Congress Eyes Whois Crackdown

Decius6i5 writes "The Washington Post is reporting on a Congressional hearing in which it was proposed that putting false or misleading information in your DNS whois record should be a federal crime. Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.' The article claims 'Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names.' Its funny, I don't recall the RIAA having any trouble tracking down P2P users whose IP addresses didn't have any DNS names associated with them at all. This isn't the first time the issue has been raised in Congress but apparently Congress hasn't gotten any more clued after several hearings."

I find this idea disturbing.

[The+I+Shing]

Yes, there are criminals with false WHOIS records.

And, at the same time, the WHOIS database is a feeding trough for spammers and scammers, encouraging otherwise honest people to put false information into their WHOIS records just to keep those spammers and scammers from getting their names, email addresses, snail mail addresses, phone numbers, fax numbers, mothers' maiden names, and whatever else their registrars ask for.

I could create a brand new, non-obvious email address on one of my domain accounts and put it in as the Admin Contact for a record I own, and use that email address absolutely nowhere else, and I bet that within three months that email address would be getting buckets full of spam.

There's an old saying you still see on bumper stickers, "When guns are outlawed, only outlaws will have guns." While that idea might be more accurately stated as "When guns are outlawed, only outlaws will accidentally shoot their own kids," the original sentiment holds for WHOIS, that is to say, "When falsified WHOIS data is outlawed, only outlaws will falsify their WHOIS data."

If the RIAA and MPAA can't find the fake WHOIS record owners, how is the government going to track down the WHOIS record owners and punish them? Why waste time passing a law that, in the end, only punishes honest people who would rather not give their unlisted home phone numbers out when buying a domain name for their kids?

Re:I find this idea disturbing.

A realistic solution to it is to allow people to falsify WHOIS records, but require the registries to maintain records of accurate contact information to be provided in the event of a (legitimately issued) subpoena or an investigation by law enforcement, provided they have a warrant for the information. If people choose to put their real contact information in the WHOIS record, it is still their right to do so, and many already choose to do so despite being able to falsify the data.

Re:I find this idea disturbing.

[flatt]

That may work until someone claims to be from anywhere but the US.

Re:I find this idea disturbing.

[Short+Circuit]

WHOIS would be best shut down.

That's crazy. If someone's DNS server isn't retiring an old entry that puts my domain at an improper address, I want to be able to reach them with as little hassle as possible. Not demand contact information from my friends in Australia who pointed out that they couldn't get to my site.

(That's happened to me, BTW... www.grnet.com somehow ended up having an old DNS entry with a fubar'd expiration date, but only on a high-level machine in Australia.)

Re:I find this idea disturbing.

[kwandar]

Do you really think that it makes sense to provide a harsher penalty for people who have registered under fake credentials?

I might agree if the registration under fake credentials was done solely for the purpose of committing crime - maybe.

Don't the courts already take into account how heineous your actions were, presumably including hte use of false identification, in committing the crime? What does the stacking of penalty after penalty really accomplish?

Unfortunately I can see this leading to innocent individuals paying a price, where they had some infringing copyright on their website. If you believe SCO, even IBM has infringed copyright - so it can happen to the best of us (well maybe not in the SCO/IBM example ;)

Re:I find this idea disturbing.

[orthogonal]

"The Government must play a greater role in punishing those who conceal their identities online - Lamar Smith"

Excuse me?

People who are anonymous must be punished?

Are all Texans as offensive as their elected representative?

Hey, terrorist boy, Congressman Smith is right.

Why did you know that once there where these three guys, three anonymous agitators, and they hid behind a fake name, "Publius", and wrote a bunch of stuff that completely changed the government of their country?

Anyway, these three guys started out as rebels and terrorists and traitors, and once things got settled down again, first thing they done was to get together all anonymous like, and they decided to change things yet again.

But they figured that people might not be as convinced of their ideas ifin people know'd it was these rebel traitors behind the ideas, so they made up that fake name "Publius" and published under it.

And what they wrote completely changed the government of their country. It got rid of the Articles of Confederation and made it impossible that the country would ever again be ruled by King George, who they'd rebelled against, and it set up a Constitution and a central government -- actually it was a Federation and them anonymous papers was called The Federalist Papers -- and as a by-product of the debate over them papers, they added ten Amendments to their new Constitution, the first one of which guaranteed, among other things, Freedom of Speech.

And years later one of them anonymous rebels became the Secretary of Treasury of the new country they'd created with their anonymous papers, and one of the then rebels became the First Chief Justice of the Supreme Court of the country they created with their anonymous papers, and the other one, well, he became the fourth President of their new country which they had created with their anonymous papers, a country they called "The United States of America."

And I, honest to god this isn't mere rhetoric on my part, I have tears in my eyes right now when I think of all that those three disreputable anonymous rebels created, and the tears are streaming down my cheeks when I think of the Constitution of the United States of America that Alexander Hamilton and John Jay and James Madison agitated for in their anonymous Federalist Papers, and I get a lump in my throat when I think of the glorious First Amendment to that Constitution, which, among other things according to the US Supreme Court, guarantees a right to anonymity to protect our freedom to engage in political discourse and debate.

