next point is, people will simply register the domain in a country with out such arcane laws.
http://www.pbs.org/cringely/pulpit/pulpit20031218. html - this is his take on SPAM. I think, the same logics also applies to this issue.
Tigers respect lions, elephants and hippos. Maggots respect no one. (C) S. Dovlatov
Various media industry contributors were observed quietly withdrawing from the scene with satisfied looks on their faces.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
WHOIS authenticity is a moot point; if law enforcement really wants to know who's behind a site, they can just subpoena the hosting provider (which can obviously be found from reverse-DNSing the site IP or just looking at the DNS records).
This is just another shill to give pseudo-law-enforcement's (read: **AA) teeth more bite. If some site is really peddling material they claim is copyrighted, they should just DMCA the hosting provider and then go through the courts to subpoena the provider and get the identity of the site operator. After all, isn't that the purpose of the DMCA?
ICANN already requires that "At least annually, a registrar must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of their domain name registration. Registrants must review their Whois data, and make any corrections."
Isn't this just a case of US lawmakers legislating something that is already (supposedly) required?
- nk
Overall, having accurate information in the WHOIS database I think is essential for the ever-growing registration of web spaces on the Internet. However, just having "valid" data in the current database really won't cut it, as previous posts have stated with spammers conveniently using this as a virtual picking ground for targets.
What there needs to be, IMHO, is a re-vamp of how WHOIS works in storing data, and how the domain registrars handle that data. Things like admin email accounts and contact information (phone numbers, addresses, etc.) should be required to register, but should be in a database maintained by the registrar, and is not available to the rest of the population. If someone has a problem with you (spamming from your domain, etc.), it should be the registrar's issue, since they sold you the domain name. They should be the point of contact, and in turn send you mail with the question or complaint. This will protect people's privacy from the would-be spammer, and then give the government accurate information on who owns what. I don't agree with the whole BB thing either, but having accountability for what one has on his/her website needs to be enforced to a point, and having this data up to date will help enforce that.
I agree with the concept of jerking the registration if the information is false, misleading, or utterly out of date (cannot be found). Add a waiting period before anyone else can register it (so someone can step forward and claim their error), and allow for private registration that can be accessed with a warent, and I think it would be a pretty good idea.
Any other ideas?
People on the Internet sometimes pretend to be someone they're not.
Anyone who is trying to conceal their identity for illegal activities will continue to do so.
Now we may just get more spam.
Anyone else seeing a pattern?
This sig no verb.
It seems like the government, more and more now, is treating anyone who wishes to remain anonymous, or who does things anonymously, as a criminal. Granted there is nothing in our bill of rights or constitution that protects our right to anonymity, but there should be.
There are plenty of legitimate reasons why one would wish to remain anonymous. Not to mention the fact that the US government should have no control over the internet which in essence represents the international community. Just because anonymity can be inconvenient for law enforcement doesn't mean it must be made illegal.
Ski masks, pantyhose, and latex gloves are still available for sale in the US. All these are ideal tools for concealing your identity in real life. Wearing them in real life is not illegal either. It is, however, illegal to commit a crime while employing these tools, although no more so than if one does not employ them.
-3Suns
~~~~
The Revolution will be Slashdotted
"Do your homework before posting half-informed diatribes to the front page." ...but this is Slashdot! The whole POINT is to post half-informed diatribes and cause people to assume it's a rights-trampling orgy!
/. headline for that would read: "Windows Still Used To Violate Civil Rights" or something equally idiotic.
I've said before that if someone discovered Linux was in use in a prison system somewhere, the
Honorary Member of Jackie Chan's Kung Fu Process Servers
It's reasonable to expect accurate information in the registration records, and it's harmless to require it. As we all know, this country has many enemies, and every tool we can give law enforcement to prosecute terrorists is something that should be considered. Terrorists run websites too, and while it's not necessary to have good contact information to find the owner of a website, it can provide a good excuse for law enforcement to dig around in a suspected terrorist's business. The liberals in this country have completely gutted the ability of the law to do it's job ("I got my rights, officer. You can't touch me.") that we need to start to unbind the long arm of the law.
--Guns don't kill people, abortion clinics kill people.
Some Canadian registrars, such as Internic.ca offer a service called Privacy.ca that hides your registration information, so random people can't look up your info.
If it becomes a federal crime to lie in domain records, something similar could be implemented to protect those who want to remain (somewhat) anonymous.
Not having any Whois information? I remember a domain name that I wanted to register at one that had already been taken, and when I checked whois to see who had registered it, there was nothing there. Is that going to be illegal, or just having false information? If it's only illegal to falsify info, what's the point; and if no info is also illegal, then this is way too invasive.
Join moola.com, play games to earn money.
As most people have pointed out already, this is only applicable to domains being used for something illegal... but even if it weren't, this isn't too bad of an idea. Think of the spammers, spyware, and other unsavory web-presences that lurk around anonymously. Think of the pr0n (and other businesses), too... any site that wants a credit card number from you ought to fully disclose its information.
I use these folks whenever I want to register a domain name. It's a nice, cheap, legal way to protect my whois info from anyone I feel like. And no, I'm not getting anything for saying this, it's just a cool idea and one that I appreciate (and use).
Like to play with little boys? You seem to know soo much about MAMBLA, it must be a nice little fettish for you. Now go back to playing with your self and leave the nice white people alone.
Then just contact the next to the last person and subpoena the records about who the customer is.
I think this thing should include false *and/or* missing info. With that out of the way, will the gov't pursue spammers as much as anyone else? Hmmm?
C|N>K
What would they do in my case if a law like this is passed?
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
The RIAA was able to track users of, for example Kaaza, by looking at the log in and transfer logs. These logs are full of IPs which are traceable to the ISP. When the RIAA contacts the ISP and tells them the IP, the ISP can connect the IP with the person's information. WHOIS lookup has no IP address involved. It has absolutly no indentification tracktion option of any kind.
But then if it turns out you're a spammer/phisher/etc, they shut you down and release your data.
I'd be happy to see IANA/ICANN/iAcronym enforce rules about accurate WHOIS info, combined with reasonable privacy protection for known valid sites.I have two domain names. One is registered with NetSol, the other with register.com. When I originally set up the NetSol domain, I lived in another place nad had another email address. Since that time I've had a hell of a time getting the contact information changed to the right address. I've faxed (more than once) letterhead with the required info and followed up with phone calls. Nothing has changed. And there's not much I can do about it. So I guess I'd be a felon, seeing as you cannot reach me with the address listed in the registry. Register.com has not given me any problems, since I can make any changes through their webpage. Supposedly I can do that with NetSol too, but without the old email address I can't. A much better idea would be to hold the REGISTRIES accountable for what they enter, instead of the domain name holder.
I can't say that I don't give a fuck. I've just run out of fuck to give.
Although the peyote smoking liberals would like you to think otherwise, privacy is a myth. Now get over it and grow up!
I'm doing 5-10 for typoing my name.
eskwayrd = m^2c^4
Bye Bye Karma but ...
... probably :-)
So registering incorrect DNS data becomes illegal in the US.
Does that mean a US citizen/company will be unable to register DNS entries outside the US coz then they could register incorrect data which'd be illegal under the proposed law?
Does anyone care?
Will I get modded troll
Worst
Especially with some VERY good Overseas Registrars. (12 Euros a year, with great services, tech support, etc. In Paris, France). We have to get it into the politicians heads that it's not DARPANet, and it really shouldn't be under Congressional control or oversight.
