Slashdot Mirror
IP Holders Press For Access To WHOIS Data
Stony Stevenson writes to tell us that the battle for access to whois data remains at a stalemate this week. "In a blog post on the Internet Governance Project's (IGP) Web site, Milton Mueller, Professor and Director of the Telecommunications Network Management Program at the Syracuse University School of Information Studies and a partner in the IGP, details the Final Outcomes Report of the WHOIS Working Group, published on Tuesday, and inability of the various stakeholders to reach any kind of consensus."
I imagine the board meeting went like this:
"Clearly, Simmons, everyone who has an internet connection is a potential criminal, and we need to keep tabs on these potential criminals in case they, at some point, intentionally break international copyright law."
"Here, here!"
"So we need access to this data, and if anyone opposes it - they must be hiding something other than just a guilty conscience."
"Besides, we're doing it for the children."
The article summary is vague to the point that one is unsure what the subject of the article is. The "IP holders" of the title are trademark registrants of companies which help trademark registrants identify possible infringement. The Whois data referred to is not the public data to which we all have access. Rather it is the names and addresses of the actually domain name registrants in those cases where the domain registrar is acting as a proxy and has placed its own contact information in the public Whois database. The dispute is about who should have access to this secret data and under what circumstances.
Why would the IP assigners be after the Whois data when they already hold it?
I kid, I kid
Realistically, I hope that the whois data is kept private
Cause the alternative smells bad... really bad...
Then again I can just look it up myself anyway, why can't they?
What would be some implications of Intellectual Property holders getting "less than restricted access" to the whois system?
Why do people like Mueller always lie?
"with their freedom lost all virtue lose" - Milton
While I consider myself anti-authoritarian, I recognize that there are some situations in which law enforcement and other parties have a legitimate right to pierce the anonymity of private registrations. If someone is operating a site hosting child porn or other illegal materials, the registrar should be required to give up the registrant.
Also, consider the case where a domain / site has been hijacked (or reverse-hijacked) by a thief hiding behind proxy services at a different registrar. The victim and victim's registrar cannot reliably identify them, and the Registry Operator won't get involved outside of invoking arbitration.
So keep the lawyers out, but establish some authority (Internet version of a FISA court) that can pierce anonymous registrations.
Information wants to be Free. Useful Information will cost you.
I hate you! and so does my cat! don't you snookems? yes you do, you know you do, you're a good little kitty aren't you?
Though I never use IE I just experimented with loading slashdot on it and it looks fine. Chill out dude. Have a cup o' joe, all will be fine.
I've said this before, and I'll say it again. Registrars are a big part of the spam problem. And the fact that they will sell (or provide freely) registration obfuscation services to withhold meaningful registrant contact data shows that many registrars are still in bed with the criminal spammers.
Come on, if you really have some reason to keep your registration data private, there are better ways to do it than letting your registrar do it for you. You could just as well get a PO box and use a free email account somewhere, which would accomplish the same thing but still have some degree of accountability. As it is, registrars have been able to withhold the contact information for their clients and there's been no accountability anywhere.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I use unique email addresses for almost everything online (slashdot.org@mydomainname, etc) so that I can track and block spam effectively. 99% of my spam (about 3000 per month that makes it to my spam folder in Gmail) is sent to technicalContact@mydomainname or administrativeContact@mydomainname or something similar that I have used in registering domains.
I'd be happy if they could just keep my email address private without charging extra for that.
Ben Hocking
Need a professional organizer?
Goobered up on me too. IE 6. Front page has articles names and header styles showing up as white on white. Only thing different that I did recently is clear my browser cache.
In most US states, each corporation is only required to maintain a registered agent address on file with the state, so anyone who needs to contact your organization can do so. The registered agent can be anyone, so for example, you might have your lawyer be your registered agent, and anyone who wants to know who owns the company has to go through him.
We've currently got the same system with domain names - your registrar can act as your registered agent, serving as a barrier between the public and you. If someone has a legitimate need to contact you, they can do so through your registrar. If not, they can't. I don't see any reason to change this.
paintball
Fully agree.
Any legitimate business in my town requires a license. That license requires a point of contact (real person), and a real valid address.
There are no "anonymous" businesses. Why should there be?
So why should there be an "anonymous" domain holder?
There is a perfectly good system in place (at least in the US) for people who have a legal right to access the private information of a domain registrant. It's called due process.
If you think someone is infringing on your trademark, committing fraud, or some other illegal or actionable offense, then you go before a judge and request the court issue a demand for that information.
Yes, it's expensive. Yes, it's a pain in the posterior. Yes, that is as it should be. The more difficult you make it to pierce the rightful barrier of privacy of an individual, the stronger that barrier is and the less capricious that piercing can be.
