IP Holders Press For Access To WHOIS Data 103
Stony Stevenson writes to tell us that the battle for access to whois data remains at a stalemate this week. "In a blog post on the Internet Governance Project's (IGP) Web site, Milton Mueller, Professor and Director of the Telecommunications Network Management Program at the Syracuse University School of Information Studies and a partner in the IGP, details the Final Outcomes Report of the WHOIS Working Group, published on Tuesday, and inability of the various stakeholders to reach any kind of consensus."
Not just for IP. (Score:4, Interesting)
Also, consider the case where a domain / site has been hijacked (or reverse-hijacked) by a thief hiding behind proxy services at a different registrar. The victim and victim's registrar cannot reliably identify them, and the Registry Operator won't get involved outside of invoking arbitration.
So keep the lawyers out, but establish some authority (Internet version of a FISA court) that can pierce anonymous registrations.
Re:I still oppose anonymous registration (Score:4, Interesting)
Taking my former blog site as an example:
I run a private little website as a hobby.
I pay $25 per year for hosting (reasonable quality host, 75MB disk space and 3GB monthly bandwidth, email, the lot).
I pay £3.69 per year (~$7-$8) for a
Total normally: about $35 per year, tops.
The Registrars follow your "must show details" and I suddenly have to pay £58 per year (~$120) to get a PO Box, or twice that if I don't want to have to keep checking it but instead have it delivered to my real address? (UK PO Box prices [royalmail.com])
Total with PO Box: at least $150 to $250!
I think the only thing I can say there is "WTF? Hell, no!" That's a ridiculous amount of expense compared to the website itself.
Re:Article Summary (Score:3, Interesting)
I also think that while being anonymous has some problems, having your information out there where anyone can get it can invite trouble. Upset the wrong person with a certain message on your site and you might get a stalker or worse.
Re:Article Summary (Score:3, Interesting)
There already are legal procedures in place to balance personal privacy and security (keeping any miscellaneous yahoo from accessing your info for wrongdoing) with the needs of law enforcement. If someone has sufficient evidence that a particular domain holder is up to no good, then they can go before a judge and get a court order for the information to be released. That is how it is SUPPOSED to work in our system. If they don't have sufficient evidence to start with, then it is the proverbial fishing expedition and should not be allowed. It shouldn't be that hard -- after all, if their website is accessible, and clearly is in violation of some law, that should already be sufficient grounds and a slam dunk to get the info. Almost all registrars provide private domain registration, but also will happily cough up the goods if handed a legal order of some sort. That's the balance. Prosecutors can easily get the legal justification for what they want if they would bother to do so -- they just increasingly don't want to bother.
Unfortunately, in this day and age of warrentless wiretapping and the like by the Feds, I imagine investigators at every level are starting to press for wider powers and latitude in this area. They probably think "the Big Boys(TM) don't have to jump through all these hoops, so why should we have to?" Just another way in which the Bushies are cultivating a culture of "anything goes" when fighting the bad guys, and slowly eroding respect for the priciples and checks and balances that have protected us for so long.
I don't know.... (Score:2, Interesting)
What happened is this. A friend of mine who also ran some relatively popular sites suddenly passed away. As his mother wasn't very knowledgeable about the internet at large, a person who had access to his servers at the time of his death decided to 'rescue' his sites, copied the data to his own servers, and then impersonated my friend, to transfer ownership from his Dotster account, to an ENOM account in the thiefs' name. He tried to do this with another name that was registered via Network Solutions, but they were "less helpful" in that.
Since he has WHOIS protection on all of his domains, it has been an uphill battle, to try and reclaim the work that my friend put in, from the thief. We tried working with GoDaddy and ENOM, but they have no interest in helping, after giving us a run around and telling us to indemnify them from any fault they may have had in it, ENOM ruled that this was an ownership dispute and not a transfer dispute and as such not something they want to deal with. GoDaddy who has been taking his money for years now has not even locked his old account, despite our efforts, so the thief keeps looking through it to find names he likes and moving them out. Both ENOM and GoDaddy are supposed to have internal dispute resolution departments, but neither is willing to take even a cursory look at such a cut and dried case of theft. There is no way my friend could've authorized his domains be moved more then a month after his death. (Sadly, I found out about this late, and had no easy way of reaching his mother for a while, so this happened before I was able to get in contact with them).
My friend is dead, we have his death certificate, we have the legal documentation that his mother is the executor of his estate (a horrible position to be in already), and we've been working since April now to try and reclaim at least part of what my friend has been working on throughout his life. The people who've worked with him on his other sites have been sitting on the fence, working more with the thief then with us, as the thief lets them pretend that they own those sites, and while they know he is wrong, they don't really think we will win.
At this point we've filed a UDRP motion on the basis of a common law trademark, since the domain is the business name my friend ran for eight years, but we can't do anything about the other sites that haven't been up for long, or domains that he never got around to using. There is no court of law that has jurisdiction here, because we don't know where the thief is based, and there is no guarantee that UDRP will see things properly, since they mainly look at it in trademark terms. When he was served with UDRP papers, the thief mirrored the site to another one of my friends old domains, and has the mirror running now, increasing his traffic that way.
If public ownership information had been required, I would like to think that people like the thief that we are dealing with would be more reticent to commit such acts of fraud with impunity. And some sort of a dispute process where registrars have to actually check what happened, and be able to resolve it. This should've been solved by GoDaddy who would be able to see that given that the account owner passed away, and the changes were made afterwards, that this is a pure case of fraud and told ENOM that the transfer was fradulent.
Re:Article Summary (Score:1, Interesting)
Re:Article Summary (Score:3, Interesting)
I could agree that citizenship would be difficult to enforce (although I guess the Canadians do it somehow) but residency should be easy enough and very fair from the point of view of the residents - you just need a valid address in the UK. Again, you could fake it, but then you get screwed when they try to send some required information to you.