Re: [alac] Various
On 2003-06-19 00:45:38 -0300, Sebastian Ricciardi wrote: > Anyway, can somebody here explain me why is WHOIS service so > critical for the "health" of the Internet ? Whether it is critical is something on which intelligent people might differ. I'm certainly *not* convinced that it's *critical* myself, but I see a lot of political weight behind the demand to keep it in some form, and I can see some arguments why it might be good to give some classes of data users access to registrant identity data, in some way. (Law enforcement, e.g.) Others go further and argue in favor of truly anonymous registrations. > 1./ Is WHOIS a critical service? Why? IMHO, no. > 2./ Does it need to be public? No. > 3./ There might be a thousand technical ways to limit port 43 > access. Why is this still an issue ? Because port 43 is in the RAA, so turning it off requires a consensus policy or a change of contract. Also, Port 43 is used by any tools which provide "unified portals" to whois. > 4./ Are we agree on the principle that user privacy should be > protected? Yes, as far as I'm concerned. > What are the limits of the privacy rights of the individual user? That's the critical question... > 5./ Wouldn't be better if the registrar keep the information (at > least a part of it, i.e. e-mail address and telephone number) > safe and bring it to an interested party in a need to know basis? That's what tiered access is all about... I'm attaching some bullet points which we might use when asked to speak about WHOIS on the record in Montreal. Comments? -- Thomas Roessler <roessler (at) does-not-exist.org>
Notes on GNSO Consensus Policies * ALAC has submitted comments to GNSO Council (February 2003) * Accuracy + WHOIS Reminder Policy: Opportunity for good-faith registrants to verify data accuracy. + Concern: Any enforcement of data accuracy shifts actual balance in favor of data availability. Address by finding properly balanced policy in the future (which policy could include making "accuracy" optional). * Bulk Access + No marketing uses. + No resale of bulk data. + Support these changes. ------------------------------ Future Policy Work * Don't have the magic bullet, either. * Concerns and some ideas, not formal position. * Building on public record of previous discussions. + DNSO WHOIS Survey. + Public comments received by WHOIS Task Force. + Don't just start from current state of affairs. * Soliciting input on ALAC web site. * Participating in GNSO policy work. * Discuss with private and public sector. * Discuss with users and suppliers. ------------------------------ Some Concerns: e.g., ... * Where registrants have privacy expectations backed by applicable law, these expectations (and applicable law) must be respected. * Availability of personal data to anyone for any purpose invites abuse and even criminal activities. There's more to privacy than just spam. * Anonymity and privacy foster free speech. Obligatory speaker identification chills it. * How to balance concerns against legitimate data user interests? ------------------------------ Some Ideas: e.g., ... * Look closely at data collection and uses: + Are they actually important for the operation of the Internet? + Are they best served by the current mandatory WHOIS system - or would a system be more appropriate in which registrants themselves determine what's published and where? * Tiered access to WHOIS: Some data public, some private or privileged. + Differentiate by registrant? (Or just give registrant a choice instead?) + Differentiate by data user and purpose? + Could reliable identification of data user + audit trail be enough to grant privileged access? To any identified data user? + Audit trail available to registrant? To public? When? ------------------------------ Future Policy Work - Next Step See you at the WHOIS Workshop!