Slashdot Mirror
Congress Eyes Whois Crackdown
Decius6i5 writes "The Washington Post is reporting on a Congressional hearing in which it was proposed that putting false or misleading information in your DNS whois record should be a federal crime. Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.' The article claims 'Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names.' Its funny, I don't recall the RIAA having any trouble tracking down P2P users whose IP addresses didn't have any DNS names associated with them at all. This isn't the first time the issue has been raised in Congress but apparently Congress hasn't gotten any more clued after several hearings."
Yes, there are criminals with false WHOIS records.
And, at the same time, the WHOIS database is a feeding trough for spammers and scammers, encouraging otherwise honest people to put false information into their WHOIS records just to keep those spammers and scammers from getting their names, email addresses, snail mail addresses, phone numbers, fax numbers, mothers' maiden names, and whatever else their registrars ask for.
I could create a brand new, non-obvious email address on one of my domain accounts and put it in as the Admin Contact for a record I own, and use that email address absolutely nowhere else, and I bet that within three months that email address would be getting buckets full of spam.
There's an old saying you still see on bumper stickers, "When guns are outlawed, only outlaws will have guns." While that idea might be more accurately stated as "When guns are outlawed, only outlaws will accidentally shoot their own kids," the original sentiment holds for WHOIS, that is to say, "When falsified WHOIS data is outlawed, only outlaws will falsify their WHOIS data."
If the RIAA and MPAA can't find the fake WHOIS record owners, how is the government going to track down the WHOIS record owners and punish them? Why waste time passing a law that, in the end, only punishes honest people who would rather not give their unlisted home phone numbers out when buying a domain name for their kids?
You are in error. No-one is screaming. Thank you for your cooperation.
Does Verisign control the WHOIS database? Since they are a US company, is that what gives the US the right to patrol that database? If not Verisign, who? Will the US rules be applied to other countries? This is legislation that will not be enforcable!
Write your senators or representatives, via snail mail or fax and inform them of this issue, especially if they are members of the revelant committees.
Wow. Either the spammers get my info from the Whois database or the RIAA can't track down some pirates.
Which do I choose?
Arrr....
So is my senator going to come over to my house and sort my spam email and junk snail mail that I get from my whois records?
The WHOIS database provides contact information that is necessary for the proper operation of the world wide web. It is not only registrars that need access to this information, if you have a complaint about a domain, and the registrar for said domain is the same company, who do you go to for contact information.
False or missing information in whois records is already a problem that helps (for instance) spammers hide their contact information from people with legitimate reasons to contact them. If you get no response from the contact listed in the domain's SOA record, abuse, admin, webmaster, postmaster, etc, and there is no contact information posted on the site (or false contact information), what do you do? You check out the WHOIS record for the domain. If the info that's supposed to be there is present and accurate, you have a way to contact somebody, if it isn't, you have ammo for asking the registrar to suspend the domain registration, and if *they* won't, you have ammo to ask ICANN to suspend the registrar's activities.
Unfortunately, people don't realize the reason that WHOIS records exist, which is to provide contact information. That's the WHOLE reason. Removing that information makes the WHOIS database useless.
CMDRTACO CHECK YOUR EMAIL!
...all that's going to happen is that people are going to put in correct information, and then make it unlisted. When the people in Congress are given the analogy with the phone system (ie, unlisted numbers) it will become a matter of subpeonas, and then for the courts in the cases of infringement, as it should be.
libertarianswag.com
- false WHOIS information
- false email headers
- spoofed IP addresses
- misleading web pop-ups
- spyware authors
- technomorons who install spyware
- coverage of mydoom by the BBC
- jj's boobs
Ceci n'est pas une signature
About 4 years ago. I registered "whitearyanresistance.com", org and net. I put a nice little cgi in place that sent people to random sites sites like blacksonblondes.com, algore2000.com, NAMBLA and so forth.
Next step was to modify the cgi to regurgitate the IP address where the user got a message that said..
