[Gnso-ppsai-pdp-wg] Privacy/Proxy and spam/botnets
Bob Bruen
bruen at coldrain.net
Mon Jan 20 19:48:50 UTC 2014
Hi Kathy,
It might be worthwhile to go through the old RFCs.
The original ARPANET directory evolved into whois.
Here are few data points, as you can see public information for those
using ARPANET included personal information.
1) ARPANET INFORMATION BROCHURE 1978
"The ARPANET DIRECTORY - A directory of users and hosts on the ARPANET.
It gives the names, network and U.S.mail address, phone number and host
affiliation of ARPANET users, as well as summar tables of host
information,"
===================================================
2) 1982 Ken Harrenstien and Vic White released RFC 812 entitled
NICNAME/WHOIS, the first time WHOIS was used in the the first time WHOIS
was used in the title of an RFC and the official call to make WHOIS a
specific named service. The purpose of this RFC is to describe the service
"The server is accessible across the ARPANET from user programs running on
local hosts, and it delivers the full name, U.S. address, telephone
number, and network mailbox for ARPANET users."
==============================================
ICANN took control in 1998 and the RAA followed. The ICANN version of
whois included the name, address, phone number, etc.
========================================================================================
fwiw, I was in a meeting with Scott back in 1990 when ESNet and MIT needed
to figure out a peering relationship on campus. At that time there were
more than just universities with domains. The network was not that closed.
It was limited by the number of places joining in.
Yes, Milton has written about the early days. A good resource.
--bob
On Mon, 20 Jan 2014, Kathy Kleiman wrote:
> Actually, FWIW, I don't think Whois data was intended to be public. When it was created, as part of the NSFNET, it was
> information shared in a trusted network among members of the trusted (and closed) network.
>
> Further, it was never personal or home information. Domain names were registered largely by universities, e.g.,
> Harvard.edu, and the Whois data was Scott Bradner's (Harvard IT) and other university IT office locations (and some
> government and military agencies) - in a closed network).
>
> The DNS then expanded broadly in the 1990s, NSF forwarded to the US Department of Commerce and then it was sent on to the
> new ICANN (someone has written about this transition and lack of evaluation of Whois as an academic piece; Milton I think).
>
> I've spoken with Scott Bradner about this...
> Best,
> Kathy
>
>
>
> As a European, I believe in data protection and data privacy. Information that needs to be public
> should be. Information that does not should not. "The public" indeed does not need that data. If you
> think that is extreme...
>
> BTW: I also have an issue with tapping phones, logging connection data, logging private
> communication, etc.
>
> Volker
>
> Am 20.01.2014 18:36, schrieb Bob Bruen:
> Hi Volker,
>
> Law Enforcement has been compaining for years about access to whois and still do. This
> is just an obstacle thrown up to slow down finding who the bad actors are. Getting court
> orders and warrants just to see who owns a domain (commercial) is way out there. The
> information was intended to be public in the first place.
>
> It appears that you have decided that the general public does not deserve access to
> public whois data. Again, I do not know what to say to something so extreme.
>
> --bob
>
>
> On Mon, 20 Jan 2014, Volker Greimann wrote:
>
> No identities of criminals are effectively protected by privacy services,
> provided they are required to reveal such
> identities to law enforcement of appropriate jurisdiction.
>
> Private individuals, vigilantes or other interested parties on the other
> hand have no real legitimate interest to receive
> data on alleged criminals data unless they want to take matters best left to
> LEAs into their own hands.
>
> There is a reason why even criminals have the right to privacy and not to
> have their full names and likenesses published.
> Heck, in Japan, TV stations even mosaic handcuffs of suspects.
>
> Volker
>
>
> Hi Tim,
>
> The harm is protecting the identities of criminnals. And I consider
> undermining whois a harm, as well
>
> --bob
>
>
> On Mon, 20 Jan 2014, Tim Ruiz wrote:
>
> What are the problems commercial entities that use p/p have
> caused?
>
> On Jan 20, 2014, at 8:11 AM, "Bob Bruen"
> <bruen at coldrain.net> wrote:
>
>
> Hi Volker,
>
> I was merely responding to Stephanie's comments about the
> difficulties, not advocating a
> position.
>
> However, as you are aware, I do advocate barring
> commercial entities from using p/p,
> because the use has already caused harm and we should fix
> that. The providers created
> the problem in the first place, so allowing them to
> continue to control it simply
> continues the problem.
>
> The discussion of all this is the point of this group (and
> other groups).
>
> --bob
>
> On Mon, 20 Jan 2014, Volker Greimann wrote:
>
> I agree that it would be possible to bar commercial
> entities from using p/p
> services, however I am not sure it is the
> sensible thing to do. Certainly, there is abuse, but
> by creating a blanket
> prohibition, i fear more damage will be done to
> legitimate interests than good is done to
> illegitimate ones.
> In the end it should be up to the provider which
> categories of clients it
> accepts.
> Volker
> Am 20.01.2014 02:08, schrieb Bob Bruen:
>
> Hi Stephanie,
>
> It is entirely possible to decide to bar
> commercial entities, create a
> definition of "comercial entities" and
> then deal with those which appear to
> problematical.
