ARIN-PPML Message

[arin-ppml] SWIPs & IPv6

Tom, 
there's a logical fallacy in your attempt to avoid the drivers license (DL) analogy: you have assumed that defeating the analogy justifies the existing system, in which anyone has access to potentially sensitive contact information. 

But it doesn't. Even if you undermine the analogy (and I don't agree you have) you are failing to deal with the critical point behind it: people can abuse access to information just as much as they can abuse the resources. If anonymous use of Internet resources can cause problems, so can anonymous access to important information about the internet. Why is this even controversial? I wonder why you are so keen to resist this point? If an auto license could be costlessly mapped to personal contact info, we all know that there would be serious abuses due to road rage, stalking, theft, etc. 

The simple fact is that we can have road system accountability without allowing people to go to an open, public database and, without any trace of their action or any authorization, look up the name and home address of any car they encountered on the road. Nothing you've said undermines the salience of that fact.

To repeat, I am utterly baffled by your need to deny that this is an issue. What value do you think you are defending? If it is the crazy idea that open Whois creates a peer production commons in which all of global society contributes to the accuracy of Whois data, then someone needs to wake you up. A great deal of the inaccuracy or indirection associated with Whois data is caused by people's awareness that it is open and public and any goofball can download it and do all kinds of things with it. The privacy services mentioned earlier are a market response to that fact; inaccurate or disguised data is another. If the system doesn't protect people's legitimate needs for data security they will do what they can on their own. If you want accuracy, you must deliver security and more restricted usage/appropriation of the data. That is an inherent, unavoiable tradeoff in any system of data collection and retrieval. 

Further, your attempt to undermine the DL analogy doesn't even work. You are not required by law, but you are required by the operation of the Internet to obtain a unique identifier, either an IP address from an identifiable provider, or a domain name, or both. You are required to get an ORGID if you get IP addresses. You may need to register with a national regulator as an ISP. Organizations and people (not just "guys") with the ability to mete out real consequences are cruising around - both the ISPs and the LEAs and other civil litigants who you may wrong. There are legal mechanisms for reuqesting confidential account information, wiretapping phones, data surveillance, etc. Talk to a brand protection service if you want to know how systematic and automated private monitoring has become; I can point you to a few. Indeed, you are far more visible on the internet than you are on the road. Your third point is meaningless and doesn't distinguish the two situations at all. 

I am as interested in preserving the autonomy and self-regulatory nature of the Internet as anyone on this list. When you fail to see the abuses and problems caused by creating completely open databases with anonymous retrieval, you are doing that cause a great disservice.  

Milton Mueller
Professor, Syracuse University School of Information Studies
XS4All Professor, Delft University of Technology
------------------------------
Internet Governance Project:
http://internetgovernance.org