[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[atlarge-discuss] Re: [ga] Re: [atlarge-discuss] Re: [nc-transfer] Re: [ncdnhc-discuss] WLS proposal

Hi Lisa,

What can I say to such an emotional outcry?  I'm speechless and can't
answer the question posed.

        "How many murders will it take? How many were injured or killed before
        there were stalking laws?

        Publishing identifying information, whether people like it or not, is
        dangerous. It's bad enough that for a price, one can obtain just about
        anything. We don't have to make it easy."

I, however, am looking at it in a more antiseptic environment. That
is, neither I nor anyone in my family have had your misfortune.
Therefore, I cannot be totally empathetic, although I recognize your
pain.

I am just not an advocate of throwing out the baby with the bath
water, without clear and convincing evidence which is not focused on
only one or two independent situations.

That's just me and it's nothing personal.

Thanks,






Tuesday, June 18, 2002, 9:42:17 PM, L. Gallegos <jandl@jandl.com> wrote:


LG> On 18 Jun 2002, at 20:50, Don Brown wrote:

>> I certainly emphasize with your concerns. However, sometimes we have a
>> tendency to go gunning for an isolated, but notorious, incident more
>> zealously, due to its notoriety or shock value.  Perhaps, sometimes we gun
>> for mosquitos with a double barrel shotgun, because we are closer to the
>> mosquito bite than anyone else.  That's understandable.
>> 
>> I don't profess to know the total answer, but I recognize the problem
>> from a larger scope, I think.
>> 
>> As long as there is fraud, spammers and other pests on the Internet,
>> the WhoIs information will continue to be a tool that ISP's use to
>> "attempt" to stop them. We use the WhoIs all the time to identify the
>> source of Spammers. We use the WhoIs to help verify credit card
>> charges and to prove that a business, which is applying for a Merchant
>> Account, is the legitimate registrant of the domain name represented by the
>> pages we print and "fax" to the potential acquiring Bank.

LG> If a privacy bureau is used correctly, you would have no problem 
LG> contacting the registrant for the information and permission for access to 
LG> his/her records for that verification.  You just mail to 
LG> <account@privacybureau.TLD> and the mail goes to the registrant. OTOH, 
LG> there are other ways to verify information for bank cards and Merchant 
LG> Accounts.

LG> Once again, most spam uses forged headers, so the whois does not help much 
LG> since it is not the domain holder doing the spamming.  You would have to 
LG> go to the IP address and find the source of the spam to have any luck.  If 
LG> it is, in fact, the domain name holder, contacting the ISP would have the 
LG> same effect in stopping the spammer or block the IP address from which it 
LG> came, which is the method I use most if I don't receive a response from 
LG> the ISP.

LG> As an ISP, if you have a spammer and you know it is one of your users, you 
LG> already have his information and can stop him.  You still don't need the 
LG> public whois.

>> 
>> If WhoIs goes totally anonymous, I think the first folks to jump at
>> it will be the nefarious ones who use us and abuse us all the time.
>> They do their own brand of stalking by trying to relay mail off of our
>> servers, using fraudulent cards to sign up for our services and attacking
>> us with Ping floods and other methods of trying to bring our network to its
>> knees.

LG> Again, there are methods for obtaining verification without having a 
LG> public whois published.  I don't think ping floods will be stopped by 
LG> publishing the whois personal identifying information.  All you need is 
LG> the IP address of the offender.  NIDS does wonders for tracking attacks 
LG> and mail relay attempts.  If it comes to a lawsuit, a court order will 
LG> always release the information.  It is not in limbo, just not published 
LG> for the world to see.

>> 
>> Personally, I have an unlisted telephone number at home and I pay the
>> telephone company extra for that.  My motivation is to not have sales
>> people or get rich quick screamers call me at home.  I already get
>> that at work.  On the flip side of that, our neighborhood has a
>> neighborhood watch program and our address and telephone number is
>> listed in that directory.

LG> My business is in my home and I had to publish my unlisted number in the 
LG> whois.  Now I seldom answer that phone because of all the crank calls.  I 
LG> have another line that is not published anywhere.  So if you were to call 
LG> the number that is now public information, you would get a voice mail 
LG> announcement.  My business associates and friends have other numbers at 
LG> which to reach me.  So what good is the whois to you?  Most of the numbers 
LG> I've called from the whois are voice mail or pager numbers.  I just feel 
LG> for those who cannot manage the cost of all the different phone lines, 
LG> pagers, cellphones, etc.  We in the US are pretty spoiled in that regard. 