Lamar Smith is also co-sponsor of the "Clean Airwaves Act" (HR 3687) that wants to eliminate the Safe-Haven distinction. You won't be able to use dirty words at all on the public airwaves, 24 hours a day, if Smith gets his way. Off topic, I know, but of general interest perhaps. http://lamarsmith.house.gov/news.asp?FormMode=Deta il&ID=344
It would be great if eveyone posted the correct information. However I can see why some one would not want to put their real information in the registrars DB. I use my full name for the web sites I maintain. But, as stated earlier. If I was to do something to speak out against my University (Private) I probably wouldnt want to use my real Identification. It'd be nice to avoid getting the boot just because of a personal opinion.
See Sig! See Sig Zig! Zig Sig Zig!!!!!
The article claims 'Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names.'
That should read: "Smith and Berman drafted the bill after receiving sufficient bribe money from the entertainment and software industries..."
"The Government must play a greater role in punishing those who conceal their identities online."
When you read the terms and conditions when you register, you are required to put in valid whois information. The problem is many registrars do not enforce it. Then when people complain, the registrar may do someone about it in 6 months, and then update it with invalid information. ICANN investigated some reports who network solutions, but failed to do anything. One address from their investigation, 123 Yellow Brick Road, Oz, Kansas, is still there.
Fight Spammers!
...that mandates that the only lawful whois entry is an entry that marries a website administrator with valid contact information. Anything less is an abomination in the eyes of god.
by posting this as Anonymous Coward?
I think your right though this is so that, now instead of getting civily sued by the RIAA they can also tack on some kind of Felony because of fraud.
This will make the scare tactic better and then when the notice comes to your door, it's 4 years imprisonment and a felony on your record or settle out of court for 3000$ and then they prosicute you criminally anyhow. Lets stop making laws and start enforcing the ones we have.
Anonymous Cowards - Oh God, How I hate you
As the internet becomes increasingly intertwined in our daily lives, and as we all become more and more dependent on it, it is inevitable that it is regulated.
That's why we regulate the airlines, the highways, the telephone companies, and use of the airwaves. None of these industries was regulated when they were in their nascent stage. Within a few years, however, each became so critical to our economic and social welfare that regulation was needed.
THe internet is following the same path, because it is too important to be left alone with techies. No one should be surprised.
-- Slashdot: When Public Access TV Says "No"
the lawyers do. A business license is CHEAP, and then provide a CORPORATE contact vs a persons name...Works for the company I am employed by..
errr....umm...*whooosh* *whoosh* Is this thing on ?
that mofucka has done nothing but be a bitch for the RIAA/MPAA ... someone kick his ass out of there.
Because CONgress is the opposite of PROgress.
"...would add as much as seven years to prison sentences handed out to anyone committing fraud through a Web site registered under a false name or contact in formation. And it would permit copyright owners to seek larger monetary damages from people who falsify their registration information to run Web sites that distribute copyrighted material without permission."
In other words, you can fake your WHOIS information as long is your website isn't used to commit fraud or distribute copyrighted material. As long as it's being used for legal purposes, use any name or e-mail you want.
Now, here is the absurdity: do we have a law that requires poeple holding up 7-11's not to wear masks or leave their driver's license with the clerk?
It would be nice if there was some measure of consistency in legislation and punishment between online crimes and offline crimes.
Lord, bless my users that they may stop being such fucking idiots!!
Thanks for clarifying this. I have had a bad experience with a "company" claiming to be my provider asking me for credit card info over and over again (calling long-distance onto my cell phone), which was not my provider.
I ended up changing my phone # to all 888-888-8888 to rectify, and the calls stopped immediately.
Anyone else find it a horrible affront to society and the constituents of these congressmen that they make this an issue when the RIAA whines about their damned copyrights, but have sat idly by while other REAL crimes take place - like defauding said constituents out of millions of dollars?
I do.
akad0nric0
This sentence no verb.
the father of SCO's attorney Hatch?
they could be co-sponsors too I guess. . .
the history of the world
Because nobody has EVER thought of that before!
Absolutely. This is an RIAA end-run cause they can't force ISPs to fork over personal info.
/dev/null me and return to their ivory tower.
And, do you think the registrars will resist? Heck no, Verisign will gladly sell you an add-on privacy service tomorrow for the price of a hamburger today. Verisign's marketing people must be very happy right about now. $5 per domain looks pretty good to them on their balance sheet right about now.
I keep a yahoo mail that's checked in my whois but I'll never be putting my street address or phone number in there. Yes! I am rfc-ignoring-it. The people who love rfc-ignorant can't send me mail but I sleep OK at night.
Do the people in this thread waving the RFCs and WHOIS in our faces think that today's net is what the creators envisioned? Do you think SMTP would be the way it is today if they had thought about abuse and privacy issues? If they do they can
Off topic, but...accidental deaths by firearm are much lower than accidental deaths by motor vehicle accidents, fatal falls, poisonings, drownings, deaths from fire, or suffocation. (That's not even considering that many suicides by firearms are deliberately classified as "accidents" for financial (life insurance doesn't cover suicide) or emotional reasons.) While even one accidental death from firearms is one too many, the use of accidental shootings as a justification for a state monopoly on firearms doesn't hold water.
Anyway, to get vaugely back on topic, if it were really important to track down a domain owner, unless the registar is getting paid in cash, there's a payment trail that could be followed.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
When Pud was getting sued by PrintCafe, he changed his WHOIS info. Funniest thing I'd read in a while.
Here's the link:
http://www.fuckedcompany.com/printcafe.html
So I helped my neighbor set up a domain name for their new business. I put myself in as the technical contact. Phone solicitors snarfed my phone number from the whois information and started calling ME trying to sell me stuff for my NEIGHBOR's business. (I'm also getting snail mail for them as well.) So, to at least cut down on the phone calls, I changed the tech contact in the whois to the following number:
617-861-9507
"The Telemarketer's Nightmare", from the fine folks that brought you "The Rejection Hotline".
Now, it's not really MY phone number, but it IS the phone I want them to have, since I don't want them calling me. My email and home address are valid, so I can still be contacted... just not while I'm sitting down to eat dinner with my family. It's a real phone number, and it doesn't mislead anyone - the message tells someone that I don't want them calling me.
Come to the University of Mars! Classes starting soon!
Join moola.com, play games to earn money.
I wonder how this will affect using Domains By Proxy. I'm not trying to hide anything except my email address, home address (same as my business address) and telephone number from mass marketers.
Money not found! A)bort, R)etry, D)eclare Bankruptcy
Oh, I'm a Republican
I got a small schling
I like to bomb niggahs
and make a lot o' bling
I got a bunch o' friends
in high up places
They helps me get dem
government graces.
You think I'm smart
I just know who's who
I couldn't run a fruit stand
without the red white & blue
I fancy myself
A brilliant tactician
But neither me nor m'buddies
Could even pass basic trainin'
See, I'm above all that
A fightin' and shootin'
I just say "Sic em!"
Then run the other direction
Don't need no history
Don't need no schoolin'
I got my ideology
To keep me a shootin'
Liberals! Faggots!
Commies and queers!
Socialist hippies
Full o' pussy tears!
I'll drop some crap
about Jesus the Christ
You'll buy it all
and vote for me twice
'Fact, Jesus is comin'!
Real soon, now!
So we gotta prop up Israel
That ol' sacred cow
Propaganda's m'friend
But I calls it "fact"
Even though I don't read
'Cept for Chick tracts
Facts? No! Don't need em here!
We're conservatives! We work on FEAR!
