Canadian Domain Name Registrants To Get More Privacy

An anonymous reader writes "The Canadian Internet Registration Authority, which manages the dot-ca domain, plans to change its WHOIS policy to better protect domain name registrants. Quoting the Canadian Press: '[Law Professor Michael] Geist said the changes have raised the ire of law enforcement and intellectual property lawyers, who have used the Whois search to track down sexual predators and copyright violators.' Despite this, the organization seems committed to following through with the reforms." Geist also gave a talk recently about digital advocacy; the effectiveness of using modern technology to raise concerns and share ideas about issues such as privacy and copyright law.

Privacy....

[zappepcs]

It's not just for the police anymore.

A day without privacy is like... well, like a day living in a police state.

As for the reaction to this.... waaaaaa fucking waaaaahhh

While it's still part of the law, you police people will just have to do your jobs the way you were meant to... investigate, get warrants, follow the procedures laid out in the law. Remember, protect and serve? It hasn't changed. You are still charged with those roles in society. If you forget that, or ignore that, you are no better than warlords in mogadishu.

Get over it.

Re:Privacy....

[cayenne8]

"Remember, protect and serve? It hasn't changed. "

I thought it was to collect and serve....

At least with most forms of crime enforcement these days they seem to pursue with any vigor...

Spams and scams

[telchine]

From my experience, WHOIS details are mostly used by spammers and scammers. I get a steady stream of snail mail from scammers trying to pretend that they are my registrar and want me to renew with them (for a significant sum of course).

I've never had any legitimate mail sent to the snail mail address that I use to register my domains.

I get a torrent of spams to my registered email addresses. Ocassionally I get offers to buy my domains or just people wanting to contact me but that's may 1 or 2 emails a year.

I think having contact details in WHOIS is an archaic system left over from the days were everyone on the Internet was polite to each other (or something). It should be scrapped and only law enforcement agencies with a warrant should be able to access my contact details.

Re:Spams and scams

[bsDaemon]

I think having contact details in WHOIS is an archaic system left over from the days were everyone on the Internet was polite to each other (or something). It should be scrapped and only law enforcement agencies with a warrant should be able to access my contact details. Whois, finger, ~/.plan files - all relics of a courteous age before mass commercialization ruined various net services, just like its ruined practically everything else.

Its been a while since I registered a domain, but I do believe that info for the whois was optional. I've whois'd many a site that didn't have any contact info listed.

In fact, I think they only times I've ever gotten any useful and relevant info at all from whois has been for .edu or .org sites.

Re:Spams and scams

[argent]

From my experience, WHOIS details are mostly used by spammers and scammers.

And spamfighters, since spammers have to have reachable domains for their "customers" to locate them. Even if they disguise them, they still need to have some kind of web presence that the "customers" will find credible, and that provides a hook to locate them.

Re:Spams and scams

[gmack]

The problem is that I've used whois info to alert mail admins to known problems with their servers.

While I doubt the whole address needs to be in the whois info a contact email/ number would be preferable to blocking everything.

Re:Spams and scams

[value_added]

The problem is that I've used whois info to alert mail admins to known problems with their servers.

Possible use, but relying on the choices between, say, Administrative Contact and Technical Contact seems a bit hit-and-miss, given the general nature of that information, and the distinct possibility that the contact may be an arms-length individual like a corporate officer or VP, or a third-party like a lawyer. At any rate, I'd guess the usual abuse, postmaster, hostmaster, etc. addresses would be just as accurate or useful if needing to contact someone by email.

Re:Spams and scams

[ratboy666]

Why thank you!

I have domains -- all of them are .org, and ALL have valid whois information. The downside? I get spam (20 to 50 a day) that I suspect comes through the registry. But, I use my name at hotmail dot com with a forwarder for email (GetLive) and I have set the hotmail up with maximum aggressive spam filtering. I get 5 to 10 requests to "renew" my domains per year via snailmail.

All in all, not bad for 3 domains. Personally, I don't believe that fake information in the whois database should be allowed. I believe that the whois registry is like a phone book, or address list, and, because dns addresses are public, the registrants should be listed.

