Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congress Eyes Whois Crackdown

Posted by CmdrTaco on from the that-doesn't-seem-like-a-bad-idea dept.

Decius6i5 writes "The Washington Post is reporting on a Congressional hearing in which it was proposed that putting false or misleading information in your DNS whois record should be a federal crime. Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.' The article claims 'Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names.' Its funny, I don't recall the RIAA having any trouble tracking down P2P users whose IP addresses didn't have any DNS names associated with them at all. This isn't the first time the issue has been raised in Congress but apparently Congress hasn't gotten any more clued after several hearings."

39 of 396 comments (clear)

  1. I find this idea disturbing. by The+I+Shing · · Score: 5, Insightful

    Yes, there are criminals with false WHOIS records.

    And, at the same time, the WHOIS database is a feeding trough for spammers and scammers, encouraging otherwise honest people to put false information into their WHOIS records just to keep those spammers and scammers from getting their names, email addresses, snail mail addresses, phone numbers, fax numbers, mothers' maiden names, and whatever else their registrars ask for.

    I could create a brand new, non-obvious email address on one of my domain accounts and put it in as the Admin Contact for a record I own, and use that email address absolutely nowhere else, and I bet that within three months that email address would be getting buckets full of spam.

    There's an old saying you still see on bumper stickers, "When guns are outlawed, only outlaws will have guns." While that idea might be more accurately stated as "When guns are outlawed, only outlaws will accidentally shoot their own kids," the original sentiment holds for WHOIS, that is to say, "When falsified WHOIS data is outlawed, only outlaws will falsify their WHOIS data."

    If the RIAA and MPAA can't find the fake WHOIS record owners, how is the government going to track down the WHOIS record owners and punish them? Why waste time passing a law that, in the end, only punishes honest people who would rather not give their unlisted home phone numbers out when buying a domain name for their kids?

    --
    You are in error. No-one is screaming. Thank you for your cooperation.
    1. Re:I find this idea disturbing. by Anonymous Coward · · Score: 5, Insightful

      A realistic solution to it is to allow people to falsify WHOIS records, but require the registries to maintain records of accurate contact information to be provided in the event of a (legitimately issued) subpoena or an investigation by law enforcement, provided they have a warrant for the information. If people choose to put their real contact information in the WHOIS record, it is still their right to do so, and many already choose to do so despite being able to falsify the data.

    2. Re:I find this idea disturbing. by epiphani · · Score: 2, Insightful

      agreed - but as an expansion...

      I think WHOIS data should be *entirely* optional. Just because I happen to run a domain does not mean that I want my email address, home address, real name and telephone number availible to anyone who wishes to see it. If not optional, then it *definitely* should not be criminal to give false information.

      In more direct terms, government, get your ugly freakin nose out of the internet.

      --
      .
    3. Re:I find this idea disturbing. by flatt · · Score: 5, Insightful

      That may work until someone claims to be from anywhere but the US.

    4. Re:I find this idea disturbing. by Anonymous Coward · · Score: 1, Insightful

      well that's just brilliant.

      it's ok to falsify your whois info, as long as your not doing anything wrong.

      and whose to say whether you are doing anything wrong or not?

      governments
      riaa
      mpaa
      law enforcement
      anyone and their dog invoking dmca
      my grandmother
      lawsuit happy companies
      overzealous fbi,cia,nsa,batf

      re: "You gotta stop believing what they say in the front-page blurbs" ...yea..and so we're gonna trust your word that this isn't a bad idea.

      whatever.

    5. Re:I find this idea disturbing. by Short+Circuit · · Score: 5, Insightful

      WHOIS would be best shut down.

      That's crazy. If someone's DNS server isn't retiring an old entry that puts my domain at an improper address, I want to be able to reach them with as little hassle as possible. Not demand contact information from my friends in Australia who pointed out that they couldn't get to my site.

      (That's happened to me, BTW... www.grnet.com somehow ended up having an old DNS entry with a fubar'd expiration date, but only on a high-level machine in Australia.)

      --
      tasks(723) drafts(105) languages(484) examples(29106)
    6. Re:I find this idea disturbing. by kwandar · · Score: 3, Insightful

      Do you really think that it makes sense to provide a harsher penalty for people who have registered under fake credentials?

      I might agree if the registration under fake credentials was done solely for the purpose of committing crime - maybe.

      Don't the courts already take into account how heineous your actions were, presumably including hte use of false identification, in committing the crime? What does the stacking of penalty after penalty really accomplish?

