Congress Eyes Whois Crackdown

Decius6i5 writes "The Washington Post is reporting on a Congressional hearing in which it was proposed that putting false or misleading information in your DNS whois record should be a federal crime. Texas Representative Lamar Smith is quoted as saying 'The Government must play a greater role in punishing those who conceal their identities online.' The article claims 'Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names.' Its funny, I don't recall the RIAA having any trouble tracking down P2P users whose IP addresses didn't have any DNS names associated with them at all. This isn't the first time the issue has been raised in Congress but apparently Congress hasn't gotten any more clued after several hearings."

I find this idea disturbing.

[The+I+Shing]

Yes, there are criminals with false WHOIS records.

And, at the same time, the WHOIS database is a feeding trough for spammers and scammers, encouraging otherwise honest people to put false information into their WHOIS records just to keep those spammers and scammers from getting their names, email addresses, snail mail addresses, phone numbers, fax numbers, mothers' maiden names, and whatever else their registrars ask for.

I could create a brand new, non-obvious email address on one of my domain accounts and put it in as the Admin Contact for a record I own, and use that email address absolutely nowhere else, and I bet that within three months that email address would be getting buckets full of spam.

There's an old saying you still see on bumper stickers, "When guns are outlawed, only outlaws will have guns." While that idea might be more accurately stated as "When guns are outlawed, only outlaws will accidentally shoot their own kids," the original sentiment holds for WHOIS, that is to say, "When falsified WHOIS data is outlawed, only outlaws will falsify their WHOIS data."

If the RIAA and MPAA can't find the fake WHOIS record owners, how is the government going to track down the WHOIS record owners and punish them? Why waste time passing a law that, in the end, only punishes honest people who would rather not give their unlisted home phone numbers out when buying a domain name for their kids?

Re:I find this idea disturbing.

[Endive4Ever]

They don't have to spend a whole lot of time tracking down the false WHOIS record holders.

Just spend a little bit of time trying to track them down. Then cancel their domains. Let them present themselves for identification when they want the domains un-canceled.

A fully validated WHOIS database would make it trivial to enforce punishment against people who use spammers to promote the websites and scams on said websites registered to them.

Re:I find this idea disturbing.

A realistic solution to it is to allow people to falsify WHOIS records, but require the registries to maintain records of accurate contact information to be provided in the event of a (legitimately issued) subpoena or an investigation by law enforcement, provided they have a warrant for the information. If people choose to put their real contact information in the WHOIS record, it is still their right to do so, and many already choose to do so despite being able to falsify the data.

Re:I find this idea disturbing.

[RobertB-DC]

I could create a brand new, non-obvious email address on one of my domain accounts and put it in as the Admin Contact for a record I own, and use that email address absolutely nowhere else, and I bet that within three months that email address would be getting buckets full of spam.

That's exactly what I did... and had exactly the result you described. Hundreds of spam messages a week to an address used only for domain registrations.

However, I seem to have found a solution. A poster in the hallowed halls of Slashdot was trying to determine the level of email harvesting, but wasn't getting any bites. But the word "spam" was in his email address... so I tried a new domain registration email address that also has "spam" in it.

Results after about a month: no spam to the "domspam@..." address. I don't know if perhaps they're sending mail to "dom@...", 'cause I'm not monitoring it. But the only messages I've recieved at "domspam" are valid messages from the registrars.

Of course, I haven't bothered to update my snail mail address since I moved. I hope the folks who bought our house are enjoying the offers for low-cost hosting and convenient "renewals". I guess I'll have to add that to my growing dossier of criminal activities...

Re:I find this idea disturbing.

[American+AC+in+Paris]

If they were talking about criminalizing false WHOIS information, I'd agree with you 100%.

Trouble is, that's not what they're doing. They're talking about creating harsher penalties for people who commit fraud with a website registered under fake credentials.

They're not going to go hunting you down for having false information. Rather, if they catch you committing fraud on your website, they'll tack another few years onto your sentence if the site info wasn't accurate.

You gotta stop believing what they say in the front-page blurbs.

Re:I find this idea disturbing.

[pavon]

If the RIAA and MPAA can't find the fake WHOIS record owners, how is the government going to track down the WHOIS record owners and punish them?

Very simple. If the registrar can't contact you because you gave them bogus info then the registration gets dumped. Quite an effective and fair punishment - you are abusing a priviledge so that priviledge gets revoked.

