Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proposal To Limit ISP Contact Data Draws Fire

Posted by timothy on from the whatis-whois dept.

An anonymous reader writes "A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software, according to a story at Krebsonsecurity.com. From the piece: 'The American Registry for Internet Numbers (ARIN) — one of five regional registries worldwide that is responsible for allocating blocks of Internet addresses — later this month will consider a proposal to ease rules that require ISPs to publish address and phone number information for their business customers. Proponents of the plan couch it in terms of property rights and privacy, but critics say it will only lead to litigation and confusion, while aiding spammers and other shady actors who obtain blocks of addresses by posing as legitimate businesses.'"

10 of 100 comments (clear)

  1. Businesses... by Renraku · · Score: 4, Funny

    Only for businesses, of course, since they have the money and don't mind paying extra to be untraceable. In fact, why not just go ahead and pass a law that bans popup blockers and mandates every citizen to an hour of forced ad viewing per day?

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
    1. Re:Businesses... by mysidia · · Score: 5, Informative

      Almost correct... ARIN does not need IP addresses or contact data to be published for residential dial-in users, provided they are not assigned a /29 (or shorter prefix)

      Currently a /29 is the magic number. If you get a netblock that is larger, such as a netblock with 16, 32, 64, 256, or more contiguous IP address numbers, then the upstream provider has to publish re-assignment information and a contact.

  2. This should be simple... by Oxford_Comma_Lover · · Score: 3, Interesting

    Person A says to cops: "I received spam. Here is copy."
    Cop identifies IP.
    Cop says to provider "Give me billing info on this IP b/c of spam."
    Provider gives billing info. If not, does so after quick court order. If still not, gets shut down.
    Cop contacts business. If hijacked computer, refers to techies. If not hijacked, quick court case by DA. IF spam, gets shut down and pays large statutory damages and prohibited from using net again for X years.

    Or something like that.

    The problem is having a quick, efficient, and intelligent police response in place, and having people know where they can go to get it. We will never stop spam unless we decide to commit sufficient resources to doing so.

    We might use civil causes of action, class actions, and/or private atty general statutes. (But have to be careful to limit abuse.)

    --
    -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
    1. Re:This should be simple... by Improv · · Score: 3, Insightful

      Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards. Besides, not everyone is in the US.

      Privacy is less important here than the potential for menace and the ability of people to kvetch directly at troublemakers.

      --
      For every problem, there is at least one solution that is simple, neat, and wrong.
    2. Re:This should be simple... by ShakaUVM · · Score: 3, Insightful

      I know that for my company, I'd get a lot less spam if they couldn't trawl my email address out of the registry. Fortunately, a quick filter set up gets rid of most of it.

  3. Why is it so hard? by Auroch · · Score: 3, Insightful

    If GB is passing laws to cut off file sharers, who do so for personal use only, why can't they move quickly to impede spam?

    ... oh right. Spam is enterprise, brings in money. Piracy takes it away. Never mind that everyone loves piracy and hates spam ...

    --
    Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
  4. Re:Get rid of "private" domain registrations first by tomhudson · · Score: 4, Insightful

    You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?

    You have an address on the door to your place that's publicly viewable. What's the problem with that?

    You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?

    You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?

    You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?

    You want to host something on the net? Fine - be prepared to post valid contact info. Otherwise, make arrangements for someone else to host it, or host it off the net.

  5. Re:Get rid of "private" domain registrations first by Bakkster · · Score: 3, Insightful

    In these cases, access is limited (by line-of-sight), or the information does not provide back-tracability. That no longer happens when posted online.

    Or would you like to prove this isn't a big issue by posting your phone number, address, license plate number, and check routing/account numbers here for us?

    --
    Write your representatives! Repeal the 2nd Law of Thermodynamics!
  6. Re:Get rid of "private" domain registrations first by causality · · Score: 3, Insightful

    Or would you like to prove this isn't a big issue by posting your phone number, address, license plate number, and check routing/account numbers here for us?

    STRANGELY ENOUGH the people who argue against privacy never seem to want to do that. They aren't terribly committed to their statements after all.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  7. Re:Get rid of "private" domain registrations first by TheSpoom · · Score: 4, Interesting

    You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?

    A license plate is an indexed key. To actually obtain the data associated with the key, you have to be in a position of authority (e.g. a police officer).

    You have an address on the door to your place that's publicly viewable. What's the problem with that?

    You're already there.

    You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?

    You don't? Tell that to Anonymous.

    You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?

    You can contest things that happen to your bank account. Nonetheless, I don't let just anyone have the information on my checks.

    You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?

    No, I don't. :^P Further, even if I did, people have to get close enough to view it. It's not in a publicly accessible database, like WHOIS data for domains.

    I like the ability to anonymously post information to the internets. Part of that is the ability to be free from WHOIS spam as part of a domain registration.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs