Slashdot Mirror
Whois Record Falsification Closer To Illegality
PipianJ writes "Reuters is reporting that the House of Representatives has recently passed the bill that would approve of penalties for those using fraudulent WHOIS records (H.R. 3632). Interestingly however, this does not directly outlaw it, instead extending the penalty by seven years for felonies performed using such fraudulent websites. The Senate has not yet passed their version (S.2242). The bill as originally written, however, focuses primarily on penalties for promoting counterfeit music, computer programs, and other media with identical labeling."
Fine spammers who use information in whois records, it might be more acceptable. As it is now, my choices are to do a domain by proxy or falsify (oops, typo!) some of my information.
...beacuse when you have to change your records, your gonna be swimming in it.
"I use a Mac because I'm just better than you are."
providing "555-555-5555" as a phone number or "Small Wok Way, Chopstick Town, WI" as a street address.
I need to change my phone no. and move now.
I'm sick of getting mail from "registrars" charging $40 and up for two year renewals and so forth. People wouldn't have to falsify records if ICANN did not require registrars to sell their records to whoever wants them. On that note, I'll probably move all my domains to Gandi as they begin to expire because of this (they allow me to exclude my records from the stuff they sell).
Also, will this penalize people who use their real names but false addresses? From the sound of it, it looks like it would.
US businesses that currently accept chip and PIN/signature
..watching them try to enforce it. It appears that the U.S, like other countries, has still not gotten the idea it's going to be nearly impossible to legislate the internet. I have a feeling this is going to be used more as one of those charges they use when they need an excuse to do a raid, and dont have enough evidence for what they're going for.
Disagree? Lemme hear it.
Before you mod me funny, think, perhaps I was insightfully funny?
How are they going to enforce it when a large portion of those registrants are actually non-US?
I will confess that much my knowledge of federal penalties is second hand, having lived with two former federal agents most of my life, but what good does this do, really? The federal penalties for most crimes seem to already be aimed at simply "crushing the perp and ruining him/her forever" rather than anything resembling pursuit of justice.
Yet another good reason to vote for Michael Badnarik in November. He wants to move us toward a system based on restitution, not simply locking the perp away and throwing away the key.
Click here or a puppy gets stomped!
This will only become acceptable if you cut down on the fraudulent abuse of WHOIS. For example the Domain Registry of America garbage. You also have to take into account annoyances. I remember originally having my authentic WHOIS info and getting called by people wanting to "buy" my domain, for a good price; and various other crap.
How about enforcing fines, penalties, and heck jailtime for all the fuckhead spammers (both V.AGRA and Register.com) who abuse the whois registry data? Or who want to charge you $10 to "protect your privacy" on top of your $10 registration per month? It's a shell game. I wish we still lived in some magical utopian internet bubble where only good geeks(tm) were on the net, but fact is we're up to our elbows in fuckheads and if I have to put in (555) because I don't want to be telemarketed.. well.. do something about the fuckheads and I'll put a good number in.
Mmm... now that's a mature reply.. "Congressmen, it's a principle of fuckheads. Take that to the floor!"
"The government must play a greater role in detecting those who conceal their identities online," said Texas Republican Rep. Lamar Smith, a sponsor of the bill.
Scared yet?
http://domainsbyproxy.com/
Nuff said.
"On a scale from 1 to 10, people are stupid"
Some of us prefer to have our names listed as: Anonymous Coward on our website registrations
I register my domains at GoDaddy.com, and use DBP for my WHOIS information. I rarely get any spam coming through my mydomain.com@domainsbyproxy.com address.
At least with this legislative leniency, my approach won't be outlawed yet.
Would somebody please show us where exactly the law prohibts registering with 555-555-5555 as a phone number?
I think we've got the wrong bill associated with this story.
Flat out and to the point: I have a right to privacy.
My domain is a personal one. It's not meant to be a high profile public site... I get maybe 5 anonymous visitors a month.. why should I provide valid whois info? I don't feel comfortable with doing that and I will NEVER provide real info.
Instead, how about making sites that involve monetary transactions register valid names?
I don't give a rat's ass if "this is the internet, it's public," my right to privacy is my own. If you don't like it, tough shit. If they wanna make it illegal, then bring it on - I still won't provide valid info.
