[arin-ppml] Privacy rights & IP number whois ( was Re: The LRSA $100 fee...)

Milton L Mueller mueller at syr.edu
Tue Sep 2 12:29:30 EDT 2008

> -----Original Message-----
> From: James Hess [mailto:mysidia at gmail.com]
> In my view there is no legitimate privacy right protected by allowing
> contact information to be witheld in _EITHER_ the case of DNS or IP
> whois. WHOIS proxy services should simply not be allowed by any
> registry.  Privacy deals with private, personal information.
> The right to privacy is not a right to anonymity.   There is no human
> right to anonymity.

This is typical of the debates we went through on the DNS side. I see we
have perhaps another 10 years of work to do on the address side. 

Like many people coming to these debates with limited knowledge of the
legal, historical and political aspects of privacy and data protection
debates, James presents us with a series of oversimplified false
dichotomies: either there is "no privacy at all" or "society has no
access to any information about the person," etc. 

But the law has dealt with this for ages, and it is perfectly possible
to have specific conditions under which specific kinds of information
are revealed to law enforcement or others when necessary, following due
process, without being made publicly available indiscriminately. 

A simple example is drivers' license records. It is not legal for anyone
in the world to copy down someone's license plate number and go to the
Internet and look up their vehicle registration record, and get their
home address, phone number, etc. Only police and law enforcement
authorities can do that.

Do you think it should be different? 

With all due respect to James, the definition of privacy rights is a
legal issue, decided by legislatures, courts and constitutions, not by
technical administrators who think it's convenient for them to have
certain kinds of information, or who concoct de novo theories about how
using "public" resources somehow eliminates all claims to privacy of the
person using it.

Here's a good place to start investigating some aspects of anonymity.

Wrt to registration records, there is a clear distinction to be made
between individuals, which the law refers to as natural persons, and
"legal persons" which are not persons at all but organizations. Privacy
rights mostly inhere in individuals, natural persons. This is
well-established in privacy law. However, organizations also have some
weaker rights to withhold information from public exposure. 

The other thing to keep in mind is that in Internet governance you may
be making decisions with global effect, when national laws on the topic
may vary. So unless you believe you have a right to legislate for people
in other countries, you might want to approach the topic with a bit more
nuance and humility. 

> What individuals do with domains and with IPs is no less a public
> manner than owning something like a public corporation.

That claim sounds pretty odd on the face of it. Someone has an email
address and it's the equivalent of being the trustee of a publicly
listed corporation drawing on millions of other people's money? 

But if you really believe that, give me your mobile number, go ahead and
publish it on this list and let it be publicly archived, because I don't
see any difference between that and a domain. 

More information about the ARIN-PPML mailing list