|
||
|
||
COICA (Combating Online Infringement and Counterfeits Act) is a legislative bill introduced in the United States Senate during 2010 that has been the topic of considerable debate. After my name was mentioned during some testimony before a Senate committee last year I dug into the details and I am alarmed. I wrote recently about interactions between DNS blocking and Secure DNS and in this article I will expand on the reasons why COICA as proposed last year should not be pursued further in any similar form.
Whenever I contemplate or evaluate a proposed security mechanism I like to consider how the opposition will react to it—what will be their next move? If I think the cost of “their” next move will be a lot less than “our” costs in deploying the proposed solution then I can dismiss the proposal on economic grounds. On the other hand if I think that “they” will actually be way better off after “we” force them to make their obvious next move, then I don’t just want to dismiss the proposed solution, I want to sound the alarm. So it is with COICA, which is at best a weak proposal and at worst an incredibly dangerous idea.
Pirate DNS
If the US Government mandates some form of “DNS blocking” as protection for intellectual property against piracy, then the people in the world who want to publish and consume pirated content will have to decide what to do about it. They could decide to stop dealing in pirated content but the money involved makes that unlikely. They could move to a non-DNS rendezvous system like putting IP addresses into a Twitter feed but that would require never-ending manual labour by consumers which I think means publishers will not want to do it that way. What I would do if I were a publisher of pirated content and COICA got in my way would be to create an alternate root DNS system and tell my customers how to switch to it.
Virtually all alternate root DNS systems ever created have either failed or just sputtered along. This is due to unalignment between people who want to create alternative top-level domain names and people who want to look up those names. The real (IANA) root DNS system has perfect alignment between name producers and name consumers because all name users use the IANA system. Outside of the IANA system, it’s always one group of people who want to create alternate names and some other group of people with different incentives who would have to be convinced to do the work of switching to the alternate DNS system to be able to look up those alternate names. Such convincement has never happened and until I studied COICA I thought it never could happen.
In the COICA situation, there is once again perfect alignment between name producers and name consumers, because there is already perfect alignment between pirated content publishers and pirated content consumers. If COICA becomes law and if THEPIRATEBAY.ORG is then blocked by U.S. Government mandate, then I’d expect The Pirate Bay to create an alternative DNS system along the following lines.
First, they’d decide in advance to mirror the IANA DNS system as closely as possible. Anything that appeared in the IANA DNS system would automatically and instantaneously appear in the Pirate Bay DNS system. If ICANN goes ahead and creates a lot of new TLDs then all of those new TLDs would appear in the Pirate Bay DNS system as well, all pointing at ICANN’s chosen registrars. In other words, no existing DNS content would be overridden (or dare I say: “pirated”.)
Second, they’d pick some new TLD that they wanted to create in the Pirate Bay DNS system that would serve their business needs and would be extremely unlikely to ever conflict with any future IANA TLD. For this, I’m thinking .PIRATE or .PIRATEBAY or .ARGHHH but that’s a decision best left up to the artistic team. For now, let’s assume that they chose .PIRATE so that their second-level domain names would be content names like TORRENTS.PIRATE or ITS-A-WONDERFUL-LIFE.PIRATE.
Third, they’d hire a lot of server capacity all over the world to host their DNS system. Since their DNS system would have no pirated content on it—thus by itself breaking no laws—they would not have to keep it all on their offshore base. Some of this server capacity would be for their root name servers (sort of a small clone of the IANA root name server system and the VeriSign .COM name server system) and some would be for their open recursive name servers (sort of a small clone of the OpenDNS or Google DNS systems).
Fourth, they’d put together a simple system to grab the IANA root zone every few hours, add their .PIRATE TLD to it, and sign the modified copy of the zone with the Pirate DNS root key. This root key would have to be generated and signed in some kind of ceremony, maybe with people wearing viking hats and carrying swords and torches, and the resulting public validation key would have to be published on the web and managed according to RFC 5011 so that it can roll forward throughout all time. Videos from this ceremony would go up on YouTube.