What are they gonna do?
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
"The government must play a greater role in detecting those who conceal their identities online," said Texas Republican Rep. Lamar Smith, a sponsor of the bill.
With all due respect to the Representative from Texas, I call bullshit.
I can understand the problems deliberately fraudulent registration information can be when trying to track down the owners of a malfeasant commerce site, but what about the option to reveal no information to the public?
"Regime change".
Weaselmancer
rediculous.
Set up some public keys for federal agencies, and let us post our info in encrypted form... they can read it whenever they want, and no worry of it being harvested by spammers.
I was going to put a sig here, but I had already submitted the message.
The Federal Anticounterfeiting Act of 2004, the bill that was *actually* linked to, is some scary stuff.
Writing a program like Daemon Tools (no, not the *IX suite of software, the CD image software) or bnetd (a FOSS Battle.net implementation) would become illegal, with a potential five year federal prison penalty.
Why have I not heard about this before?
May we never see th
As they demostrated by their voice (anonymous) vote. Not wanting to be accountable for thier actions. The "Voice Vote" itself should be outlawed.
We have two bills -- one of the two linked-to ones makes writing software like Daemon Tools, no-CD patches, and bnetd (a libre open source battle.net implementation) a federal crime.
The second bill makes not providing identifying information to let the feds track you down if they know what your website is illegal. (What if I want to speak freely, without fears of being harassed? I can post papers anonymously, but not be anonymous on the Web?) Add in the next obvious thing, a requirement for webmasters to log and be able to provide information for who posted something, and federal law enforcement can track anyone down.
Combine this with the fact that Cat Stevens just fell under the eye of the Homeland Security Watch List, had his plane diverted to Maine and was kicked out of the United
States. As far as I can tell, his main crime was criticizing US involvement in Iraq.
And Bush's polls are looking better than ever.
It's an authoritarian next few years for all of us...
May we never see th
For example, imagine a company that uses the address for a local bank in their program to harvest credit card numbers from web surfers. If caught the whois records add to the fraud case.
If this is the intention of the legislation, then enforcement is not a major issue...since it is something tacked onto other scams.
I thought this was illegal, I rem filling out something with some legal stuff when I signed up for my domains, and I was bummed that I would have to put my personal details out there. Then I found Domains by proxy and I didn't have to. So, I didn't break the law, but you can't find my name/address/email with a simple whois!
CB
free ipod and free gmail!
I don't know whether this is good or bad. I could possibly gain security from the gov't's attempts to stop users from using WHOIS records falesly...ie. they might be using my name or phone number or etc. to do something devious. Or, will I be losing privacy because internet anonymity is slowly becoming illegal?
how soon this congress and admin will outlaw that horrible chemical HOH. It is responsible for so many deaths and can hide terrorists activity. Perhaps, we can get this fine group of people to outlaw such a dangerous item. After all, it would be just about as easy to enforce this one as the whois record as well.
I prefer the "u" in honour as it seems to be missing these days.
Yet.
Funny - a few years ago it was legal to to reverse engineer things, and post the results. Now we have the DMCA.
I guess you can continue in your mistaken belief that what you do now won't potentialy be held against you later.
It's a crazy world, run by people who want to keep what they have, and gather more. If they think you or your 'innocent' doings threaten their way of life, your ass will be legislated to illegality in the blink of an eye.
After all, it's far easier to do what you want to people when they're all criminals.
Wait and see.
It's also massively perverted. While the popular example is pot- I'll give you the reverse. In Massachusetts, if you're caught drunk driving, you get a MAXIMUM of 2.5 years, $5k, license suspension for one year (unless you need to get to work- then you're eligible for a limited license after just 3 months, and if you have "hardships" you're allowed to get a limited license in 6 mo).
Keep in mind drunk driving is a HUGE cause of vehicle-related fatalities in the US; about 40%, and I believe that puts it at #1. 1.4 million people are arrested and charged with DUI every year. That is a -staggering- number; almost 1 in every 100 people has been charged with DUI.
