Forgot your password?
typodupeerror
EU Privacy The Internet

EU Privacy Watchdog To ICANN: Law Enforcement WHOIS Demands "Unlawful" 81

Posted by timothy
from the whois-you-to-make-these-demands? dept.
First time accepted submitter benyacrick writes "WHOIS was invented as an address book for sysadmins. These days, it's more likely to be used by Law Enforcement to identify a perpetrator or victim of an online crime. With ICANN's own study showing that 29% of WHOIS data is junk, it's no surprise that Law Enforcement have been lobbying ICANN hard to improve WHOIS accuracy. The EU's privacy watchdog, the Article 29 Data Protection Working Party, has stepped into the fray with a letter claiming that two of Law Enforcement's twelve asks are "unlawful" (PDF). The problem proposals are data retention — where registrant details will be kept for up to two years after a domain has expired — and re-verification, where a registrant's phone number and e-mail will be checked annually and published in the WHOIS database. The community consultation takes place at ICANN 45 in Toronto on October 15th."
This discussion has been archived. No new comments can be posted.

EU Privacy Watchdog To ICANN: Law Enforcement WHOIS Demands "Unlawful"

Comments Filter:
  • Who's job is it? (Score:5, Interesting)

    by houstonbofh (602064) on Sunday September 30, 2012 @12:56PM (#41506847)
    What is this push the past few years that technical companies need to do the job of law enforcement? The craigslist hooker scandal is a prime example... Here is this nice list of criminals for you to arrest, yet it is the websites fault?
    • by cavreader (1903280) on Monday October 01, 2012 @12:09AM (#41510585)

      I just wish the EU would actually start contributing anything that even comes close to being innovative in the IT world instead of using lawsuits and bureaucratic non-sense to generate their revenue stream needed to support the unelected gas bags currently running the EU bureaucracy. They actually make the US Congress look good which is no small feat. I know everyone on this site hates to say anything positive about MS but I really wish MS would tell the EU to fuck off and then close every single office and facility and let the former workers find other jobs while the US stops issuing Visas to people from that regional block without overwhelming proof that they actually have something positive to contribute.

      • by Anonymous Coward on Monday October 01, 2012 @04:12AM (#41511221)

        Speaking as a european who is rather sick of having the US meddle in our internal affairs on a constant basis and grossly misrepresent us in your own media, I would heartily welcome such a change. Please, please, please isolate yourselves from the world to a greater degree than you currently do.

        • by Anonymous Coward on Monday October 01, 2012 @08:01AM (#41511867)

          Speaking as a european who is rather sick of having the US meddle in our internal affairs on a constant basis and grossly misrepresent us in your own media, I would heartily welcome such a change. Please, please, please isolate yourselves from the world to a greater degree than you currently do.

          Oh give it a rest already. My government only meddles in your affairs as far as your government allows it to happen. It's your job as a citizen to make sure your officials do what you want, so the blame is as much on you as an individual as it is on me. As for how you're represented in the media, it pales in comparison to the bullshit I see spewed out every day about my country. Look, unlike some people I watch a variety of news sources from all over the planet. I see just as much misrepresentation of Europe come out of your own damn services, which is actually where most of the US services get their European-related stories to start with. I see just as much misrepresentation of US affairs coming from US sources as well, so it's hardly an issue just on one side of the ocean.

          Look, we (and by 'we' I mean good people, not citizens of a specific country) came up with this whole internet idea. It's blurring the lines between what even counts as "your" business or "my" business. You're falling right into the trap laid out for you by the "powers that be"- you're buying into the bullshit Nationalism coming from everywhere, you're allowing those powers to convince you that this is an "us vs. them" situation. Well it is, but the "us" is people all over the planet and the "them" are the governments. Quit directing your anger at the people, and put the blame on the dirt-bag politicians who are the actual culprits.

      • by jareth-0205 (525594) on Monday October 01, 2012 @05:13AM (#41511405) Homepage

        Dear cavreader,

        Kindly fuck off.