Don't like what we say?
Well FUCK YOU, bud!
We'll shove it down yer throat
and tell ya it's good!
Ask yourself, what is really the expectation of the lawmakers in this arena? Do they really want to further criminalize a crime? Why not just pass a law that tightens the penalty for on-line fraud? What if your motivation was to strengthen the government's ability to regulate the internet? How would you go about it. First you pass an innocuous looking law, that touches on an area you would like to restrict, but only appears to effect the 'fringe' criminal behavior. Now said law could come in two flavors: 1) DCMA style: So broad that suddenly you have an all purpose club with which to beat the snot out of people's anonymity. And control who is allowed to have a presence on the web. 2) Anesthetic: The first of many laws, nibbling away at your freedoms one bite at a time. The are painless, but cumulative. The end result is that you suddenly have a whole framework of regulation you did not even notice being built.
I'm really straddling the fence on this issue. Sure, I see the merits for having legimit information in a whois database. I've used it many times when conducting business on the net with smaller entities to "verifiy" their identity. Also used it numerous times to research companies while responding to employment ads. On the other hand, its a spammers dream come true. Look at all the e-mail addresses you can collect in one spot. Granted some registrars are taking up some counter measures against harvesting, I sincerly applaud their efforts. I think a compromise needs to take place here. REQUIRE people to submit truthful data. In this day and age how many registrars will accept blatently bogus information, especially if there are credit cards involved. However registrars should need to give their customers the option to display their information publicly. I know of no other industry that would publicize their customers personal data on the internet. Sure some of the info should stay public (nameserver records, technical contact) but does the average person need to know who owns and pays invoices for the domain? I think not.
When will they learn? Yet another 'law' proposed to clear up that dirty old Internet.
Congress, please read: THE INTERNET EXTENDS WAY BEYOND US BORDERS.
Many scams are perpetrated from sites OUTSIDE the US, how do you think your proposed law helps?
Please stop bowing to the corporate masters!
Yes, I am a Citizen of the United States.
Anything is possible given time and money.
Yea, I'm gonna steal your identity, commit credit card fraud, steal stock options from your company, distribute illegal information and media online, an wire car-bombs on 60 vehicles in Manhattan. Then im going to leave you a red flag on my website with my name on it. Come on, I hope US intelligence does not rely on laws like this to reeduce crime, because this guy is basically asking people ot turnthemselves in, so they can serve 15 years and rat out their friends! In that case cyber criminals have a 100/1 odds of making it big in their field. Why do they think it's anonymous anyway. One way to track this would be billing. But then again, Russians obtain credit card numbers so easily they come in bundles of 1000 on the black market nowadays. I hope the other Representatives get a good laugh at this bill if it ever gets heard in Congress.
[Please sign here]
you can go to the Internet Fraud Complaint Center and fill out an online report. there is a spot for kiddie porn. it's a joint venture of the fbi and the national white-collar crime center.
you get a pdf reciept for every complaint you file. i know. i've been sending them every piece of spam i get for the last two months.
Well, actually, it might be better put as, "When guns are outlawed, only outlaws will defend their homes and lives against burglars, muggers, and home invasions."
Java is the blue pill
Choose the red pill
Some Canadian registrars, such as Internic.ca offer a service called Privacy.ca that hides your registration information, so random people can't look up your info.
Network Solutions also provides the same type of service, but they charge something like an extra $10/year for it.
Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.
In print, I have the express right to remain anonymous. Once more, these ancient old farts think print on a screen isn't print in a paper. SAME RIGHTS, YOU OLD IDIOT!
So I get excited about registering a domain that I have great plans for and enter a bunch of information. Name is Tom Hanks. In the haste of things, I register myself as Otm Shank (Simpsons, anyone?) and a few weeks later am charged with violating the Smith-fraud Act of 2005 (let's say it's a law). Am I gonna spend $5000+ on prving my innocence to these bureaucrats and technophobes, or do I spend 7 years in the can? Logic anyone?
[Please sign here]
I'll bet it's because of the common practice of inserting the word "spam" in a legitimate email address as a way of defeating email harvesters. You know - if my real address was mapmaker@yahoo.com I'd write mapSPAMmaker@yahoo.com and then say to remove the "spam" to email me. So the harvesters are automatically removing the word "spam" from harvested addresses to get at the real address, but in our cases the "spam" is a legitimate part so they fail!
Cool!
Why should the US government care if a whois database is accurate? Big brother is just being a pain in the rear.
There are a million different reasons why people would want to put false information in a record, a million ways to make mistakes in a record, and lets face it - we don't need or want the government regulating the internet.
The internet should police itself. Government intervention slows down ingenuity, implements half ass solutions, and burdens networks and individuals all for little to no gain.
Sure the feds need to keep an eye on interstate commerce, economic trends, technology trends, etc. But I do not want the government telling me what information I have to provide to a publicly available and instantly internationally accessible information repository, and I don't want them telling me what I can or can't read, write, say, not say, etc.
Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself. -- Mark Twain
There is a war going on for your mind.
Then when people complain, the registrar may do someone about it in 6 months
Interesting. Is this a mafia style "do" or a Heidi Fleiss "do"? And how do either of those help get valid information?
I have a single handgun for personal defense and even it is unloaded with a trigger lock, I have to retrieve the magazine from a second drawer and unlock the gun to be able to use it, by that time I should be awake and able to accurately discern whether my child or an intruder is coming down the hall as well as have dialed police.
Actually, by that time, you're dead.
'The Government must play a greater role in punishing those who conceal their identities online.'
That is a horrifically frightening comment. Who *doesn't* conceal their identities online? Who isn't behind a pseudonym? Who doesn't post as an Anonymous Coward (or similar) online at times? The government won't be happy until everyone's username online is FirstName, Middle Initial, LastName, SocialSecurity#, MailingAddress, Phone#, DriversLicense#...
You know, they can outlaw people using false information in the WHOIS, but it really won't be any different than outlawing suicide. Once it's done it's done; if you're good you really won't be tracked. Not that I have anything to hide, I just think there are more worthwhile things for our politicians to be doing.
Damon,
http://actionPlant.com
I'm voting libertarian from now on.
Laws should be based on things that make sense, not 200 years of repressive precedent, or over hyped "concerns" of the day that get legislated to death and stick.
Congressmen who throw out stupid ideas about taking away freedoms, privacies, or putting government punishments in place where nobody has been hurt, should be fired for violating the basic tenants of freedom, and the constitution.
The government shouldn't be punishing people who falsify private documents. I believe it's not (currently) a crime to misrepresent yourself, and online there's a lot to be said for the added safeties of misrepresentation, anonymity, and privacy.
The FCC doesn't need to decide what we watch on TV, we do. If we don't like what we see on channel whatever we don't watch it anymore. The only thing worse than the government trying to control our private lives is the people asking them to. Go to Europe you bunch of repressed whiners.
I'm sick of this all.
I don't care how this gets modded, I'm fed up, and /. is a as good a place as any to vent.
My Linux Command of the Day site : LCOD
2001-2002
The top industries supporting Howard L. Berman are:
1 TV/Movies/Music $222,791
2 Lawyers/Law Firms $117,450
Lamar Smith also gets mondo payola from MPAA/RIAA.
Berman was one of the shills who drafted a nutty bill last session that would have allowed movie and music companies to hack into people's personal computers and networks to erase or destroy "copyrighted" material. Most notably, it indemnifies corporations against personal torts resulting from their error for damages under $250. So even if you've almost finished the greatest novel ever written but failed to find a buyer yet, if they erase it, you get nothing. If they destroy your hard drives but show the replacement value is below $250, you lose. And so on.
There is nothing Berman would not do to keep sucking at the media industry tit. Even to the degree of drafting such nonsensical law that clearly violates the "equal treament" under privilege or immunity of the 14th Amendment by immunizing corporations against felonious activities conducted by them against citizens without considering due process.
THis latest bit of nonsense is just more of the same. Obviously Smith smells some extra cash within reach and is now also busy pandering to the media conglomerates.
Da Blog
Privacy Alert: Watch Out For FOISA
WHOIS bill (pdf)
Domains by Proxy is good, however, as far as I've seen is only offered through Go Daddy its resellers. The cheapest I've found it for is $9/year/domain. RegisterFLY.com offers the same service for only $2.50/year/domain (or $2.00/year/domain if you buy a 5-pack). And since they're an eNom reseller, they offer the same great DNS services and ease of transfer you're used to.
I posted a Registrar Comparison on my web site, but it lacks Network Solutions since I have never tried them. If anyone has any experience with them and would offer a review, I'd be happy to add it to my article.
What!? So it's a crime to use a false address, but only when I'm committing another crime? Lawyers would have a field day with this one. If I'm commiting a crime, I'm obviously going to safeguard my privacy, but when I safeguard my privacy, I'm committing a crime...=( This idea came from a clown. Probably drunk. Furthermore, this bill stinks of funding by people protecting their copyrights. It has to do with illegal distribution of files, etc., and those culprits are NOT going to give their address away...brain freeze
[Please sign here]
Don't they have anything else to do? I seriously wonder about these "Congress" people sometimes......
It's either on the beat or off the beat, it's that easy.
I moderate therefore I rule!
--
I'm ok with it, as long as it makes a federal crime bugging me by retrieving my personal information from WHOIS servers without my explicit acknowledgement.
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
"The words 'Howard Berman' are copyrighted by the Motion Picture and Recording Industry Associations of America, and may not be used without their express written permission."
Yeah, Berman (a Democrat, unfortunately for me) is owned and operated by the MPAA and RIAA. I think it would be much more honest if he replaced the "CA" in his title with "MPAA/RIAA". If I lived there, I'd have to vote against him (of course, no guarantees about who bankrolls their next legislator....)
I don't quite understand the problem here. I mean you have to be charged for the domain somehow right? I own 2 from 2 different registrars and both times I bought it online via a credit card. Having enough CC info to charge me should also give them enough info to find me should I be violating some law. Why the focus on what info is in the whois database? The registrar SHOULD already have all the info it needs and if there is an investigation they would be required to pass that info on to law enforcement.
This will only have an effect in the USA. That just means that this stuff will be moved to boxes NOT hosted in the USA. If the RIAA/MPAA/BSA thought they had problems finding out whom a site belongs to with illegal content, just wait till they need to work with some foreign government that just does not give a darn!
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
Your car may not directly help you exercise your civic rights, but your computer can be used for that.
More to the point, your car runs on public roads and can kill people. Your computer runs on private networks and can't harm anyone directly.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
This seems to me to be one of those plea-bargain "crimes", that's just ladled on as part of the charges. They charge you six ways for the same crime, then heap on a load of side-issues and associated minor whatsits like "conspiracy" and "fraudulent DNS" - the idea being, that the sum total theoretical max sentence would leave you jailed until the heat-death of the universe. That way you can be bargained down into pleading guilty to, say, murdering the pope - without the inconvenience of needing evidence, proof, the guy even being dead, etc etc.
I think Hatch sponsored the "if you're copying music or movies illegally, we can disable your computer" bill. I think Berman's been on some others, such as the "let's make increase the penalties for copyright infringement (and the threshhold for felony infringement)" bill.
This is a lovely example of bipartisan Congressional action. Bipartisan, of course, means that some larger-than-usual deception is being planned. (George Carlin)
The article says that they want to impose stiffer sentences for people if the domain has false contact information and IS USED TO COMMIT A CRIME.
The article does seem to hint that the gubermint is going after everyone, though, so I looked up the bill myself. It's true that they will only go after someone for this if a crime has been committed. The problem with it IMHO is that it's pretty broad...It goes after not only the owners of the domain but also "person[s] acting in concert with the violator". And it tacks on 7 years in prison who what one would otherwise get already. And from the text it looks like it's geared strictly towards copyright infringement, never mind ripping off credit card numbers or running a fake shop, or simulating the identity of a reputable company. Of course, coming from Rep. Berman, this is no surprise.
Here's the bill if anyone's interested
The link looks a little weird to me so if it is broken go to http://thomas.loc.gov and look up bill # "H. R. 3754".
-R
During 1994, before the DMCA bill was introduced to Congress, the top campaign contributions of the top 20 donors in the entertainment industry was 9.3 million dollars. In 1996, a year before the DMCA bill was introduced, the contributions increased to 19.3 million dollars.
Take a look at who's funding the "Fraudulent Online Identity Sanctions Act". Testifying before a Congressional Committee is only for big campaign contributers. You can be sure they won't be asking for our opinions.
I strongly agree with this.
If you own a business with a physical location, you're required to register it. This is part of public record.
If you rent a house, that information is available, although not quite as public. (think credit reports.)
If you're renting space on the Internet, you should be required to make a matter of record your real identity. End of story.
This would eliminate quite a few scams and such by people registering sites with false names, taking money, and closing down.
I wonder how this would affect the Godaddy unlisted domain name service they offer. It could be interesting. Even with false information in the whois; surely the FBI or the MPAA or the RIAA can subpoena the information from the registering authority the domain is registered through. I doubt that any of that information would be false. So that brings me to assume that when people are looking at whois information in order to prosecute the owner, and give up on a bad whois, that the issue is either not important enough to pursue further, or that they are too stupid to figure out how to do it. Either way, New laws in this area won't change anything. How would you enforce it? Do we really need more useless tech legislation that can't be enforced? Sheesh.
This signature has Super Cow Powers
If you put false who is info, I will break yo kneecaps.
If someone could plaster your car with advertizements because of your public license plate number, you would surely want to cover it.
Also, when arguing from analogy, please ensure you use a proper analogy.
emt 377 emt 4
Great point! AFAIK, this would be a First Amendment issue, since the domain name itself could _easily_ be considered a form of speech (eg. JerryFallwellSucksEggs.com for instance)
In fact, the Supreme Court has stated "Anonymity is a shield from the tyranny of the majority." [McIntyre v. Ohio Elections Commission (93-986), 514 U.S. 334 (1995)] and later said "As a matter of constitutional tradition, in the absence of evidence to the contrary, we presume that governmental regulation of the content of speech is more likely to interfere with the free exchange of ideas than to encourage it. The interest in encouraging freedom of expression in a democratic society outweighs any theoretical but unproven benefit of censorship." [Reno v. ACLU (96-511), 521 U.S. 844 (1997)]
I'm certainly going to write to all of my legislative "leaders" and tell them this information, and hopefully let them know that I, for one, am not happy with Big Business running our nation...
I wrote the blurb. Blame me. Taco just decided to post it. You've posted serveral times to the board about this inaccuracy. I'll respond here.
You're right, I should have been more clear. Basically, always read the article. This is a summary and not a complete rehash.
But also, try to read between the lines. Someone who is seriously engaged in fraud isn't going to pop their real information into the whois database, regardless of what the penalty is.