Your IP Address: xx.xx.xx.xx has been recorded for forwarding to the proper authorities. Have a nice day
Then I got tired of picking on Tom Metzger and his retarded ilk and just donated the domains to another group (not the W.A.R.).
You bet your ass I used fake info in my WHOIS then.
I do wonder though if there are legitimate cases of where people run sites where it's best to not know the identity. Much in the same way that an abused woman could never call home from a shelter because her husband who beats her would know where she is thanks to caller ID.
Maybe the Chinese Communists would send goons to whack all the Falun Gong website owners or something (I'm sure you have better examples).
"The Government must play a greater role in punishing those who conceal their identities online, particularly when they do so in furtherance of a serious federal criminal offense or in violation of a federally protected intellectual property right," Smith said...
So - that sentence can end at the first comma, and be no less accurate in representing his opinion.
Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries...
'Of the corporations, by the corporations and for the corporations'
The bill would not affect people who are trying to safeguard their privacy because it
only makes it a crime to submit false registration data when it is done to help commit a
crime...
Now if we could only keep that pesky concept of what constitutes a "crime" from continually
expanding...
<grrr>
The bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime, said Mark Bohannon, senior vice president for public policy at the Software & Information Industry Association, which supports the bill.
Oh, fer Pete's sake, Taco. Would it really hurt all that much to give a full, accurate blurb on this one?
This isn't about forcing people to use their real name when registering a domain. This is about increasing the severity of the punishment for committing online fraud. Basically, if you commit fraud using a website with faked credentials, you'll face a stiffer penalty than you would had you committed fraud on a website where you used legitimate credentials to register.
I'm not saying I've fully researched this, but it sure as hell isn't the rights-trampling orgy the blurb makes it out to be, Taco. Do your homework before posting half-informed diatribes to the front page.
Obliteracy: Words with explosions
You know, we're moving towards a world in which computer users and computers themselves are licensed, much as drivers and their cars are licensed.
Is that a good or bad thing? It has its drawbacks, but on the whole I would say good. Fewer viruses, less spam, a modicum of sense from lusers. Less anonymity, yes, but there are always tradeoffs.
Toronto-area transit rider? Rate your ride.
...like it's a big deal. This is the type of law that would only get enforced when you really piss someone off. If you're running an illegal site, you can expect that they'll heap this charge on with the 1000 others they levy against you. Without a motive like illegal activity, it's difficult to prove that you were being intentionally misleading. (Unless you're dumb enough to fill it out with "Snoopy, 10 Charlie Brown Drive, Gotham City" that is...)
Javascript + Nintendo DSi = DSiCade
I don't want my physical address available to the world. Domain minders should collect it for billing and security reasons, but NOT for publicly-available databases.
Table-ized A.I.
i run a small, non profit politically based website with a chatboard. many people have come on the chatboard and threatened me with physical harm and worse because of my views.
and now they want me to put my real home phone number and real home address in the DNS records?
WHAT A BUNCH OF SHIT
What if I want to setup a domain name criticizing my private school? They censor the newspapers so the internet is the only medium in which that would be possible to do anonymously. Just as I could give out fliers while wearing a mask without breaking the law, I should be able to do the same thing on the internet. Additionally, there are alternatives that you can pay for as well (but costs more than putting in fake information). They shouldn't be legislating against the ways in which people conceal themselves; they should be legislating against the things that they DO while concealed! Being anonymous isn't a crime. Punish the crime, not the anonymity. Wow politicians are so stupid. No wonder the good ones turn into teachers instead.
What about the various services that will put THEIR name on your WHOIS records for a small fee? GoDaddy offers such a service... I believe it's called DomainsByProxy, or something like that... Are these services going to become illegal? Whenever I register a "potentially controversial" site (read: one where the far-fringe-right-wing lunatics might potentially come and try to bomb my house or something), I use a service like that.
Honey, I shrunk the Cygwin
When 'whois'ing your domain it gives the company's email, which gets forwarded to you (after a spam filter if you like). Same with any 'real mail' (except for junk mail if you wish).
