Re: [alac] Various
- To: alac@xxxxxxxxx
- Subject: Re: [alac] Various
- From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jun 2003 14:12:40 +0200
On 2003-06-19 00:45:38 -0300, Sebastian Ricciardi wrote:
> Anyway, can somebody here explain me why is WHOIS service so
> critical for the "health" of the Internet ?
Whether it is critical is something on which intelligent people
I'm certainly *not* convinced that it's *critical* myself, but I see
a lot of political weight behind the demand to keep it in some form,
and I can see some arguments why it might be good to give some
classes of data users access to registrant identity data, in some
way. (Law enforcement, e.g.)
Others go further and argue in favor of truly anonymous
> 1./ Is WHOIS a critical service? Why?
> 2./ Does it need to be public?
> 3./ There might be a thousand technical ways to limit port 43
> access. Why is this still an issue ?
Because port 43 is in the RAA, so turning it off requires a
consensus policy or a change of contract. Also, Port 43 is used by
any tools which provide "unified portals" to whois.
> 4./ Are we agree on the principle that user privacy should be
Yes, as far as I'm concerned.
> What are the limits of the privacy rights of the individual user?
That's the critical question...
> 5./ Wouldn't be better if the registrar keep the information (at
> least a part of it, i.e. e-mail address and telephone number)
> safe and bring it to an interested party in a need to know basis?
That's what tiered access is all about...
I'm attaching some bullet points which we might use when asked to
speak about WHOIS on the record in Montreal. Comments?
Thomas Roessler <roessler (at) does-not-exist.org>
Notes on GNSO Consensus Policies
* ALAC has submitted comments to GNSO Council (February 2003)
+ WHOIS Reminder Policy: Opportunity for good-faith registrants
to verify data accuracy.
+ Concern: Any enforcement of data accuracy shifts actual
balance in favor of data availability. Address by finding
properly balanced policy in the future (which policy could
include making "accuracy" optional).
* Bulk Access
+ No marketing uses.
+ No resale of bulk data.
+ Support these changes.
Future Policy Work
* Don't have the magic bullet, either.
* Concerns and some ideas, not formal position.
* Building on public record of previous discussions.
+ DNSO WHOIS Survey.
+ Public comments received by WHOIS Task Force.
+ Don't just start from current state of affairs.
* Soliciting input on ALAC web site.
* Participating in GNSO policy work.
* Discuss with private and public sector.
* Discuss with users and suppliers.
Some Concerns: e.g., ...
* Where registrants have privacy expectations backed by applicable
law, these expectations (and applicable law) must be respected.
* Availability of personal data to anyone for any purpose invites
abuse and even criminal activities. There's more to privacy than
* Anonymity and privacy foster free speech. Obligatory speaker
identification chills it.
* How to balance concerns against legitimate data user interests?
Some Ideas: e.g., ...
* Look closely at data collection and uses:
+ Are they actually important for the operation of the
+ Are they best served by the current mandatory WHOIS system -
or would a system be more appropriate in which registrants
themselves determine what's published and where?
* Tiered access to WHOIS: Some data public, some private or
+ Differentiate by registrant? (Or just give registrant a
+ Differentiate by data user and purpose?
+ Could reliable identification of data user + audit trail be
enough to grant privileged access? To any identified data
+ Audit trail available to registrant? To public? When?
Future Policy Work - Next Step
See you at the WHOIS Workshop!