Although I do understand where you are comming from with regard to address harvesting from public WHOIS records. If you were to implement this policy you would have to provide the option for registrants info to remain private to the registrar. Then it wouldn't be such a burden for honest people to provide the correct information.

Re:I find this idea disturbing.

[Pinky]

Oddly enough I had the exact same situation.I had two email addresses. One of them was public and I used it everywhere - in forums online etc.. The other was private and wasen't used anywhere. The public one started with "spam" as in "spamandrewt@..." and I had, like 3 piece of spam in it during its life. The private one almost had to be abandonned because of the level of spam. If it weren't for yahoomail's nice spam filtering I would get about 100 spams a day. In the end the spam email address was deleted citing lack of use.. The guy in the cube next to me has a similar story.. I wonder if we're on to something here :-)...

Re:I find this idea disturbing.

This is offtopic, but I find your misuse of statistics disturbing too:

that idea might be more accurately stated as "When guns are outlawed, only outlaws will accidentally shoot their own kids,"

Your statement would imply that there are a lot of accidental shootings. You seem to be buying the gun control and media hype. Statistically, there are VERY few. Taken from guncite.com

"The risk of being a victim of a fatal gun accident can be better appreciated if it is compared to a more familiar risk...Each year about five hundred children under the age of five accidentally drown in residential swimming pools, compared to about forty killed in gun accidents, despite the fact that there are only about five million households with swimming pools, compared to at least 43 million with guns. Thus, based on owning households, the risk of a fatal accident among small children is over one hundred times higher for swimming pools than for guns."

Or maybe I'm reading your comment wrong, just my $.02

Re:I find this idea disturbing.

[Zeinfeld]

They don't have to spend a whole lot of time tracking down the false WHOIS record holders. Just spend a little bit of time trying to track them down. Then cancel their domains. Let them present themselves for identification when they want the domains un-canceled.

The current cost of a domain name is about $10. You can't get any type of address verification/authentication lookup from a reliable database for less than $20. If you want the result to be at all reliable it would cost at least $100 and most likely $200 - sound familliar? Thats what SSL certs cost.

The rule for domain names is quite simple, you use a false address, someone complains, you are likely to never get notice of the complaint, you lose the domain. Or you use a false address, you never get the renewal notice, you lose the domain. You have no idea how many IETF privacy nuts complained about not getting their renewal notices after typing in bogus address data, well DUUHHH!!

The only reason that WHOIS data is public in the first place is that when ICANN was being set up the competing registrars insisted that the rules should allow them to see Network solution's customer list so they could spam them with transfer offers. The other registrars then did what everyone else has done since, they created nominees to hide the true identities of the holder.

WHOIS would be best shut down. The spammers are never going to give valid data anyway. Instead use the reverse DNS to advertise a contact address to go to when you have a problem with info comming from an IP record. Nice thing here is that in many cases the delegation of reverse DNS reaches exactly to the level you would want to pick up a phone to talk to someone about a hacker comming from their net.

Of course you would need to authenticate any use of that data, telephone numbers would only be given out on a need to know basis etc. But we could do a lot better than whois. I have never traced a hacker successfully using whois data.

Re:I find this idea disturbing.

[flatt]

That may work until someone claims to be from anywhere but the US.

Re:I find this idea disturbing.

[Zork+the+Almighty]

The spammers must use that system to avoid sending spam to each other :)

Re:I find this idea disturbing.

[Short+Circuit]

WHOIS would be best shut down.

That's crazy. If someone's DNS server isn't retiring an old entry that puts my domain at an improper address, I want to be able to reach them with as little hassle as possible. Not demand contact information from my friends in Australia who pointed out that they couldn't get to my site.

(That's happened to me, BTW... www.grnet.com somehow ended up having an old DNS entry with a fubar'd expiration date, but only on a high-level machine in Australia.)

Re:I find this idea disturbing.

[muckdog]

Actually this is not the case with the domain register I have delt with so far. Both with Godaddy and Regsiter.com I have give a separate email and mailing address that goes directly to them when signing up for the domain. The InterNIC Admin, Technical and Zone contact information are set to fake mail and phone numbers. The email address I use is real but not actively used, I also change it every once in a while to help keep down the spam hitting my servers.