But maybe that's just me.

Re:Spams and scams

[pathological+liar]

Okay, but you can have an unlisted number because (wait for it) ... some people are concerned about privacy. How is hiding/falsifying WHOIS info any different?

Simple change:

When a copyright predators want whois data, make them provide the equivalent information about themselves and give it to the person whose whois data is being queried.

Re:Think of the children!

How is this a "think of the children" mindset? If anything, it shows that us Canadians have a "think of our right to privacy" mindset, and I fail to see how that is a bad thing.

dot-ca remains in the dark ages

Speaking as an owner of many .ca, .com and other domain names, the Canadian Internet Registration Authority (CIRA) is by far the most annoying to deal with.

With a normal domain name, you go to a registrar, pay your money, and you get your domain.

Not so with .ca. After buying the domain from a registrar, you are forced to go to CIRA's website, create a second account, and register again. And you're not done yet. They want you to send in a photocopy of your driver's licence. Can you say identity theft?

Even worse, what if you need to correct a minor typographical error? You might think you can log in to your CIRA account and fix it. Nooooo. Can you log in to your account with your registrar and fix it? Nooooo. You need to download and fill out the form, sign it, get it witnessed and send it in with photoID. Most people wouldn't bother - in fact, that is exactly what Tucows (a large .ca registrar) recommends - don't bother fixing it since it is such a hassle. Strangely enough, I attended a CIRA meeting where CIRA was complaining about the large number of errors in their registrant database. THERE ARE SO MANY ERRORS BECAUSE IT IS SO DIFFICULT TO FIX THEM!!!

Not to mention the fact that .ca names are far more expensive than .com. CIRA is swimming in cash from their monopoly fees.

Frankly, CIRA should contract out the whole thing to Godaddy. They would run it far better and cheaper.

Re:dot-ca remains in the dark ages

[JFitzsimmons]

I don't remember having to do steps 2 & 3 that you listed. I have a .ca domain but I definitely have not submitted any personal identification to CIRA.

Re:dot-ca remains in the dark ages

[floorpirate]

CIRA accounts are set up in two sections:

1) The actual account that holds your contact/ownership information (this account is generally referred to as your CIRA ID).

2) The "membership" account, which is to be able to do things outside of normal domain ownership, such as vote on CIRA board elections (details at https://member.cira.ca/en/index.html)

The CIRA ID is assigned when you register your first .ca domain (although you can have many, ask your registrar for details), and is based off the contact information you provided to your registrar. You buy the domain, then get a temporary CIRA ID to go to CIRA's website and confirm your details. They then e-mail you a permanent username and password (alphanumerical fun, and you can't change them). If you change your contact details through your registrar, you have to go to CIRA's site, log in, and confirm the change within the next 7 days, or they don't take effect. All .ca domains under a single CIRA ID share their contact information, no matter what registrars you buy them through (just make sure they link the same CIRA ID to your account before you start buying).

The membership used to be a yes/no option in the CIRA ID details when you logged in at CIRA's website, but they changed it last year. I went through the process to see how difficult it was, as I was working in a .ca registrar's customer service at that time. So you fill out a form, send it in with a photocopy of a driver's license, and they send you a letter by mail with details for going to their site and confirming. That's it. If you want to update the information, you send in another form. A web-based form for updating the information would be lovely, and probably will get put in eventually due to demand.

If you've got many .ca domains and have problems updating your information, talk to your registrar(s). Get all your domains moved into one CIRA ID, either by a change of ownership or a "merge" of CIRA accounts.

Re:Think of the children! We do

[arthurpaliden]

No, thankfully as a rule we are smarter and realize that our children are at higher risk of meeting a pedophile at the park, on a bus, at the mall, at an after school activity than on line.

Falsification ought to be criminal

[Teancum]

For myself, I believe that falsification of information on domain registration (aka the "whois") ought to be criminalized instead of swept under the table as it is right now. There are legitimate reasons for being able to identify specific pieces of equipment and domains ranging from technical (I'm getting a whole bunch of packets from you... would you roll back that software update you just did and fix the bugs) to criminal activity... most of which is mentioned in the parent article.