>> 
>> I don't know the total solution to the WhoIs information.  I do know
>> that from a business standpoint, making most information anonymous
>> will certainly help the bad guys.  John Gotti would have liked to have been
>> the anonymous Don rather than the Teflon Don.  Given the latter, he would
>> have enjoyed much better country club golf.

LG> I don't think that would be the case at all.  Just because the information 
LG> is not pubslished, does not mean it is not available to those with 
LG> legitimate reasons to obtain it (with the registrant's permission, of 
LG> course or a court order).  As for the Gotti's of the world, had it not 
LG> been for informants, no whois would have had any effect on his conviction. 
LG>  That was probably not the best analogy, IMO.
   
>> 
>> I don't know that there is a right or wrong answer to this debate.
>> We do, however, need to blend the practicality with the risk
>> management of it somehow.

LG> As I said, the risk management is the privacy bureau concept.  The 
LG> registrant is only protected from having personal inforamtion published on 
LG> the internet.  He can still be reached and information released under 
LG> specific circumstances.  We are not talking about complete anonymity, but 
LG> protection of privacy.  It simply becomes an Opt-IN situation rather than 
LG> an opt-out and the public cannot simply grab personal information without 
LG> the person's permission.

LG> I am inundated enough with trash contacts and take extra steps to protect 
LG> my and my family's privacy now.  Also, FYI, most people who are stalked do 
LG> not make it public information either.  Doing so makes the situation 
LG> worse, as it encourages more of the same.  Because my testimony at 
LG> Congress stated that I was stalked, it is known.  Prior to that, I did not 
LG> make it public knowledge.  In addtion, every time it has been brought up 
LG> publicly, I pay an additional price in crackpot email and calls.  I would 
LG> tend to believe that there are many more cases like mine and that for the 
LG> same reasons that I have not made a public case of it, they have not 
LG> either.  This is especially true where it involves family members and most 
LG> especially children.  How many murders will it take?  How many were 
LG> injured or killed before there were stalking laws?  

LG> Publishing identifying information, whether people like it or not, is 
LG> dangerous.  It's bad enough that for a price, one can obtain just about 
LG> anything.  We don't have to make it easy.

