Re: WHOIS Privacy Stalemate... Again

["Don Blumenthal" <dmblumenthal () gmail com>]

On 8/22/07, Andy Sutton <newslists () pessimists net> wrote:

> All I really care about is that someone answers when I tell them about
> their box being naughty.  I don't need to know their name, address, etc.
> for that.  LEO with a warrant would get the non-shielded information
> from the registrar regardless, so that's not much of an argument one way
> or another.

I'm using this post to jump in after a couple of days' problems with
my gmail account.

Warrants/subpoenas/CIDs take time, which is at a premium in 'net investigations.

As for bad info, the amount of nonsense in whois records is ridiculous
and I wish that ICANN would do more to ensure that registrars acted on
reports of bad info. However, the records may have legit information
even for LE targets. Not all of them are "bad guys" in the common use
of the word, and sometimes folks do things on the web that they don't
think are illegal. In fact, the activities might not be illegal until
a given agency stretches the definitions in its statutes.

All of that is important because whois records may be the only easily
available contact info. I'm finding a quickly increasing number of
ecommerce sites that have absolutely no information except for
something like "info@...." That's not helpful to LE, consumers (I can
assure doubters that consumer self-help through use of whois is real),
or anybody else who needs to address a problem.

OK. I've superficially covered why accurate info is important for more
than just LE and the fact that whois records may actually have usable
data even when it comes to LE targets. Having said all that, I don't
support eliminating the option for privacy/proxy systems. Home based
businesses and political sites, to name a few, have real privacy
concerns when it comes to information in whois records. PO boxes and
other mail drop solutions may work in large cities, but their value as
shields diminishes as populations decrease and, since we're talking
about an international system, aren't always options at all. Banning
sanctioned ways to hide info will only increase the amount of garbage
in the databases.

The current privacy mechanisms aren't good but I don't have a good
solution. Proposals for commercial/non-commercial designations that
would govern what has to be visible in whois have obvious problems.
Tiered access has floated around for a long time and probably has the
best possibilities, but presents its own set of issues and the
development of proposed systems that I was following seems to have
bogged down

Don
-- 
Don M. Blumenthal
Technology, Law, and Policy
dmblumenthal () gmail com
www.donblumenthal.com
734-997-0764        202-431-0874 (c)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.