At 5/18/02 5:38 AM, George Kirikos wrote: >I disagree with William here, in that serving process to (or more >generally, finding the person responsible for the activities of a >domain, say for law enforcement) is a very legitimate use of the WHOIS >data. We had a long debate on this topic on the DNSO GA mailing list, >in the context of how much privacy one should have for the WHOIS data. >See a summary here (section iv): > >http://www.dnso.org/clubpublic/ga/Arc10/msg00458.html > >and my own essay here: > >http://www.dnso.org/clubpublic/ga/Arc10/msg00399.html > >I believe Tucows/OpenSRS initially took the position that they sought >greater privacy. I hope that they'll re-evaluate that in light of the >debate on this list, in that there's a great public interest in having >that data kept accurate and public (at least to the minimal degree of >having 1 responsible party for a domain be visible; can be a lawyer or >other legal representative, and conceivably one can remove the >technical and billing contacts as those aren't essential).
For the record, I strongly disagree that there is any reason to have any WHOIS contact information public, and I am not in the least bit persuaded by the arguments in the posts you referred to. For example, the allegation is made that "The OECD suffered damages because of the fake registration data of ocde.org". That's not the case; they suffered damages because a porn site operator started using their domain name that Verisign had resold due to incompetence. OECD would have had the same damages if the WHOIS information had been correct, or private. The fact that the cybersquatter chose to give up the domain rather than reveal himself is unrelated to the public nature of WHOIS, but more likely because the domain "thief" didn't want to be revealed to the OECD people or go through a UDRP proceeding. The WHOIS data being public just happened to give OECD an unusual loophole with which to get their domain back without a UDRP proceeding in a somewhat bizarre case. Keeping WHOIS data public "so that if a cybersquatter takes my domain and happens to use false information in the WHOIS that he refuses to update, I can get it back based on the 'invalid information' clause of the registrar agreement without resorting to UDRP" is not a compelling argument. If, on the other hand, the argument is "WHOIS data needs to be public so that I can see who to serve UDRP proceedings on to get back a stolen domain" (which is not the argument that was made in the post, but which makes more sense to me), then I'll simply point out that it doesn't need to be public for this -- it can be revealed to anyone in a UDRP case or other legal proceeding. In the OECD example, even if the WHOIS data had been private, OECD could have started a proceeding, found out that the contact information was invalid, and won on that grounds if the respondent refused to respond. The post referred to continues, "I think it is undeniable that having this absolute privacy become standard would only encourage and embolden those who seek to commit abuse and use the domain name irresponsibly." Again, I disagree; these people already just give fake information. It's not the threat of having their name made public that stops people from doing illegal things with domain names, but the possibility that legal action might be taken against them. Having the owner information be private from Joe Public, but revealed in the case of legal proceedings, would be just as much of a disincentive. I must say this whole subject irks me. For the sake a few odd examples, the privacy of millions of people is thrown away. It's absurd, and it's hurting our industry; I have literally had customers cancel their domain names when they found out that their contact information was made public. I particularly resent the comment that anyone who thinks much greater privacy is not a solution is a "zealot". That's insulting. Privacy is a basic common sense issue, and I know from talking to customers that the vast majority -- greater than 90% -- do not want their contact information made public. By definition, a majority of an affected population are not "zealots", and their wishes should be respected. I strongly encourage OpenSRS to work towards greater restrictions on public WHOIS data. Aside from the obvious "feel good" benefits of greater privacy, it would help our industry in a number of ways that would at least compensate for, and probably exceed, any drawbacks. For example, theft of a domain by fax would be more difficult if the thief couldn't trivially tell what information needed to be put into the forgery, and DROA/Verisign/Junk Fax renewal scams would become a thing of the past. Obviously there are legitimate cases where some WHOIS data needs to be made available to certain parties -- legal proceedings, transfer confirmation e-mail addresses, and other specific objections people can come up with against "absolute" privacy -- but these are exceptions in which the average domain owner would understand that there is going to be some information leakage, and methods can be easily arranged to give people the information if they actually need it. For example, if someone is paying money to attempt to transfer the domain name, there is no reason why they shouldn't be told the admin confirmation e-mail address, and the end user contract could make it clear that this would happen. But just putting the owner's contact information in public for everyone to see? It's indefensible, other than the argument that "that's the way it's always been". That policy was designed for a different age when you might need to contact operators of one of a few hundred arpanet nodes, and makes no sense whatsoever today. Even expecting concerned people to use a lawyer's address or whatever is placing a burden on the registrant. Domain owners should be able to feel that any information they provide will not be released to others unless it's necessary for the operation of the domain or for legal reasons. Period. -- Robert L Mathews, Tiger Technologies "The trouble with doing something right the first time is that nobody appreciates how difficult it was."