        Sincerely,

        500 million EU citizens.

        • by cavreader (1903280) on Monday October 01, 2012 @11:05AM (#41513453)

          Thank You. I'll be sure to remember this sentiment the next time your population starts anther culling period. Maybe you will be less a problem when the population gets whittled down to 10 million or so, especially when you end up having to rebuild your stagnant society with US money and US military protection.

      • by Anonymous Coward on Monday October 01, 2012 @05:40AM (#41511481)

        Yes, I'm sure Microsoft wants to surrender over 50% of its revenue because of childish tantrums such as yours... Troll, indeed.

        The EU is behind more positive changes in IT [at least for European citizens] than the US Congress and Administration has managed in the last three decades. Privacy and other rights are under constant attack by the US Congress and special interest groups! The EU sticks up for its citizens, when is your gov't going to do the same!?

        The home of the "brave" and "free" is not in the US any longer(!)

        • Re:Poor Baby (Score:2, Informative)

          by cavreader (1903280) on Monday October 01, 2012 @07:40PM (#41519823)

          "The EU is behind more positive changes in IT"
          Name one mainstream application platform, development environment, or key technology that isn't built upon technology originally developed in the US or blatantly stolen by countries like China. IBM, MS, Apple, Xerox, Dell, HP, Google, Facebook, Twitter, Oracle, Red Hat, and CISCO are just a few examples of the global IT contributions developed in the US. And while the Internet has grown due to contributions from both inside the US and outside the US the fact is the Internet began life as a DARPA project. There is a good reason the Internet root servers are under US management and will remain so. Nationalism be damned the fact is the world at large contributes very little to advancing IT technology. Why should they invest the time and money when you can just use what others develop. This mirrors why the EU would rather rely on US military technology and protection. That's not to say their are no foreign contributors but the majority of non-US professionals live and work in the US because that is were the opportunities are. Even Torvalds had to immigrate to the US to advance his Linux development because even though Linux might be considered open source he actually got corporate sponsorship and a salary while doing continuing his work. Do you think Google would have succeeded if it was developed in Russia? About the only country contributing any thing worthwhile in IT technology is Isreal.

          And your privacy issue is 100% BS. England has a CCTV on every corner. And while people everywhere bemoan privacy issues you should remember the US government could have tracked you down way before the Internet was every built. Drivers licenses, Mortgages, Personal property deeds, bank accounts, tax rolls, birth certificates, and even wire tapping have been available for quite a while. It might have taking more time to put the information together but the end result is the same. And wile I can't speak for Europe or any other country the US has strict rules of evidence in place for judicial procedures and I have seen no evidence any US citizen has been convicted of a crime based upon warrant less data collection. Evidence collected illegally is regular in admissible in court proceedings. The only way to get around this is for the prosecutor to argue inevitable discovery. Also give me an example of the EU sticking up for it's citizens. No government or system is perfect by any means but the EU has really never shown that they have a spine to deal with any important problems facing the world today. They prefer to castigate the US for not providing a solution and when the US tries they get accused of meddling. And finally I really wish the EU would develop their own IT technology because I am tired of traveling to the European continent to help make sure their technology and associated applications actually work.

  • by Anonymous Coward on Sunday September 30, 2012 @01:04PM (#41506897)

    http://linkhay.com/hoa-gau-bong-rat-thich-hop-lam-qua-nhan-dip-sinh-nhat-8-thang-3-20-thang-10-noel-va-dac-biet-la-ngay-tinh-nhan-valentine/971465

  • by bobbutts (927504) <bobbutts@gmail.com> on Sunday September 30, 2012 @01:05PM (#41506905)
    That would be a problem for me. I have hundreds of domains with a made up phone number. The last thing I wanted was calls from robo-dialers mining the whois db to a real number.
    • by radiumsoup (741987) on Sunday September 30, 2012 @01:16PM (#41506975)

      you could always get a Google Voice number and not forward it anywhere (or set it to perma-do-not-disturb) - you'd still be able to browse through voicemails if necessary through an email interface

    • by jonbryce (703250) on Sunday September 30, 2012 @01:18PM (#41506993) Homepage

      I have a few .uk domains. Because I am a non-trading individual, my details other than my name are not available to the public, but law enforcement can apply to the courts to get the details if my domain names are being used for illegal purposes. That seems to me to be a good balance between allowing law enforcement to shut down websites used to sell fake concert tickets, distribute malware and so on; and catch those responsible while ensuring I don't get continually harrassed by "The Domain Registry of Europe" and similar outfits that law enforcement ought to be going after.