      Unfortunately I can see this leading to innocent individuals paying a price, where they had some infringing copyright on their website. If you believe SCO, even IBM has infringed copyright - so it can happen to the best of us (well maybe not in the SCO/IBM example ;)
    7. Re:I find this idea disturbing. by Fulcrum+of+Evil · · Score: 2, Insightful

      Quite an effective and fair punishment - you are abusing a priviledge so that priviledge gets revoked.

      No, I'm buying a service, not using a privelege. Or should the state be able to confiscate your car if its registration expires?

      --
      "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
    8. Re:I find this idea disturbing. by orthogonal · · Score: 5, Insightful

      "The Government must play a greater role in punishing those who conceal their identities online - Lamar Smith"

      Excuse me?

      People who are anonymous must be punished?

      Are all Texans as offensive as their elected representative?

      Hey, terrorist boy, Congressman Smith is right.

      Why did you know that once there where these three guys, three anonymous agitators, and they hid behind a fake name, "Publius", and wrote a bunch of stuff that completely changed the government of their country?

      Anyway, these three guys started out as rebels and terrorists and traitors, and once things got settled down again, first thing they done was to get together all anonymous like, and they decided to change things yet again.

      But they figured that people might not be as convinced of their ideas ifin people know'd it was these rebel traitors behind the ideas, so they made up that fake name "Publius" and published under it.

      And what they wrote completely changed the government of their country. It got rid of the Articles of Confederation and made it impossible that the country would ever again be ruled by King George, who they'd rebelled against, and it set up a Constitution and a central government -- actually it was a Federation and them anonymous papers was called The Federalist Papers -- and as a by-product of the debate over them papers, they added ten Amendments to their new Constitution, the first one of which guaranteed, among other things, Freedom of Speech.

      And years later one of them anonymous rebels became the Secretary of Treasury of the new country they'd created with their anonymous papers, and one of the then rebels became the First Chief Justice of the Supreme Court of the country they created with their anonymous papers, and the other one, well, he became the fourth President of their new country which they had created with their anonymous papers, a country they called "The United States of America."

      And I, honest to god this isn't mere rhetoric on my part, I have tears in my eyes right now when I think of all that those three disreputable anonymous rebels created, and the tears are streaming down my cheeks when I think of the Constitution of the United States of America that Alexander Hamilton and John Jay and James Madison agitated for in their anonymous Federalist Papers, and I get a lump in my throat when I think of the glorious First Amendment to that Constitution, which, among other things according to the US Supreme Court, guarantees a right to anonymity to protect our freedom to engage in political discourse and debate.

      And Lamar Alexander -- Lamar Alexander, elected to the Congress planned and created by the same Constitution -- when he says that "The Government must play a greater role in punishing those who conceal their identities", well, I have to ask, when is the last time Lamar Alexander read that fine Constitution, that Constitution created by those three anonymous men publishing under a fake name?

      And by god! I contend that the those who stand up for that Constitution, and for Free Speech, and for a right to anonymity -- those persons -- and not Big Brother's lackeys with their newspeak "Patriot Act" -- are the real American Patriots.

      --
      Opinions on the Twiddler2 hand-held keyboard?
    9. Re:I find this idea disturbing. by TeraCo · · Score: 2, Insightful
      No, but they can restrict it from driving on the roads.

      The government isn't threatening to take away your servers, just cancel the DNS entry.

      --
      Not Meta-modding due to apathy.
    10. Re:I find this idea disturbing. by jroysdon · · Score: 2, Insightful

      But that's retarded. Someone will just register a domain overseas where there is no such restriction.

    11. Re:I find this idea disturbing. by Anonymous Coward · · Score: 1, Insightful

      Why should I be required to provide any information to assist in arresting me in the event that I commit a crime? What next, mandatory sperm samples in case you decide to become a rapist?

      Now, if the registries need contact information so that they can perform their duties, that's another matter. They can always yank registrations from people with false records. But, people should have a right to keep that information private if they so desire, so the registries should probably allow people to opt out of having their information published. I'm sure Daryl over at SCO would agree.

      So, in the end law enforcement probably still ends up with access to the data. But, the data is not there for the purposes of law enforcement, and thus there's no real penalty for the registries if they have incorrect information. So, there shouldn't be an increase in cost for the minute or two it would take a human to enter your information into a database.

      But, as we all know, politicians are idiots, so they will obviously make the wrong choice here. So I can clearly choose the wine in front of me...

    12. Re:I find this idea disturbing. by Endive4Ever · · Score: 2, Insightful

      Sure it would still be possible. If you're a dissident in, say, Kuwait or Oklahoma, you just have a civil libertarian sort in, say, the Netherlands register your domain for you. If things got so out of line, or you were spamming to get people to visit said domain to buy, say, organ enlarging devices, there would be somebody responsible to go after. For political dissent, do you really think the police thugs in Kuwait or Oklahoma have any clout in the Netherlands?