Well worth the nominal cost (3 bucks, IIRC) at registration time.
Selling child pornography on the internet (or off it) is a federal crime, but the FBI won't even take a report on ads for it.
Selling prescription drugs with verifying a valid presecription on the internet (or off it) is a federal crime, but the FBI won't even take a report.
Using a stolen credit card number on the internet (or off it) is a federal crime, but the FBI won't even take a report, even if you have a name and address for the perp.
Who cares if Congress enacts more federal laws that the FBI won't even take a report on?
I'm so sick of our government coming through like a steamroller driven by a pack of drunken angry midgets.
Lord knows, I might wind up in a Federal Buttslammer for having my fax number listed as 999.999.9999 in my whois db entry... of coourse that would be taking it to the extreme, but after the DMCA and the US govt's persistant display of ignorance and money grabbing from lobbyists, I have come only to expect the worst.
And the irony here is that a country that calls itself the land of the free seems to want to put anyone and everyone into it's butt-parlours for just about anything it can think up.
My rant aside, isn't there a better contribution our government could make for the sake of the internet?
Like education, so the next generation of lawmakers might actually have a shred of a clue?
Or an international council like the UN in which an open forum could be made that is a bit beyond the corporate lobbyists, if not banned from talking to corporate representitives entirely?
Legally, anyone can make up a name and use it, it simply becomes a legal alias, when you make up a name and use it for the purpose of fraud is when it becomes a crime. Hence, the law is redundant because making up info for the purpose of fraud is already illegal, and creating legal aliases it perfectly legal and supported in case law. Also, No Fixed Address is a perfectly valid legal address. Try writing the law in a way that doesn't require everyone to disclose their primary telephone number and prevents the registration of the 7 digit telephone number for 411. Next point is, people will simply register the domain in a country with out such arcane laws.
WHOIS authenticity is a moot point; if law enforcement really wants to know who's behind a site, they can just subpoena the hosting provider (which can obviously be found from reverse-DNSing the site IP or just looking at the DNS records).
This is just another shill to give pseudo-law-enforcement's (read: **AA) teeth more bite. If some site is really peddling material they claim is copyrighted, they should just DMCA the hosting provider and then go through the courts to subpoena the provider and get the identity of the site operator. After all, isn't that the purpose of the DMCA?
ICANN already requires that "At least annually, a registrar must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of their domain name registration. Registrants must review their Whois data, and make any corrections."
Isn't this just a case of US lawmakers legislating something that is already (supposedly) required?
- nk
Overall, having accurate information in the WHOIS database I think is essential for the ever-growing registration of web spaces on the Internet. However, just having "valid" data in the current database really won't cut it, as previous posts have stated with spammers conveniently using this as a virtual picking ground for targets.
What there needs to be, IMHO, is a re-vamp of how WHOIS works in storing data, and how the domain registrars handle that data. Things like admin email accounts and contact information (phone numbers, addresses, etc.) should be required to register, but should be in a database maintained by the registrar, and is not available to the rest of the population. If someone has a problem with you (spamming from your domain, etc.), it should be the registrar's issue, since they sold you the domain name. They should be the point of contact, and in turn send you mail with the question or complaint. This will protect people's privacy from the would-be spammer, and then give the government accurate information on who owns what. I don't agree with the whole BB thing either, but having accountability for what one has on his/her website needs to be enforced to a point, and having this data up to date will help enforce that.
I agree with the concept of jerking the registration if the information is false, misleading, or utterly out of date (cannot be found). Add a waiting period before anyone else can register it (so someone can step forward and claim their error), and allow for private registration that can be accessed with a warent, and I think it would be a pretty good idea.
Any other ideas?
People on the Internet sometimes pretend to be someone they're not.
Anyone who is trying to conceal their identity for illegal activities will continue to do so.
Now we may just get more spam.
Anyone else seeing a pattern?
This sig no verb.