Or more to the point, if a domain has false information listed, the domain ought to be invalid and can be revoked. I dare any bona fide business to apply for a business license from a government agency giving the kind of information I've seen on most whois databases... especially the dot com types. Business license information is public information and often even published in network accessible databases as well... many even on the web interestingly enough.

Unfortunately, the domain registrars themselves have been allowed to be lax in the kind of information they expect, and is IMHO an example of ICANN and its corruption and mis-management.

For those individuals who are worried about privacy, this isn't to say that you can't communicate and use the internet for private communications. But a domain name was never meant to be private. Insisting upon privacy for what should be public information is a mis-use of the resource.

This is also a situation where a free and just society is required so you can have the freedom to be able to publish your name in a public forum and not fear retribution from those who may want to do harm to you. The real reasons for the desire for privacy is protection from criminal behavior... and it is the criminals who mis-use this information (aka sending spam, threating letters, or abusive prosecution) that should be punished severely. In other words, the desire for privacy stems from a break-down of government in establishing order and consistently prosecuting genuine criminal behavior that most people would consider to be criminal.

Re:Falsification ought to be criminal

[value_added]

But a domain name was never meant to be private. Insisting upon privacy for what should be public information is a mis-use of the resource.

And I'm still moaning that email was never meant to be anything but text. ;-)

The purpose of the legislation is to address the continuing increase in personal domain registrations. It's entirely conceivable that one day, everyone will be required or will otherwise want to register in some form. That leaves us in a difficult position where the traditional approach of making everything public must be balanced with the privacy needs of millions of new registrations by ordinary individuals.

Resolving that conflict by admitting no one anticipated this state of affairs, or saying this isn't how things are supposed to work, is hardly satisfactory. And when you mix in the changing interests or requirements of all the parties involved, ranging from the various internet authorities, to law enforcement, ISPs, network administrators, all the way down to Dick and Jane, I can't see how anyone could say let's just leave it alone.

Hell, it wasn't too long ago that ATT would routinely publish whois info for their fixed IP accounts. Makes perfect sense, until you realise it doesn't.

One approach, or workaround, would be to advise (require) everyone to hire a personal lawyer to handle everything; the registration info would be public, but the personal information would remain personal. Another would be what the Canadian government is doing. Personally, I expect all this will work itself out in time, but I worry that we'll find ourselves in a very different world than when we first started.

Epic Fail?

[PC+and+Sony+Fanboy]

How can you say canada gets the epic fail when it comes to technology?

I don't see your logic. We've got some of the best laws (for consumers rights) in the world, we've got freedom of speech and protection from unlawful persecution.

On top of all that, we've got legalized file sharing in the form of a cd levy! (Yes, you americans have it too, but your laws still allow the RIAA to run rampant...) Well, so long as it is paid, there is no criminal basis for non-profit filesharing lawsuits!

Re:Epic Fail?

[Wrath0fb0b]

How can you say canada gets the epic fail when it comes to technology? I have 20/5 Mbit unshaped fiber optic internet to my home for $50/month (Verizon FIOS) and unlimited 1Mbit/256 EVDO mobile internet to my phone for another $20US/month (Sprint SERO).

I buy all my music (and not very much of it) so I don't have to worry about the RIAA. As far as free speech, I think it's sufficient to note that the Supreme Court of Canada has interpreted freedom of speech as subservient to some of the other goals in the Charter of Rights:

The effect of this type of material is to reinforce male-female stereotypes to the detriment of both sexes. It attempts to make degradation, humiliation, victimization and violence in human relationships appear normal and acceptable. A society which holds that egalitarianism, non-violence, consensualism, and mutuality are basic to any human interaction, whether sexual or other, is clearly justified in controlling and prohibiting any medium of depiction, description or advocacy which violates these principles (R. v. Butler, 1992] 1 S.C.R. 452, at p. 494, citing the MacGuigan Report of 1978). In Keegstra, the Supreme Court of Canada upheld convictions for similarly vague "hate speech", e.g. ""promoting hatred against an identifiable group". More broadly, a report summarizes it thusly:

