Slashdot Mirror
Congress Eyes Whois Crackdown
Decius6i5 writes "The Washington Post is reporting on a Congressional hearing in which it was proposed that putting false or misleading information in your DNS whois record should be a federal crime. Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.' The article claims 'Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names.' Its funny, I don't recall the RIAA having any trouble tracking down P2P users whose IP addresses didn't have any DNS names associated with them at all. This isn't the first time the issue has been raised in Congress but apparently Congress hasn't gotten any more clued after several hearings."
Write your senators or representatives, via snail mail or fax and inform them of this issue, especially if they are members of the revelant committees.
The bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime, said Mark Bohannon, senior vice president for public policy at the Software & Information Industry Association, which supports the bill.
Oh, fer Pete's sake, Taco. Would it really hurt all that much to give a full, accurate blurb on this one?
This isn't about forcing people to use their real name when registering a domain. This is about increasing the severity of the punishment for committing online fraud. Basically, if you commit fraud using a website with faked credentials, you'll face a stiffer penalty than you would had you committed fraud on a website where you used legitimate credentials to register.
I'm not saying I've fully researched this, but it sure as hell isn't the rights-trampling orgy the blurb makes it out to be, Taco. Do your homework before posting half-informed diatribes to the front page.
Obliteracy: Words with explosions
Trouble is, that's not what they're doing. They're talking about creating harsher penalties for people who commit fraud with a website registered under fake credentials.
They're not going to go hunting you down for having false information. Rather, if they catch you committing fraud on your website, they'll tack another few years onto your sentence if the site info wasn't accurate.
You gotta stop believing what they say in the front-page blurbs.
Obliteracy: Words with explosions
If the RIAA and MPAA can't find the fake WHOIS record owners, how is the government going to track down the WHOIS record owners and punish them?
Very simple. If the registrar can't contact you because you gave them bogus info then the registration gets dumped. Quite an effective and fair punishment - you are abusing a priviledge so that priviledge gets revoked.
Although I do understand where you are comming from with regard to address harvesting from public WHOIS records. If you were to implement this policy you would have to provide the option for registrants info to remain private to the registrar. Then it wouldn't be such a burden for honest people to provide the correct information.
Anyone else seeing a pattern?
This sig no verb.
Oddly enough I had the exact same situation.I had two email addresses. One of them was public and I used it everywhere - in forums online etc.. The other was private and wasen't used anywhere. The public one started with "spam" as in "spamandrewt@..." and I had, like 3 piece of spam in it during its life. The private one almost had to be abandonned because of the level of spam. If it weren't for yahoomail's nice spam filtering I would get about 100 spams a day. In the end the spam email address was deleted citing lack of use.. The guy in the cube next to me has a similar story.. I wonder if we're on to something here :-)...
This is offtopic, but I find your misuse of statistics disturbing too:
that idea might be more accurately stated as "When guns are outlawed, only outlaws will accidentally shoot their own kids,"
Your statement would imply that there are a lot of accidental shootings. You seem to be buying the gun control and media hype. Statistically, there are VERY few. Taken from guncite.com
"The risk of being a victim of a fatal gun accident can be better appreciated if it is compared to a more familiar risk...Each year about five hundred children under the age of five accidentally drown in residential swimming pools, compared to about forty killed in gun accidents, despite the fact that there are only about five million households with swimming pools, compared to at least 43 million with guns. Thus, based on owning households, the risk of a fatal accident among small children is over one hundred times higher for swimming pools than for guns."
Or maybe I'm reading your comment wrong, just my $.02
Some Canadian registrars, such as Internic.ca offer a service called Privacy.ca that hides your registration information, so random people can't look up your info.
If it becomes a federal crime to lie in domain records, something similar could be implemented to protect those who want to remain (somewhat) anonymous.
From their website:
ICANN then contracts out services to corporations for manage the DNS registrations. Currently, VeriSign controls
I use these folks whenever I want to register a domain name. It's a nice, cheap, legal way to protect my whois info from anyone I feel like. And no, I'm not getting anything for saying this, it's just a cool idea and one that I appreciate (and use).
The RIAA was able to track users of, for example Kaaza, by looking at the log in and transfer logs. These logs are full of IPs which are traceable to the ISP. When the RIAA contacts the ISP and tells them the IP, the ISP can connect the IP with the person's information. WHOIS lookup has no IP address involved. It has absolutly no indentification tracktion option of any kind.
"...would add as much as seven years to prison sentences handed out to anyone committing fraud through a Web site registered under a false name or contact in formation. And it would permit copyright owners to seek larger monetary damages from people who falsify their registration information to run Web sites that distribute copyrighted material without permission."
In other words, you can fake your WHOIS information as long is your website isn't used to commit fraud or distribute copyrighted material. As long as it's being used for legal purposes, use any name or e-mail you want.
Now, here is the absurdity: do we have a law that requires poeple holding up 7-11's not to wear masks or leave their driver's license with the clerk?
It would be nice if there was some measure of consistency in legislation and punishment between online crimes and offline crimes.
Lord, bless my users that they may stop being such fucking idiots!!