      • by Frosty Piss (770223) * on Sunday September 30, 2012 @02:07PM (#41507321)

        ...but law enforcement can apply to the courts to get the details if my domain names are being used for illegal purposes. That seems to me to be a good balance..."

        Yes, but who defines "illegal purposes" and who vets the alleged "illegal purposes" to determine the validity of the request?

        "Law Enforcement" is well known to have, shall we say, "unique" ideas about the definition of "illegal purposes". Not only that, "L.E." is also well know to flat-out LIE.

        • by phantomfive (622387) on Sunday September 30, 2012 @02:12PM (#41507355) Journal

          Yes, but who defines "illegal purposes"

          The legislature, acting in their constitutionally provided role as representatives of the people. To be confirmed or vetoed by the president, according to his constitutionally provided role.

          who vets the alleged "illegal purposes" to determine the validity of the request?

          Judges do, as part of their role in the judicial system. Really, I thought that you would understand this.

          • by sjames (1099) on Sunday September 30, 2012 @02:30PM (#41507439) Homepage

            The whole point is that law enforcement wants to do an end run around the judge by enforcing the accuracy of the published data and to hell with everyone else.

          • by Frosty Piss (770223) * on Sunday September 30, 2012 @02:43PM (#41507503)

            Judges do, as part of their role in the judicial system. Really, I thought that you would understand this.

            Here in the USA, judges tend to rubber-stamp warrants, and then there is the Patriot Act, Mr. Snarky. As you say, "Really, I thought that you would understand this."

          • by sumdumass (711423) on Sunday September 30, 2012 @03:14PM (#41507661) Journal

            To be fair, he said he was using .uk domains and talking about Europe laws which is what this story is about (EU directive).

            I'm sure the names can be changed and so on to make it fit, but there will be some differences because not every country has the same rights protected from government as the ''US" does.

          • by Anonymous Coward on Sunday September 30, 2012 @03:21PM (#41507699)

            You Sir are sadly mistaken.

            It is the President-for Life, Our Beloved Generalissimo, the kind and gentle Father of Our Nation who makes such decisions.

            Except when it is the Council of Holy Representatives of the One-and-only Allah.

            Or did you forget that ICANN is a global entity and the "Law Enforcement" means everything from FBI to Secret State Police of North Korea, no?

          • by Anonymous Coward on Monday October 01, 2012 @06:51PM (#41519331)

            Yes, but who defines "illegal purposes"

            The legislature, acting in their constitutionally provided role as representatives of the people. To be confirmed or vetoed by the president, according to his constitutionally provided role.

            So the legislature, which is all too frequently corrupt, and which also consists primarily of legal professionals, a special interest group within society that does not have interests at all aligned with the rest of society, gets to decide what is illegal? Only a completely screwed up society in a place populated by the world's greatest idiots would have a system like that.

            Oh, wait, doesn't that describe this place? Oops...

            who vets the alleged "illegal purposes" to determine the validity of the request?

            Judges do, as part of their role in the judicial system. Really, I thought that you would understand this.

            Judges are legal professionals by definition. Legal professionals are in a position of ethical conflict of interest with respect to the nature, scope, and form of the legal system. A legal system that is -- or even merely seems to be -- complex, confusing, contradictory, and/or scary to most of the rest of society creates long term demand for the services of legal professionals.