When renewal time comes around I get two emails, one to the billing contact email and one to the one I gave register.com/godaddy. I also recieve a letter in the mail to my real address reminding me to pay up.

Re:I find this idea disturbing.

[kwandar]

Do you really think that it makes sense to provide a harsher penalty for people who have registered under fake credentials?

I might agree if the registration under fake credentials was done solely for the purpose of committing crime - maybe.

Don't the courts already take into account how heineous your actions were, presumably including hte use of false identification, in committing the crime? What does the stacking of penalty after penalty really accomplish?

Unfortunately I can see this leading to innocent individuals paying a price, where they had some infringing copyright on their website. If you believe SCO, even IBM has infringed copyright - so it can happen to the best of us (well maybe not in the SCO/IBM example ;)

Re:I find this idea disturbing.

[egburr]

Here is an easy and reasonably cheap way to verify the accuracy of , with no human intervention on the Registrar's side:

• Request email address, snail mail address, and phone number via a web form.
• The registrar places the domain on reserve, pending successful verification.
• Within a few minutes, an email is sent with a unique code to enter or a URL to click on. The user does so.
• Within 10 minutes, a computer calls the phone number and reads a short list of randomly generated numbers.
• The user enters those numbers on the form.
• The computer generates a postcard (or sealed letter) with a different set of random numbers/characters and mails it to the user. The user can elect to pay for faster delivery options.
• The user receives the letter and enters that data.
• The registrar activates the domain.

This may not validate the identity of the user, but it should go a long way toward validating the email address, snail mail address, and phone number that the user provided.

The registrar could even require this validation to be performed once a year, initiated by sending an email to the given address and a letter to the snail mail address. This would be good incentive for people to keep their information updated.

Other than the initial setup, this process shouldn't come close to costing $5 for each validation attempt.

As for identity verification; I have no idea how to do that. In the US, the social security office only wants to see your (or *someone's*) birth certificate before they will issue a replacement card. The department of motor vehicles only wants to see your (or *someone's*) birth certificate or social security card before they will issue a replacement driver's license. Neither the social security card nor the birth cetificate has *ANY* information on it that can be used to even roughly validate my identity. The fact that a driver's license and passport both rely on those documents for verification is absurd.

After having my wallet stolen and having to get my license replaced, I'm no longer surprised that identity theft is so easy and common. All you have to know is a name, their parent's names, their birthplace, and their birthdate, and with that you can get a birth certificate for $5-$10. You'll find out their social security number after waiting 2 weeks for the social security office to mail you "your" new card. Maybe now that many DMV offices do your license photo electronically, a clerk *might* pull up "your" previous photo and question you if you look too obviously different (oh wow! I used to look even fatter than I thought! This diet is amazing!), but maybe not. After that, and maybe a little research on the web, you've got pretty much all you need to check credit reports (to get credit card numbers, etc) and obtain a passport.

I had to do all this for myself once, and the ultimate proof that I was me is that I was able to obtain a copy of a birth certificate with my name on it.

However, I don't know what more they could require and still have validation be possible. Maybe eventually, the social security office or the DMV will start requiring a full set of fingerprints for initial cards or licenses, and a new set for comparison before a replacement is issued.

Maybe then identity verification could work.

Re:I find this idea disturbing.

[orthogonal]

"The Government must play a greater role in punishing those who conceal their identities online - Lamar Smith"

Excuse me?

People who are anonymous must be punished?

Are all Texans as offensive as their elected representative?

Hey, terrorist boy, Congressman Smith is right.

Why did you know that once there where these three guys, three anonymous agitators, and they hid behind a fake name, "Publius", and wrote a bunch of stuff that completely changed the government of their country?

Anyway, these three guys started out as rebels and terrorists and traitors, and once things got settled down again, first thing they done was to get together all anonymous like, and they decided to change things yet again.

But they figured that people might not be as convinced of their ideas ifin people know'd it was these rebel traitors behind the ideas, so they made up that fake name "Publius" and published under it.

And what they wrote completely changed the government of their country. It got rid of the Articles of Confederation and made it impossible that the country would ever again be ruled by King George, who they'd rebelled against, and it set up a Constitution and a central government -- actually it was a Federation and them anonymous papers was called The Federalist Papers -- and as a by-product of the debate over them papers, they added ten Amendments to their new Constitution, the first one of which guaranteed, among other things, Freedom of Speech.

