Real consensus requires starting from scratch

[Dan Krimm <dan@xxxxxxxxxxxxxxxx>]

While I fully support the cause of combatting fraud on the Internet, it is
not clear that the current maximalist policies surrounding unconstrained
access to the Whois database are necessary to fully enable this function.
Those who make this bald claim have not proven their case, and the burden
of proof should be on them.

At the same time, dangerous fraud can be propagated on the many domain
registrants who are natural persons by entities that currently harvest the
Whois info willy-nilly for nefarious purposes such as spam (which often
carries materially harmful code or links to web sites with harmful code, or
is used for phishing or pharming links, etc.).

Balance is called for here, but the status quo entrenches an entirely
unbalanced result favoring unbridled access to personal data regardless of
the harm that such access creates.  In order to reach a genuine balance of
consensus, the status quo policy should be rescinded (or a future date
should be set to expire the current policy, putting a fixed time limit on
the status quo) and parties should reconvene to discuss a *real* consensus
policy.

The "initial conditions" prior to the latest Whois Working Group
deliberations utterly precluded any possibility of a consensus result,
because many participants viewed *any* change in the Whois policy to be a
losing proposition for their narrow special interests, and thus they worked
very hard to scuttle any chance of real consensus, even as one or two such
attempts made their way into discussion.

The status quo policy of allowing fully unconstrained access is simply
unacceptable from a privacy standpoint, just as *no* access would be
unacceptable from the anti-fraud perspective.  And unless the status quo is
sunsetted, there is no realistic hope of reaching a balanced result on a
consensus basis.  Dragging out deliberations interminably also satisfies
the status quo, by ensuring the status quo is permanent "on the installment
plan."

This has gone on long enough.  Stop the one-sided stonewalling by those who
dismiss any privacy interests at all, and let's create conditions where
everyone comes to the table as equals.  Then there is at least a chance
that a consensus might emerge.  Note that privacy advocates have always
acknowledged a rationale for justified access to combat fraud.  The reverse
is not true of the anti-fraud advocates who acknowledge no rationale to
protect privacy.