The intent is to create a situation where ordinary domain name holders feel like they've got to have accurate information in whois. Thats what these guys want. The way that they seek to get it in this version of the story (there have been several attempts at this) is to make people afraid that if they get charged with some sort of intellectual property crime, like posting Simpson's fan fiction, they will get a harsher sentence if the whois information is out of whack. If you believe that you will never be sued in connection with content of your domain you haven't been paying attention lately. Whats more, those who really need anonymnity the most are those who are also most likely to get sued, be it on a reasonable basis or not.
The fact is that the RIAA doesn't NEED whois to track down domain holders. You nslookup. You get an IP, and you subpoena the ISP just like you would if there was no domain name associated with the IP. When they say its impossible to track down people with fake whois information they are lieing outright. Furthermore, the advantage, to them, of relying on accurate whois information instead of a subpoena is that they don't have to file paperwork with a court. There is no legal proceeding and no judicial oversite. They contact you directly and threaten you unless you settle with them, and if you can't afford to defend yourself you are on your own.
and return the current internet to the geeks, it can't be trusted, it was never designed to provide business transactions with the level of trust required.
Create a new business net with all the DRM and legal requirements you need to do business. Forget trying to layer business requirements on the current infrastructure.
Of all the domains I have (over 2 dozen in all), I have only 3 domains with valid WHOIS information. It's not MY information but the information of the proxy company that GoDaddy uses. Other than that ALL of my domains use false WHOIS information. I guess I'm a criminal after all.
I've said before that if someone discovered Linux was in use in a prison system somewhere, the /. headline for that would read: "Windows Still Used To Violate Civil Rights" or something equally idiotic.
I suspect you meant to type that if Windows was used in a prison system, the headline would be that. While if Linux was used the headline would be something like "Linux used to rehabilitate prisoners".
If you are going to insult Slashdot, try typing a little more carefully so you don't look like an idiot.
'The Government must play a greater role in punishing those who conceal their identities online.'
You mean, like spammers?
[sarasm]Yes, your anti-spam bill has so drastically reduced the amount of spam I receive.[/sarcasm]
Some people say that nobody has a "right" to privacy (just like nobody has a "right" to drive a car), but this is going that next step and making privacy illegal!
I have a few domains that serve merely as honeypots for whois spammers. The snailmail address is correct but the company is "The Toronto Mango Appreciation Society" and "The Shaolin Gung Fu Death Society" - stuff like that.
I get mail on a regular basis to these addresses from such companies as: IBM, Microsoft, HP, SUN, AT&T and all the other companies who have paid tens of millions of dollars to DC lobbyists to make sure the domain name system is the way they want it.
Each time year hear some DC insider proclaim "we need to know peoples real identies because of crime, child pornography and homeland security" what they really mean is "we don't want to waste our benefactors stamps".
Mikki Barry was stalked from information in the whois database, and while I havn't kept up with this too much but doesn't the whole thing run afoul if European privacy laws?
Need Mercedes parts ?
DNS is a way to identify computers on a network. We don't need a better more secure identd to associate names with numbers.
Need Mercedes parts ?
Indeed. I recently got a letter from the Domain Registry of Canada (geeze, I thought these guys had been killed off a year ago). While they no longer word their "renewal" requests so that they sound as if they are affliated with your domain registrar... they are still obviously pulling my info from my WHOIS record.
I could see how this definately would be a problem for others, especially those with multiple registered domains. WHOIS records can lead to email spam, mail spam, and at times possibly a threat to your personal health (let us say, perhaps, that somebody disagrees with content on your site or a moderation of his/her own posting and decided to track you down to "discuss it").
Hell, it's not just private citizens I'd worry about. If I were a US citizen, I would be wary of government action against "free speech" on a site, such as many of the anti-bush sites.
Excempting the case where a domain is registered via stolen card, they should be able to track the person down via the card etc used in registration of said domain. To my knowledge you can't exactly pay cash for these things (or at least I can't with my registrar).
Now if a domain were registered with a stolen CC, it shouldn't take too long to pop up on the radar. It's not a consumable or other item that can be used and "dissappear," so in the event of CC theft the domain could either be quickly cancelled, or monitored to track the owner (either it will forward elsewhere, or somebody will eventually have to FTP/etc and setup a page on it, right?)
Depending on where the intruder enters my home. BUT, the point of keeping the gun unloaded and locked is to make my children safe so that they can't play with the gun. Once they're old enough to understand that guns are not toys and can and should be used repsonsibly then I will still keep it locked to protect them from an accident.
The original post made comments aluding to an inherrent evil or dangerousness of guns which is unfounded. Firearms like cars can and should be used responsibly, but we don't advocate banning cars because irresponsible people do irresponsible things with them, we take action against those individuals. There is no substitute for personal responsibility.
I think going after fraud from the name angle, is the wrong approach. Those names always end up resolving to an address, and an address is how you (ultimately) track things into the physical world. (Just ask the kids that RIAA has gone after.) Everything about DNS is merely a matter of convenience, and no one should ever have a reasonable expectation that DNS information is trustworthy.
Furthermore, it looks like the article is actually talking about web sites. So use https. Now you've got a CA claiming that someone is who they claim to be. Don't trust (or know anything about) the CA? ("Who is this Thawte company, anyway?") Now you know why x509 sucks and PGP rules. (Oooh, just had to get that little barb in there. ;-) Everything's an illusion until you've met someone face to face. If you can't trust that someone is who they say they are then you just don't know, so don't try to fake it.
If you add legislation to prevent false DNS info, you're just going to increase the false sense of security. "Whois says he's really John Smith, and it's against the law to lie, so I'll give him my credit card number." Guess what, the guy in Asia who you're giving your card # to, doesn't give a fuck about the US law. You should have relied on a trust network to verify him, not the law.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Why, that would be illegal!
This issue is a bit more complicated than you think.
Selling prescription drugs with verifying a valid presecription on the internet (or off it) is a federal crime, but the FBI won't even take a report.
You know why? Many of these mail-order drug stores have a licensed physician on staff who is more than happy to write prescriptions for patients who have diagnosed themselves. Last time I checked, some states don't require a physician to meet his or her patients face to face in order to retain his or her license to practice medicine. Or has this changed lately in most state codes?
Just last week they added their own DNS servers to my WHOIS data which pointed my web site and all my email to their search page. Because I registered through my hosting company (who in turn registered through Register.com) Register.com's tech support refuse to help me. They say I have to do everything through my hosting company. But when XO communications asked them to make a change they just said "No".
I mean, I'd love to have an accurate phone number and email in my WHOIS. I'd REALLY love to change the registrar of record to anybody except Register.com. But they're holding my domain hostage and won't give me a way (short of sueing) to maintain my own domain.
So don't make it a crime for ME to have false information in my WHOIS. I'd love to change the information. The jerks at Register.com won't let me.
(Note: IANAL, so please correct me on any incorrect information herein.)
So, let me get this straight: the US federal government wants to make it illegal to enter false information in your WHOIS registration if you are assisting a crime in doing so. And impersonating someone for any reason is fraud. So, anyone who enters a name & address/email address/phone number not their own is commiting fraud. Therefore, anyone who enters a name not their own is not only "assisting" a crime, but making one... and so they not only get a fraud charge, but a "misleading information in WHOIS" charge if this bill is passed.
I can see how this bill might help U.S. federal prosecutors keep some arsehole from getting parole for another few years; if the man or woman charged with fraud is guilty (not just found guilty), I'm all for it.