LG> Regards,

LG> Leah

>> 
>> Thanks,
>> 
>> 
>> Tuesday, June 18, 2002, 12:12:38 PM, Jeff Williams <jwkckid1@ix.netcom.com>
>> wrote: JW> Barbara all assembly members, stakeholders or interested
>> parties,
>> 
>> JW>   INEGroup wholeheartedly and strongly agrees with Barbara's comments
>> JW> below.  Indeed it is not necessary for a registrants personal and
>> private JW> information such as home address and phone number to be listed
>> in Whois JW> data for their domain name.  In fact to do so is s severe
>> security risk JW> to that individual and a potential hindrance to law
>> enforcement in this JW> unfortunate age of cyber terrorism.  Law
>> enforcement agencies, such JW> as the FBI, CIA, NSA, or military
>> intelligence do not need to be JW> chasing false leads due to some
>> prankster using Whois data to JW> create false leads or false information
>> fraudulently using someone's JW> registration information of a Domain Name
>> that would include JW> their personal physical address or personal Phone
>> Number. JW> To make such information necessary as part of the registration
>> JW> of a Domain name is simply stupid and unnecessarily harmful, as JW>
>> well as partly counter productive..
>> 
>> JW> Barbara Simons wrote:
>> 
>> >> If you are opposed to spammers, then I would think that you would be
>> >> really upset with the whois database, which is a rich resource indeed
>> >> for spammers.
>> >>
>> >> Information about where I live has nothing to do with openness or the
>> >> lack thereof.  I am quite happy to have my email address made available
>> >> (but not to spammers - I wish).  But surely you would not accuse me of a
>> >> lack of openness if I were to refuse to provide my home address to the
>> >> world in order to obtain my own domain name.  (It is entirely
>> >> reasonable, by contrast, to require that I provide an accurate technical
>> >> contact).
>> >>
>> >> I have no idea how many children have their own domain names, but there
>> >> are obviously quite a few.  You might want to check out Chris Van Allen,
>> >> whose dad gave him the domain name pokey.org several years ago.  Chris
>> >> became somewhat famous when he was sent a cease and desist order by the
>> >> Prema Toy Co., the company that manufactures Gumby.  You can read about
>> >> Chris' adventures at www.pokey.org.
>> >>
>> >> To state the obvious, if a child has a website that has been purchased
>> >> by that child's parent, and if the parent is required to provide his or
>> >> her home address, most folks will be able to infer the address of the
>> >> child.
>> >>
>> >> Many parents seem to believe that information about their children
>> >> should not be posted for anyone in the world to view.  Many adults feel
>> >> the same about their own information.
>> >>
>> >> You might have made a similar argument about drivers' license records
>> >> being held by the California Dept of Motor Vehicles.  That information
>> >> was open, and as a result a young women's home address was located by a
>> >> stalker, and she was murdered.  I have heard about a woman who was
>> >> stalked based on her whois information, but I'm afraid I can't give you
>> >> a reference for that. Maybe someone else on one of these lists can.
>> >>
>> >> As far as political speech goes, I'm sure you are aware of countries and
>> >> times during which criticism of one's government can be life
>> >> threatening. And you don't have to go outside the US to find multiple
>> >> examples of abuses and harassment of law abiding citizens by some law
>> >> enforcement agencies.  If you have not been following the most recent
>> >> revelations about the FBI and its obsession with UC Berkeley, the Free
>> >> Speech Movement, and Clark Kerr, the then President of the University of
>> >> California, I shall be happy to forward to you a very detailed set of
>> >> articles published a couple of weeks ago in the San Francisco Chronicle.
>> >>  If the '60s are ancient history for you, there are recent abuses by the
>> >> LA Police Department, including the framing of innocent people, that
>> >> date back only a few years.  I can send you some references for those as
>> >> well.
>> >>
>> >> Openness does not mean that we must relinquish all notions of privacy if
>> >> we are to own a domain name.  Rather than forcing people to provide
>> >> information about where they are located, Congress should be requiring
>> >> ICANN to institute meaningful privacy protections on the whois database.
>> >>  Maybe then we could discuss whether or not the domain name owner's
>> >> personal information should be provided.
>> >>
>> >> Barbara
>> >>
>> >> P.S.  The early incarnation of the Internet, ARPANET, was about
>> >> maintaining communications after a devastating event such as the
>> >> dropping of nuclear weapons on the US.  It was *not* about openness, nor
>> >> was it about commerce. The openness that you and I both cherish came
>> >> into being because of the small clique of researchers and academics who
>> >> were the original ARPANET users.  I share your desire to maintain that
>> >> openness and to prevent the Internet from being regulated and restricted
>> >> to the point that it becomes a jazzed up Home Shopping Channel.  If the
>> >> Internet is to continue to be the open communications channel that it
>> >> has become, then it is critical that people have the ability to speak
>> >> without fearing that everything they say and do can be monitored.
>> >>
