Slashdot Mirror


Congress Eyes Whois Crackdown

Decius6i5 writes "The Washington Post is reporting on a Congressional hearing in which it was proposed that putting false or misleading information in your DNS whois record should be a federal crime. Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.' The article claims 'Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names.' Its funny, I don't recall the RIAA having any trouble tracking down P2P users whose IP addresses didn't have any DNS names associated with them at all. This isn't the first time the issue has been raised in Congress but apparently Congress hasn't gotten any more clued after several hearings."

12 of 396 comments (clear)

  1. It's about time by scumbucket · · Score: 4, Interesting

    The WHOIS database provides contact information that is necessary for the proper operation of the world wide web. It is not only registrars that need access to this information, if you have a complaint about a domain, and the registrar for said domain is the same company, who do you go to for contact information.

    False or missing information in whois records is already a problem that helps (for instance) spammers hide their contact information from people with legitimate reasons to contact them. If you get no response from the contact listed in the domain's SOA record, abuse, admin, webmaster, postmaster, etc, and there is no contact information posted on the site (or false contact information), what do you do? You check out the WHOIS record for the domain. If the info that's supposed to be there is present and accurate, you have a way to contact somebody, if it isn't, you have ammo for asking the registrar to suspend the domain registration, and if *they* won't, you have ammo to ask ICANN to suspend the registrar's activities.

    Unfortunately, people don't realize the reason that WHOIS records exist, which is to provide contact information. That's the WHOLE reason. Removing that information makes the WHOIS database useless.

    --
    CMDRTACO CHECK YOUR EMAIL!
  2. what a bunch of bullshit! by JeanBaptiste · · Score: 5, Interesting

    i run a small, non profit politically based website with a chatboard. many people have come on the chatboard and threatened me with physical harm and worse because of my views.

    and now they want me to put my real home phone number and real home address in the DNS records?

    WHAT A BUNCH OF SHIT

  3. Re:I find this idea disturbing. by Endive4Ever · · Score: 5, Interesting

    They don't have to spend a whole lot of time tracking down the false WHOIS record holders.

    Just spend a little bit of time trying to track them down. Then cancel their domains. Let them present themselves for identification when they want the domains un-canceled.

    A fully validated WHOIS database would make it trivial to enforce punishment against people who use spammers to promote the websites and scams on said websites registered to them.

    --
    ---
  4. Pointless laws by taustin · · Score: 4, Interesting

    Selling child pornography on the internet (or off it) is a federal crime, but the FBI won't even take a report on ads for it.

    Selling prescription drugs with verifying a valid presecription on the internet (or off it) is a federal crime, but the FBI won't even take a report.

    Using a stolen credit card number on the internet (or off it) is a federal crime, but the FBI won't even take a report, even if you have a name and address for the perp.

    Who cares if Congress enacts more federal laws that the FBI won't even take a report on?

    1. Re:Pointless laws by NoData · · Score: 4, Interesting

      Who cares if Congress enacts more federal laws that the FBI won't even take a report on?

      Because when it's in the interest of big business, you better believe the FBI will act on it and exploit every tool at their disposal. Let's be clear: This bill is not for going after child pornographers, it's for busting that most treacherous of terrorists, the Music File Sharer! One of the sponsors, Howard Berman, is a notorious shill for the music and entertainment industry.

  5. Re:I find this idea disturbing. by RobertB-DC · · Score: 4, Interesting

    I could create a brand new, non-obvious email address on one of my domain accounts and put it in as the Admin Contact for a record I own, and use that email address absolutely nowhere else, and I bet that within three months that email address would be getting buckets full of spam.

    That's exactly what I did... and had exactly the result you described. Hundreds of spam messages a week to an address used only for domain registrations.

    However, I seem to have found a solution. A poster in the hallowed halls of Slashdot was trying to determine the level of email harvesting, but wasn't getting any bites. But the word "spam" was in his email address... so I tried a new domain registration email address that also has "spam" in it.

    Results after about a month: no spam to the "domspam@..." address. I don't know if perhaps they're sending mail to "dom@...", 'cause I'm not monitoring it. But the only messages I've recieved at "domspam" are valid messages from the registrars.

    Of course, I haven't bothered to update my snail mail address since I moved. I hope the folks who bought our house are enjoying the offers for low-cost hosting and convenient "renewals". I guess I'll have to add that to my growing dossier of criminal activities...

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
  6. Anonymity == illegal? by 3Suns · · Score: 4, Interesting

    It seems like the government, more and more now, is treating anyone who wishes to remain anonymous, or who does things anonymously, as a criminal. Granted there is nothing in our bill of rights or constitution that protects our right to anonymity, but there should be.

    There are plenty of legitimate reasons why one would wish to remain anonymous. Not to mention the fact that the US government should have no control over the internet which in essence represents the international community. Just because anonymity can be inconvenient for law enforcement doesn't mean it must be made illegal.