Please help metamoderate.
domain sullust.net
status production
owner Andrew Francis
email locust@bur.st
title Mr
address PO Box 5009
city Dalkeith
state WA
postal-code 6009
country AU
admin-c locust@bur.st#0
tech-c locust@bur.st#0
billing-c locust@bur.st#0
nserver ns1.bur.st
nserver ns2.bur.st
nserver ns3.bur.st
nserver ns4.bur.st
registrar JORE-1
created 2002-03-25 12:35:22 UTC JORE-1
modified 2004-03-01 14:21:26 UTC JORE-1
expires 2008-03-25 06:35:06 UTC
source joker.com
as it stands, 1st of all, it is _not_ illegal to use fake WHOIS records, even under the provisions of the legislature being discussed. All this does is to add jail time (up to 7 years according to the wording of the bill) to those that then go on to use the fraudulent domain for spamming,fraud,con activities. It just makes the punishment for those that are already doing illegal things worse.
/.
i run an internationally political website, and if I used my real name, phone, address, etc, I would have been physically attacked, at best. This law does not affect me in any way as I am not doing any fraud, spam, con-games, nigerian emails, or what have you.
I would add that other laws that have been struck down HAVE made what I am doing illegal, fortunately nothing like that has stuck. In summary, the discussed law is not a problem for anyone, as long as they are not spammers, fraudsters, nigerians, etc.
Agreed, its a step in the wrong direction. But as for now, as long as you are not engaged in other illegal activities, you (should not) dont have to worry.
this merely adds penalties onto already illegal activities if you fake your WHOIS records.
I am not a lawyer, but I play one on
I don't use valid records in most of my WHOIS records. I use one domain for posting to usenet, talking mainly about anti-spam stuff. I have another for mailing lists subscriptions. Yet another couple for seeding to spammer's "remove" forms. Then I have a number of personal domains. They all have common DNS records. I don't want spammers getting ahold of my personal information via my other domains. Spammers have a bad habit of attacking anti-spammers. I have also used the proxy registration options of my registrar, Godaddy. Unfortunately that doubles the cost of my domains and isn't very practical. Is there a solution that doesn't cut into your wallet?
The thing is I registered 22 domain names with bulkregister.com and 2 with stargate.com. Thing where good for about 2 years and then I moved into a new house, new town, same state. we where in the house for about 2 months (November 2003). Then all hell broke lose as a markiting target I became a hotspot for email, and now telephone marketers and most of it was due to 2 of my domain names. when I moved I had to chase down passwds and account names for 3 different registrars and I changed the contact info for all of them and luckily I had everything available and not in boxes.
o is/Arc01/msg00028.html
So to get to the point here with a law that makes fraudulent whois records a crime at what point dose not updating records make you a criminal?
And I didn't sigh on to opt in on every email list selling sex, drugs, or rock and roll or any other possible thing in the world that's hitting my spam filters
Domain names are not merely the objects of trademark disputes, they are also important facilitating elements for online speech. Just as it is legal to publish a book or broadsheet with no indicia of authorship or publisher, it should be legal and possible to publish a website or other Internet communication without such identification. Indeed, in the United States, anonymous speech is a constitutionally protected right. Most domain names do not conflict with trademark rights, and ICANN would be overreaching its mandate to subordinate broad free speech interests to this relatively narrow concern.
Above taken from: http://www.dnso.org/dnso/dnsocomments/comments-wh
Support Free Trade Campus
get a free account Now!
some how this got posted to a wrong artical a bit ago I hope it's going to the right place now? I don't need the bad karma if it's not
I'd Tell you all my secrets but I lie about my past
I don't really care if the domain manager knows my home address and e-mail, but why the hell to does the whole goddam world have to see it?
Table-ized A.I.
"I wonder exactly what makes a record false"
My name is Nobujuta Mussabi, Recently VERY bad things have happened to my father, OKIMBE mussabi. OKIMBE had nearly 10,000,000,00 EUROS in a swiss ACCOUNT. AS he has most UNFORTUNATLY been killed in a PLANE CRASH, I am unable to ACCESS the money. as their is a civil war in my native country of SIERRA LEONE i am UNABLE to access his TREASURE. if you would SEND ME 10,000 for the TRANSFER FEE, i will SPLIT the money.
Please see my 'fake website URL here' for info on how YOU can profit from my misfortune!!!1!'
---
Im sorry, I got carried away. what was your original question? oh yeah, "I wonder exactly what makes a record false.". If you are wondering, they are currently doing. and they aren't nice about it.
