RE: [gnso-dow123] Emailing: 2100-9588_22-5986553.htm

["Milton Mueller" <Mueller@xxxxxxx>]

Maggie:

>>> "Mansourkia, Magnolia (Maggie)" <maggie.mansourkia@xxxxxxx> 12/9/2005 12:03 
>>> PM >>>
>As a network provider, in fact our largest customer base is covered 
>by the IP Whois database. 

...which does not include any of the objectionable personally identifiable 
data, and in fact is what law enforcement folks really rely on 90% of the time. 
At the Lux. meeting we learned that most of the public spokes for law 
enforcement weren't even able to understand the distinction between IP and DNS 
Whois, they had just been briefed to moan about how badly they need "whois." A 
sorry indication of the low level to which debate on this topic has fallen.

>If the ISPCP had been given proper notice and an
>invitation to speak at your conference, everyone 
>could have been educated on this issue. 

In fact, Telus - a major Canadian ISP - was on the panel and a major US expert 
on the Telecom Act and US privacy law who has represented ISPs and cable 
operators was part of the program.  

>indicated that they need greater tools to fight cyber crimes in 
>GB because their current regime had proven woefully 
>inadequate, and thus they implemented massive data 
>retention requirements.  Their thinking was that, they will 
>just require ISPs, Registrars and any other online
>businesses to collect all data, in mass, regardless type 
>and transfer it to the hands of the government, regardless 
>of whether it is remotely related to an investigation or not.  
>To me, that is a far greater concern for privacy than any 
>Whois access.  

You are right, that is terrible, but it is exactly the same kind of thinking 
that demands unrestricted access to whois data! 

Are you suggesting that if there were no opt-out in .uk that law enforcement 
would abandon its demand for such data retention? I seriously doubt it. 

>If your analogy to phone numbers and drivers' licenses related to
>personal email addresses, I could agree with you. But by registering a
>domain and operating a website, a person or organization is holding
>himself/itself out to the public

Maggie, as a lawyer you know better than this. There is well settled US law on 
this. Publishing information is not "holding out to the public" in a business 
sense. 

>and I believe there should be some
>accountability as a result. 

Again, you know well that accountability is not the issue, it is the due 
process that law enforcement and IP lawyers must go through to enforce 
accountability. Regardless of how public whois data is, any user can be held 
accountable if proper process is followed. And while following proper process 
may let a few guilty parties slip away, it is better that than to subject the 
99% who are innocent to harassment, abuse, unaccountable law enforcement 
surveillance, etc.