It seems like the government, more and more now, is treating anyone who wishes to remain anonymous, or who does things anonymously, as a criminal. Granted there is nothing in our bill of rights or constitution that protects our right to anonymity, but there should be.
There are plenty of legitimate reasons why one would wish to remain anonymous. Not to mention the fact that the US government should have no control over the internet which in essence represents the international community. Just because anonymity can be inconvenient for law enforcement doesn't mean it must be made illegal.
Ski masks, pantyhose, and latex gloves are still available for sale in the US. All these are ideal tools for concealing your identity in real life. Wearing them in real life is not illegal either. It is, however, illegal to commit a crime while employing these tools, although no more so than if one does not employ them.
-3Suns
~~~~
The Revolution will be Slashdotted
"Do your homework before posting half-informed diatribes to the front page." ...but this is Slashdot! The whole POINT is to post half-informed diatribes and cause people to assume it's a rights-trampling orgy!
/. headline for that would read: "Windows Still Used To Violate Civil Rights" or something equally idiotic.
I've said before that if someone discovered Linux was in use in a prison system somewhere, the
Honorary Member of Jackie Chan's Kung Fu Process Servers
Some Canadian registrars, such as Internic.ca offer a service called Privacy.ca that hides your registration information, so random people can't look up your info.
If it becomes a federal crime to lie in domain records, something similar could be implemented to protect those who want to remain (somewhat) anonymous.
Not having any Whois information? I remember a domain name that I wanted to register at one that had already been taken, and when I checked whois to see who had registered it, there was nothing there. Is that going to be illegal, or just having false information? If it's only illegal to falsify info, what's the point; and if no info is also illegal, then this is way too invasive.
Join moola.com, play games to earn money.
I use these folks whenever I want to register a domain name. It's a nice, cheap, legal way to protect my whois info from anyone I feel like. And no, I'm not getting anything for saying this, it's just a cool idea and one that I appreciate (and use).
The RIAA was able to track users of, for example Kaaza, by looking at the log in and transfer logs. These logs are full of IPs which are traceable to the ISP. When the RIAA contacts the ISP and tells them the IP, the ISP can connect the IP with the person's information. WHOIS lookup has no IP address involved. It has absolutly no indentification tracktion option of any kind.
I'm doing 5-10 for typoing my name.
eskwayrd = m^2c^4
Bye Bye Karma but ...
... probably :-)
So registering incorrect DNS data becomes illegal in the US.
Does that mean a US citizen/company will be unable to register DNS entries outside the US coz then they could register incorrect data which'd be illegal under the proposed law?
Does anyone care?
Will I get modded troll
Worst
Especially with some VERY good Overseas Registrars. (12 Euros a year, with great services, tech support, etc. In Paris, France). We have to get it into the politicians heads that it's not DARPANet, and it really shouldn't be under Congressional control or oversight.
Lamar Smith is also co-sponsor of the "Clean Airwaves Act" (HR 3687) that wants to eliminate the Safe-Haven distinction. You won't be able to use dirty words at all on the public airwaves, 24 hours a day, if Smith gets his way. Off topic, I know, but of general interest perhaps. http://lamarsmith.house.gov/news.asp?FormMode=Deta il&ID=344
That's all well and good until "law enforcement" decides that they don't particularly like you for some reason that has nothing to do with terrorism (having long hair, going to Church on Saturday instead of Sunday, carrying around a Farmer's Almanac).
Call me a bleeding heart liberal if you want, but I don't want to live in a police state where every small bit of dissent gets you investigated for a federal crime.
When you read the terms and conditions when you register, you are required to put in valid whois information. The problem is many registrars do not enforce it. Then when people complain, the registrar may do someone about it in 6 months, and then update it with invalid information. ICANN investigated some reports who network solutions, but failed to do anything. One address from their investigation, 123 Yellow Brick Road, Oz, Kansas, is still there.
Fight Spammers!
