Re: [gnso-acc-sgb] ESA proposal for sub-group (b) of Whois Working Group

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Milton and all sgb members,

  Frankly, I am not at all interested in what ESA "prefers", and
I know, as Milton pointed out, the EU certainly is not at all
in agreement, nor will comply with what ESA "prefers".  It is
extremely unlikely that many legitimate registrants in the US
agree that  unrestricted publication of all whois data is either
wise, or acceptable given civil rights laws regarding privacy.
Ergo and in short, ESA proposal is not only disturbing
contradiction between your concept of "legitimate purpose",
it is likely not legally tenable.

  From what I read of ESA's proposal, it smacks more
of ESA and its relationship with MPAA, as a purely
political effort in order to achieve it's stated political
goals, rather than a serious proposal for this sub-group.

Milton Mueller wrote:

> Michael:
>
> It is good that ESA honestly acknowledges that it prefers unrestricted
> publication of all whois data.
>
> I see a disturbing contradiction between your concept of "legitimate
> purpose" and the following statement in your proposal:
>
> "If stated purpose(s) for access fits within one or more of the
> specified categoriesthe requestor would be entitled to universal access
> to the full registration records of all gTLDs."
>
> This means that anyone who has a legitimate need for one registrant's
> additional whois data at one particular moment is thereby entitled to
> all registrants whois data in perpetuity. I don't think that proposal
> will get very far. In effect, it reproduces the status quo but costs a
> heck of a lot more, doesn't it?
>
> Let us grant that a private party, such as a bank, has a legitimate
> purpose in accessing the full whois record of a site or family of sites
> that is actually, or merely suspected of, phishing.
>
> Under your proposal, that "legitimate purpose" would give them unlimited
> access not only to actual or suspected phishers, but to anyone and
> everyone else, at any time. In other words, the form of access granted
> has no correlation to the legitimate purpose.
>
> This is flatly illegal in the EU, for sure.
>
> Another observation: you list "determining availability of domain names"
> as a legitimate purpose. But availability can be determined without any
> of the data elements that would be shielded from public view under the
> OPoC proposal.

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827