Fifth, they’d write up some high-quality documentation on how to use this alternate DNS system. The documentation would be in many languages since their customer base is worldwide. This documentation would explain how consumers could configure their laptop or desktop or mobile devices to use the Pirate DNS recursive name servers, and also how ISPs and hobbyists could participate by reconfiguring their own recursive name servers to use Pirate DNS as their root DNS system (including the necessary Secure DNS key.)
Sixth, they’d launch it. I figure that within two to six weeks they’d convert 90% of their installed base from IANA DNS to Pirate DNS, after which they could just go on as before, pretty much ignoring COICA.
Seventh, optionally, they could create some high-quality plugins for Windows and MacOS and Linux to use HTTPS for DNS lookups in case some of their customers wanted to be able to look up .PIRATE names from restricted environments like hotel rooms where DNS is hard to reconfigure successfully. Obviously Pirate Bay would have no problem operating the web servers for HTTPS but it’s also arguably another service they could hire outside their base since the Pirate DNS content is not pirated and therefore nowhere illegal.
What’s Our Next Move?
The whole scheme I’ve described above is practicable by any qualified sysadmin team, it doesn’t take DNS experts. The total cost in capital is between USD 20K and USD 1M depending on how fancy they want to get. The total time it would take to deploy it (see steps one through six above) is about two months. That’s “their” cost, and it would move them forever outside of “our” control. This is so easy that I suspect that they would already have done it except that right now—in a world without COICA—their customers aren’t aligned yet, there’s no motivation to switch over. Given COICA I think there would be perfect and immediate alignment.
At this point in the story the producers and consumers of pirated content would not be using the IANA DNS system so while the rest of the world would be stuck with the costs and complexities of COICA the biggest publisher of pirated content on the Internet would be unaffected. So far we’ve driven our own ongoing costs up far more than we’ve driven the pirate’s costs up, and we’re back where we started except with fewer options. But as bad as it sounds that’s not the worst of it.
The next worry is copycats. Once there’s an existence proof of this I’ll expect the publishers and consumers of other illegal or protected materials to create similar systems since there is again perfect alignment between name producers and name consumers. Some alternate DNS systems might even respect the alternate TLD allocations that occur in other alternate DNS systems as a convenience to their own customers. Countries who want to block certain new IANA TLD’s (and here I’m thinking of .XXX) could do this in-country and force alignment by mandating the use of that country’s DNS system by all in-country ISP’s and enterprises and end users. But even as much chaos as this would create, it’s still not the worst outcome from COICA.
My greatest worry is what people will do to bypass all this junk or to prevent other people from bypassing it. My fellow humans are a proud and occasionally adversarial bunch and they don’t like being told what they can’t do or what they have to do. The things we’ll all be doing to bypass the local DNS restrictions imposed by our coffee shops or our governments or our ISPs will break everything. Where this ends is with questions like “which DNS system are you using?” and “which DNS systems is your TLD in?” which in other words means that where this ends is a world without universal naming. We adopted DNS to get universal naming, and today we have universal naming except inside Network Address Translation (NAT) borders. Universal naming is one of the reasons for the Internet’s success and dominance. If we’re going to start doing stuff like COICA then we should have stuck with a “hosts file” on every Internet connected computer and let every connected device decide for itself what names it recognized.
Advice to the U.S. Government Concerning COICA
I’d like to say simply don’t do COICA but I guess that’s already been said and the discussion has continued so I’ll continue also.
The Internet is not a thing but rather an emergent property of the cooperation of all the people who connect their devices to it. That cooperation is a grant not a mandate, and that cooperation can be withdrawn or altered at only modest cost. The Internet is what in politics is called a “coalition of the willing” and noone has ever successfully imposed unilateral terms here. If the Internet were a regulated empire that could accept something like COICA then quite frankly the proof of this would be that the U.S. Government could have stopped spam and malware and Child Abuse Materials and phishing all with the stroke of a pen or the suspension of payments or the imposition of taxes or the dispatching of armed forces. However, those tools have no direct effect on the Internet.