The Supreme Court has ruled that the government may limit free speech in the name of goals such as ending discrimination, ensuring social harmony, or promoting gender equality. It also has ruled that the benefits of limiting hate speech and promoting equality are sufficient to outweigh the freedom of speech clause in the Charter of Rights and Freedoms, which is the country's bill of rights incorporated in the country's constitution. . . . The US is not having a good decade (ok, that's an understatement) but at least we are free from the coercive power of a government that insists on furthering multiculturalism agenda by force (not that I oppose multiculturalism or tolerance, but even good ideas ought not to be coerced). Despite my abiding hatred of racism, I am proud to live in a country were it is legal to burn a cross to make your point of view, no matter how odious that POV is. http://en.wikipedia.org/wiki/R._A._V._v._City_of_St._Paul.

I should make clear that I regard both Canada and the US as at the forefront of modern liberty and well ahead of the rest of the world in that respect. Disagreements between us are disagreements on common values -- they demonstrate that we are closer than further (in a manner of speaking).

See also:
http://en.wikipedia.org/wiki/R._v._Butler
http://en.wikipedia.org/wiki/R._v._Keegstra
http://en.wikipedia.org/wiki/R._v._Andrews

Re:Epic Fail?

[Excelcia]

If the assumption was as you say, then the levy would be the amount of a price of a music CD. As it is, it's a few cents. And it's not on every blank CD - it's on ones marked as for audio. Which means you can just buy stacks of "data" CDs and use them to your hearts content, levyless, to copy audio.

Your argument, that our legal system assumes everyone is "guilty" of piracy, is circular. How can our legal system be assuming you're guilty of violating a law when doing an act the same legal system explicitly permits? It's like saying a tax on gasoline means you're guilty of driving. Dizzying logic, even for an American. :)

Re:Epic Fail?

[dryeo]

Data CDs also have the levy. http://en.wikipedia.org/wiki/Private_copying_levy#Canada

Re:Epic Fail?

[Excelcia]

The extension to murder implies that copying a music CD is inherently wrong - in the legal world, malum in se. Murder, rape, serious assaults - they cause harm, and are generally agreed to be wrong anywhere you go. I don't think that many people would agree that copying a CD causes direct harm to the copyright holder. If there is any harm at all, it can only be indirect - perhaps due to a loss of revenue. If that revenue loss to the copyright holder is made up by the state by a special tax, wherein is there any harm done at all?

There is actually some convincing evidence that suggests there is no link between music copying and a loss of revenue, even in countries where such copying is illegal and there is no tax. Often such copying is done by people who would never have purchased the "retail" CD anyway, even if they couldn't copy. There is evidence to suggest that copying by those people results in the wider dissemination of music to those who can (and do) then purchase it. If this is indeed the case, then the blank media tax is actually giving the music industry more money than they would have had even if there was no copying done at all.

Whether or not this is the case, the fact is that if someone who would never have purchased a CD copies it, there cannot be said to be any harm done to the copyright holder. The copyright holder has lost nothing. This can only ever be malum prohibitum.

In Canada, rather than empowering our government with more and more draconian measures to stop violations of laws with questionable underpinnings, we simply add a small tax to blank media. This is our way of indicating how much we value music makers, and remunerating them for what they provide us. No DMCA, no court system clogged by the RIAA suing disabled people or single mothers, just a quietly effective system that looks to me to be fair to all.

The sad thing, is that law makers in the United States are putting enormous pressure on our government to adopt a more American system. That would be a tragedy, and I hope that we hold out.

I do apologize for the misinformation about data/audio CDs. I seem to remember this distinction being made at some point, though, so that may be a change in more recent levies. I don't generally use blank CDs much for data nowadays anyway - I use DVD, which has no levy. In fact, I only ever use blank CDs for the occasional audio disc, so the levy works well in my case.

Re:Epic Fail?