The IETF's CRISP working group has developed a replacement for whois: IRIS (Internet Registry Information Service). IRIS allows for different levels of access, so that you don't have whois's "all or nothing" response any more. This will help protect record details like addresses from harvest by J. Random Abuser (spammer, what have you). This is goodness.
I assume that the law enforcement agencies in the country in which the registry is domiciled would have to provide the highest level of access (equivalent to the current whois), but that other LEAs would have to go through the country of domicile.
This is speculation, though; ICANN/registry/registrar policies may make it easier or harder.
You're free to withhold all the information you want from the domain name registry- and not have a domain name. This will not impede your use of the Internet or operation of servers in any way; you'll just have to use your IP instead of an easier-to-remember character string when you want to link someone to your server. Think of it as the Internet equivalent of an unlisted phone number.
You have a right to privacy, but you don't have a right to a domain name.
The WHOIS records aren't a legal declaration of your True Name, True Legal Domicile, Phone number you agree to be reached at 24 hours a day by anyone who wants, ICBM address, Subpoena Acceptance Address, Mother's Maiden Name, Fingerprints, and RIAA pre-approved guilty plea that you give The Authorities in exchange for permission to speak on the Internet. They're simply administrative contact information people can use to try to reach you if your system is having trouble. There's a billing address there so that the Registrars can reach you if they want more money. There's a technical address to reach you if things are broken. There's an administrative address for general administrative requests. If somebody can't reach you because your information is out of date or incorrect, that doesn't mean you're an evil miscreant, it just means that you won't get proactive billing notices, and if your DNS isn't working right, people can't reach you to let you know.
It is possible to give the registrars fraudulent information - if you're impersonating someone else who really exists, but that's adequately covered by existing fraud laws. But if you give your name as "Johnny Smith" and put your address as "111 Main Street, Bogustown, USA" or "1600 Pennsylvania Ave, Washington DC 90210", that's nobody's business, that's just not a very useful contact handle you're giving somebody. If your payment to the registrar works, it works. And here in California, it was common-law right to use any name you wanted to except for purposes of fraud, though apparently the DMV got that changed a decade or so ago and insists that you need papers from some government or other to have a name.
ICANN seems to have been one of the early prime movers in True Name Whois Information, in spite of the damages to privacy that it causes (e.g. spammers hitting your published admin address.) The "IP" that they're interested in has always been "Intellectual Property", not "Internet Protocol", and they're really grouchy about the concept that anybody could ever use a domain name without agreeing to provide an always-updated True Name and Legal Process Server Address so that trademark owners can find you and sue you if they think they've got a claim on a domain name you're using. More recently, though, the RIAA/MPAA have taken up the cause, because they want to be sure that if you ever even think about sharing copyrighted music on line, they want to be able to drop handcuffs on you. If there's a dispute about domain name ownership, and your Registrar is unsuccessful in contacting you using the contact information you provide, for some reasonable period of time, it's reasonable for them to bounce your domain name.
On the other side of the argument, while I strongly value privacy, most of the time when I try to track down spammers using whois records, the information is bogus, which is annoying, and it's almost always either obviously bogus or else some foreign address that looks hard to track down. The main exceptions are in-your-face spammers like Spamford or Scotty Richter, and spammers with corporate shells to hide behind (e.g. one spammer had a mailbox at the street address of The Company Corporation, which is in the business of setting up cheap Delaware corporations), so they're effectively untraceable.
Meanwhile, if you're a "hardcore libertarian", you need to think about what rights mean. Saying somebody doesn't have the right to do something isn't just a statement about ethics - its equivalent to saying that you have the right to beat them up if they do it. Falsifying your personal resume is attempting to deceive somebody about your skills so they'll give you something that they wouldn't if you'd been honest, and of course that's wrong.
But "Trav
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Learn how Congress works before you try to criticize its processes.
Votes can be taken any number of different ways in the House:
1. Voice vote
2. Divison
3. Recorded
A voice vote is almost always used in the first place, if it's overwhelming, there's no point in wasting time going any further.
Any member can then demand a division, where by those in favor rise, those opposed rise, and are counted, but their votes are not recorded (but the press and others will always note who voted which way).