The courts are the place to go to acquire this information. The Markets make it profitable for legitimate companies to not hide that information.
Seems that's a pretty good system to me.
Because domain holders are not necessary businesses.
Using your logic unlisted phone numbers would presumably also need to be scrapped as they are something businesses have.
Companies should have their information available to the public, but individuals should be able to do whatever they wish.
"He hates everyone, day after day on slashdot he posts hate messages against blacks/jews/gays/emos/goths/etc, he does not see people anymore, just things he hates. Other slashbots cheer him on, nurtures his hate, to the point he can never rejoin society."
Erm.. doesnt that mean he's effectively joined a subculture? You know, the thing you claim he hates? Sounds like he's found people with similar interests (I.E. hating everything). So he's not alone, eh?
What's your point again?
The words extortion and antitrust come to mind.
I think registrations should be anonymous. I'm very much in favor of an anonymous Internet altogether, aside from who the domain registrar is. If the government has a problem with something, tough shit. They have plenty of ways to get what they want. They only need to know who the registrar is, and they can be served with a warrant for information on who paid for the domain. The registration contact info can be faked anyway.
As someone who owns a few relatively popular sites (+20k uniques daily) there have been times when people take a disliking to the sites and decide to harass me using my personal information, as I do not use whois protection (didn't use it in the beginning, and with whois history being easily accessible, it's rather pointless to start now), but a situation I am in right now is making me thing that the ownership information should be public. At least for .com, .net, .org and so on. .name which I believe is 'meant' for individuals could permit whois masking.
What happened is this. A friend of mine who also ran some relatively popular sites suddenly passed away. As his mother wasn't very knowledgeable about the internet at large, a person who had access to his servers at the time of his death decided to 'rescue' his sites, copied the data to his own servers, and then impersonated my friend, to transfer ownership from his Dotster account, to an ENOM account in the thiefs' name. He tried to do this with another name that was registered via Network Solutions, but they were "less helpful" in that.
Since he has WHOIS protection on all of his domains, it has been an uphill battle, to try and reclaim the work that my friend put in, from the thief. We tried working with GoDaddy and ENOM, but they have no interest in helping, after giving us a run around and telling us to indemnify them from any fault they may have had in it, ENOM ruled that this was an ownership dispute and not a transfer dispute and as such not something they want to deal with. GoDaddy who has been taking his money for years now has not even locked his old account, despite our efforts, so the thief keeps looking through it to find names he likes and moving them out. Both ENOM and GoDaddy are supposed to have internal dispute resolution departments, but neither is willing to take even a cursory look at such a cut and dried case of theft. There is no way my friend could've authorized his domains be moved more then a month after his death. (Sadly, I found out about this late, and had no easy way of reaching his mother for a while, so this happened before I was able to get in contact with them).
My friend is dead, we have his death certificate, we have the legal documentation that his mother is the executor of his estate (a horrible position to be in already), and we've been working since April now to try and reclaim at least part of what my friend has been working on throughout his life. The people who've worked with him on his other sites have been sitting on the fence, working more with the thief then with us, as the thief lets them pretend that they own those sites, and while they know he is wrong, they don't really think we will win.
At this point we've filed a UDRP motion on the basis of a common law trademark, since the domain is the business name my friend ran for eight years, but we can't do anything about the other sites that haven't been up for long, or domains that he never got around to using. There is no court of law that has jurisdiction here, because we don't know where the thief is based, and there is no guarantee that UDRP will see things properly, since they mainly look at it in trademark terms. When he was served with UDRP papers, the thief mirrored the site to another one of my friends old domains, and has the mirror running now, increasing his traffic that way.
If public ownership information had been required, I would like to think that people like the thief that we are dealing with would be more reticent to commit such acts of fraud with impunity. And some sort of a dispute process where registrars have to actually check what happened, and be able to resolve it. This should've been solved by GoDaddy who would be able to see that given that the account owner passed away, and the changes were made afterwards, that this is a pure case of fraud and told ENOM that the transfer was fradulent.
I'd call you a troll but... this really does describe me. Especially the "going right home at the end of a day" bit. I pretty much never stayed late in college except when I had to mope around in the library to study for a midterm or final. The only people I really talked to often were my professors -- and only ever talked to them about the coursework. I'm now 27 and have no friends. But hey, that's fine, I choose not to have friends. I tried having a social life in highschool and all I ever got out of it were "friends" who eventually would stab me in the back ("I think I'll hang out with these drug addicts instead of you. Thanks for the last 3 years of loyalty, see ya."), or play extremely cruel pranks on me.