[Wrath0fb0b]

Ah yes, free speech in the glorious USA means I can join the KKK, actively proclaim that the holocaust didn't actually happen and engage in racism/sexism, so long as it is done under the guise of 'free speech'... Care to explain how any of those things are not speech (well, the racism/sexism part is ambiguous -- do you mean having/talking about those views or discriminating against someone in hiring/renting/business/etc . . )? It's not a guise, it's a principle.

Of course, every reasonable person would want to stop the KKK, holocaust deniers and is generally against racism and sexism. Those of us that stand up for those rights don't disagree - we just think the cost of allowing the gov't to proscribe some speech is worse than just living with that speech. It comes down to an unwillingness to allow any one point of view, no matter how wonderful or evidently right, to become an orthodoxy imposed by the gov't. After all, if the KKK is such a terrible idea, it will eventually die out (and pretty much has).

There is only one acceptable response to "bad speech" and that is "good speech" correcting it and persuading people that you are right. If you have to restrict speech that is opposed to your values then you must not have much faith in the power of your ideas.

Why not get a court order to get whois?

[urbanriot]

Why is this such a big deal for law enforcement? They should have to get a court order to view this information, and I don't see that being a big deal if they're actively pursuing an investigation.

Re:Anonymous Coward

[Insanity+Defense]

When I registered my domain name I went to the company I chose as an ISP filled out forms, handed over cash to pay for the next year. At no point did they check my ID. I could have listed myself as Herman Munster 1313 Mockingbird Lane for all they cared. Yes I am a Canadian and registered a .ca domain name. I was honest but I didn't have to be.

So what was stopping them before this?

Provable ownership?

[SanityInAnarchy]

What happens if a registrar just decides to "forget" about a domain? Or refuse to transfer it? Or something similar...

A whois record, at the very least, is proof that I own the domain. In fact, I believe certain obfuscation services, like GoDaddy's, may actually involve the registrar taking legal ownership of the domain on your behalf.

Re:Provable ownership?

[billcopc]

A whois record is proof that the registrar tagged your domain with that particular info. It is not proof of ownership, and they can change the info at whim. There's no bound value.

I'd be fine with Whois offering an email address for domain-related issues, but even better would be to do away with it entirely. Just send your gripes to abuse@ or postmaster@. Whois info has been more often used for bad than good.

Re:Anonymous Coward

[Gorshkov]

I was honest but I didn't have to be.

Except, of course, for the little detail that all it would take is a single complaint about your invalid information and you'd loose the domain.

a little perspective pls

[doppiodave]

i'm the proud owner of a gaggle of .ca domains, going back to the days when they were administered as a labor of love out of the university of british columbia by one dedicated soul - John Demco. he was rewarded by having abuse heaped on him for being way too particular about whether applicants were stealing trademarks, or were otherwise out to make trouble. unsurprisingly, he was a volunteer working under the de facto authority of Jon Postel. many Canadians, esp those in business, wanted a system more like .com, so anybody could get registered in 2 minutes flat - a great system until we had to endure years of cybersquatting, reverse-cybersquatting and the like. when CIRA took over 8 years ago, they had far more resources to throw at the .ca domain, yet have built a system very much in the spirit of the old one - fair, secure and extremely well administered. the decision to pull .ca data out of whois is just another step along that path. why anybody is surprised or upset by this decision is a mystery to me. law enforcement officials everywhere will always be disappointed if they're not allowed to stick a probe up your ass to see what you've had for lunch. as for privacy on the Internet, it's long gone - in so many ways it's hard to count 'em. if "officials" are pissed about CIRA, it ain't because they're pulling whois out from under them. it's because CIRA operates at arm's length from the government, which is a lot more than you say for ICANN and the Dept of Commerce.

Re:Think of the children! We do

[CastrTroy]

What is the percentage of pedophiles? Are the any studies that have been done on this? They say that 10% of the population is homosexual. What percentage of the popuplation is sexually attracted to children. And what percentage of those people would follow through on those attactions? Based on the news you hear (sensationalist, I know), it seems to be quite common. But how common is it really, and is it more worth worrying about your child being hit by a car while crossing the street, because somebody didn't stop at a red light?