But there are two problems, here. One is that it will, though not by intentional effect, extend the miscarriage of justice if or when an innocent person is found guilty for internet fraud. The second is that it's going to scare the U.S. citizens who have false information in their WHOIS but are otherwise NOT criminals into identifying themselves, to their detriment, in all probability.
So, is there a reason why, instead of the laws on fraud, there is an attempt to make privacy through anonymity illegal? I don't mean to imply conspiracy or malevolent intent... but I have to admit that a small part of me suspects the latter.
If anonymity is rendered illegal on the internet, how long will it be before it is a federal mandate that all U.S. citizens must wear nametags at all times? After all, not wearing one would only allow prosecutors to lay some extra prison times on someone who's already guilty of a crime, right?
And if they nab the wrong guy or gal, the Feds and federal prosecutors can still save themselves from embarassment by seeing the charge of not carrying identification around at all times, even if that person is innocent of any other crime.
Lastly, what about those under the age of majority who run servers or have a domain name of their own? Are they going to be tried as an adult if they decide to keep their anonymity in their WHOIS information?
Just how far can and will this be taken, and why? Is such a thing about control, direct or indirect, or is it about something else? The mind of one who has grown up in a sensationalist, reactionary, and dramatized media environment jumps immediately to the conclusion of malevolent intent (whether or not it dismisses it).
~UP
Eat the Path.
When bathtubs are outlawed, only outlaws will drown their kids in a tub!
So I'm guessing it should be a crime to post to web forums using anything other than your full name (First, Middle, Last and any Prefixes and Suffixes) as well as your full address, current location, telephone number, e-mail address, and social security number. And if you live in a godless country that doesn't issue SSNs or require laws as restrictive as ours, you should kill yourself before we bomb you.
Just kidding-- we'll bomb you even if you do kill yourself!
Congress, please read: THE INTERNET EXTENDS WAY BEYOND US BORDERS.
Many scams are perpetrated from sites OUTSIDE the US, how do you think your proposed law helps?
So? Congress still can't extend it's federal law jurisdiction beyond its borders but we ALREADY have EXTRADITION TREATIES with most countries.
Please stop bowing to the corporate masters!
While this law is essentially redundant since there are already plenty of laws dealing with fraud, this isn't so much a corporate give-away as a federal power grab. Most criminals already attempt to conceal their identity in commission of thefts, this PROPOSED law would only create an additional crime in out of concealment of another crime. I for one would welcome additional punishment for identity thefts but this law is useless and redundant.
Yes, I am a Citizen of the United States.
And you're embarrasing us by proving that ignorant American stereotype.
Am I really seeing a slashdot full of anti-privacy zealots?
Whois is a government regulated collection of information about private individuals. Since when is someone having some privacy on the web a BAD THING???
I thought we all agreed on a few common principles here, free speech, free code and RIGHT TO PRIVACY (ESPECIALLY in our digital world here on the web), and that slashdot needs a built in spellchecker?!!
The government has no damn business either collecting, and especially not publishing the details of domain owners to begin with!
From the article Defending the rights of domain owners to submit false or incomplete information to domain registrars, Marv Johnson, an attorney with the American Civil Liberties Union, noted that the U.S. Constitution "recognizes that you have a right to anonymous communication."
The bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime, said Mark Bohannon, senior vice president for public policy at the Software & Information Industry Association, which supports the bill.
Ask any search engine company how to track false whois information. When TrafficBoss.com was the fastest growing company in Toledo we would order 100s of domains a day with false contact info. Most times we made it look like the company we were hired to drive traffic to owned it. There were several weeks that all anyone did in the office was go through every single domain and make sure all the info was fake.
Ahh but search engines are much smarter than that. It only took 2 years and we were black listed for spam by all the major search engines. 7 out of 10 results went to one of our pages. after being black listed the company went to crap. fired 75% of the employees and went down hill fast.
of course everyone was saying hey, half of the crap we are creating is irrelevant spam but of course as long as the money flows, who cares.
I wouldn't mind providing accurate data if I could be assured of its privacy. If someone wants to know if a given domain name is taken, fine. Who own it? Why? I've had stalkers attempt to track me, and had NetSol sell my address to umpteen junk mailers, but never once had a legitimate personal contact from someone who used my WHOIS data to find me. I can see the need for a technical contact available to someone who needs to make use of that (and can prove that they can). But mailing address of an owner?
A completely open WHOIS database is a relic of of a kinder, gentler time, now long gone. Time to send it off to join bang paths and cute finger responses.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
The thing we have to remember about anonymous commmunication is that if we didn't have anonymous communication 200+ years ago, chances are, we wouldn't have a country.
For details see the Federalist Papers.
Having correct registry information would allow me to track down a criminal who hit my credit card recently. It is the first time I've been had by fraud and thankfully it was only for $9.95.
Somehow, somewhere, someone used my credit information to try and sneak past a small charge on my bank statement. The charge of $9.95 came from DAVWEBSOFT. Searching the web for DavWebSoft turns up a very suspicious web site. It appears "professionally" designed, but on closer inspection, many links simply do not work and news items are stolen from other sources.
WebDavSoft's is a near exact duplicate of these web sites: SBC Web Solutions, Stewart's Precision Web Design, Eadens Enterprises, Fleming Software LLC, Global WebLine LLC, Studio A Design, Prosoftware Inc, Luministic Technologies, Kazland Software Corp, Bailey Consulting Group LLC, International Web Design, GToolboxes Technology INC., Tanya Web Design, Andersoft Inc, Panaginip Salohin Corp, Web Pages Made Easy LLC, E Software Tech Inc., Webtemp Solutions, Inc, and Resourcepdc Inc. Each site lists different fake addresses and phone numbers. Try contacting the phone number listed on any of the pages and you're dumped into anonymous voice mail.
Besides stolen copy, links that aren't links, and duplicate web sites, the most obviously fraudulent element is that each main page has a link to "Don't Recognize a Charge?" which then asks for credit and other personal information. Gah! What sort of company prominently displays "Don't Recognize a Charge?" on their main page?! None, except fraudsters.
If you happen to be a victim of fraud, report it to the FTC and the IFCC.
I would love to catch the criminal behind these web sites before they strike anyone else and correct Whois information would rock my vigilante world.
That is the worst analogy I have ever seen... well... one of them.
People can find out who you are by IP address just as "easily" as they can by your License plate. Remember, that information is available to the police, not to the general public. Posting valid whois information for a domain is available to *anyone*.
Whois info is tantamount to being required to have all of your info posted right ON your license plate.
Now THAT, is a well-balance, high quality analogy.
Consider this: A 12 year old girl that has designed a website, and has a domain name for it. Of course, her parents would have to put the address on it when registering. Now that publicly available record is viewable by all kinds of sick people... That kind of situation would appear countless times if such a law were passed.
However, the point seems moot anyhow, since it was pointed out that this would be only in the case that the person was doing something illegal.
Verisign's "site finder" effectively forged fraudulent whois data by making all unknown request to .com forward to their site. Congress should put those thieves in jail.
Suppose we take this literally. This means anyone who has registered a copyright would get the same powers as law enforcement when accessing this database. One could write a 100-word story, register the copyright on it, and then demand access to the database.
Surely it would be better to leave law enforcement to the police. After all, that's their job.
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
You know what happens when the government gets an inch; They take a foot.
Personally, I would much rather let an organization like ARIN handle things: If too many people complain that any site is fraudlent, their IP space is deallocated, period.
However, regardless of any other solution, I can't imagine anything worse than exposing internet registries to highly concentrated Administratium.