And years later one of them anonymous rebels became the Secretary of Treasury of the new country they'd created with their anonymous papers, and one of the then rebels became the First Chief Justice of the Supreme Court of the country they created with their anonymous papers, and the other one, well, he became the fourth President of their new country which they had created with their anonymous papers, a country they called "The United States of America."

And I, honest to god this isn't mere rhetoric on my part, I have tears in my eyes right now when I think of all that those three disreputable anonymous rebels created, and the tears are streaming down my cheeks when I think of the Constitution of the United States of America that Alexander Hamilton and John Jay and James Madison agitated for in their anonymous Federalist Papers, and I get a lump in my throat when I think of the glorious First Amendment to that Constitution, which, among other things according to the US Supreme Court, guarantees a right to anonymity to protect our freedom to engage in political discourse and debate.

And Lamar Alexander -- Lamar Alexander, elected to the Congress planned and created by the same Constitution -- when he says that "The Government must play a greater role in punishing those who conceal their identities", well, I have to ask, when is the last time Lamar Alexander read that fine Constitution, that Constitution created by those three anonymous men publishing under a fake name?

And by god! I contend that the those who stand up for that Constitution, and for Free Speech, and for a right to anonymity -- those persons -- and not Big Brother's lackeys with their newspeak "Patriot Act" -- are the real American Patriots.

Re:I find this idea disturbing.

[punkki]

Within 10 minutes, a computer calls the phone number and reads a short list of randomly generated numbers.

Right. And the check would be done in every language from English (different variants of it) to Urdu? Also, let's hope the person isn't hearing impaired.

The user receives the letter and enters that data.

Let's hope the person is able to read the instructions.

In the US, the social security office only wants to see your (or *someone's*) birth certificate

Now I understand. I don't know how to break this to you gently: not everybody lives in the USA.

Who controls WHOIS?

Does Verisign control the WHOIS database? Since they are a US company, is that what gives the US the right to patrol that database? If not Verisign, who? Will the US rules be applied to other countries? This is legislation that will not be enforcable!

Re:Who controls WHOIS?

[isa-kuruption]

Domain name registrations are controlled by ICANN which is a Congressionally funded organization.

From their website:

The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions. These services were originally performed under U.S. Government contract by the Internet Assigned Numbers Authority (IANA) and other entities. ICANN now performs the IANA function.

ICANN then contracts out services to corporations for manage the DNS registrations. Currently, VeriSign controls .com and .net.

Inform your representatives

[jaxdahl]

Write your senators or representatives, via snail mail or fax and inform them of this issue, especially if they are members of the revelant committees.

Lesser of two evils?

[lukewarmfusion]

Wow. Either the spammers get my info from the Whois database or the RIAA can't track down some pirates.

Which do I choose?

Arrr....

spam

[reluctantengineer]

So is my senator going to come over to my house and sort my spam email and junk snail mail that I get from my whois records?

Re:spam

[ryanjensen]

Oh, of course not. Your senator passed CAN-SPAM for that.

It's about time

[scumbucket]

The WHOIS database provides contact information that is necessary for the proper operation of the world wide web. It is not only registrars that need access to this information, if you have a complaint about a domain, and the registrar for said domain is the same company, who do you go to for contact information.

False or missing information in whois records is already a problem that helps (for instance) spammers hide their contact information from people with legitimate reasons to contact them. If you get no response from the contact listed in the domain's SOA record, abuse, admin, webmaster, postmaster, etc, and there is no contact information posted on the site (or false contact information), what do you do? You check out the WHOIS record for the domain. If the info that's supposed to be there is present and accurate, you have a way to contact somebody, if it isn't, you have ammo for asking the registrar to suspend the domain registration, and if *they* won't, you have ammo to ask ICANN to suspend the registrar's activities.

Unfortunately, people don't realize the reason that WHOIS records exist, which is to provide contact information. That's the WHOLE reason. Removing that information makes the WHOIS database useless.

This is just silly...

[bc90021]

...all that's going to happen is that people are going to put in correct information, and then make it unlisted. When the people in Congress are given the analogy with the phone system (ie, unlisted numbers) it will become a matter of subpeonas, and then for the courts in the cases of infringement, as it should be.

Crackdowns we'd like to see...