When genuine loyalty is unrequited, can you really blame me for becoming this way?
There are alternative ways to handle trademark disputes, and there's been a lot of scope creep in how various special interests want to use the whois information since it's there, whether that's the RIAA who want to find the owner of a website that has allegedly-copyrighted MP3s on it or cops and spooks who want to find out who's published some thoughtcrime on the web.
The original purpose of whois information is to be able to contact the people who run a domain so that broken things can be fixed and bills can get paid. Contacting somebody doesn't mean you need to know their True Name, ICBM address of their house, pager, and home phone number - it means that you've got an email that reaches somebody who'll do something, a name or title to include in the message, and if there's a phone number that can reach somebody appropriate or a fax number to get them a message, it's there. So names like "Admin Contact" and email addresses like "DomainRegistration@example.com" are perfectly adequate for that. If you need to have a bill sent on paper to generate a company invoice, as opposed to sending the bill by email, then you also need a paper address, but it can certainly be a mailbox at a mailbox store rather than the home address of the registrant, because it's for sending bills, not subpoenas or SWAT teams. There are politicians and net.politicians who want to change this, but they're not only interested in violating your privacy, they're clueless about the real functions of whois.
If you don't provide contact information that's complete enough to fix a problem, then either the problem doesn't get fixed, or it gets fixed in ways that don't have your input.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The internet registrar certainly knows who is paying the bill. And even if it's paid via proxies, those proxies know who foots the bill. These folks aren't that hard to track down, and if you have a legal case against them, you can simply subpoena them for the details.
In other words, that information is quite available to anyone who wants to get it via legal process. It is not, however, available to every crackpot, stalker and internet rent-a-cop who wants it for no particular reason. And that, frankly, is exactly how it SHOULD be.
If they have a case, they can get the information. If they do not have a case, they have no business getting that information. What were they going to do with it, anyhow?
As much as I often wish that home owners received protection of their name and contact info (and even mortgage amount!) from shady marketeers and real-life crack-pots, why should owners claiming property ownership on the Internet receive special protection? "Because its the Internet so everything's different!" -- phbbt
I'm willing to agree to that compromise. What if it was required for any domain that exists to sell something to release its WHOIS data, while those who exist for non-profit (non-sales) purposes can keep their identities obfuscated?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
That's not an anonymity problem. That's an authentication problem.
One of the problems with all this "domaining" is that there are far too many domain transactions. The registrars that are "domain-tasting friendly" are worst about this. GoDaddy and ENom, with their multiple pseudo-registrars and affiliates, are heavily into domain-churning sideline businesses. They also have EULA terms much worse than the more legitimate registrars.
This isn't a WHOIS problem. It's a bottom-feeder registrar problem.
Incorrect. Most states that aren't tax dodges (I'm looking at you Delaware) also require some combination of annual reports, corporate bylaws, and principals (often just managing partner).
Yes. I've been data-mining that data for SiteTruth, and it's amusing. No two states have the same format, although there's some similarity. Delaware provides less free info than most states. Some states have deliberate weaknesses in their data. Nevada, for example, doesn't require that changes in corporate officers be reported, so many out of state Nevada corporations have the same guy at a corporation service listed as President.
But that's OK. We're working on recognizing certain common patterns. Like "Incorporation state in low-disclosure states list AND NOT in business directories as having operations in incorporation state AND NOT in SEC Edgar AND NOT registered as foreign corporation in state where doing business IMPLIES slimeball".
Anonymous businesses deserve low search rankings. We're making that happen.
"Milton Muelle, a partner on the Internet Governance Project weighs in on the ability of the various stakeholders to reach any kind of consensus. [Include what the IGP is...]"
If the registation companies are no longer allowed to provide obfuscation, then numerous 3rd party services will open, most run by the same people who run the registrars.
I would stick to my first definition, any site run by an organisation should identify itself as such, any site run by an individual should be free to use an agent or other organisation to handle communications for them. That way you have some transparency. (Although you could still abuse the system by claiming a corporate site is personal, it is a compromise I would accept.)
If your a big company, you can post your address etc and noone will come to your corporate lobby (except maybe michael moore).
For the little guy who owns a website, it means he will have to rent a mailbox or something to prevent any serious loonies (or govt investigator) from showing up during his saturday barbecue in the backyard.
This will only exacerbate the privacy war if allowed.
If this is allowed to happen then huge corporations should be made to publish the CEOs home address and phone number
on their corporate websites to make it fair.
Small business owners and individuals with no business registration should be allowed to use proxy registration services
without fear of reprisal.
As for the marketing angle, allowing unchecked access will create inordinate amounts of spam and
may even provide a doorway to identity theft.
Think about it.