    Ski masks, pantyhose, and latex gloves are still available for sale in the US. All these are ideal tools for concealing your identity in real life. Wearing them in real life is not illegal either. It is, however, illegal to commit a crime while employing these tools, although no more so than if one does not employ them.

    --

    -3Suns

    ~~~~
    The Revolution will be Slashdotted
  7. Re:I find this idea disturbing. by Zeinfeld · · Score: 4, Interesting
    They don't have to spend a whole lot of time tracking down the false WHOIS record holders. Just spend a little bit of time trying to track them down. Then cancel their domains. Let them present themselves for identification when they want the domains un-canceled.

    The current cost of a domain name is about $10. You can't get any type of address verification/authentication lookup from a reliable database for less than $20. If you want the result to be at all reliable it would cost at least $100 and most likely $200 - sound familliar? Thats what SSL certs cost.

    The rule for domain names is quite simple, you use a false address, someone complains, you are likely to never get notice of the complaint, you lose the domain. Or you use a false address, you never get the renewal notice, you lose the domain. You have no idea how many IETF privacy nuts complained about not getting their renewal notices after typing in bogus address data, well DUUHHH!!

    The only reason that WHOIS data is public in the first place is that when ICANN was being set up the competing registrars insisted that the rules should allow them to see Network solution's customer list so they could spam them with transfer offers. The other registrars then did what everyone else has done since, they created nominees to hide the true identities of the holder.

    WHOIS would be best shut down. The spammers are never going to give valid data anyway. Instead use the reverse DNS to advertise a contact address to go to when you have a problem with info comming from an IP record. Nice thing here is that in many cases the delegation of reverse DNS reaches exactly to the level you would want to pick up a phone to talk to someone about a hacker comming from their net.

    Of course you would need to authenticate any use of that data, telephone numbers would only be given out on a need to know basis etc. But we could do a lot better than whois. I have never traced a hacker successfully using whois data.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  8. Read the terms and conditions when you register! by www.sorehands.com · · Score: 4, Interesting
    Bull! Just because someone can track you by your car's license place number does not entitle you to cover it.


    When you read the terms and conditions when you register, you are required to put in valid whois information. The problem is many registrars do not enforce it. Then when people complain, the registrar may do someone about it in 6 months, and then update it with invalid information. ICANN investigated some reports who network solutions, but failed to do anything. One address from their investigation, 123 Yellow Brick Road, Oz, Kansas, is still there.


  9. Re:I find this idea disturbing. by muckdog · · Score: 4, Interesting

    Actually this is not the case with the domain register I have delt with so far. Both with Godaddy and Regsiter.com I have give a separate email and mailing address that goes directly to them when signing up for the domain. The InterNIC Admin, Technical and Zone contact information are set to fake mail and phone numbers. The email address I use is real but not actively used, I also change it every once in a while to help keep down the spam hitting my servers.

    When renewal time comes around I get two emails, one to the billing contact email and one to the one I gave register.com/godaddy. I also recieve a letter in the mail to my real address reminding me to pay up.

  10. What is wrong with the government these days? by dougnaka · · Score: 4, Interesting
    Can't they stay out of private life?

    I'm voting libertarian from now on.

    Laws should be based on things that make sense, not 200 years of repressive precedent, or over hyped "concerns" of the day that get legislated to death and stick.

    Congressmen who throw out stupid ideas about taking away freedoms, privacies, or putting government punishments in place where nobody has been hurt, should be fired for violating the basic tenants of freedom, and the constitution.

    The government shouldn't be punishing people who falsify private documents. I believe it's not (currently) a crime to misrepresent yourself, and online there's a lot to be said for the added safeties of misrepresentation, anonymity, and privacy.

    The FCC doesn't need to decide what we watch on TV, we do. If we don't like what we see on channel whatever we don't watch it anymore. The only thing worse than the government trying to control our private lives is the people asking them to. Go to Europe you bunch of repressed whiners.

    I'm sick of this all.

    I don't care how this gets modded, I'm fed up, and /. is a as good a place as any to vent.

    --
    My Linux Command of the Day site : LCOD
  11. Makes me want to kick somebody... by cshark · · Score: 4, Interesting

    I wonder how this would affect the Godaddy unlisted domain name service they offer. It could be interesting. Even with false information in the whois; surely the FBI or the MPAA or the RIAA can subpoena the information from the registering authority the domain is registered through. I doubt that any of that information would be false. So that brings me to assume that when people are looking at whois information in order to prosecute the owner, and give up on a bad whois, that the issue is either not important enough to pursue further, or that they are too stupid to figure out how to do it. Either way, New laws in this area won't change anything. How would you enforce it? Do we really need more useless tech legislation that can't be enforced? Sheesh.

    --

    This signature has Super Cow Powers