Month: December 2003

(Almost) from IP: I wish you a fiscally successful, personally fulfilling, and medically uncomplicated recognition of the onset of the generally accepted calendar year 2004, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make Europe great (not to imply that Europe is necessarily greater than any other continent or economic entity), and without regard to the race, creed, color, age, physical ability, religious faith, or sexual preference of the wishes.

I had another look at some of the contracts’ WHOIS provisions tonight, and stumbled over a point that I had missed earlier. In the Registrar Accreditation Agreement, the billing contact is not part of the published data set, but retained by the registrar; this does not prevent registrars from publishing that record. In most of the thick TLD agreements’ appendices O (or, if sponsored, attachments 15; see .info for an unsponsored example), though, the billing contact is included in the published whois information. There is a similar (but better-known) inconsistency with the registrant’s telephone and fax numbers and e-mail address which are, again, not part of the data set that must be published by registrars, but included with thick registry WHOIS elements.For individual registrants, these data elements — if entered as originally intended — are among the most privacy-relevant ones in the entire WHOIS data set.

Interesting blog items occasionally show up on CircleID. That’s good, because CircleID is indexed by Google News. There’s one bad habit with CID, though: Headlines often get changed there, sometimes changing meaning (even if slightly), and causing confusion.It would be good if CircleID would ask authors before re-publishing changed versions of opinion pieces.

From the Arrow Books edition of Hemingway’s The Old Man and the Sea:

This book is sold subject to the condition that it shall not, by way of trade or otherwise, be lent, resold, hired out, or otherwise circulated without the publisher’s prior consent in any form of binding or cover other than that in which it is published and without a similar condition including this condition being imposed on the subsequent purchaser.

Wendy Seltzer (who is, like me, an ALAC liaison to WHOIS Task Forces 1 and 2) points to one of the many catches with whois policy.Registrars and registrants face various kinds of problems caused by massive abuse of WHOIS data. An easy answer to this consists in attempting to limit consumers of query-based WHOIS to human beings. The practical implementation is believed to consist in shutting down port 43 whois, and adding a poor imitation of a Turing Test to the web interfaces. Legitimate consumers of massive amounts of WHOIS data are then expected to make use of registrars’ dedicated bulk access mechanism.Wendy raises two issues with this approach: One, common poor imitations of Turing tests are cumbersome to use; “reading ability tests” can be a serious accessibility problem for, e.g., visually impaired data users. They are also not effective, as they essentially lead to an arms race between illegitimate data users and registrars — and it is not clear at all that registrars will win that race. Two, bulk access is expensive, which means that non-commercial legitimate data users (like researchers) rely on mass queries to port 43. Also, since whois data are a weapon in legal battles, making mass access to whois data expensive shifts the balance in these battles even more towards the wealthier party. Put more aggressively, if WHOIS is used by IP owners as a tool to harass the public, then the public should be entitled to harass back.These are persuasive arguments for keeping public access to WHOIS data unencumbered — if it wasn’t for the privacy problem: Address data — and, with thick registries on the rise, even home phone numbers — of registrants are up for grabs, for arbitrary purposes. Wendy’s answer to this is elegant (and I agree with it as a “perfect world” scenario): Give registrants the option not to supply contact data, and keep open access to all the data supplied.In the imperfect world we live in, though, there are strong incentives for registrars to collect at least some contact data, and to make that easily accessible to IP owners and law enforcement. What could a balanced imperfect world solution look like, then?

• Strike as many data elements as possible from the WHOIS policy. There is, for instance, little non-harassing use for the registrant phone and fax numbers outside existing business relations; at the same time, these are guaranteed to infringe on individual registrants’ privacy. Administrative Contact phone and fax numbers are only marginally better. Registrars should not have to collect this information, and if they chose to collect it, they should not publish it online.
• Ask data users to return the favor and (1) prove their identity — e.g., using a certificate in an appropriate public key infrastructure –, and (2) indicate their purpose. Make that information available to registrants and other data subjects. As a side effect, this makes it easier to prevent mass queries without resorting to bad imitations of Turing tests.

Thoughts and comments welcome.

The GNSO council just finished one of its most unspectacular calls ever, mostly discussing procedural issues and time lines for the three whois task forces, following up on the discussions the task forces had in separate telephone conferences earlier this week.The most remarkable observation from this call might be that the task forces seem to converge on what time line may be reasonable to get data gathered and work done — and that this time line is different from what’s in the PDP.

Bret Fausett complains about secret meetings at ICANN, and reads the one-day board retreat planned for Rome as a bad thing. I disagree: When the public board meetings that we are seeing for “transparency purposes” are mostly smoke and mirrors anyway (and the existence of secret board dinners is a widely-held secret by itself), it’s good news and a step towards a less-nonsense ICANN to see an early announcement of a board retreat.

So I was searching the net for a 2004 wall calendar featuring the old quarters and fortifications of Luxembourg city (UNESCO world heritage list entry here).Unfortunately, that doesn’t seem to be the mainstream taste in wall calendars, which appears to consist in Terriers, swimsuits, cats, more Terriers, even more Terriers, still more Terriers, yet more Terriers, and occasionally Spaniels, Pomeranians, other kinds of Terriers, Dachshunds, more swimsuits — and FDNY Firefighters.Any help in finding a non-swimsuit, non-firefighter, and non-cute-animal calendar featuring old Luxembourg would be welcome.

Writes Lawrence Lessig: The Europeans have traditionally been committed to deploying the internet in the least convenient and most expensive way possible.Sounds like a description of the official WiFi available at the latest CeBIT in Hannover. Expensive, over-organized, and unusable.(Then again, the GPRS service I’m using when on the road, domestically, is reasonably affordable, easy to use, and stable.)

Andrew McLaughlin responds to Palfrey et al: In short, concluding that the ICANN experiement in public participation has been a failure because online public forums have been a failure is like saying that television has been a failure because Cop Rock was a failure.