The Internet’s social contract is a thin and fragile thing, and it’s the responsibility of every country and every government and every operator and every user to try to hold it together. It is within the power of the U.S. Government to try to impose its will on the Internet, but the results would be neither as you expect nor as any of us desire. Relevant and sustainable contributions to the Internet take the form of creation, not prevention, and are multilateral and cooperative not unilateral or imposed. I hope that the U.S. Congress will keep searching for ways to protect intellectual property until one is found that does not threaten to act as a “shear force” against the Internet’s fundamentally cooperative infrastructure.
I hope that next time my name comes up in congressional testimony about COICA it will be in the context of these remarks.
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byCSC
Sponsored byRadix
Sponsored byDNIB.com
A World-Renowned Source for Internet Developments. Serving Since 2002.
>That’s “their” cost, and it would move them
>forever outside of “our” control.
Many sovereign governments have “escaped control” using I-DNS, they did this because of the arrogance imposed upon by refusal to support their decade of request for IDN TLD support.
China was the most recent country to “split the root” in addition to many others.
These root splits have failed to create the suggested chaos.
I think I-DNS is still selling Chinese IDN versions of .COM and .NET for $75, been doing that since 2006. And as I recall I-DNS’s root splits go back to ~2000.
The current desire to split the root comes from lack of accountability as stake holders become more and more fed up. I certainly prefer standards and a unified system for the many benefits we’d all gain. What we have is command and control which is now asking for more command and control thus continuing to ignore why the root is continuing to split.
It has been my observation in life that people are good and want to work together.
Fortunately that masses are awakening ..... Is root splitting only allowed at the level of governments?
Yesterday’s Paul Vixie post on COICA and DNS doesn’t exactly jibe with today’s post, so I wonder which one is right.
I suppose they’re both right, actually.
I take your point that the Internet only works because so many people want it to work; the collaboration is much more important than any of the technologies, which tend to be pretty weak in any case. I make that point all the time in my public addresses.
Want to kill COICA for good? That’s easy: Just help organize an effective, voluntary system to addresses the problem of criminal behavior on the Internet, and COICA doesn’t need to happen.
If the community itself had been taking Internet crime seriously instead of sweeping it under the rug as a cost of “Internet Freedom,” COICA never would have been written. In any case, a more general approach to marginalizing Internet criminals is preferable to an industry-by-industry approach.
The trouble is that a collaborative response to Internet crime can’t pick and choose between good laws and bad ones.
I understand that some people believe "information wants to be free" and want nothing to do with any measure that seeks to reduce Internet piracy. So leave that aside. Internet crime is still a significant problem: Extortionate DDoS attacks, phishing, identity theft generally, terrorism, and child porn demand an adult response from the Internet community, and too many people are willing to hide their heads in the sand and pretend otherwise. Who's going to step up to this challenge? Microsoft just took down the Rustock botnet after years of work, tremendous expense, and the cooperation of the US Marshalls. Can efforts of that sort be generalized and broadly supported, or will be see "Internet Freedom" advocates stomping Microsoft for breaching the Rustock operator's "free speech rights?"
Pardon me if I seemed to suggest you're an "information wants to be free" guy, Paul; of course, I know you're not. The EFF is full of them, however, and many of the people who signed their anti-anti-piracy letter feel that way. I agree that the problem of Internet crime is enabled by the overly-broad assumption of anonymity that domain owners enjoy. While I understand the value of anonymity for whistle blowers and the like, but don't see how that applies to businesses operating for-profit on the Internet. And yes, collaborative approaches to Internet self-management have always been the most effective and perhaps the only way to really get things done; government mandates are routinely ignored, always have been, and in some cases, should be ignored. I think the best way to get a handle on Internet crime is through the voluntary use of domain blacklists by ISPs and other DNS providers; it's abundantly clear that the system is practically boiling over with malicious sites, so the assumption that we're all good guys simply doesn't hold up. I think you agree with this, don't you?
Governments don't generally appreciate the fact that the Internet is a multi-stakeholder system that runs on consensus, and neither do the industries whose history predates the Internet. The solutions to many of the problems that policy makers have with the activities the Internet enables today are likely to come from multi-stakeholder collaboration in which government is a member of the system rather than its overlord. Chris Marsden calls this the "co-regulatory system."
How does one define “success” as the centralization of a system designed to be decentralized?