      --
      ---
    13. Re:I find this idea disturbing. by BillyBlaze · · Score: 2, Insightful
      This is exactly what's wrong with the bureaucracy today.

      If they want to increase the penalty for crime X (X could be fraud, copyright infringement, theft), they don't just, well, increase the penalty. Instead, they make up some newer, more vague "crime" Y (faking WHOIS info, trafficing in circumvention tools, carrying crowbars). The effect is that there are more laws, they make less sense, and more people are criminals.

      I don't want to live in a system where everyone's a criminal, and where I must trust that nobody will call me on. Unfortunately, I already do.

    14. Re:I find this idea disturbing. by punkki · · Score: 3, Insightful
      Within 10 minutes, a computer calls the phone number and reads a short list of randomly generated numbers.
      Right. And the check would be done in every language from English (different variants of it) to Urdu? Also, let's hope the person isn't hearing impaired.
      The user receives the letter and enters that data.
      Let's hope the person is able to read the instructions.
      In the US, the social security office only wants to see your (or *someone's*) birth certificate
      Now I understand. I don't know how to break this to you gently: not everybody lives in the USA.
  2. Who controls WHOIS? by Anonymous Coward · · Score: 5, Insightful

    Does Verisign control the WHOIS database? Since they are a US company, is that what gives the US the right to patrol that database? If not Verisign, who? Will the US rules be applied to other countries? This is legislation that will not be enforcable!

  3. This is just silly... by bc90021 · · Score: 4, Insightful

    ...all that's going to happen is that people are going to put in correct information, and then make it unlisted. When the people in Congress are given the analogy with the phone system (ie, unlisted numbers) it will become a matter of subpeonas, and then for the courts in the cases of infringement, as it should be.

    --
    libertarianswag.com
  4. Good grief. by Grrr · · Score: 5, Insightful

    "The Government must play a greater role in punishing those who conceal their identities online, particularly when they do so in furtherance of a serious federal criminal offense or in violation of a federally protected intellectual property right," Smith said...

    So - that sentence can end at the first comma, and be no less accurate in representing his opinion.

    Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries...

    'Of the corporations, by the corporations and for the corporations'

    The bill would not affect people who are trying to safeguard their privacy because it
    only makes it a crime to submit false registration data when it is done to help commit a
    crime...

    Now if we could only keep that pesky concept of what constitutes a "crime" from continually
    expanding...

    <grrr>

    1. Re:Good grief. by ConceptJunkie · · Score: 4, Insightful

      Unfortunately, being suspected of having committed a crime is criminal under the Patriot Act.

      --
      You are in a maze of twisty little passages, all alike.
  5. Doesn't sound... by AKAImBatman · · Score: 3, Insightful

    ...like it's a big deal. This is the type of law that would only get enforced when you really piss someone off. If you're running an illegal site, you can expect that they'll heap this charge on with the 1000 others they levy against you. Without a motive like illegal activity, it's difficult to prove that you were being intentionally misleading. (Unless you're dumb enough to fill it out with "Snoopy, 10 Charlie Brown Drive, Gotham City" that is...)

    --
    Javascript + Nintendo DSi = DSiCade
  6. Should be the other way around by Tablizer · · Score: 4, Insightful

    I don't want my physical address available to the world. Domain minders should collect it for billing and security reasons, but NOT for publicly-available databases.

    --
    Table-ized A.I.
  7. that is ridiculous by cyberwave · · Score: 5, Insightful

    What if I want to setup a domain name criticizing my private school? They censor the newspapers so the internet is the only medium in which that would be possible to do anonymously. Just as I could give out fliers while wearing a mask without breaking the law, I should be able to do the same thing on the internet. Additionally, there are alternatives that you can pay for as well (but costs more than putting in fake information). They shouldn't be legislating against the ways in which people conceal themselves; they should be legislating against the things that they DO while concealed! Being anonymous isn't a crime. Punish the crime, not the anonymity. Wow politicians are so stupid. No wonder the good ones turn into teachers instead.

    1. Re:that is ridiculous by hweimer · · Score: 2, Insightful

      What if I want to setup a domain name criticizing my private school? They censor the newspapers so the internet is the only medium in which that would be possible to do anonymously.

      Well, you still can. You just can't get a DNS domain name for that, and I can't see why this is necessary to operate a website. If you want to remain anonymous, a fake whois record won't protect you. You still need to pay for it somehow, and this information can be traced back to you.