[heironymouscoward]

- false WHOIS information
- false email headers
- spoofed IP addresses
- misleading web pop-ups
- spyware authors
- technomorons who install spyware
- coverage of mydoom by the BBC
- jj's boobs

Fun with White Aryans and DNS.....

[i_want_you_to_throw_]

About 4 years ago. I registered "whitearyanresistance.com", org and net. I put a nice little cgi in place that sent people to random sites sites like blacksonblondes.com, algore2000.com, NAMBLA and so forth.

Next step was to modify the cgi to regurgitate the IP address where the user got a message that said..

Your IP Address: xx.xx.xx.xx has been recorded for forwarding to the proper authorities. Have a nice day



Then I got tired of picking on Tom Metzger and his retarded ilk and just donated the domains to another group (not the W.A.R.).

You bet your ass I used fake info in my WHOIS then.

I do wonder though if there are legitimate cases of where people run sites where it's best to not know the identity. Much in the same way that an abused woman could never call home from a shelter because her husband who beats her would know where she is thanks to caller ID.

Maybe the Chinese Communists would send goons to whack all the Falun Gong website owners or something (I'm sure you have better examples).

Good grief.

[Grrr]

"The Government must play a greater role in punishing those who conceal their identities online, particularly when they do so in furtherance of a serious federal criminal offense or in violation of a federally protected intellectual property right," Smith said...

So - that sentence can end at the first comma, and be no less accurate in representing his opinion.

Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries...

'Of the corporations, by the corporations and for the corporations'

The bill would not affect people who are trying to safeguard their privacy because it
only makes it a crime to submit false registration data when it is done to help commit a
crime...

Now if we could only keep that pesky concept of what constitutes a "crime" from continually
expanding...

<grrr>

Re:Good grief.

[ConceptJunkie]

Unfortunately, being suspected of having committed a crime is criminal under the Patriot Act.

This story is brought to you by the color "yellow"

[American+AC+in+Paris]

From the Washington Post article:

The bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime, said Mark Bohannon, senior vice president for public policy at the Software & Information Industry Association, which supports the bill.

Oh, fer Pete's sake, Taco. Would it really hurt all that much to give a full, accurate blurb on this one?

This isn't about forcing people to use their real name when registering a domain. This is about increasing the severity of the punishment for committing online fraud. Basically, if you commit fraud using a website with faked credentials, you'll face a stiffer penalty than you would had you committed fraud on a website where you used legitimate credentials to register.

I'm not saying I've fully researched this, but it sure as hell isn't the rights-trampling orgy the blurb makes it out to be, Taco. Do your homework before posting half-informed diatribes to the front page.

Down the road ...

[s20451]

You know, we're moving towards a world in which computer users and computers themselves are licensed, much as drivers and their cars are licensed.

Is that a good or bad thing? It has its drawbacks, but on the whole I would say good. Fewer viruses, less spam, a modicum of sense from lusers. Less anonymity, yes, but there are always tradeoffs.

Doesn't sound...

[AKAImBatman]

...like it's a big deal. This is the type of law that would only get enforced when you really piss someone off. If you're running an illegal site, you can expect that they'll heap this charge on with the 1000 others they levy against you. Without a motive like illegal activity, it's difficult to prove that you were being intentionally misleading. (Unless you're dumb enough to fill it out with "Snoopy, 10 Charlie Brown Drive, Gotham City" that is...)

Should be the other way around

[Tablizer]

I don't want my physical address available to the world. Domain minders should collect it for billing and security reasons, but NOT for publicly-available databases.

what a bunch of bullshit!

[JeanBaptiste]

i run a small, non profit politically based website with a chatboard. many people have come on the chatboard and threatened me with physical harm and worse because of my views.

and now they want me to put my real home phone number and real home address in the DNS records?

WHAT A BUNCH OF SHIT

that is ridiculous

[cyberwave]

What if I want to setup a domain name criticizing my private school? They censor the newspapers so the internet is the only medium in which that would be possible to do anonymously. Just as I could give out fliers while wearing a mask without breaking the law, I should be able to do the same thing on the internet. Additionally, there are alternatives that you can pay for as well (but costs more than putting in fake information). They shouldn't be legislating against the ways in which people conceal themselves; they should be legislating against the things that they DO while concealed! Being anonymous isn't a crime. Punish the crime, not the anonymity. Wow politicians are so stupid. No wonder the good ones turn into teachers instead.