Regarding TLDs I saw far more innovation before the US created ICANN, and ICANN tried to get sovergn contries to sign over their ccTLD’s through “redeligation” contracts. Fortunately most did not sign and thus are also not under “our” control ....
How can success exist when countries are still denied native language TLDs?
To put a finer point on a statement above, it appears to me the US GOV wants to harmonize other countires local laws (aka overide them) through the contract system using ICANN as the proxy to the registration contract / TOS that is required for each gTLD registration event by ICANN. Since ICANN runs the TLDs under contract to the US GOV, this gives the US Gov a direct path to the registration contract of each and every gTLD registration (most of the worlds registrations).
For simplicity, registrars are not going to use seperate contracts for each TLD, whatever is required for .COM (for example) will wind up being required of all offered TLDs.
>You cannot decentralize allocation functions where uniqueness is required.
Uniqueness only occurs at the TLD level, not across TLDs, this is why I-DNS has succeeded and why China used them and resolved their system using a server that is part of the canonical root chain.
There is NO requiement or need the centralize TLDs. If there were then we could not lose “our” control to others setting up alternative DNS systems. You can’t have it both ways.
>I-DNS has not succeeeded,
I recall well when people recognized what China had done by their root split, I remember well how motivated ICANN suddenly became to finally address this issue. I’d say that is reason enough to say I-DNS has been a great success, having China select them sure did not hurt.
As with ccTLD’s comparing IDN reg rates to .COM totally misses the point. IDN TLDs will generally be specific to their region, just as ccTLDs will be. An IDN TLD with a single registration is just as valid as all the .COM registrations, they each address different needs.
If I-DNS is not considered a success, then the idea of some group setting up their own TLD, as suggested in the article, must be far less of a threat to the point of not being worth considering.
I suggest the real lesson of I-DNS is the threat true competition represents and the return of intenet innovation that could result by implementing alternative DNS system.
My vocal concerns about RPZ being used as a system of censorship, and your recent admission to this potential, is PRECISELY what I was getting at regarding the intenet having a decentralized design. Any time we hand our decisions over to others we’ve set ourselves up for a bad future. The more alternative DNS systems the better, the is the only way internet freedom and free speech is going to be preserved.
I hope everybody ponders well what centralization recently got us:
http://www.boingboing.net/2011/02/17/dhs-erroneously-seiz.html
So in the interest of “keeping us safe” 10’s of thousands of sites were labeled child porn sites. I wonder how many small businesses were involved and may have even lost most of their customers over this. In this case the error was so staggering that it was exposed and thus the world was notified. And what happens when it’s not exposed and it’s your website that gets taken down with no recourse? It was just “an error” and you have no recorse becuse you allowed a contract to replace the legal system and the checks and balances you’d have access to under it?
Of course when you are the central authority there will always be motivation to invalidate alternatives, this is monopoly 101 stuff.
>Extortionate DDoS attacks, phishing, identity theft generally, terrorism,
>and child porn demand an adult response from the Internet community,
>and too many people are willing to hide their heads in the sand and
>pretend otherwise.
There is always something to fear, is’nt there?
Some new reason to give up more of our freedoms ..... For our own good .....
>The laws against murder curb the self-defense right, for example. Not in my state, and many others, see "castle doctrine". Murder result from being unable to defend yourself. Thank you for presenting a perfect analogy regarding my internet concerns, and it's common misunderstanding. The right to defend yourself in your own home (aka website) is the issue here.
Legal doctrine is fine and dandy as long as the cops are legal scholars and everyone has deep pockets for a courtroom defense. In the real world, however, people often have to prove that their exercise of self-defense as they see it doesn't conflict with someone else's perception of contradictory rights. Abstract notions of "Internet Freedom" are like that, issues that go into the salad where they mix with notions of personal privacy, data security, and good behavior generally. As you say, there is always something to fear, even if your only concern is "Internet Freedom."