            Judges also tend to get selected for higher office by the same politicians who are writing laws that benefit the politicians and violate fundamental rights. That creates another ethical conflict of interest: does a judge oppose an illegal law, or does he or she demonstrate that they are a "team player" and not going to "make waves" by devising some pretext to allow the law to stand, in the interest of getting a higher office.

            Once they've done this a bunch of times, of course, the judges aren't going to have much interest in making waves, in case they draw too much attention to the things they did to get to higher office.

            Really, I thought that you would understand this.

            Perhaps some remedial historical reading is in order. I suggest reading about the role of legislators and legal professionals first in perpetuating slavery in the USA, then in creating and perpetuating the "separate-but-not-actually-equal" system for so many years.

        • by Anonymous Coward on Sunday September 30, 2012 @02:23PM (#41507409)

          Yes, but who defines "illegal purposes" and who vets the alleged "illegal purposes" to determine the validity of the request?

          "Law Enforcement" is well known to have, shall we say, "unique" ideas about the definition of "illegal purposes". Not only that, "L.E." is also well know to flat-out LIE.

          That's precisely the reason there used to be a requirement that law enforement should first go explain the situation to a judge and get a warrant. The mere fact that the law enforcement was required to document their searches and have a third party look over their justification served as a deterrent to abuses of power.

      • by heypete (60671) <pete@heypete.com> on Sunday September 30, 2012 @02:13PM (#41507359) Homepage

        Exactly. This seems like a good idea, and a balance between the .US TLD policy (all information is public) and the .SE TLD policy (no information other than a unique ID string is available to the public with no contact information -- not even an email is available).

        I rather like the implementation of whois privacy used by Gandi.net (a French registrar who handles registration for a bunch of TLDs): for domains that are private-by-default (.SE, .uk for individuals, etc.) then they use the registry for privacy and include no information in whois. For domains where whois privacy is available (.com/net/org, etc.) they include the registrant's full name (so it's clear that they are the ones who legally own the domain) and then provide the Gandi postal address where all mail is presumably shredded. They also provide a unique, randomly-generated email address to protect against spam: if you get spam to that address you can simply push a button and a new, random address is created. Legitimate mail is forwarded on to the contact while spam is filtered out.

        Gandi offers these privacy services to individuals only: companies and organizations are assumed to be less in need of privacy protecting services and must include their regular contact information.

        I have no problem with law enforcement being able to get the details with a warrant issued by a relevant court, but I think the time for having all personal contact information being made public in whois has passed. It used to be that the name and contact information corresponded to a technical contact at an organization responsible for that domain but now many domains are owned by private individuals and this assumption can no longer hold.

        Of course, even with a warrant the whois information for suspected bad guys is unlikely to be of use: I doubt the bad guys put in accurate and correct whois information or pay using their personal credit cards (as opposed to anonymous prepaid cards).

        • by Anonymous Coward on Sunday September 30, 2012 @04:36PM (#41508213)

          I doubt the bad guys put in accurate and correct whois information or pay using their personal credit cards (as opposed to anonymous prepaid cards)

          They also use shady legal services to register the domains in the EU area, with the services provided across the borders thanks to the liberties of the EU economic area without the responsibilities and the necessity of holding a reputation in a country.

          • by andersh (229403) on Monday October 01, 2012 @05:33AM (#41511471)

            This does not apply to all European countries, there are still European countries that require that you have a local corporation and registration number to apply for domains [under the national TLD]. I assume you're wrongly using EU as a synonym for all of Europe(?)

            The EU only requires that you don't put barriers in place, in any form, that hinder inter-European trade. French and Italian TLDs require a European address, but nothing beyond that.

            • by Anonymous Coward on Monday October 01, 2012 @09:12AM (#41512333)

              I was indeed only referring to the EU, not the Europe as a whole. You can have an individual moving to another country, rent a place or buy it to launder some money on the process and act as the local intermediary in registering these domains for the use of local "businesses" with questionable business practices. Eventually the local bad guys will be discovered behind these schemes.

