<<<
Chronological Index
>>> <<<
Thread Index
>>>
[gnso-acc-sgb] "Apply for Access" proposal questions
- To: gnso-acc-sgb@xxxxxxxxx
- Subject: [gnso-acc-sgb] "Apply for Access" proposal questions
- From: Dan Krimm <dan@xxxxxxxxxxxxxxxx>
- Date: Thu, 10 May 2007 22:32:03 -0700
I don't want to play favorites here, so I have a few questions for David
about the BC "apply for access" proposal.
(1) Given the suggestion for "self-certification", how exactly would that
be evaluated and enforced? Specifically, why should any random applicant
be believed when they claim to be legitimate?
It seems that this process would pretty much admit just about anyone to
access the privileged data. I mean, any random person has an interest in
"combatting spam" for example -- under that broad criterion everyone could
get access.
It will be very difficult to define classes of legitimacy that are both
accurate and verifiable. The ones that are verifiable will be very crude,
and the ones that are accurate will be difficult to verify without formal
due process.
(2) Given that access would be all-or-nothing in this schema, how is there
any means to ensure that access is only for legitimate purposes? If an
applicant may have a single legitimate reason to access a single domain's
private info, does that mean that the applicant should be given access to
the full Whois data whole hog? That would be pretty hard to swallow, even
if the access is only temporary.
Perhaps it would be better for private entities with narrow interests to
get narrow access second-hand through public entities with broad access who
will be responsible for the use of data by those with narrow interests to
whom they provide access.
(3) Third parties would agree not to share the password, but what would be
the penalty for violation and how would it be enforced? If ICANN does not
have the resources to enforce this policy, then it must fall to others,
such as registrars or public law enforcement. If public law enforcement,
then this might fall under contract law or some similar domain, and without
significant penalties there will be little incentive to adhere to the
agreement.
An agreement in principle with no enforcement teeth is non-binding in
practical, de facto terms. It is worse than no agreement at all, because
it has the surface appearance of substantive constraint with no meaningful
constraint in reality.
Dan
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|