>Legal doctrine is fine and dandy as long as the >cops are legal scholars and everyone has deep >pockets for a courtroom defense. If that is the problem, and we allow it to continue or get worse, then we deserve what we get. That's what I'm seeing now regarding to "solutions" for issues of the internet. Just like the 83,999 websites I mentioned earlier. >In the real world, however, people often have to prove >that their exercise of self-defense as they see it >doesn't conflict with someone else's perception of >contradictory rights. Just like the 83,999 websites I mentioned earlier. Having that behavior instantiated in a registration contract is not a solution we should be embracing. No system is perfect, and things are always changing. We can only ever try to incrementally tweek in a desired direction. We can also generally choose to asymptotically approach "perfection" from the "side" that allow some bad guys to go free, or some good guys to be forever labled as bad guys. Guess which "side" I prefer. I'd rather see some bad guys go free once in a while than mess with someone who did nothing wrong. Espically labeling them as "child porn" distributors (mooo.com). And then we have the issue of one country deciding another countries "acceptable" and "unacceptable" behavior via domain name morality. That's always a bit easier when you are the one given control over someone else, not so easy when you are on the receiving end ... Power currupts, and so on. Lets go back to root causes and stop trying to use the domain name as the proxy for the bad guy and thus we have "bad domains". Lets take advantage of the domain to find the bad guy and hold them responsible, and not hold the domain responsible. Can't find them? EPP has a delete command ....
You're complaining for the sake of complaining. That's also not interesting.
Since we're now at the stage where different people are using words differently and then arguing about those differences, I'll make sure the record is clear.
If your metric for alternate DNS success is that you successfully pressured ICANN into rolling out IDNs then I'm fine with the above characterization if that's what happened in this case (I have not been following the IDN TLD story carefully enough to know one way or the other). My metric for alternate DNS success is relevance for the total population of name consumers and sustainability for the name providers. I have no worries about flashes in the pan designed to produce a long term effect elsewhere, but it's a different goal than I was describing. Pirate DNS would be successful in a COICA world because it would be completely relevant to all Pirate name consumers and completely sustainable for the Pirate name producers. That's a two pronged nonsequitur, since it is not an example of "centralization" unless by decentralized you mean you'd like there to be no TLD registries capable of having court orders served on them, and it is not even close to the level of intrusive government mandate contemplated by COICA since under COICA the operators of recursive name servers would have a continuous rather than discrete burden. The Internet depends on universal naming and addressing, and on the uniqueness of identifiers used by the infrastructure. If you wanted to build a new Internet that lacks universal naming and addressing and does not require uniqueness of infrastructure identifiers you'd be starting pretty much from scratch. To my mind that means that we have several necessary forms of "centralization" today and that part is working just fine and will continue to be just fine unless some government imposes unilateral policy (like COICA) on the global naming system.>If you wanted to build a new Internet that lacks universal naming You and I both know all to well that "universal naming" is defined by the client's two DNS server IP settings, nothing more or less. Adding, splitting, remapping are as easy and in fact your article discussed what is needed to do it. >Pirate DNS would be successful in a COICA world because >it would be completely relevant to all Pirate name consumers >and completely sustainable for the Pirate name producers. And here we completely agree, I simply extend the discussion space by recognizing the continuum over which there is motive for alternative DNS options. That means for every "evil" example one can give there will be good and useful examples are well. In fact there is no reason to look at the current embodyment as examplifying the idea best case. I feel the root causes are being ignored and I'm seeing DNS changes, tech, policy, legal, moving in a dangerous direction. Unaccountable censorship. There was a time, and I remember it well, we people actually feared placing invalid info in their whois, now it's a joke. In fact ICANN escrow does not even require the actual whois, privacy whois may be used. Then we have "promotional registrations" and everytime I see free or dirt cheap registrations I cringe as I know the next pool of registrations is going to be spun through for spam, malware, etc, in effect lower the cost of these operations. And now we are talking about "lists" .. Bed guys "lists", like 4 year olds on no fly lists, or a great keyword with organic traffic that will forever be on "the list" for whatever reasons that nobody is required to publicaly articulate and be held accountable for. Focusing on domain names, you place privacy whois on a domain the domain gets DELETED. That's a policy change I can live with. And I think the results will be more significant than people think. Laws were past long ago requiring whois accuracy, and now for some reason we all act like that never happened. I'm aware that there are some very valid reasons for privacy but the ones I'm aware or can be satisified using a POB. At this point in time I feel that's a more prefered burden than selecting some "decider" of good and evil on the internet and empowering them to shutdown domains. Someone does something illegal, by defintion they already broke the law, no additional internet policies or "features" are needed. We just need to find their butt and hold them accountable. And if we can't, by definition that means their whois was bad. POOF! Their domain just got deleted! And my read is that is exactly what we have right now, but nobody is enforcing it, we act like this option does not even exist, as law and policy.
