Home / Blogs

ICANN Montreal: Real-Time Thoughts During the WHOIS Meeting - 2nd Session

Karl Auerbach

I'm picking this up about 20 minutes in...

John LoGalbo - a "law enforcement" type - is complaining how long it takes him to issue a subpoena. My thought is this: Why should our privacy suffer because his organization can't get its procedural act together?

I am incensed - he is simply stating a conclusion that his targets are "criminals" and that, to go after them, he wants to throw away all legal processes and procedures - so much for the fourth, fifth, sixth, and fourteenth amendments.

Law enforcement procedures are there for a reason and should not be abandoned on the basis of mere expediency and convenience, particularly on nothing more than an accusation that has never been reviewed by a magistrate or other disinterested party.

I am appalled at the way that the word "legitimate" is bandied around without even a hint of recognition that it is a conclusion properly arrived at only after a long road. From what I am hearing, people are simply wrapping their desires in the word "legitimate" and bypassing the hard part of actually justifying it.

This panel really contains no advocates representing the point of view of the data subjects.

...Today is George Orwell's 100'th birthday. Orwell, were he here at these ICANN sessions on whois, would probably perceive them as strong evidence that Big Brother is closer today than in 1984.

Metalitz/IP - He is beginning with an incorrect statement about the "purpose" of whois. It was not established to track down people doing bad things - back when whois started it was much like the roster of a club. So his statement that whois is being used by IP folks in the way whois was originally "intended" is not supportable.

FTC - Mentioned accuracy. My thought is that we need to be more accurate about the meaning of "accuracy". There are elements such as precision - for example whether a full telephone number is provided versus only the country-code/city code part of the phone number. And there is a distinction between information that is simply absent versus information that is misleading. Accuracy depends on the use to which the data is to be put - in the sciences this concept is embodied in a mechanism called "significant digits".

Thinking of accuracy, I am reminded of a statement attributed to John Von Neumann:

"There's no sense in being precise when you don't even know what you're talking about."

Davidson/Metalitz on "tiered access" - There seems to be an issue that is being smoothed over - and that is whether the "tiers" represent people by status or situations as defined by facts? My sense is that the parties to this discussion are talking past one another. Clearly the IP folks want "tiers" by virtue of status (with IP folks being in the privileged class). I would suggest that what we really want is situation-based access.

Willie Black - He is asking for an authority system so he can identify the person making the inquiry. That is consistent with my own proposals. However, he is treating the proof of identity as the end of the trail - that once the registry/registrar knows that a person is of a given status that he/she deserves adequate, without examination of the situation or requiring that the person making his inquiry state the reason.

Milam - Talking about bulk access: Justifying bulk access because some companies have developed data mining that requires bulk access as fodder. Sheesh, I can imagine Jay Gould saying something like that - that he has a right to take public lands because he can make money out of railroads he builds across those lands.

Topic - Notification of the Data Subject

There's a lot of discussion on this. There is a lot of swirling around the distinction between real-time notice and deferred notice. It seems that people seem to have different assumptions and are disagreeing based more on their assumptions than upon the underlying concepts. I believe that the topic of notification would be served by dealing with concrete examples of how such a system might work.

The question has come up about the viability of a privacy-oriented TLD. I don't feel that this is a viable concept for general use. Davidson described it as a "privacy ghetto".

I hope to run an experiment soon in which people can register names anonymously and without the retention of any contact information whatsoever - control of a name would be in the form of a digital certificate, a kind of bearer bond.

Metalitz/Milam - they are complaining that registries/registrars are not honoring their obligations under the ICANN contracts. They want third party beneficiary rights so that they have standing to enforce the contracts. It is my feeling that if anyone deserves third party beneficiary rights, it is not the IP owners but rather the users of the Internet for whose benefit ICANN is purported to have been created.

FTC - arguing that the commercial/non-commercial distinction is viable, yet she speaks in language as if the Internet was only the World Wide Web and contained no other services. That kind of uneducated thinking is dangerous.

---
This article originally published in the CaveBear Blog

By Karl Auerbach, Chief Technical Officer at InterWorking Labs
Follow CircleID on
Related topics: DNS, ICANN, Privacy, New TLDs, Whois
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC