<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi John,<br>
<div class="moz-cite-prefix"><br>
</div>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">(...) I'm strongly opposed to requiring email or
other registration in order to view thin or thick details. For
the reasons outlined below, I think it's antithetical to the
open and decentralized nature of the internet, and constitutes a
form of internet surveillance. <br>
</div>
</blockquote>
Is it though? Only for domain names do you have such a database.
Other services on the open and decentralized internet do not seem to
require it. For example the ones actually doing the abuse, e.g.
users of mail and hosting services. Why should a domain name be
treated differently than any other service that constitutes the
internet? <br>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)">First,
putting aside repressive regimes, private networks and edge
cases, one of the hallmark principles of the internet is that
it's open; you don't have to register or justify your need to
access information on the internet. And, it's decentralized.
Historically, its open nature has included not only being able
to see a website, but also the registration details for the
website's domain name. And, whatever governments may do (which
isn't the question here), there's no centralized internet
surveillance or registration authority for internet users
generally. <br>
</div>
</div>
</blockquote>
You do have to justify the publication of private details. And I am
sorry, but "Legitscript might need it" or even "Legitscript may not
need this particular set of data but someone elses data" does not
cut it as far as justifications go.<br>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)">If
we impose a scheme where there is a central organization with
the authority to a) require registration and b) centrally
control access, and c) (as has been proposed) require the user
to provide a reason for their access, that organization then
also has the ability to d) make judgment calls about what
reasons are valid and which are not and e) maintain data on
who accessed what RDS data, for what reason, for how long and
why. Note also that at least one version of the EWG report
said that f) the organization would be empowered to levy
punitive measures against internet users who accessed more
data than the RDS deems appropriate.</div>
</div>
</blockquote>
Sounds good to me. If you want all this data on other people, why
are you so shy about your own data?<br>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">A journalist (or blogger) is writing an
investigative article and wants to find out who is behind a
domain name. If we require registration and disclosure of the
reason, that in essence creates a situation where the RDS de
facto is monitoring that journalist and determining if their
basis for conducting the investigation is worthy. It also allows
the RDS the ability to monitor the journalist's use of the
domain name registration data. This potentially chills free
speech. <br>
</div>
</blockquote>
Does that reporter have a legally enforceable right to access that
data? Would he have such a right to find out who rents the hosting
space at hosting provider X?<br>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)">
<div class="gmail_default"
style="color:rgb(34,34,34);font-family:arial,sans-serif">
<ul>
<li>Consider a political activist who wishes to expose
corruption by an elected politician and wants to access
RDS information to show, for example, conflicts of
interests in the politician's business operations. Once
the political activist has to disclose who they are, let
alone why they are accessing the information, that not
only chills legitimate political activism but also
potentially opens up a route for government abuse (e.g.,
if a government agency were able to subpoena the list of
who accessed RDS information for which domain names and
why).<br>
</li>
</ul>
</div>
</div>
</div>
</blockquote>
Does that reporter have a legally enforceable right to access that
data? Would he have such a right to find out who rents the hosting
space at hosting provider X? Maybe a look at the tax returns of the
elected politician would be more helpfull (Oops, hot topic!)<br>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)">
<div class="gmail_default"
style="color:rgb(34,34,34);font-family:arial,sans-serif">
<ul>
<li>Academic researchers periodically review Whois/RDS
data; requiring them to register before reviewing data
and disclose why they are doing the research potentially
empowers the RDS to monitor academic research and
determine its worthiness. <br>
</li>
</ul>
</div>
</div>
</div>
</blockquote>
Should such research be possible? Does the right to academic freedom
beat out the right of countless individuals to data privacy?<br>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)">
<div class="gmail_default"
style="color:rgb(34,34,34);font-family:arial,sans-serif">
<ul>
<li>Imagine that a cybercrime network is under
investigation (as they are wont to be); requiring law
enforcement to register -- particularly if there is a
log of which domain names they reviewed RDS for -- can
potentially compromise the investigation if that
information is disclosed. Would registrants have the
right to be informed every time that someone registered
to review their RDS details? <br>
</li>
</ul>
</div>
</div>
</div>
</blockquote>
We have not determined that yet. Let's consider that down the road
along with the question if law enforcement of a particular
jurisdiction should even be able to access data on a data subject in
another jurisdiction. If I remember correctly, the legal authority
of most law enforcement agencies ends at their national border.<br>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)">
<div class="gmail_default"
style="color:rgb(34,34,34);font-family:arial,sans-serif">
<div>For one central entity to possess that much power over
internet users is something that I think we should avoid,
and it's antithetical to the principles of openness and
decentralization. There are other well-known solutions to
spam and inappropriate contacts; forcing all other
legitimate activities to grind to a screeching halt --
particular under the umbrella of a surveillance scheme --
is a cure worse than the disease. </div>
</div>
</div>
</div>
</blockquote>
Well, I would argue that private data being public as it is now is
worse than anything you proposed so far.<br>
<blockquote
cite="mid:CADW+euszwOzGFnr1J7T7oS1GG6vdCKi5bV=mKBxGfbOsezfi8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)">
<div class="gmail_default"
style="color:rgb(34,34,34);font-family:arial,sans-serif">
<div> </div>
-- </div>
</div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</body>
</html>