>Any proposal as to how some other kind of Internet that lacks >this type of "centralization" in its identifier system would start >out as a theory then needing to be comprehensively tested by >someone trying to bring it to market. Not what I was suggesting. The above pirate space example can provide glue records back to the current root chain, user DNS selection is the only thing defining the difference. I'm saying the space that is currently defined does not means it's the best we can do. As to how names are resolved, that's a separate issue and need not change. In other words I'm looking from it from the user perspective that just wants the site to come up in their browser, they don't care how the name resolves as they don't see that as part of their experience. Alternative DNS does that using the current tech. As a thought experiment: If my greatest concerns come true, and people get fed up, alternative DNS systems come online and people leave the ICANN root in the dust. Thus the people speak and say the previous embodyment was not ideal after all. Again focusing on end user experiance. The end user I hardly ever see mentioned or considered in these discussions. > if InterPol or some similar agency assures ICANN "First they came" First they came for the communists, and I didn't speak out because I wasn't a communist. Then they came for the trade unionists, and I didn't speak out because I wasn't a trade unionist. Then they came for the Jews, and I didn't speak out because I wasn't a Jew. Then they came for me and there was no one left to speak out for me. - Pastor Martin Niemoller (1892–1984) "Trust" no one, always verify. Especially when we are talking world/borderless scope. This may well be the end of the road. Yes the ALT DNS option is still there .... But then we have BIND sitting there now with built in censorship support and for years now I've seen ISPs capturing ALL DNS QUERIES and forcing them back into their resolvers. BIND, through centralized government list distribution, could overcome the 48 hour TTL of a domain zoned at the root via an InterPol published ban list that ISP's implement in the name of "Patriotism". That's could be a great 60 second "fast takedown" mechanism in the hands of a privileged few and no accountability.
>No. Where the context is Child Abuse Materials >I won't be verifying reports of same. I'm going to maintain my stance. ALL requests gets reviewed, period. I'm also going to point out that in the case of MOOO.COM a 3rd party review by someone with a clue how infrastructure works, might have avoided 83,999 people from falsely being labeled, by the US Government, as distributors of child porn and the effect that had on their reputation. They know child porn, great! We know wild carding and shared dynamic DNS ..... And all the other stuff the RFC's explicitly state as forbidden ... It would seem those authorities took the same position of "Not everything that's ever been done in [cyberspace] has to be reinvented and done differently in [meat space]." Thus they had no clue what they were doing in cyberspace. "Trust" no one. Checks and balances, due process, call it what you will. When it comes to shutting down a domain name we must NEVER give one single organization total unquestioned authority to do so.
> I do think that ICANN should fix the whois accountability problem
That is where technical people should come together, why is it ok in this case to have a third party solve the problem?
On this point we agree, as I stated in the Taking Back the DNS article. US law requires the Whois to be accurate and yet at the same time Privacy whois is now allowed. And so privacy whois is allowed but the same permissve central authority will solve the problem? That makes no sense.
Registrars are in a position to require accurate whois. In fact Registrars generally have full accurate whois information used to pay for the registration, yet we’re discussing censorship tools rather than simple solutions of registration accountability in the first place.
That’s an argument for being able to social network anonymously but it hardly justifies having a domain name anonymously. A domain is in Internet terms an identity, and allowing such identities without any domain holder accountability is a unique-to-the-Internet form of identity-laundering. Of the 1.6 domains created every second through the GoDaddy system (as reported on stage during the ICANN meeting this week) I expect that at most “one a month” and perhaps as few as “none ever” are being used by activists and others who have reasonable fears of meatspace retribution.