        • by Anonymous Coward on Monday October 01, 2012 @06:07AM (#41511511)
          [Disclosure: I work for a domain registrar. In fact, I'm the one who implemented virtually all of the infrastructure for the company. I'm posting anonymously due to the fact that I don't wish to speak for my employer, but everything I'm writing about can be verified online, and other registrar employees reading this will, no doubt, back up my analysis.] It's not a good idea to compare global TLDs (anything longer then two letters long) with country code TLDs. The rules are completely different. What follows isn't so much for your information as for general consumption. ICANN has little or no involvement in ccTLDs aside from delegating control to a responsible party. Beyond that, the rules for the running of that zone are almost entirely up to the ccTLD registry. gTLDs are different: the rules are dictated by ICANN. There's the additional wrinkle of thin registries such as .com and .net (you could also include .tv, .cc, and .ws as, even though they're ccTLDs, they're ran like thin gTLDs), where the registry doesn't manage contact information and it's up to the registrar to maintain it. For those, registrar WHOIS must contain accurate information for simple stuff like transfers to even be possible. ICANN-accredited registrars are also required to periodically deposit their records for domains they manage with an escrow service, and to send out WDRP (Whois Data Reminder Policy) notices to registrants to ensure their WHOIS data is valid. [Aside: This is why you should use the WHOIS privacy service provided by your registrar rather than a third party one: using the registrar's service mean they have correct data, so they can more easily guarantee to ICANN that your domain is compliant and its data is valid. This means you're less exposed to possible compliance issues that can arise from using a third party as you will necessarily be providing invalid information to the registrar if you're using a third party service. If you're super worried about people having your address, get a PO box.] This all works for legitimate registrars. The real problem is ICANN's making: ICANN's record of enforcing policy compliance is extremely weak in east Asia (South Korea, Taiwan, Singapore, and Japan excepted), particularly China, which is the one great thorn when it comes to compliance issues. It's got to the point where ICANN don't even bother following through on compliance issues with those registrars. Partly, this is a policy issue: ICANN's policy is to send a representative to the premises of the registrar in question to sort through compliance issues before revoking their accreditation, but rogue registrars have a habit of packing up shop and moving elsewhere, or providing bogus contact information. That wouldn't be a problem if it were ICANN's policy to make a best effort to visit the registrar in question, but it's not: by disappearing, rogue registrars manage to hold onto their accreditation so long as they keep paying their fees to ICANN (and there may even be some of them who manage to dodge that too). ICANN instead reserve their teeth for the legitimate registrars rather than using them where they'd count by revoking the accreditation of the rogue registrars. And because ICANN refuse to own up to this responsibility, they're instead trying, with the LEAs, pushing rather onerous requirements on legitimate registrars that will end up pushing the cost of domain registration up dramatically, to the point where they want registrars to do yearly phone checks with registrants and/or admin contacts to verify the correctness of contact details. It's all theatre however, and virtually everything they're proposing can be easily worked around. TL;DR: ICANN shouldn't be bothering with this nonsense and ought to be enforcing current policy against rogue registrars.
    • by mjwalshe (1680392) on Sunday September 30, 2012 @01:21PM (#41507013)
      So register with your countrys telephone preference service then?

      And what are you using those domains for eh? MFA sites maybe and your trying to hide ownership from the big G
      • by pla (258480) on Sunday September 30, 2012 @02:28PM (#41507425) Journal
        And what are you using those domains for eh? MFA sites maybe and your trying to hide ownership from the big G

        This spring, I registered an "ego" domain - My own name dot net, on a whim.

        I paid for it with a credit card in my name. I gave a fake phone number, and a PO box for my address. I used a real email address (albeit one made specifically to catch the junk I expected by registering.

        And three days later, GoDaddy locked my domain and reversed the charges, refusing to do business with me until I sent them a scan of my driver's license. WTF?

        So, I told GoDaddy to go fuck themselves, and registered with a no-name, for less, with automatic free privacy protection (the WhoIs contacts go to them, rather than to me) and that doesn't give the least damn if I want to register as George Bush.