Godaddy.com

[teamhasnoi]

provides a service that uses a third party proxy as your whois info.

When 'whois'ing your domain it gives the company's email, which gets forwarded to you (after a spam filter if you like). Same with any 'real mail' (except for junk mail if you wish).

Well worth the nominal cost (3 bucks, IIRC) at registration time.

Pointless laws

[taustin]

Selling child pornography on the internet (or off it) is a federal crime, but the FBI won't even take a report on ads for it.

Selling prescription drugs with verifying a valid presecription on the internet (or off it) is a federal crime, but the FBI won't even take a report.

Using a stolen credit card number on the internet (or off it) is a federal crime, but the FBI won't even take a report, even if you have a name and address for the perp.

Who cares if Congress enacts more federal laws that the FBI won't even take a report on?

Re:Pointless laws

[Lead+Butthead]

Who cares if Congress enacts more federal laws that the FBI won't even take a report on?

You should, I should, EVERYONE should. Laws in the book that are not enforced today does not mean they will not be exploited at a later date to harass citizens.

Re:Pointless laws

[NoData]

Who cares if Congress enacts more federal laws that the FBI won't even take a report on?

Because when it's in the interest of big business, you better believe the FBI will act on it and exploit every tool at their disposal. Let's be clear: This bill is not for going after child pornographers, it's for busting that most treacherous of terrorists, the Music File Sharer! One of the sponsors, Howard Berman, is a notorious shill for the music and entertainment industry.

At least read this if you didn't read the article

[prothid]

From the article:

The bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime, said Mark Bohannon, senior vice president for public policy at the Software & Information Industry Association, which supports the bill.

I was pretty furious when I read the headline, but the actual article calmed me a bit. Then again, it's all just a conspiracy to eventually become a police state where we have no rights, right?

Just don't show email addrs in whois records.

[pjbass]

Overall, having accurate information in the WHOIS database I think is essential for the ever-growing registration of web spaces on the Internet. However, just having "valid" data in the current database really won't cut it, as previous posts have stated with spammers conveniently using this as a virtual picking ground for targets.

What there needs to be, IMHO, is a re-vamp of how WHOIS works in storing data, and how the domain registrars handle that data. Things like admin email accounts and contact information (phone numbers, addresses, etc.) should be required to register, but should be in a database maintained by the registrar, and is not available to the rest of the population. If someone has a problem with you (spamming from your domain, etc.), it should be the registrar's issue, since they sold you the domain name. They should be the point of contact, and in turn send you mail with the question or complaint. This will protect people's privacy from the would-be spammer, and then give the government accurate information on who owns what. I don't agree with the whole BB thing either, but having accountability for what one has on his/her website needs to be enforced to a point, and having this data up to date will help enforce that.

Hmmm....

I agree with the concept of jerking the registration if the information is false, misleading, or utterly out of date (cannot be found). Add a waiting period before anyone else can register it (so someone can step forward and claim their error), and allow for private registration that can be accessed with a warent, and I think it would be a pretty good idea.

Any other ideas?

Newsflash

[H8X55]

People on the Internet sometimes pretend to be someone they're not.

Anyone who is trying to conceal their identity for illegal activities will continue to do so.

Now we may just get more spam.

Anonymity == illegal?

[3Suns]

It seems like the government, more and more now, is treating anyone who wishes to remain anonymous, or who does things anonymously, as a criminal. Granted there is nothing in our bill of rights or constitution that protects our right to anonymity, but there should be.

There are plenty of legitimate reasons why one would wish to remain anonymous. Not to mention the fact that the US government should have no control over the internet which in essence represents the international community. Just because anonymity can be inconvenient for law enforcement doesn't mean it must be made illegal.

Ski masks, pantyhose, and latex gloves are still available for sale in the US. All these are ideal tools for concealing your identity in real life. Wearing them in real life is not illegal either. It is, however, illegal to commit a crime while employing these tools, although no more so than if one does not employ them.

Re:This story is brought to you by the color "yell

[The+Gline]

"Do your homework before posting half-informed diatribes to the front page." ...but this is Slashdot! The whole POINT is to post half-informed diatribes and cause people to assume it's a rights-trampling orgy!

I've said before that if someone discovered Linux was in use in a prison system somewhere, the /. headline for that would read: "Windows Still Used To Violate Civil Rights" or something equally idiotic.