>> >> On 6/17/02 10:46 PM, "Micheal Sherrill" <micheal@beethoven.com> wrote:
>> >>
>> >> > Wait a minute.  I am all for protecting abused wives, children, and
>> >> > those seeking political asylum.  But, what does this have to do with
>> >> > the Whois function?  I agree that perhaps a felony conviction for a
>> >> > first time offense is harsh but please do not forget what this
>> >> > Internet was, and is all about, openness.  At this time this
>> >> > (openness) is being clogged by a proliferation of SPAMers that will,
>> >> > eventually, plug the pipe for any meaningful communication. If we do
>> >> > not have the means to track accurate information of those that seek to
>> >> > take advantage of all the resources that others fund how will we
>> >> > survive? Your arguments pluck at our heartstrings but they also try to
>> >> > pluck my pocketbook.  I mean, how many children have their own domain
>> >> > name?  And if they can afford it, why do they need to hide their
>> >> > identity?  It would seem to me that most children are trying to reach
>> >> > other children.  So why protect them from each other?  Besides, the
>> >> > children do not register the domain names, their parents usually do. 
>> >> > It has nothing to do with discovery.  Even more so, what Internet
>> >> > sites are dedicated to battered women that would somehow lead angry,
>> >> > misguided men to a safe house?  I do not think that any support group
>> >> > would purchase a domain name but would be smart enough and economical
>> >> > enough to go through a Web hosting company.  And what is even more
>> >> > perplexing is the reference to free speech.  Free speech is about
>> >> > openness.  We talk about things in the open!  So why the need for
>> >> > subterfuge?  If we have free speech on the Internet what makes sense
>> >> > about listing a false address for our cause? Anything else is already
>> >> > illegal, even via the USPS.  Plus, I have no idea what you are talking
>> >> > about in reference to trademark holders sending out cease and desist
>> >> > letters.  Overall, the logic of your complaint does not compute.
>> >> >
>> >> > Regards,
>> >> >
>> >> >
>> >> > Micheal Sherrill
>> >> >
>> >> >
>> >> > ---------- Original Message ----------------------------------
>> >> > From: Jeff Williams <jwkckid1@ix.netcom.com>
>> >> > Date:  Mon, 17 Jun 2002 19:55:34 -0700
>> >> >
>> >> > Barbara and all,
>> >> >
>> >> > We [INEGroup] agree with you here Barbara, and are in process of
>> >> > contacting the appropriate senate and House members that are
>> >> > involved in this rather arcane and misguided legislation being
>> >> > considered.
>> >> >
>> >> > I personally would suggest that anyone concerned about their personal
>> >> > safety, and privacy that are Domain Name holders do likewise without
>> >> > delay...
>> >> >
>> >> > Barbara Simons wrote:
>> >> >
>> >> >> I agree that accurate information should be provided for the
>> >> >> technical liaison.  What I'm saying is that a law that makes it a
>> >> >> felony to provide inaccurate information for the domain name holder
>> >> >> creates major problems regarding political speech, shelters for
>> >> >> battered women, children who own their own domain name, etc.  The
>> >> >> whois database is an open invitation for massive privacy invasion of
>> >> >> domain name owners (as opposed to technical contacts).  HR 4640 would
>> >> >> make it a felony in the U.S., punishable by up to 5 years in prison,
>> >> >> to provide false address information for the owner of a domain name. 
>> >> >> This would be a boon to trademark holders who are eager to send out
>> >> >> large numbers of cease and desist letters, and a blow to people who
>> >> >> care about protecting our privacy.
>> >> >>
>> >> >> I didn't mean to start a discussion about HR 4640, though I hope that
>> >> >> this has helped to make our US based members aware of this misguided
>> >> >> legislative proposal.
>> >> >>
>> >> >> Regards,
>> >> >> Barbara
>> 
>> JW> Regards,
>> 
>> JW> --
>> JW> Jeffrey A. Williams
>> JW> Spokesman for INEGroup - (Over 124k members/stakeholders strong!)
>> JW> CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
>> JW> Information Network Eng. Group. INEG. INC.
>> JW> E-Mail jwkckid1@ix.netcom.com
>> JW> Contact Number:  972-244-3801 or 214-244-4827
>> JW> Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
>> 
>> 
>> JW> --
>> JW> This message was passed to you via the ga@dnso.org list.
>> JW> Send mail to majordomo@dnso.org to unsubscribe
>> JW> ("unsubscribe ga" in the body of the message).
>> JW> Archives at http://www.dnso.org/archives.html
>> 
>> 
>> 
>> 
>> ----
>> Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
>> donbrown_l@inetconcepts.net         http://www.inetconcepts.net
>> PGP Key ID: 04C99A55              (972) 788-2364  Fax: (972) 788-5049
>> Providing Internet Solutions Worldwide - An eDataWeb Affiliate
>> ----
>> 
>> --
>> This message was passed to you via the ga-full@dnso.org list.
>> Send mail to majordomo@dnso.org to unsubscribe
>> ("unsubscribe ga-full" in the body of the message).
>> Archives at http://www.dnso.org/archives.html
>> 
>> 





----
Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
donbrown_l@inetconcepts.net         http://www.inetconcepts.net
PGP Key ID: 04C99A55              (972) 788-2364  Fax: (972) 788-5049
Providing Internet Solutions Worldwide - An eDataWeb Affiliate
----


---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de