"...would add as much as seven years to prison sentences handed out to anyone committing fraud through a Web site registered under a false name or contact in formation. And it would permit copyright owners to seek larger monetary damages from people who falsify their registration information to run Web sites that distribute copyrighted material without permission."
In other words, you can fake your WHOIS information as long is your website isn't used to commit fraud or distribute copyrighted material. As long as it's being used for legal purposes, use any name or e-mail you want.
Now, here is the absurdity: do we have a law that requires poeple holding up 7-11's not to wear masks or leave their driver's license with the clerk?
It would be nice if there was some measure of consistency in legislation and punishment between online crimes and offline crimes.
Lord, bless my users that they may stop being such fucking idiots!!
When Pud was getting sued by PrintCafe, he changed his WHOIS info. Funniest thing I'd read in a while.
Here's the link:
http://www.fuckedcompany.com/printcafe.html
So I helped my neighbor set up a domain name for their new business. I put myself in as the technical contact. Phone solicitors snarfed my phone number from the whois information and started calling ME trying to sell me stuff for my NEIGHBOR's business. (I'm also getting snail mail for them as well.) So, to at least cut down on the phone calls, I changed the tech contact in the whois to the following number:
617-861-9507
"The Telemarketer's Nightmare", from the fine folks that brought you "The Rejection Hotline".
Now, it's not really MY phone number, but it IS the phone I want them to have, since I don't want them calling me. My email and home address are valid, so I can still be contacted... just not while I'm sitting down to eat dinner with my family. It's a real phone number, and it doesn't mislead anyone - the message tells someone that I don't want them calling me.
Come to the University of Mars! Classes starting soon!
Ask yourself, what is really the expectation of the lawmakers in this arena? Do they really want to further criminalize a crime? Why not just pass a law that tightens the penalty for on-line fraud? What if your motivation was to strengthen the government's ability to regulate the internet? How would you go about it. First you pass an innocuous looking law, that touches on an area you would like to restrict, but only appears to effect the 'fringe' criminal behavior. Now said law could come in two flavors: 1) DCMA style: So broad that suddenly you have an all purpose club with which to beat the snot out of people's anonymity. And control who is allowed to have a presence on the web. 2) Anesthetic: The first of many laws, nibbling away at your freedoms one bite at a time. The are painless, but cumulative. The end result is that you suddenly have a whole framework of regulation you did not even notice being built.
I'm really straddling the fence on this issue. Sure, I see the merits for having legimit information in a whois database. I've used it many times when conducting business on the net with smaller entities to "verifiy" their identity. Also used it numerous times to research companies while responding to employment ads. On the other hand, its a spammers dream come true. Look at all the e-mail addresses you can collect in one spot. Granted some registrars are taking up some counter measures against harvesting, I sincerly applaud their efforts. I think a compromise needs to take place here. REQUIRE people to submit truthful data. In this day and age how many registrars will accept blatently bogus information, especially if there are credit cards involved. However registrars should need to give their customers the option to display their information publicly. I know of no other industry that would publicize their customers personal data on the internet. Sure some of the info should stay public (nameserver records, technical contact) but does the average person need to know who owns and pays invoices for the domain? I think not.
When will they learn? Yet another 'law' proposed to clear up that dirty old Internet.
Congress, please read: THE INTERNET EXTENDS WAY BEYOND US BORDERS.
Many scams are perpetrated from sites OUTSIDE the US, how do you think your proposed law helps?
Please stop bowing to the corporate masters!
Yes, I am a Citizen of the United States.
Anything is possible given time and money.
Yea, I'm gonna steal your identity, commit credit card fraud, steal stock options from your company, distribute illegal information and media online, an wire car-bombs on 60 vehicles in Manhattan. Then im going to leave you a red flag on my website with my name on it. Come on, I hope US intelligence does not rely on laws like this to reeduce crime, because this guy is basically asking people ot turnthemselves in, so they can serve 15 years and rat out their friends! In that case cyber criminals have a 100/1 odds of making it big in their field. Why do they think it's anonymous anyway. One way to track this would be billing. But then again, Russians obtain credit card numbers so easily they come in bundles of 1000 on the black market nowadays. I hope the other Representatives get a good laugh at this bill if it ever gets heard in Congress.