Some Canadian registrars have the idea re. privacy

[fatwreckfan]

Some Canadian registrars, such as Internic.ca offer a service called Privacy.ca that hides your registration information, so random people can't look up your info.

If it becomes a federal crime to lie in domain records, something similar could be implemented to protect those who want to remain (somewhat) anonymous.

What about...

[Beolach]

Not having any Whois information? I remember a domain name that I wanted to register at one that had already been taken, and when I checked whois to see who had registered it, there was nothing there. Is that going to be illegal, or just having false information? If it's only illegal to falsify info, what's the point; and if no info is also illegal, then this is way too invasive.

What are you in for?

[eskwayrd]

I'm doing 5-10 for typoing my name.

Read the terms and conditions when you register!

[www.sorehands.com]

Bull! Just because someone can track you by your car's license place number does not entitle you to cover it.

When you read the terms and conditions when you register, you are required to put in valid whois information. The problem is many registrars do not enforce it. Then when people complain, the registrar may do someone about it in 6 months, and then update it with invalid information. ICANN investigated some reports who network solutions, but failed to do anything. One address from their investigation, 123 Yellow Brick Road, Oz, Kansas, is still there.

Once again, US != Internet....

[RedHat+Rocky]

When will they learn? Yet another 'law' proposed to clear up that dirty old Internet.

Congress, please read: THE INTERNET EXTENDS WAY BEYOND US BORDERS.

Many scams are perpetrated from sites OUTSIDE the US, how do you think your proposed law helps?

Please stop bowing to the corporate masters!

Yes, I am a Citizen of the United States.

What is wrong with the government these days?

[dougnaka]

Can't they stay out of private life?

I'm voting libertarian from now on.

Laws should be based on things that make sense, not 200 years of repressive precedent, or over hyped "concerns" of the day that get legislated to death and stick.

Congressmen who throw out stupid ideas about taking away freedoms, privacies, or putting government punishments in place where nobody has been hurt, should be fired for violating the basic tenants of freedom, and the constitution.

The government shouldn't be punishing people who falsify private documents. I believe it's not (currently) a crime to misrepresent yourself, and online there's a lot to be said for the added safeties of misrepresentation, anonymity, and privacy.

The FCC doesn't need to decide what we watch on TV, we do. If we don't like what we see on channel whatever we don't watch it anymore. The only thing worse than the government trying to control our private lives is the people asking them to. Go to Europe you bunch of repressed whiners.

I'm sick of this all.

I don't care how this gets modded, I'm fed up, and /. is a as good a place as any to vent.

MPAA/RIAA OWNS BERMAN - $222,791 Payoff!

[meehawl]

2001-2002
The top industries supporting Howard L. Berman are:
1 TV/Movies/Music $222,791
2 Lawyers/Law Firms $117,450


Lamar Smith also gets mondo payola from MPAA/RIAA.

Berman was one of the shills who drafted a nutty bill last session that would have allowed movie and music companies to hack into people's personal computers and networks to erase or destroy "copyrighted" material. Most notably, it indemnifies corporations against personal torts resulting from their error for damages under $250. So even if you've almost finished the greatest novel ever written but failed to find a buyer yet, if they erase it, you get nothing. If they destroy your hard drives but show the replacement value is below $250, you lose. And so on.

There is nothing Berman would not do to keep sucking at the media industry tit. Even to the degree of drafting such nonsensical law that clearly violates the "equal treament" under privilege or immunity of the 14th Amendment by immunizing corporations against felonious activities conducted by them against citizens without considering due process.

THis latest bit of nonsense is just more of the same. Obviously Smith smells some extra cash within reach and is now also busy pandering to the media conglomerates.

Makes me want to kick somebody...

[cshark]

I wonder how this would affect the Godaddy unlisted domain name service they offer. It could be interesting. Even with false information in the whois; surely the FBI or the MPAA or the RIAA can subpoena the information from the registering authority the domain is registered through. I doubt that any of that information would be false. So that brings me to assume that when people are looking at whois information in order to prosecute the owner, and give up on a bad whois, that the issue is either not important enough to pursue further, or that they are too stupid to figure out how to do it. Either way, New laws in this area won't change anything. How would you enforce it? Do we really need more useless tech legislation that can't be enforced? Sheesh.