      But false or misleading WHOIS data is a huge problem when you have trouble coming from a specific host or network. Fortunately, IP addresses are much harder to get than domain names.

      --
      OS Reviews: Free and Open Source Software
  8. What about the services that will conceal this? by JessLeah · · Score: 2, Insightful

    What about the various services that will put THEIR name on your WHOIS records for a small fee? GoDaddy offers such a service... I believe it's called DomainsByProxy, or something like that... Are these services going to become illegal? Whenever I register a "potentially controversial" site (read: one where the far-fringe-right-wing lunatics might potentially come and try to bomb my house or something), I use a service like that.

    --
    Honey, I shrunk the Cygwin
  9. Umm.... by m0rph3us0 · · Score: 2, Insightful

    Legally, anyone can make up a name and use it, it simply becomes a legal alias, when you make up a name and use it for the purpose of fraud is when it becomes a crime. Hence, the law is redundant because making up info for the purpose of fraud is already illegal, and creating legal aliases it perfectly legal and supported in case law. Also, No Fixed Address is a perfectly valid legal address. Try writing the law in a way that doesn't require everyone to disclose their primary telephone number and prevents the registration of the 7 digit telephone number for 411. Next point is, people will simply register the domain in a country with out such arcane laws.

  10. Moot! Can always subpoena the Hosting Provider... by izx · · Score: 2, Insightful

    WHOIS authenticity is a moot point; if law enforcement really wants to know who's behind a site, they can just subpoena the hosting provider (which can obviously be found from reverse-DNSing the site IP or just looking at the DNS records).

    This is just another shill to give pseudo-law-enforcement's (read: **AA) teeth more bite. If some site is really peddling material they claim is copyrighted, they should just DMCA the hosting provider and then go through the courts to subpoena the provider and get the identity of the site operator. After all, isn't that the purpose of the DMCA?

  11. What about ICANN? by Nick+Kirven · · Score: 2, Insightful

    ICANN already requires that "At least annually, a registrar must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of their domain name registration. Registrants must review their Whois data, and make any corrections."

    Isn't this just a case of US lawmakers legislating something that is already (supposedly) required?

    --
    - nk
  12. Just don't show email addrs in whois records. by pjbass · · Score: 3, Insightful

    Overall, having accurate information in the WHOIS database I think is essential for the ever-growing registration of web spaces on the Internet. However, just having "valid" data in the current database really won't cut it, as previous posts have stated with spammers conveniently using this as a virtual picking ground for targets.

    What there needs to be, IMHO, is a re-vamp of how WHOIS works in storing data, and how the domain registrars handle that data. Things like admin email accounts and contact information (phone numbers, addresses, etc.) should be required to register, but should be in a database maintained by the registrar, and is not available to the rest of the population. If someone has a problem with you (spamming from your domain, etc.), it should be the registrar's issue, since they sold you the domain name. They should be the point of contact, and in turn send you mail with the question or complaint. This will protect people's privacy from the would-be spammer, and then give the government accurate information on who owns what. I don't agree with the whole BB thing either, but having accountability for what one has on his/her website needs to be enforced to a point, and having this data up to date will help enforce that.

  13. Re:Pointless laws by Lead+Butthead · · Score: 3, Insightful

    Who cares if Congress enacts more federal laws that the FBI won't even take a report on?


    You should, I should, EVERYONE should. Laws in the book that are not enforced today does not mean they will not be exploited at a later date to harass citizens.
    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  14. Re:This story is brought to you by the color "yell by The+Gline · · Score: 3, Insightful

    "Do your homework before posting half-informed diatribes to the front page." ...but this is Slashdot! The whole POINT is to post half-informed diatribes and cause people to assume it's a rights-trampling orgy!

    I've said before that if someone discovered Linux was in use in a prison system somewhere, the /. headline for that would read: "Windows Still Used To Violate Civil Rights" or something equally idiotic.

    --
    Honorary Member of Jackie Chan's Kung Fu Process Servers
  15. Re:Reasonable by Ill_Omen · · Score: 2, Insightful

    That's all well and good until "law enforcement" decides that they don't particularly like you for some reason that has nothing to do with terrorism (having long hair, going to Church on Saturday instead of Sunday, carrying around a Farmer's Almanac).

    Call me a bleeding heart liberal if you want, but I don't want to live in a police state where every small bit of dissent gets you investigated for a federal crime.

  16. Re:what a bunch of bullshit! by Anonymous Coward · · Score: 1, Insightful

    and now they want me to put my real home phone number and real home address in the DNS records?