A corporate identity can be pierced as necessary through the courts but is usually a matter of public record. Not so a domain with bad Whois which becomes a credible and usable anchor and rendezvous point and brand for illegal commerce or fraud or spam since the real domain holder need never be recorded anywhere. This kind of wild west atmosphere is what’s helping to convince the U. S. Congress that something like COICA is actually needed. Must we continue on the current path of devaluing domain names into random meaningless untrackable character strings? If so then both private and mandated filtering—and the consequences of both—are probably inevitable.
I'm somewhere between you two on this point. Just because the internet is unique does not mean it's somehow wrong or defective. Here we find a benefit. The domain is not just an identity it's a meeting point and a link with significant search engine reference implication. It has value associated with it's development or "traffic" one builds to get people to it. There is also a huge difference between social networking and domain name based publishing, back to the value search engines give to that publishing point or "address" which is not preserved in social networking. There are also the free subdomain websites which give the publishers all these benefits but at the cost of possible censorship. There is also the option of lying on the whois for ones domain at the cost of losing the domain for false whois. This really does suck as I to would like to preserve such speech. Thinking out loud here: However that's the problem. The people seeking the child porn see nothing wrong with it, we do. The folks seeking the head of the above mentioned publisher see something wrong with the content and we don't. The law is what distinguises the two but otherwise they can't be seperated. Thus circling back to accountability. The content is the content, one moment, or in some location, it might be legal/acceptable or it might not. So long as the price for invalid whois is loss of the domain, and not criminal charges for the "error" then there is a place for free speech to hide it's identity in (a possible slippery slope there, I admit). In other cases it's not the whois that started the problem its some law that was broken which then motivated inspection of the domain details. So one would hope the magnitude of the crime has far greater significance that the implications of bad/false whois. Even then I think this mostly just applies to those that can't afford a PO Box, which is admittedly an order of magnitude cost increase over the domain registration. The most poor can probably be argued as not having effective access to the internet to begin with. So were going to have those two brackets without the desired level of access they want. Others having the internet and the means for a POB. I'm also concerned with someone moving, and forgetting to update their whois, and then getting it deleted. At least the current delete cycle allow redemption, it's costly but it's likely motivation to keep a closer eye on ones whois after properly updating it. So there is a procedural issue here related to allow the registrant to redeem a domain, a right that would be lost if deleted do to legal action ... But in which country, the registrants or the one of the person complaining ... So we're right back to 3rd party review and holding the complaint accountable. As has been seem from UDRP, if you complain too much for no valid reason you should get the penalty and your further complaints IGNORED.
Paul, I don't know if anyone told you, but young Mr. Watson is CircleID's resident troll; he's some sort of grad student with amazing keyboarding skills who loves to harass the bloggers.
The data centers we use require our corporate info in the IP block record. I know this it not always true, I’m just pointing out that taking the next logical step is very possible. In fact even my ISP to my home allows me to configure the public IP detials, this was part of the static IP block service. Of course I can put anything in there I want which defeats the point we’re getting at.
It’s actually the same for DNS. Previously ISPs DNS systems accepted authoritative records that lacked a SOA record, now I’m seeing them block such records. They now demand a SOA record from the authority. The SOA does have an public “ownership tag”. Is the tag correct or a lie? Likely it’s correct since most probably don’t get it much thought yet. The more it becomes significant in other ways the more motivation for “privacy” there may be.
As for ID fraud regarding transfers I’ve been vocal the other way. When someone is using privacy whois, and their domain gets stolen (intraregistrar transfers mostly) there is no public marker of the event nor even proof of ownership. While DomainTools database is riddled with errors it can be used to detect/verify these events in the case of domain theft (“whowas” history).
So were back to benefits versus deficits. I primarily want accountablity regarding the actions of third parties messing with other peoples infrastructure. Perhaps there are other ways than use of public records requirements, but for some time its seemed thats the best option to me.
First to implement more or less the mechanism I outlined in this blog post: dot-bit. Hopefully they will publish metrics (number of names, number of unique IP’s, number of hits per day) soon.
18 months or so later:
‘“They should wait for our new PirateBrowser, then domains will be irrelevant,” an insider told TorrentFreak.’
http://torrentfreak.com/pirate-bay-docks-in-peru-new-system-will-make-domains-irrelevant-131212/