[arin-ppml] Privacy rights & IP number whois ( was Re: The LRSA$100 fee...)

[Ted Mittelstaedt]

> -----Original Message-----
> From: arin-ppml-bounces at arin.net 
> [mailto:arin-ppml-bounces at arin.net] On Behalf Of Milton L Mueller
> Sent: Tuesday, September 02, 2008 9:30 AM
> To: James Hess; Tom Vest
> Cc: ARIN PPML
> Subject: Re: [arin-ppml] Privacy rights & IP number whois ( 
> was Re: The LRSA$100 fee...)
> 
> 
> 
> > -----Original Message-----
> > From: James Hess [mailto:mysidia at gmail.com]
> > 
> > In my view there is no legitimate privacy right protected 
> by allowing 
> > contact information to be witheld in _EITHER_ the case of DNS or IP 
> > whois. WHOIS proxy services should simply not be allowed by any 
> > registry.  Privacy deals with private, personal information.
> > The right to privacy is not a right to anonymity.   There 
> is no human
> > right to anonymity.
> 
> This is typical of the debates we went through on the DNS 
> side. I see we have perhaps another 10 years of work to do on 
> the address side. 
> 
> Like many people coming to these debates with limited 
> knowledge of the legal, historical and political aspects of 
> privacy and data protection debates, James presents us with a 
> series of oversimplified false
> dichotomies: either there is "no privacy at all" or "society 
> has no access to any information about the person," etc. 
> 
> But the law has dealt with this for ages, and it is perfectly 
> possible to have specific conditions under which specific 
> kinds of information are revealed to law enforcement or 
> others when necessary, following due process, without being 
> made publicly available indiscriminately. 
> 
> A simple example is drivers' license records. It is not legal 
> for anyone in the world to copy down someone's license plate 
> number and go to the Internet and look up their vehicle 
> registration record, and get their home address, phone 
> number, etc. Only police and law enforcement authorities can do that.
> 

That is a poor example since it's absolutely false.  DMV record
availability is set by the state governments in the US not feds
and it differs from state to state.  About 6-8 years ago in my 
state there were no restictions at all, none whatsoever and it
WAS perfectly legal to do this.

Nowadays, you have to go to the DMV, but you do not have to go
to law enforcement, and if you can make a good enough case
to the DMV people they will in fact give you the information.
I have done so recently in fact.  And this is if the vehicle is
a privately owned car.  If it is commercially owned then yes,
you absolutely have the right for this information, no questions
asked, and the DMV in my state will give it to you, no questions
asked.

> Do you think it should be different? 
> 

Owning a vehicle it is not possible for me to access every other
vehicle in the world.  I can easily access (ie: crash into) any
other vehicle on the road in my city, I can (with more effort)
touch most other vehicles in the US.  The further away I go with
my licensed vehicle, however, the more difficult it is to touch
other owner's vehicles.

With an IP address I can immediately access any other IP holder in
the world.

Thus, it is quite obvious that people in society have much more
right to information on IP address holders than they have on
people who own vehicles.

> With all due respect to James, the definition of privacy 
> rights is a legal issue, decided by legislatures, courts and 
> constitutions, not by technical administrators who think it's 
> convenient for them to have certain kinds of information, or 
> who concoct de novo theories about how using "public" 
> resources somehow eliminates all claims to privacy of the 
> person using it.
> 

The legislatures, courts and constitutions of different countries
in the world all differ greatly on this, and what laws there are
out there differ widely.  This kind of issue is what the United
Nations was created to solve.  And so far the UN has not issued
guidelines and directives on this for IP addresses.  They HAVE
done so for DNS names through WIPO on the issue of trademarks.

The UN moreover has a history of studiously avoiding issuance
of guidelines for things like this where the existing cooperative
infrastructure appears to be working.   In all liklyhood it will
NEVER get involved in dictating terms of whois for IP addresses.

So until such time as that happens from the UN, well then I am
sorry but it IS, in fact "up to technical adminstrators" not
up to a specific country's arbitrary and capricious laws,
because it is clearly a global, not a national, issue.

> Here's a good place to start investigating some aspects of 
> anonymity. http://www.eff.org/issues/anonymity  
> 
> Wrt to registration records, there is a clear distinction to 
> be made between individuals, which the law refers to as 
> natural persons, and "legal persons" which are not persons at 
> all but organizations. Privacy rights mostly inhere in 
> individuals, natural persons. This is well-established in 
> privacy law. However, organizations also have some weaker 
> rights to withhold information from public exposure. 
> 
> The other thing to keep in mind is that in Internet 
> governance you may be making decisions with global effect, 
> when national laws on the topic may vary. So unless you 
> believe you have a right to legislate for people in other 
> countries, you might want to approach the topic with a bit 
> more nuance and humility. 
> 

We are not legislating for people in other countries.  We
are legislating for a NETWORK that other countries have happened
to decide has value to connect to.

Any other country in the world is free to inplug itself from
the Internet.  North Korea certainly does so.  China also
filters heavily.  Other countries have limited their connections.
If they don't like the disclosure requirements we place on
the Internet then they can simply go away, and perhaps form
their own separate Internet.  And if they aren't going to
unplug and go away, and still aren't going to supply the
disclosure that is demanded, then we certainly can make that
obvious to the the rest of the administrators on the Internet,
who can then use this as criteria on what they want to block. 

> > What individuals do with domains and with IPs is no less a public 
> > manner than owning something like a public corporation.
> 
> That claim sounds pretty odd on the face of it.

It -is- odd because he is mixing IP's and DNS domains, which
are separate and different things.

> Someone has 
> an email address and it's the equivalent of being the trustee 
> of a publicly listed corporation drawing on millions of other 
> people's money? 
> 
> But if you really believe that, give me your mobile number, 
> go ahead and publish it on this list and let it be publicly 
> archived, because I don't see any difference between that and 
> a domain. 
>

Neither do it - however in your 2 paragraphs here you are
referring to domains, not IP addresses. 

Thanks,
Ted