[Please sign here]
you can go to the Internet Fraud Complaint Center and fill out an online report. there is a spot for kiddie porn. it's a joint venture of the fbi and the national white-collar crime center.
you get a pdf reciept for every complaint you file. i know. i've been sending them every piece of spam i get for the last two months.
Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.
In print, I have the express right to remain anonymous. Once more, these ancient old farts think print on a screen isn't print in a paper. SAME RIGHTS, YOU OLD IDIOT!
I'm voting libertarian from now on.
Laws should be based on things that make sense, not 200 years of repressive precedent, or over hyped "concerns" of the day that get legislated to death and stick.
Congressmen who throw out stupid ideas about taking away freedoms, privacies, or putting government punishments in place where nobody has been hurt, should be fired for violating the basic tenants of freedom, and the constitution.
The government shouldn't be punishing people who falsify private documents. I believe it's not (currently) a crime to misrepresent yourself, and online there's a lot to be said for the added safeties of misrepresentation, anonymity, and privacy.
The FCC doesn't need to decide what we watch on TV, we do. If we don't like what we see on channel whatever we don't watch it anymore. The only thing worse than the government trying to control our private lives is the people asking them to. Go to Europe you bunch of repressed whiners.
I'm sick of this all.
I don't care how this gets modded, I'm fed up, and /. is a as good a place as any to vent.
My Linux Command of the Day site : LCOD
2001-2002
The top industries supporting Howard L. Berman are:
1 TV/Movies/Music $222,791
2 Lawyers/Law Firms $117,450
Lamar Smith also gets mondo payola from MPAA/RIAA.
Berman was one of the shills who drafted a nutty bill last session that would have allowed movie and music companies to hack into people's personal computers and networks to erase or destroy "copyrighted" material. Most notably, it indemnifies corporations against personal torts resulting from their error for damages under $250. So even if you've almost finished the greatest novel ever written but failed to find a buyer yet, if they erase it, you get nothing. If they destroy your hard drives but show the replacement value is below $250, you lose. And so on.
There is nothing Berman would not do to keep sucking at the media industry tit. Even to the degree of drafting such nonsensical law that clearly violates the "equal treament" under privilege or immunity of the 14th Amendment by immunizing corporations against felonious activities conducted by them against citizens without considering due process.
THis latest bit of nonsense is just more of the same. Obviously Smith smells some extra cash within reach and is now also busy pandering to the media conglomerates.
Da Blog
Domains by Proxy is good, however, as far as I've seen is only offered through Go Daddy its resellers. The cheapest I've found it for is $9/year/domain. RegisterFLY.com offers the same service for only $2.50/year/domain (or $2.00/year/domain if you buy a 5-pack). And since they're an eNom reseller, they offer the same great DNS services and ease of transfer you're used to.
I posted a Registrar Comparison on my web site, but it lacks Network Solutions since I have never tried them. If anyone has any experience with them and would offer a review, I'd be happy to add it to my article.
This seems to me to be one of those plea-bargain "crimes", that's just ladled on as part of the charges. They charge you six ways for the same crime, then heap on a load of side-issues and associated minor whatsits like "conspiracy" and "fraudulent DNS" - the idea being, that the sum total theoretical max sentence would leave you jailed until the heat-death of the universe. That way you can be bargained down into pleading guilty to, say, murdering the pope - without the inconvenience of needing evidence, proof, the guy even being dead, etc etc.
The article says that they want to impose stiffer sentences for people if the domain has false contact information and IS USED TO COMMIT A CRIME.
The article does seem to hint that the gubermint is going after everyone, though, so I looked up the bill myself. It's true that they will only go after someone for this if a crime has been committed. The problem with it IMHO is that it's pretty broad...It goes after not only the owners of the domain but also "person[s] acting in concert with the violator". And it tacks on 7 years in prison who what one would otherwise get already. And from the text it looks like it's geared strictly towards copyright infringement, never mind ripping off credit card numbers or running a fake shop, or simulating the identity of a reputable company. Of course, coming from Rep. Berman, this is no surprise.