I have a right to privacy, you know.
My domain is 100% personal. I don't get any hits to it other than my own. I put my own stuff up there for friends to access, stuff I test in development, etc..
It's pretty much a domain for me. No one else.
There is absolutely no reason whatsoever for me to have my personal information available for whoever to see. That's like saying it's mandatory that since you use a phone, you have to have your address listed in the phone-book. It's bullshit and it's an invasion of my privacy. My who-is information is false because... well, no one has any right knowing who *I* am since my site is for *me* and me only.
Instead, if you run a website, you should apply for an online business license, which should require valid information for all to see.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
One thing Congress can not get through their feeble minds is that the Internet is a global network. Their laws are meaningless outside the US. The more laws they pass trying to control the net the more alienated the US becomes from the rest of the world. Of course if that's their plan then they're right on track.
IMO until we have term limits (like the POTUS has), only allow registered voters to contribute to a politician's campaign (no PACs, no unions, nothing else but voters) and limit it to $100USD per election we'll be stuck with that scummy ring around the beltway.
When I was in high school [in the '70s] I had a history teacher (hard core GOP) that railed on about the evils of communism and the USSR. His favorite story to tell was about how all photocopiers had a serial number etched on the glass so "the powers that be" could easily track who was copying what (like a dissident's newsletter). There was also a law that also required all photocopies to have a legible machine serial number. It seems that story is more apropos to the US today than ever before.
"And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
I just used a service called Domains By Proxy to keep my personal information just that on my registered domain. It was $9 a year (I just missed the $7 deal they were running) which isn't too bad considering my registrar only charges me $8 so the grand total is $17.
.net and .org to my almost useless .com) I just wish that I could keep spammers of all flavors from seeing/using it.
I think it would be great if the service were free, but as I'm still paying less than I would if I had registered at Internic.ca, I can't complain too loudly.
As a side note, I like the fact that you can lookup who owns which domain. (It allows me to wonder why some guy in Rhode Island registered the
Yeah, I have a webcomic...
I do have my own domain, and like some of my other friends who do as well, we use hosting services. Some of my friends' WHOIS entries have their address and full contact information. Mine has nothing at all like that. Under the agreement I have with my web hosting service, if I wanted to stop using them tomorrow and go to someone else, the domain name is mine, all mine, I can transfer it. However, my WHOIS entry has THEIR company contact information, NOT MINE. Therefore, I've gotten no spam or anything like that. My hosting service uses my email to only periodically send me heads-up if they are performing major updates or something, or to contact me to remind me to renew. Anyone who comes across my page and wants to contact me can use the information there to contact me. They've been a very good hosting service to me, and I never even thought about the issue with the WHOIS entry until I read this article and commentary today. I don't know if that was their intention when having the WHOIS info their their name, but it's a rather nice side effect I think.
We ran a small business from a friends home when we first got started. Since this was a residence, we got a PO box at a mail boxes etc, now UPS store, where we could have packages and mail delivered. It was really handy for us as we were often on the move and on the go. Its not false info, and its not giving out our real addresses either.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
it's about time
Unfortunately, I live in this pinhead's Congressional District. Being an EFF member, I of course send him a steady stream of letters. His responses to date have been so predictable, it's almost comical.
This guy takes money from Hollywood. He rivals old Fritz, and Orin as one of the RIAA and MPAA's most dependable bitches.
I only wish the EFF (or some group like them) would take a more active role politically. Basically, vote both him and the rest of the Hollywood shills out of office.
Only you should really replace 'fired' with 'decapitated'.
I don't know where to begin with this moronic idea. It seems to me that everything Congress, Network Solutions(sic), or ICANN ever touches turns to sh*t.
ICANN should enforce its policy of terminating contracts with domain name holders whose information is found to be inaccurate, but "is either unable or unwilling" to do so.
You mean ICANN is going to contact everyone in WHOIS and ask for 2 pieces of ID - puhlease.
ICANN "takes these issues very seriously" but has not decided whether to support the bill, said spokesman Kieran Baker.
ICANN will do whatever it's told by big business and Congress. Obviously Congress and Big Business are trying to sneak this under for some reason - Why?
That the whole thing is likely to get to the floor of Congress is absurd. IMHO - alot of the crime on the Internet is already covered by known laws, just the language needs tweaking. That they don't know where to start is itself a bunch of crap. This is just lobbying crap.
Stuff that matters.
our government is based on checks and balances, and designed to resist centralization of power. there have been some abusive executives, pushing for centralization. in that push, private sector databases have been abused. therefore, it is the duty of legislators (and the courts) to block those efforts. case in point.
for example, the governor of UTAH just sold out his people in one fell swoop: he secretly built a database on them without any approval. as described, the database was assembled based upon data acquired from the private sector.
given that history of abuse, legislation requiring submission to database records (even those in the private sector) must be tempered with the knowledge that such records have been abused.
"Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
The political class feels threatened by anonymitity (sorry for the misspelling, there is no such function in stl). If they can't ID you then they can't track you down and lock you up when you oppose them......
(n/t) yes I really mean empty body...
I think they should shut it down too. For example: after 7 years of paying for a domain name with company checks (and the bills mailed directly to the company in question) Network Solutions maintains that the domain name belongs to the unethical webmaster who signed up using his own name instead of his clients.
They seem to have no "idea" that the domain belongs to anyone other than the jerk who put his name in as administrative contact. Now he's trying to sell the domain to the competing company.
That's totally nuts. But Network Solutions doesn't think so, and as far as I know ICANN wouldn't either. What a great job they are doing of keeping the Internet stable.
-------------------------------------
Technically, we are beyond survival.
Its a pity we don't get to read the reply but it's quite possible there was none.
In a sense, anonymity is important not only for the speaker but for reception of the speaker's idea.
How many ideas have been put forth which have been received one way or another because of the speaker rather than the content of the idea? Can you honestly say that if you read an opinion piece from, say, RMS or Jon Katz that knowing the speaker wouldn't bias your reception of the idea?
In some academic situations, students are told not to put their names on their assignments, just their student IDs so that the marker isn't biased because they know the student/are familiar with that student's assignments. I wonder if a similar thing could be useful in research - peer-reviewed, yet anonymous publication. That way, you know it passed muster with experts in the field, but you aren't biased by the fact that the author, say, previously won a Nobel prize.
This has gotten a bit off topic, but the point is, I think we'd be losing a lot if people could no longer put their ideas, work, and other contributions out there without having to worry about unintended consequences. If I'm going to apply for a serious job, do I really want to release that spiffy game I wrote in my spare time under my name? After all, there's a remote possibility that the person reviewing my application will decide that I don't have a serious enough attitude, or spend too much time on hobbies, or who knows what (maybe they're fanatical members of a cult that blames all the world's troubles on video games).
I'd like to live in a world where professional authors can talk about story ideas without worrying about getting yelled at by their publishers (this came up on a IF newsgroup), where one can keep separate a professional life and a personal life. Haven't there been instances where people have said
'it's unprofessional for them to say that, since they are associated with [business] and stuff they say in their spare time can reflect on the business'
As long as a way exists for the person to be tracked back to their business associations and whatnot, they CAN'T speak freely because of that responsibility. But if they can keep them separate by using a pseudonym, then there's no ethical issue: their private speech is kept distinct and separate from their professional speech.