>
> The fraudsters probably will not be a set up as
> a legitimate bussiness,
> but their sites can be identified as
> spam, malware, etc types and thus taking money,
> therefore a business. I
> am sure there are other methods to deal
> with problem domain names.
>
> In general, exceptions or problems should not
> derail a process.
>
> --bob
>
> On Sun, 19 Jan 2014, Stephanie Perrin wrote:
>
> I dont want to keep beating a dead horse
> here....but if there is
> a resounding
> response of "yes indeed, bar commercial
> entities from using P/P
> services", then
> how are you going to propose that p/p
> proxy service providers
> determine who is a
> commercial entity, particularly in
> jurisdictions which have
> declined to regulate
> the provision of goods and services over
> the Internet? I don't
> like asking
> questions that walk us into corners we
> cannot get out of. Do the
> fraudsters we
> are worried about actually apply for
> business numbers and
> articles of
> incorporation in the jurisdictions in
> which they operate? I
> operate in a
> jurisdiction where this distinction is
> often extremely difficult
> to make. THe
> determination would depend on the precise
> use being made of the
> domain
> name....which gets ICANN squarely into
> content analysis, and
> which can hardly be
> done for new registrations, even if t
> were within ICANN's remit.
> I am honestly
> not trying to be difficult, but I just
> have not heard a good
> answer to this
> problem.
> Stephanie Perrin
> On 2014-01-19, at 4:38 PM, Holly Raiche
> wrote:
>
> Jin and all
> I agree with Jim here (and Don earlier).
> The important task here
> is
> agreeing on the questions to be asked of
> the SO/ACs. So we need
> to get
> back to framing the questions - not
> answering them, however
> tempting that
> may be.
>
> So the question of whether 'commercial
> entities' should be barred
> is still
> a useful question to ask. The next
> question would be whether
> there are
> possible distinctions that should be
> drawn between an entity that
> can use
> the service and one that can't and, if
> so, where is the line
> drawn. I agree
> with the discussion on how difficult that
> will be because many
> entities
> that have corporate status also have
> reasonable grounds for
> wanting the
> protection of such a service (human
> rights organisations or
> women's refuges
> come to mind). But that is the sort of
> response we are seeking
> from
> others outside of this group - so let's
> not prejudge answers.
> Let's only
> frame the questions that will help us
> come to some sensible
> answers.
> Otherwise, we'll never get to the next
> steps.
>
> And my apologies for the next meeting. I
> have a long day ahead
> on
> Wednesday (Sydney time) and taking calls
> at 2.00am won't help.
> So Ill read
> the transcript and be back in a fortnight
> (2 weeks for those who
> do not use
> the term)
>
> Holly
>
> On 16/01/2014, at 5:39 AM, Jim Bikoff
> wrote:
>
> Don and all,
>
> As we suggested earlier, and discussed in
> the last Group
> teleconference, it might be helpful, as a
> next step, if we
> reached a
> consensus on the groups of questions
> before sending them out to
> SO/ACs and SG/Cs.
>
> This would involve two steps: First,
> agreeing on the name of each
> group; and second, streamlining the
> questions in each group.
>
> In the first step, we could consider
> alternative headings
> (perhaps
> REGISTRATION instead of MAINTENANCE).
>
> And in the second step, we could remove
> duplicative or vague
> questions.
>
> This crystallization would make the
> questions more approachable,
> and
> encourage better responses.
>
> I hope these ideas are helpful.
>
> Best,
>
> Jim
>
> James L. Bikoff
> Silverberg, Goldman & Bikoff, LLP
> 1101 30th Street, NW
> Suite 120
> Washington, DC 20007
> Tel: 202-944-3303
> Fax: 202-944-3306
> jbikoff at sgbdc.com
>
>
>
> From: Don Blumenthal
> <dblumenthal at pir.org>
> Date: January 14, 2014 11:09:23 AM EST
> To: PPSAI <gnso-ppsai-pdp-wg at icann.org>
> Subject: [Gnso-ppsai-pdp-wg] Carlton's
> closing chat question
> Carlton posted an issue that
> shouldn’t wait a week:
>
> “John came up with 4 groups. Do we have a
> notion that others
> might be extracted? And where do we
> include/modify questions
> to address Stephanie's issue?"
>
> Jim had four groups and an umbrella Main
> category, which may be
> instructive in itself in guiding how we
> proceed
> organizationally. Regardless, the
> consensus of commenters has
> been that his document is a significant
> improvement over where
> we were before, and I suggest that we use
> it as a baseline.
> However, we still have work to do on it.
> Feel free to suggest
> modifications.
>
> Don
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>
>
> --
> Dr. Robert Bruen
> Cold Rain Labs
> http://coldrain.net/bruen
> +1.802.579.6288
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>
>
>
>
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>
>
>
>
--
Dr. Robert Bruen
Cold Rain Labs
http://coldrain.net/bruen
+1.802.579.6288
More information about the Gnso-ppsai-pdp-wg
mailing list