ARIN-PPML Message

[arin-ppml] SWIPs & IPv6

I believe that Milton makes an excellent point below. The important issue, I believe, is NOT that the general public be able to determine who ACTUALY owns a particular address block or domain. The important issue is being able to report a problem with a particular domain/address block to some-one who can take appropriate action upon it.

Looking at the analogy of cars on a road is probably rather appropriate in this case. Roads are a public shared resource just like the internet. In order to be able to put a car on the road (at least in the US) it needs to registered with your state DMV and needs to have a visible license plate on it. Note that the ONLY thing that is publicaly revealed when your car is on the road is that License Plate #... not the owners Name, Address, Phone #, etc. The public can NOT simply goto the DMV and get the corresponding Contact Info for a License Plate #.

The reasons for that are obvious.... a stalker or abusive ex-boyfriend knows the car thier intended victem is driving.... if they are able to get a home address/phone # from that publicaly availble license plate #, thier ability to carry out abuse is greatly enhanced. The hazards for providing contact information for the actual owners of a domain/IP block are not that different.

What you CAN do is report that License Plate # to the Police/DMV when there is a problem with that car (say it knocked over your fence and then drove off) and THEY can take action that is neccesary to address the problem. In cases where you have a legitimate need for the actual contact information (say you need to know who to sue for damaging your property) THEY will provide it for you if your requirement for it is determined to be legitimate. They act as gate-keepers for that information. In cases where you feel those gate-keepers are not providing such information when there is legitimate cause you can petition the courts for redress.

I really see no issue with an ISP or other Agent acting as the POC or Gatekeeper for an individual block/domain holders information. The problem occurs when that ISP/Agent is not themselves responsive when there is a legitimate need to resolve an issue that the address holder is causing. In our real world example, the Police/DMV have dual responsibilties.... they are responsible to protect the privacy of the vehicle owner.... but also responsible to protect the rights of individuals who that vehicle may have infringed upon... they are equaly accountable to both. In essence, they have no horse in the race themselves. In the case of the ISP/Registrar/Agent the person who's identity they are protecting is thier customer so they have a vested interest in being biased toward thier interests. Perhaps that is part of the issue here.


.....
Milton L Mueller writes:

"This is a typically unbalanced and exaggerated claim. There are legitimate privacy concerns regarding access to contact and address data, including shielding people from cyber-criminals and spammers, and there are legal issues regarding the display of that data when natural persons (i.e., not incorporated organizations) are involved.

Revelation of the data shielded by these so-called privacy services is notoriously easy to obtain, basically you just have to ask for it, be a real entity and have some legitimate purpose. All of these constraints are absent, of course, from anonymous, web-based whois interfaces. The idea that people can abuse the internet (correct, of course) must always be balanced by the equally valid observation that people can and do abuse unrestricted access to sensitive data.

The implication that only criminals use DNS privacy protection services is obviously false, unless you believe that about 30% of all domain name registrants are criminals and that the numerous reputable individuals I could cite, including newspaper reporters and small businesspeople, are also criminals.

The expectation that WHOIS/SWIP issues can be discussed independently of data protection rules and norms is a fantasy. I know Ted is a lost cause on this issue and don't frankly care; but I hope the rest of this list is a bit more mature and not populated by people who think that their convenience as technical administrators trumps any and every human rights concern.

Beyond that, to avoid the practically useless kinds of ideological debates in which Ted revels, I'd propose restricting any further discussion of this to specific proposals and operational guidelines. You can't know whether there is a legitimate privacy and/or security issue unless we are discussing real proposals in real contexts.

--MM "