Posted anonymously to stubbornly press the point,
Declassified US Documents.
http://emperors-clothes.com/images/north-12.htm
That's entirely different from what the RIAA and their pet Congresscritters want, which is for the WHOIS record to provide your True Name, ICBM Address, Legal Jurisdiction, Address where you've agreed to accept subpoenas and 6am no-knock visits from the RIAA and Homeland Security, Blood type, mother's maiden name, and Internet Driver's License.
ICANN is somewhere in between. The only IP they care about is Intellectual Property, and they've always tried to insist that the Registrars collect Whois Records that have Subpoena contact information, so that if there's a trademark dispute over your domain name, the allegedly legitimate trademark owner can drag you into court, rather than forcing the registrar system to handle dispute resolution and risk getting sued by big companies that lose UDRP cases.
Ownership conflicts and not paying your bill are the only cases where taking away your domain name is justified, and therefore the only case in which providing inadequate response to contact information should lose you the domain name. It's also valuable to have working contact information in case things about your system are broken, like your DNS not resolving correctly or your email getting lost, because that's how people on the Internet help each other. The RIAA and Congresscritters are trying to extend lots more significance and control to the whole process than it's supposed to have.
Besides, even *accurate* information doesn't get what they want. Sure, the contact email addresses can point to "postmaster@yourdomain.com" , a valid address on your machine, but that doesn't mean that you read it regularly, or that you ever check your contact phone's answering machine messages. I recently tracked down a spammer to a box number in the same building as The Company Corporation, who for the last 105 years have provided convenient paperwork for Delaware corporations. Yes, that's right, you can go there and drop a subpoena in their mailbox and maybe they'll read it, and if somebody sues them for trademark violations and they don't show, John Ashcroft can burn their corporate papers at the stake at high noon and all it means is that they real owners have to spend another $100 for another disposable corporation.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Why do our lawmakers insist on making more an more laws when other laws already cover said offense?
How is that not a violation of one's right to be tried once for a crime? If you rob a bank, they can charge you with 10 different things, ranging from robbing a bank, to using a firearm in an armed robbery, to endangering the lives of others. And they don't have to bring all those charges at once, so they cam take you to court once for each count, though usually they just hold back a few charges just in case instead of doing them one at a time. To me, that seems like double jeapoardy. I consider "robbing a bank" a single crime. And I'm sure our founding fathers intended it to be a single crime. But now it's 10 different crimes so that lawmakers can get around the consitutuional limitations agianst double jeapoardy.
Now to my point... This law is only intended to be used when ANOTHER CRIME HAS ALREADY BEEN COMMITED. What point is there in making a law like this? They've already commited a crime. It's not even like, the difference between robbing a conveneience store, and robbing a convience store with a gun. This is robbing a convenience stor, and robbing a convience store with a MASK ON.
Where's the laws making it illegal to commit a crime while wearing a MASK? Becuase that is what this amounts to. A law saying you get 5 more years if you rob a store while wearing a mask. And that is absurd, and in my opinion is skirting our constitutional rights.
Then the US Post Office started making rules requiring anybody who wants to rent a mailbox from their competition to provide photo ID with your true name and the address you really sleep at, and the State of California made even tougher rules about how you also have to accept subpoenas there. Then within a year or two they discovered that this had created a serious problem ; California now has a process where you can register as an Officially Battered Woman and get an Offically Battered Woman No-Address-Verification-Required Mailbox. That's still much more risky than simply renting a box used to be, and it means dealing with the legal and social-control bureaucracy far more than many people want, and it also means that if you're not Officially Battered, but just want to avoid having your ex get your current address because he's creepy, you're out of luck. Unless you use fake ID to get the box, of course. Or a business name.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If the Chinese government wants to persecute their citizens for having the wrong religion, there's absolutely nothing wrong with making it hard for them. You can do this by deliberately misleading them, as long as you don't endanger someone else in the process, or you can do it by in-their-face refusal to cooperate (though the latter is obviously safer if you don't live in China.) Speaking Truth To Power is a good thing, but sometimes risks being more traceable.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
John's a stubborn and principled guy. Cryptome occasionally gets DDOSed or cracked, and FBI agents occasionally knock on his door (and get their names taken down and posted on the site) and other bureaucrats periodically tell him they want stuff taken down (takedown letters get posted too), and the site is widely recognized as one of the places to go for the kinds of materials he carries. He's had to change ISPs occasionally, but basically cockroaches don't like bright lights, so they don't stay around bothering him long.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
We could show you, but then we'd have to kill you, or at least drag you down to Gitmo. And if it doesn't explicitly say that yet, well, the drug exception to the Fourth Amendment pretty much covers it.
Okay this is obvious bullshit, somehow Americans have come up with representatives who think they have carte blanche to promote all kinds of fascist principles. Forcing identities to be checked on whois is not going to solve anything. It's not the same as application for an SSL certificate.
As Dave Farber says, photons don't need passports.
That said, Japan has an unpopular policy which only allows a company to have a single domain, they have to pay bucks and provide stamped documentation, and it is serious. That's why everybody gets U.S. domains (ever wonder why dotcom domains are running out?). There also happens to be a law for privacy in Japan unlike the U.S., but I do not think anonymity is thought so important here (though it should be considering how corrupt everything is).
Anonymity on the Internet and finding ways to strengthen it may be one of the great things about the U.S., and as a very eloquent poster implies earlier with the Federalist Papers, one can easily imagine that fashionable ideas about security may seem quaint and trite a few years later. People with more objectivity tend to look at the U.S. today and wonder why the entire fucking value system is spontanteously undergoing a spectacular meltdown.
It's time to implement CrimeNet, the anonymous DNS replacement. It could work via a central nameserver that you subscribe to and pay based on traffic to/from or maybe a p2p solution. Making false whois records illegal won't stop crap.
Eat at Joe's.
There are many valid reasons for having bogus whois information, and many of those have already been enumerated here, so I won't repeat them. What I think is a useful addition to the conversation is that it is long past time for a technology court.
There are lots of issues to be worked out -- who would staff it, what the judges' qualifications would need to be, CLE requirements, who can practice before the court, where it should be convened (overlay districts on the existing federal district courts?), and what its jurisdiction would be (what is a "technology issue"?, should complex cases with lots of issues be broken apart with contract in court A and tech in court B?). An additional alternative is for perhaps a tech judge to be assigned to each federal district court. Cases would proceed normally through the existing system with tech-related cases being assigned to the tech judge. By petition, perhaps cases could be adjucidated under special rules to accelerate the process.
In the context of the present "bogus whois info" issue, perhaps the above process could be used to deal with cases where whois is bogufied for fraudulent purposes as opposed to unremarkable reasons. It may be possible to have an enhancement for another crime to have bogus whois info, but have it be nonactionable in the absence of any other crime. Top my way of thinking, fraud or similar crimes/civil offenses should be the ones where this sort of "enhancement" would be an available remedy. If its a case where concealing the identity of a party is not an issue, it shouldn't be available to the state or to a private claimant.
Just my $.02.
GF.
Lots of petrified grits
And if the United States government wants to persecute people for having incorrect Whois data, there's nothing wrong in making that hard for them.
This is a big concern for privacy advocates, but the fact that the RIAA and MPAA want this to happen so they can track down the copyright violators that they so loathe is correct. I personally don't agree with it, seeing if I were to start a personal site I wouldn't want anyone with an ounce of brain about computers to go and get my street address, especially considering that all the work going on it would be of my own.
This could all be bypassed over the whois info though - people can get hosting on servers without getting web address (like geocities does) and host smaller files like music files on a single account. It won't make much of a difference if they're all connected to another free account which is just a big hub.
I wrote code so you didn't have to.