Then, any member can request a recorded vote, which must be supported by at least 1/5th of a quorum (the rules are slightly modified for any votes by the Committee of the Whole), and then votes are taken by electronic device and officially recorded as to who voted which way.
You can be assured that for almost everything other than entirely non-controversial legislature. Also, most bills regarding income tax increases, and other fiscal measures automatically require a recorded vote.
What?
I hear Dan Rather has a new story brewing on record falsification.
The one time I've had my Miranda rights read to me, the cops violated them and the Federal Privacy Act after we got back to the cop shop, or as the sergeant said "This isn't a threat, it's just a choice you can make". (I'd been photographing misbehaving small-town cops, and they didn't appreciate it, but this was pre- Rodney King, so it was easier for them to get away with things, and I was supposed to go on vacation the next day and didn't want to spend the weekend in jail instead of getting on my plane, which the cops were quite correct that they could do.) Charges were later dropped, but it was annoying.
Until the recent Hiibel case , the courts were really clear about this; it's an ugly mess, and the Supremes upheld an Nevada law permitting cops to ask people to identify themselves, in spite of the fact that that's not what the cop did in the events under consideration.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Here's my solution. First, I pay for a PO Box. It's not too expensive and it's a legal address to register domains. So whois returns the PO Box as the contact address. I also use the PO Box for other things like the university after finding they sometimes "accidently" publish your home information even if you've requested it to be private. In order to get a PO Box, you give your real street address to the post office, so should the feds breathe down your neck, they can't claim you did this to avoid being tracked down. All they'd need to do is get your PO Box registration from the post office to find out your street address and I'm sure they have routes for this.
Second, for phone number, use areacode-555-1212. This is a directory service similar to 411 but localized by area code. If you have a listed number, the interested party would have to pay to use this number to get your listed number. This cuts down greatly on telemarketers who do not wish to pay the fee very often. Also, if you have an unlisted number, this service will just say that. Again, the feds can request even unlisted numbers directly from the phone company so using this phone number does not prevent them from getting your real phone number.
So really all you need to reveal is your real name when you register the account. Some may be a bit leery of even this I know. But my point is in the context of this proposed law. IANAL, but it seems to me that as long as you register using your real name, a PO Box and the 1212 number, the feds would not have a claim to say you falsified your registration. To do so, they'd have to outlaw all anonymizing registatration services that put a middle-man address/phone number into the whois record as this method is basically a free way to achieve the same effect.
I find it a bit curious and well ludicrous that our overpaid legislators would be so concerned over incorrect or false information on whois records but allow for the falisification of caller ID on our telephones.
Hmm, maybe it's just me but I would think MORE people in America would benefit from non-fradulent CallerID (Darn them telemarketers) than from what the heck a whois record says. Most internet users (even if they own a domain) don't know what WHOIS records are anyhow.
..the law in no way requires you to PROVIDE information. It simply requires that information that is PROVIDED must be accurate. From the actual bill:
(6) the term `counterfeit documentation or packaging' means documentation or packaging that appears to be genuine, but is not.
If I list my Address as "1234 Testing Lane," I'm in violation. But if I list it as "Not Disclosed", I don't believe (IANAL) that I am. Same goes for name, or listing the name as "System Administrator." E-mail could be listed as "whois@mydomain.com," which would be legit if that was a real e-mail address...
I don't know a way areound the phone number issue, however. I believe that listing "not disclosed" as a phone number would be within the law, but I'm not sure a registrant will accept that if they validate phone numbers...
"The bill as originally written, however, focuses primarily on penalties for promoting counterfeit music, computer programs, and other media with identical labeling." So promoting (ie spreading/sharing/p2p'ing) files that are not what they appear to be is illegal? Does this make the RIAA's activities of spreading fake files on p2p networks, illegal?
The real problem isn't false information in WHOIS databases. The real problem was allowing every stock broker with a geek relative to set up a registrar. I don't remember there being a Constitutional right to have a domain name.