Here's the bill if anyone's interested
The link looks a little weird to me so if it is broken go to http://thomas.loc.gov and look up bill # "H. R. 3754".
-R
I wonder how this would affect the Godaddy unlisted domain name service they offer. It could be interesting. Even with false information in the whois; surely the FBI or the MPAA or the RIAA can subpoena the information from the registering authority the domain is registered through. I doubt that any of that information would be false. So that brings me to assume that when people are looking at whois information in order to prosecute the owner, and give up on a bad whois, that the issue is either not important enough to pursue further, or that they are too stupid to figure out how to do it. Either way, New laws in this area won't change anything. How would you enforce it? Do we really need more useless tech legislation that can't be enforced? Sheesh.
This signature has Super Cow Powers
I have a few domains that serve merely as honeypots for whois spammers. The snailmail address is correct but the company is "The Toronto Mango Appreciation Society" and "The Shaolin Gung Fu Death Society" - stuff like that.
I get mail on a regular basis to these addresses from such companies as: IBM, Microsoft, HP, SUN, AT&T and all the other companies who have paid tens of millions of dollars to DC lobbyists to make sure the domain name system is the way they want it.
Each time year hear some DC insider proclaim "we need to know peoples real identies because of crime, child pornography and homeland security" what they really mean is "we don't want to waste our benefactors stamps".
Mikki Barry was stalked from information in the whois database, and while I havn't kept up with this too much but doesn't the whole thing run afoul if European privacy laws?
Need Mercedes parts ?
DNS is a way to identify computers on a network. We don't need a better more secure identd to associate names with numbers.
Need Mercedes parts ?
I think going after fraud from the name angle, is the wrong approach. Those names always end up resolving to an address, and an address is how you (ultimately) track things into the physical world. (Just ask the kids that RIAA has gone after.) Everything about DNS is merely a matter of convenience, and no one should ever have a reasonable expectation that DNS information is trustworthy.
Furthermore, it looks like the article is actually talking about web sites. So use https. Now you've got a CA claiming that someone is who they claim to be. Don't trust (or know anything about) the CA? ("Who is this Thawte company, anyway?") Now you know why x509 sucks and PGP rules. (Oooh, just had to get that little barb in there. ;-) Everything's an illusion until you've met someone face to face. If you can't trust that someone is who they say they are then you just don't know, so don't try to fake it.
If you add legislation to prevent false DNS info, you're just going to increase the false sense of security. "Whois says he's really John Smith, and it's against the law to lie, so I'll give him my credit card number." Guess what, the guy in Asia who you're giving your card # to, doesn't give a fuck about the US law. You should have relied on a trust network to verify him, not the law.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Just last week they added their own DNS servers to my WHOIS data which pointed my web site and all my email to their search page. Because I registered through my hosting company (who in turn registered through Register.com) Register.com's tech support refuse to help me. They say I have to do everything through my hosting company. But when XO communications asked them to make a change they just said "No".
I mean, I'd love to have an accurate phone number and email in my WHOIS. I'd REALLY love to change the registrar of record to anybody except Register.com. But they're holding my domain hostage and won't give me a way (short of sueing) to maintain my own domain.
So don't make it a crime for ME to have false information in my WHOIS. I'd love to change the information. The jerks at Register.com won't let me.
Am I really seeing a slashdot full of anti-privacy zealots?
Whois is a government regulated collection of information about private individuals. Since when is someone having some privacy on the web a BAD THING???
I thought we all agreed on a few common principles here, free speech, free code and RIGHT TO PRIVACY (ESPECIALLY in our digital world here on the web), and that slashdot needs a built in spellchecker?!!
The government has no damn business either collecting, and especially not publishing the details of domain owners to begin with!