        The real problem here involves laziness on the part of law enforcement, pure and simple - IP addresses don't mean LEOs can't track you down, it just means they actually need to come up with enough evidence to convince a judge to demand the ISP turn over the owner's info. It makes doing their job an actual job, rather than a five second query against WhoIs.

        Stop expecting to rest of the world to do your work for you, guys. If you need to track me down, do so. But don't expect me to put up with nonstop telemarketers, not to mention the risk of some crazy actually showing up at my door because he doesn't like what I said about Rush Limbaugh, just to save you from having to do some legwork if someday I break the law.

        Innocent until proven guilty. Read up on it sometime, eh?
        • by sociocapitalist (2471722) on Monday October 01, 2012 @04:46AM (#41511305)

          The real problem here involves laziness on the part of law enforcement, pure and simple - IP addresses don't mean LEOs can't track you down, it just means they actually need to come up with enough evidence to convince a judge to demand the ISP turn over the owner's info. It makes doing their job an actual job, rather than a five second query against WhoIs.

          IP addresses are useless as anyone doing fraud can easily move from cafe to cafe to maintain their site(s).

          I could see having to get a warrant to get at the identification data kept by a registrar but in order to be useful this still requires the registrar to make sure of your identity when you sign up. I have no problem with this so long as the registrar then has to abide by the (in my case EU and thus actually existant and useful) data protection / sharing rules and has an opt out (or better an opt in) for marketing to me.

    • by Anonymous Coward on Sunday September 30, 2012 @01:45PM (#41507215)

      The WHOIS database was originally setup when you needed a $10,000 workstation or PC with a NIC card bolted to 1/2" thick blue or yellow coaxial cable with vampire taps, at least a class C block of IP address.. Then it was very nearly impossible to change your location without changing providers. Even with a 56K modem with PPP, you would still have difficulty moving as many ISP's used caller-ID to restrict access, and took several weeks to process your application.

      Now, you have a mobile phones and laptops with wireless broadband that can make use of multiple network standards (bluetooth, wi-fi, GPRS, 3G, Firewire) and switch IP addresses and networks in seconds, and countries within hours, if you take a flight anywhere.

    • by Anonymous Coward on Sunday September 30, 2012 @05:47PM (#41508611)

      Perhaps I have been incredibly lucky, but I've had my cell phone number listed in WHOIS on all 4 of my domains, going as far back as 2001, and I don't get robocalls. I never went for the registrar's privacy mode because I felt like that was giving them ownership of my domains, which makes me uncomfortable.

    • by Anonymous Coward on Monday October 01, 2012 @01:24PM (#41515313)

      That's one of the things people putting stuff on the internet (who know better) like about anonymity: it keeps 5 billion people from kicking down your door. Even if the name/phone# is a lie, its still useful (makes it look like a real person, but keeps most of the 5 billion off your door step). I understand why law enforcement wants to force technology people to do their jobs for them: they know about busting heads and beating confessions, but if they try to beat the computer into submission, it stops working for them altogether.

    • by Toad-san (64810) on Tuesday October 02, 2012 @01:34PM (#41528025)

      So you (and a million criminals) stay anonymous. Hey, how about dealing with the bastards running the robo-dialers, eh? Fix the problem, don't avoid it.

      "Oh, we don't go down that road: too many robbers."

      Riii-ight.

  • you need to type in a PIN that is SMSed to the phone to register the website. filter out online only phone numbers. phone numbers can be traced to an owner, or "oh yeah, my boyfriend {XYZ} borrowed my phone that day" which is law enforcement due diligence when investigating crime

    seems to be about as good a system as you can hope for

  • "Law Enforcement?" (Score:2, Insightful)

    by Anonymous Coward on Sunday September 30, 2012 @01:18PM (#41506989)

    I didn't RTFA, but who exactly is "Law Enforcement?" The capitalization makes it seem like it's the proper name of some organization.