    Its not that difficult. Use one of the domain proxy services, as some other posters have mentioned. Or if security is really a concern to you, then DONT REGISTER A DOMAIN. You can still run a website without registering a domain, and your information will not be publicly available.

    You should have no realistic expectation of privacy on the internet in regards to domain names. Its like expecting privacy on the Internet when you are browsing the web at the Library.

  17. Once again, US != Internet.... by RedHat+Rocky · · Score: 4, Insightful

    When will they learn? Yet another 'law' proposed to clear up that dirty old Internet.

    Congress, please read: THE INTERNET EXTENDS WAY BEYOND US BORDERS.

    Many scams are perpetrated from sites OUTSIDE the US, how do you think your proposed law helps?

    Please stop bowing to the corporate masters!

    Yes, I am a Citizen of the United States.

    --
    Anything is possible given time and money.
  18. What a turd burglar. by AyeRoxor! · · Score: 2, Insightful

    Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.

    In print, I have the express right to remain anonymous. Once more, these ancient old farts think print on a screen isn't print in a paper. SAME RIGHTS, YOU OLD IDIOT!

  19. Incredibly frightening! by Anonymous Coward · · Score: 1, Insightful

    'The Government must play a greater role in punishing those who conceal their identities online.'

    That is a horrifically frightening comment. Who *doesn't* conceal their identities online? Who isn't behind a pseudonym? Who doesn't post as an Anonymous Coward (or similar) online at times? The government won't be happy until everyone's username online is FirstName, Middle Initial, LastName, SocialSecurity#, MailingAddress, Phone#, DriversLicense#...

  20. Plea bargain crime by Julian+Morrison · · Score: 2, Insightful

    This seems to me to be one of those plea-bargain "crimes", that's just ladled on as part of the charges. They charge you six ways for the same crime, then heap on a load of side-issues and associated minor whatsits like "conspiracy" and "fraudulent DNS" - the idea being, that the sum total theoretical max sentence would leave you jailed until the heat-death of the universe. That way you can be bargained down into pleading guilty to, say, murdering the pope - without the inconvenience of needing evidence, proof, the guy even being dead, etc etc.

  21. The submission is misleading by retro128 · · Score: 2, Insightful

    The article says that they want to impose stiffer sentences for people if the domain has false contact information and IS USED TO COMMIT A CRIME.

    The article does seem to hint that the gubermint is going after everyone, though, so I looked up the bill myself. It's true that they will only go after someone for this if a crime has been committed. The problem with it IMHO is that it's pretty broad...It goes after not only the owners of the domain but also "person[s] acting in concert with the violator". And it tacks on 7 years in prison who what one would otherwise get already. And from the text it looks like it's geared strictly towards copyright infringement, never mind ripping off credit card numbers or running a fake shop, or simulating the identity of a reputable company. Of course, coming from Rep. Berman, this is no surprise.

    Here's the bill if anyone's interested

    The link looks a little weird to me so if it is broken go to http://thomas.loc.gov and look up bill # "H. R. 3754".

    --
    -R
  22. Re:Pointless laws by taustin · · Score: 2, Insightful

    Web complaint forms are bit buckets. No human being will ever read it. At best, all that will ever be done with those complaints is that they will be data mined for statistical trends when Congress is reviewing the FBI's budget.

  23. This is not a useful law by Sloppy · · Score: 2, Insightful
    False DNS records should not be a federal crime, because DNS is just someone's private database. I'm accountable to the database maintainer, not the government. Lying to the maintainer isn't any different than lying to Slashdot, claiming to be someone named "Sloppy" instead of using my real name.

    I think going after fraud from the name angle, is the wrong approach. Those names always end up resolving to an address, and an address is how you (ultimately) track things into the physical world. (Just ask the kids that RIAA has gone after.) Everything about DNS is merely a matter of convenience, and no one should ever have a reasonable expectation that DNS information is trustworthy.

    Furthermore, it looks like the article is actually talking about web sites. So use https. Now you've got a CA claiming that someone is who they claim to be. Don't trust (or know anything about) the CA? ("Who is this Thawte company, anyway?") Now you know why x509 sucks and PGP rules. (Oooh, just had to get that little barb in there. ;-) Everything's an illusion until you've met someone face to face. If you can't trust that someone is who they say they are then you just don't know, so don't try to fake it.

    If you add legislation to prevent false DNS info, you're just going to increase the false sense of security. "Whois says he's really John Smith, and it's against the law to lie, so I'll give him my credit card number." Guess what, the guy in Asia who you're giving your card # to, doesn't give a fuck about the US law. You should have relied on a trust network to verify him, not the law.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.