In the beginning the internet was ruled (for the most part) by technology people, for technology people. The technology people did a reasonable job keeping their own arena in check. Wall Street showed up when they saw potential dollar signs. The technology people held back, forcing Wall Street to jump through hoops and hurdles to come up with funding and learn the jargon and the ways of computer science. This was wholly unacceptable to Wall Street as it was standing in the way of the technology bubble which would make them extraordinarily rich. Wall Street worked diligently through Congress to use public tax money (namely 401k funding) to subsidize the explosion of companies in the internet sector who both provided the equipment (personal computers, Windows support), the services (ISPs), and the content (web sites) for the web. As more people swamped to the network they learned about domain name registration and everyone wanted to be cool and have one. Domain name registration was no longer NSF subsidized and Wall Street quickly realized that being a registrar was a profitable endeavor. I feel that domain name registration should have remained subsidized to force the politicians to consider the result of their actions. I pay tax money. What's changed between now and '92?
The real problem is not the pollution of WHOIS databases. The real problem was the underhanded pillaging of public tax money to bring everyone, good/bad/indifferent, to the open network. If left to its own methods the computing industry would have evolved much more productively. There would never have been a complete sanitation (USENET trolls, a little spam) but the signal to noise ratio would have been preserved as much higher.
+++ATHZ 99:5:80
OTOH if you try to sell me tractor parts, claiming to represent John Deere, when you are in fact John Doe and have no relationship with the company, that *is* the business of the government that I support for my protection.
I wonder what libertarians did in the premodern world, when it was impossible for anyone other than a hermit to establish anonymity, and even few hermits could achieve it.
I run several sites, some of which contains information that some people do not like. I provide true information in my WHOIS record, but I am considering changing it to protect my privacy (WITHOUT HAVING TO PAY EXTRA FOR IT). I think I should have a RIGHT to privacy, not the ability to pay for a service to provide the privacy that I have a right to. The problem is that with valid information in my WHOIS record, anyone who doesn't like the content of my site (no, nothing about WAREZ or piracy or terrorism or anything like that) can call me up and harrass me about it.
I have gotten calls at 2 in the morning and people who mess with me simply because they have access to my information. I have a right to not be harrassed or attacked. Calling the police or phone company is a waste of time. I just want the RIGHT to privacy that our forefathers established for us.
Is that really so much to ask?
--- The revolution will be digitized! - http://www.binrev.com/ ---
Really simple solution for the registrars:
I give them my real info, they provide fake info. Or I get to continue to fake mine.
IF SOMETHING GOES WRONG the authorities can leave a message with the registrar who will contact me and tell me to check my messages. I will gladly talk to them if I hear of any problems. In the meantime, sorry Dotster, your monthly newsletters don't even show up in my Inbox anymore.
If the authorities want, they can yank the website after two weeks of no response from the owner. Or the registrar can choose to give up the owner's info at any time. Who would you register with? Someone that promised to keep your info private or someone that handed it over the very second the feds asked for it?
However, there are also people that are doing things online that, if they were done on a streetcorner, would get them arrested. They "know" that they cannot be caught, punished or prosecuted in any way because "online" is a law-free zone.
Why should this be the case? This means that not only spammers and the like can hide in plain sight, but also people that are actively making the Internet truely horrible are allowed to continue. Their actions are decried by governments and corporations alike and, unfortunately, those are the folks that can actually do something to change the nature of the Internet in ways that will be worse for everyone. For example, what would it serve if in order to register a domain you had to be registered as a business? Well, for one thing it would cut out kiddy-porn vendors and 19 sorts of scammers. But, it would also affect a lot of individuals.
I'm all for people protecting their privacy, but owning a domain and being private are not necessarily the same thing. Being able to hide your identity while posting on various dicussion boards is fine. Being able to set up a store where people can buy perscription drugs without a prescription for 10x the normal price isn't fine - but it is almost impossible to track these people down given the current system. Warez boards can be considered a true benefit to society - until you are a software developer with your sole income from sales of software.
I think the best example of this is where someone decides in a vindictive moment to register a domain "johnsmithsucks.com" and puts up pictures of John Smith and his family. Photoshopped pictures. Obscene photoshopped pictures. And amusing stories about John, his children and their dog. Try getting such a thing shut down if you have only "N.B." as the name on the domain registration. Yes, you might be able to track down the hosting, but maybe they are unhelpful or a bargin hosting company in Korea. You might be able to get it shut down, but I doubt it without an incredible amount of work. It would probably be better if you just left down quietly and changed your name.
Is this fair? It can happen today. Would you laugh if it happened to your neighbor? Sure you would, admit it.