EU Privacy Watchdog To ICANN: Law Enforcement WHOIS Demands "Unlawful" 81
First time accepted submitter benyacrick writes "WHOIS was invented as an address book for sysadmins. These days, it's more likely to be used by Law Enforcement to identify a perpetrator or victim of an online crime. With ICANN's own study showing that 29% of WHOIS data is junk, it's no surprise that Law Enforcement have been lobbying ICANN hard to improve WHOIS accuracy. The EU's privacy watchdog, the Article 29 Data Protection Working Party, has stepped into the fray with a letter claiming that two of Law Enforcement's twelve asks are "unlawful" (PDF). The problem proposals are data retention — where registrant details will be kept for up to two years after a domain has expired — and re-verification, where a registrant's phone number and e-mail will be checked annually and published in the WHOIS database. The community consultation takes place at ICANN 45 in Toronto on October 15th."
Re:Working phone number in whois (Score:4, Informative)
you could always get a Google Voice number and not forward it anywhere (or set it to perma-do-not-disturb) - you'd still be able to browse through voicemails if necessary through an email interface
Re:Working phone number in whois (Score:5, Informative)
Exactly. This seems like a good idea, and a balance between the .US TLD policy (all information is public) and the .SE TLD policy (no information other than a unique ID string is available to the public with no contact information -- not even an email is available).
I rather like the implementation of whois privacy used by Gandi.net (a French registrar who handles registration for a bunch of TLDs): for domains that are private-by-default (.SE, .uk for individuals, etc.) then they use the registry for privacy and include no information in whois. For domains where whois privacy is available (.com/net/org, etc.) they include the registrant's full name (so it's clear that they are the ones who legally own the domain) and then provide the Gandi postal address where all mail is presumably shredded. They also provide a unique, randomly-generated email address to protect against spam: if you get spam to that address you can simply push a button and a new, random address is created. Legitimate mail is forwarded on to the contact while spam is filtered out.
Gandi offers these privacy services to individuals only: companies and organizations are assumed to be less in need of privacy protecting services and must include their regular contact information.
I have no problem with law enforcement being able to get the details with a warrant issued by a relevant court, but I think the time for having all personal contact information being made public in whois has passed. It used to be that the name and contact information corresponded to a technical contact at an organization responsible for that domain but now many domains are owned by private individuals and this assumption can no longer hold.
Of course, even with a warrant the whois information for suspected bad guys is unlikely to be of use: I doubt the bad guys put in accurate and correct whois information or pay using their personal credit cards (as opposed to anonymous prepaid cards).
Re:"Law Enforcement?" (Score:2, Informative)
I didn't RTFA, but who exactly is "Law Enforcement?" The capitalization makes it seem like it's the proper name of some organization.
Reading the articles would not help, their description does not go beyond this:
ICANN and the Registrars have engaged in six additional negotiation sessions, including two all-day, in-person meetings held in Washington D.C. (one of which was attended by Governmental Advisory Committee members and law enforcement representatives).
"law enforcement representatives" without capitalization.
Re:Working phone number in whois (Score:4, Informative)
Yes, damn that government! Except the ones pushing for the more "accurate" WHOIS data is ICANN, a private organization, and the one pushing back is a governmental organization (created by the EU). But don't let facts get in the way of your anti-government diatribe.
Re:Poor Baby (Score:2, Informative)
"The EU is behind more positive changes in IT"
Name one mainstream application platform, development environment, or key technology that isn't built upon technology originally developed in the US or blatantly stolen by countries like China. IBM, MS, Apple, Xerox, Dell, HP, Google, Facebook, Twitter, Oracle, Red Hat, and CISCO are just a few examples of the global IT contributions developed in the US. And while the Internet has grown due to contributions from both inside the US and outside the US the fact is the Internet began life as a DARPA project. There is a good reason the Internet root servers are under US management and will remain so. Nationalism be damned the fact is the world at large contributes very little to advancing IT technology. Why should they invest the time and money when you can just use what others develop. This mirrors why the EU would rather rely on US military technology and protection. That's not to say their are no foreign contributors but the majority of non-US professionals live and work in the US because that is were the opportunities are. Even Torvalds had to immigrate to the US to advance his Linux development because even though Linux might be considered open source he actually got corporate sponsorship and a salary while doing continuing his work. Do you think Google would have succeeded if it was developed in Russia? About the only country contributing any thing worthwhile in IT technology is Isreal.
And your privacy issue is 100% BS. England has a CCTV on every corner. And while people everywhere bemoan privacy issues you should remember the US government could have tracked you down way before the Internet was every built. Drivers licenses, Mortgages, Personal property deeds, bank accounts, tax rolls, birth certificates, and even wire tapping have been available for quite a while. It might have taking more time to put the information together but the end result is the same. And wile I can't speak for Europe or any other country the US has strict rules of evidence in place for judicial procedures and I have seen no evidence any US citizen has been convicted of a crime based upon warrant less data collection. Evidence collected illegally is regular in admissible in court proceedings. The only way to get around this is for the prosecutor to argue inevitable discovery. Also give me an example of the EU sticking up for it's citizens. No government or system is perfect by any means but the EU has really never shown that they have a spine to deal with any important problems facing the world today. They prefer to castigate the US for not providing a solution and when the US tries they get accused of meddling. And finally I really wish the EU would develop their own IT technology because I am tired of traveling to the European continent to help make sure their technology and associated applications actually work.