And Lamar Alexander -- Lamar Alexander, elected to the Congress planned and created by the same Constitution -- when he says that "The Government must play a greater role in punishing those who conceal their identities", well, I have to ask, when is the last time Lamar Alexander read that fine Constitution, that Constitution created by those three anonymous men publishing under a fake name?

And by god! I contend that the those who stand up for that Constitution, and for Free Speech, and for a right to anonymity -- those persons -- and not Big Brother's lackeys with their newspeak "Patriot Act" -- are the real American Patriots.

Re:I find this idea disturbing.

[punkki]

Within 10 minutes, a computer calls the phone number and reads a short list of randomly generated numbers.

Right. And the check would be done in every language from English (different variants of it) to Urdu? Also, let's hope the person isn't hearing impaired.

The user receives the letter and enters that data.

Let's hope the person is able to read the instructions.

In the US, the social security office only wants to see your (or *someone's*) birth certificate

Now I understand. I don't know how to break this to you gently: not everybody lives in the USA.

Who controls WHOIS?

Does Verisign control the WHOIS database? Since they are a US company, is that what gives the US the right to patrol that database? If not Verisign, who? Will the US rules be applied to other countries? This is legislation that will not be enforcable!

This is just silly...

[bc90021]

...all that's going to happen is that people are going to put in correct information, and then make it unlisted. When the people in Congress are given the analogy with the phone system (ie, unlisted numbers) it will become a matter of subpeonas, and then for the courts in the cases of infringement, as it should be.

Good grief.

[Grrr]

"The Government must play a greater role in punishing those who conceal their identities online, particularly when they do so in furtherance of a serious federal criminal offense or in violation of a federally protected intellectual property right," Smith said...

So - that sentence can end at the first comma, and be no less accurate in representing his opinion.

Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries...

'Of the corporations, by the corporations and for the corporations'

The bill would not affect people who are trying to safeguard their privacy because it
only makes it a crime to submit false registration data when it is done to help commit a
crime...

Now if we could only keep that pesky concept of what constitutes a "crime" from continually
expanding...

<grrr>

Re:Good grief.

[ConceptJunkie]

Unfortunately, being suspected of having committed a crime is criminal under the Patriot Act.

Doesn't sound...

[AKAImBatman]

...like it's a big deal. This is the type of law that would only get enforced when you really piss someone off. If you're running an illegal site, you can expect that they'll heap this charge on with the 1000 others they levy against you. Without a motive like illegal activity, it's difficult to prove that you were being intentionally misleading. (Unless you're dumb enough to fill it out with "Snoopy, 10 Charlie Brown Drive, Gotham City" that is...)

Should be the other way around

[Tablizer]

I don't want my physical address available to the world. Domain minders should collect it for billing and security reasons, but NOT for publicly-available databases.

that is ridiculous

[cyberwave]

What if I want to setup a domain name criticizing my private school? They censor the newspapers so the internet is the only medium in which that would be possible to do anonymously. Just as I could give out fliers while wearing a mask without breaking the law, I should be able to do the same thing on the internet. Additionally, there are alternatives that you can pay for as well (but costs more than putting in fake information). They shouldn't be legislating against the ways in which people conceal themselves; they should be legislating against the things that they DO while concealed! Being anonymous isn't a crime. Punish the crime, not the anonymity. Wow politicians are so stupid. No wonder the good ones turn into teachers instead.

Just don't show email addrs in whois records.

[pjbass]

Overall, having accurate information in the WHOIS database I think is essential for the ever-growing registration of web spaces on the Internet. However, just having "valid" data in the current database really won't cut it, as previous posts have stated with spammers conveniently using this as a virtual picking ground for targets.

What there needs to be, IMHO, is a re-vamp of how WHOIS works in storing data, and how the domain registrars handle that data. Things like admin email accounts and contact information (phone numbers, addresses, etc.) should be required to register, but should be in a database maintained by the registrar, and is not available to the rest of the population. If someone has a problem with you (spamming from your domain, etc.), it should be the registrar's issue, since they sold you the domain name. They should be the point of contact, and in turn send you mail with the question or complaint. This will protect people's privacy from the would-be spammer, and then give the government accurate information on who owns what. I don't agree with the whole BB thing either, but having accountability for what one has on his/her website needs to be enforced to a point, and having this data up to date will help enforce that.

Re:Pointless laws

[Lead+Butthead]

Who cares if Congress enacts more federal laws that the FBI won't even take a report on?

You should, I should, EVERYONE should. Laws in the book that are not enforced today does not mean they will not be exploited at a later date to harass citizens.

Re:This story is brought to you by the color "yell

[The+Gline]

"Do your homework before posting half-informed diatribes to the front page." ...but this is Slashdot! The whole POINT is to post half-informed diatribes and cause people to assume it's a rights-trampling orgy!

I've said before that if someone discovered Linux was in use in a prison system somewhere, the /. headline for that would read: "Windows Still Used To Violate Civil Rights" or something equally idiotic.

Once again, US != Internet....

[RedHat+Rocky]

When will they learn? Yet another 'law' proposed to clear up that dirty old Internet.

Congress, please read: THE INTERNET EXTENDS WAY BEYOND US BORDERS.

Many scams are perpetrated from sites OUTSIDE the US, how do you think your proposed law helps?

Please stop bowing to the corporate masters!

Yes, I am a Citizen of the United States.