  • by Anonymous Coward on Sunday September 30, 2012 @01:23PM (#41507033)
  • by grumpy_old_grandpa (2634187) on Sunday September 30, 2012 @02:03PM (#41507301)
    > two of Law Enforcement's twelve asks

    Also known as questions in plain English. Or in this instance, possibly requirements.
  • by Anonymous Coward on Sunday September 30, 2012 @02:32PM (#41507443)

    It might become like flying I was a regular, I no longer fly.
    Some thing others want worse than I do.

    Prices gets high on grocery items I don't buy them, the store wants them worse than I do.
    Same with products and services cost to much in my time or money I find something else to do.

  • by Fear the Clam (230933) on Sunday September 30, 2012 @02:52PM (#41507555)

    I'll give the correct information on my domains. Until then, ICANN can go fuck itself. I'm tired of receiving spam sent to the address I use on my WHOIS listings.

  • by Greyfox (87712) on Sunday September 30, 2012 @04:27PM (#41508175) Homepage Journal
    By having a shell corporation hold your domains. Which is all pretty much the last several of my whois requests returned, anyway. Bounce through a couple of international shell companies to register your domain, and that'll shut down pretty much any law enforcement request. They might be able to shut down your domain, but they're not going to find out who you are that way.

    They might hope that Whois would allow them to short-circuit the good old-fashioned policework method of following the money, but I'm afraid it's just not going to be that easy. Sorry guys, try again!

  • by wonkey_monkey (2592601) on Sunday September 30, 2012 @04:32PM (#41508199) Homepage

    two of Law Enforcement's twelve asks are "unlawful"

    Can't you call them "requests" like a normal person?

  • by Anonymous Coward on Sunday September 30, 2012 @04:46PM (#41508263)

    I can whois WTF it dont work well all out of options.
    I demand another law.
    So my fat ass can just sit here eat fucking doughnuts all day and do nothing and soak the tax payer for overtime.
    I a god damn hero cop I deserve it.

  • WHOIS data has been crap for a long time now. There is no longer any incentive for registrars and ISPs to keep accurate WHOIS data as there is no penalty for providing garbage. ICANN doesn't give a shit that hte data is crap, they only give lip service to the problem and then go back to rolling in their piles of cash.

    The real question is who is the idiot who told law enforcement officers that there is meaningful data in the WHOIS databases anyways. I would bet that the ICANN assertion of 29% of it being bad is a huge underestimate.
  • by NSN A392-99-964-5927 (1559367) on Sunday September 30, 2012 @10:00PM (#41509943) Homepage

    Welcome to another New World Order / Law Enforcement Policy. Make up your own mind; but those are my thoughts.

     

  • by Linuxmagic (1115793) on Monday October 01, 2012 @12:54PM (#41514861)
    This was/is a big issue at every conference, where of course the focus is always placed on 'policing' agencies wanting to know who operates an IP Address, however the concept is a lot greater than that. And of course, there is a perception that even at the highest levels (the Board) there is a lot of pressure by hosting companies who want to accomodate the customers who wish anonymity. The fact is that an IP Address or domain is/are Public lookup , and if you want to have an IP address/domain that is available to the public, you should post some public identity. This is used for a lot more than simply policing. Eg, various reputation services, auditing systems, and legitimate network operators who need to be able to identify the operator. Already, there are policies in place in theory to require this information; we already have tools and policies to do this, the problem that we hear is enforcement, and a mandate to take action during enforcement. There is a lot of finger pointing on this issue even amongst ARIN/ICANN officials and board members. And far too many times we see abusive behavior from 'Privacy Protected' holders of Public information. Now, it can be that the line on how much information about the holder should be publicized, but the operator/organization information at least MUST be provided, and the upstream providers should have a way to validate this information. And this has to be bigger than just ICANN/ARIN. We talk to operators who blatantly state that they do not collect information, and do NOT monitor activity on their networks, because they are concerned that if they 'know' about what is going on, they can be held responsible. Some protection must be given upstream providers, registrars etc, but on the basis they are diligent on getting information of the holders of public resources they assign.

"The chain which can be yanked is not the eternal chain." -- G. Fitch

Working...