Ask yourself, what is really the expectation of the lawmakers in this arena? Do they really want to further criminalize a crime? Why not just pass a law that tightens the penalty for on-line fraud? What if your motivation was to strengthen the government's ability to regulate the internet? How would you go about it. First you pass an innocuous looking law, that touches on an area you would like to restrict, but only appears to effect the 'fringe' criminal behavior. Now said law could come in two flavors: 1) DCMA style: So broad that suddenly you have an all purpose club with which to beat the snot out of people's anonymity. And control who is allowed to have a presence on the web. 2) Anesthetic: The first of many laws, nibbling away at your freedoms one bite at a time. The are painless, but cumulative. The end result is that you suddenly have a whole framework of regulation you did not even notice being built.
Doesn't anyone RTFA anymore?
The bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime, said Mark Bohannon, senior vice president for public policy at the Software & Information Industry Association, which supports the bill.
All I want is a kind word, a warm bed and unlimited power.
you can go to the Internet Fraud Complaint Center and fill out an online report. there is a spot for kiddie porn. it's a joint venture of the fbi and the national white-collar crime center.
you get a pdf reciept for every complaint you file. i know. i've been sending them every piece of spam i get for the last two months.
Some Canadian registrars, such as Internic.ca offer a service called Privacy.ca that hides your registration information, so random people can't look up your info.
Network Solutions also provides the same type of service, but they charge something like an extra $10/year for it.
2001-2002
The top industries supporting Howard L. Berman are:
1 TV/Movies/Music $222,791
2 Lawyers/Law Firms $117,450
Lamar Smith also gets mondo payola from MPAA/RIAA.
Berman was one of the shills who drafted a nutty bill last session that would have allowed movie and music companies to hack into people's personal computers and networks to erase or destroy "copyrighted" material. Most notably, it indemnifies corporations against personal torts resulting from their error for damages under $250. So even if you've almost finished the greatest novel ever written but failed to find a buyer yet, if they erase it, you get nothing. If they destroy your hard drives but show the replacement value is below $250, you lose. And so on.
There is nothing Berman would not do to keep sucking at the media industry tit. Even to the degree of drafting such nonsensical law that clearly violates the "equal treament" under privilege or immunity of the 14th Amendment by immunizing corporations against felonious activities conducted by them against citizens without considering due process.
THis latest bit of nonsense is just more of the same. Obviously Smith smells some extra cash within reach and is now also busy pandering to the media conglomerates.
Da Blog
Privacy Alert: Watch Out For FOISA
WHOIS bill (pdf)
Domains by Proxy is good, however, as far as I've seen is only offered through Go Daddy its resellers. The cheapest I've found it for is $9/year/domain. RegisterFLY.com offers the same service for only $2.50/year/domain (or $2.00/year/domain if you buy a 5-pack). And since they're an eNom reseller, they offer the same great DNS services and ease of transfer you're used to.
I posted a Registrar Comparison on my web site, but it lacks Network Solutions since I have never tried them. If anyone has any experience with them and would offer a review, I'd be happy to add it to my article.
Ok, calm down and read the article.
The bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime, said Mark Bohannon, senior vice president for public policy at the Software & Information Industry Association, which supports the bill.
Some (liekly most) of the false records are OBVIOUS. Like one which had 314-411-0000.
Note, prefixes of the form N11 are never valid. Since those are used for special services (and it is now defined for all N from 2 to 9, btw, see the North American Numbering Plan Administration page for details.)
Just because it CAN be done, doesn't mean it should!
Are all Texans as offensive as their elected representative?
No, not all of them. Unfortunately, those who dare to express their disgust (especially if CUR_LOCATION != "USA") don't get favorable treatment from certain particularly offensive Texans (who just happen to run country music radio).
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
OBVIOUS. Like one which had 314-411-0000.
Um, is that supposed to be an obviously false number?
I'm glad it's obvious to Americans, anyway...
I have a few domains that serve merely as honeypots for whois spammers. The snailmail address is correct but the company is "The Toronto Mango Appreciation Society" and "The Shaolin Gung Fu Death Society" - stuff like that.
I get mail on a regular basis to these addresses from such companies as: IBM, Microsoft, HP, SUN, AT&T and all the other companies who have paid tens of millions of dollars to DC lobbyists to make sure the domain name system is the way they want it.
Each time year hear some DC insider proclaim "we need to know peoples real identies because of crime, child pornography and homeland security" what they really mean is "we don't want to waste our benefactors stamps".
Mikki Barry was stalked from information in the whois database, and while I havn't kept up with this too much but doesn't the whole thing run afoul if European privacy laws?
Need Mercedes parts ?
Professional spammers know that if an address on thier list has the string "spam" in it it's one of two things. 1) An legit address that has had "SPAM" inserted into the middle to trick spammers (I see this all the time here) or 2) A semi-fake address created just to use in public forums. Neither one does the spammer any good.
Don't underestimate the enemy. Just because they're weasels doesn't make them stupid. There's money involved.
-B
In order to "trace the information back to you" -- i.e. contacting the host and asking them for the credit card, etc. REQUIRES A COURT ORDER! That means you would have to commit a crime or something. So yes, a fake whois record WILL protect me. You are wrong; sorry.
The only reason that WHOIS data is public in the first place is that when ICANN was being set up the competing registrars insisted that the rules should allow them to see Network solution's customer list so they could spam them with transfer offers.
Actually, the only reason the whois data is publicly available is because it lways has been, even when it was hosted by DARPA, and it used to contain a lot more info than just domain reg stuff, such as email to realworld name, what domains were registered to specific person and other useful tidbits that we can no longer access. It was something of a nationwide, geek only telephone and email directory. The client back when you started wasn't called whois, it was called NICname, but it's still the same database, just stripped down and moved about.
Read, L