[Politech] An open letter to PFIR on "Whois" privacy [priv]

From: Declan McCullagh (declan@private)
Date: Thu Jun 24 2004 - 10:46:52 PDT

  • Next message: Declan McCullagh: "[Politech] Replies to "Green Party is very confused""

    [I invite PFIR to reply. --Declan]
    
    
    -------- Original Message --------
    Subject: An open letter to PFIR on DNS WHOIS
    Date: Tue, 22 Jun 2004 21:09:11 -0400
    From: Tom Cross <tom@private>
    To: lauren@private, neumann@private, dave@private
    CC: declan@private, whois-tf1-report-comments@private
    
    An open letter to People for Internet Responsibility on Access to DNS
    WHOIS Data
    
    Mr Weinstien, Mr. Neumann, and Mr. Farber,
    
    	Shocked, awed, and appalled. Thats the only way that I can express how
    I felt when I read PFIR's Statement on Access to WHOIS Data.
    (http://www.pfir.org/statements/whois-access) Lauren Weinstein, Peter
    Neumann, and David Farber are three men who have provided sharp and
    insightful leadership to the internet community for years, and are well
    known, well respected, and well read by just about anyone who cares
    deeply about technology issues. I do not always find myself agreeing
    with your various opinions, but never have I seen any of you express
    ideas so caustic to the values that I hold dear, and so lacking in
    thoughtful balance, then those expressed in this essay. Its like I've
    walked through the looking glass.
    
    Anonymous Speech is a RIGHT, not a privilege.
    
    This point has been reaffirmed over and over again by almost 230 years
    of American jurisprudence of which you surely must be aware. The
    Federalist Papers, published anonymously, are so fundamental to our
    system of government that every high school student is required to
    study them. The Supreme Court has repeatedly defended anonymous speech,
    and frankly, I cannot express this point more clearly then Justice
    Stevens did in McIntyre V. Ohio Elections Commission (1995):
    
    "Under our Constitution, anonymous pamphleteering is not a pernicious,
    fraudulent practice, but an honorable tradition of advocacy and of
    dissent. Anonymity is a shield from the tyranny of the majority. See
    generally J. S. Mill,  On Liberty, in On Liberty and Considerations on
    Representative Government  1, 3-4 (R. McCallum ed. 1947). It thus
    exemplifies the purpose behind the Bill of Rights, and of the First
    Amendment in particular: to protect unpopular individuals from
    retaliation--and their ideas from suppression--at the hand of an
    intolerant society. The right to remain anonymous may be abused when it
    shields fraudulent conduct. But political speech by its nature will
    sometimes have unpalatable consequences, and, in general, our society
    accords greater weight to the value of free speech than to the dangers
    of its misuse."
    
    We cannot relegate political speech on the Internet to second class
    citizenship.
    
    The "extremely limited set of cases where domain holders might
    demonstrate a clear public safety or other critical need that may
    possibly justify masking of some WHOIS data" is the set of ALL
    political websites on the Internet. The Internet presently supports a
    vibrant ecology of political websites and weblogs of every flavor and
    prejudice. Together they constitute a meaningful discourse on nearly
    every issue of the day. A large portion of these sites employ WHOIS
    proxies or publish limited contact
    information.
    
    It is easy, even in the United States, to find examples of individuals
    who have been the target of violent retaliation because they have
    expressed their political views. Consider, for example, the recent case
    in San Francisco of a gallery owner who was assaulted because of a
    political artwork she put on display:
    
    http://tinyurl.com/27wvb
    
    If maintainers of political websites and weblogs are forced to offer up
    their personal contact information in order to hold a domain name, then
    these speakers will not hold domain names. Political speech on the
    internet will be a secondary activity occurring on shared hosting sites
    and multi-partisan discussion boards with no easy reference points for
    like minded communities. In other words, political speech will be put
    on the back burner, and the Internet will have less impact in the
    political domain then it otherwise would.
    
    You guys are barking up the wrong tree.
    
    DNS WHOIS is NOT the right tool for investigating security incidents on
    the Internet! To be sure, DNS WHOIS is a convenient place for
    organizations to voluntarily publish contact information, and that
    information is helpful when it is present, but security incidents do
    not come from domain names, they come from IP addresses. IP addresses
    are not always associated with registered domain names. Often they are
    associated with subdomains, or not associated with DNS at all.
    
    IP addresses can be resolved in the numbering authority's WHOIS
    database for the contact information of the ISP providing service to
    that address. Security and reliability issues relating to internet
    traffic can and should be dealt with through ISPs. There are
    significant problems with the accuracy and resolution of the numbering
    authority WHOIS systems, and some ISPs have poor abuse and incident
    response policies. Unlike the difficulties with accurate DNS WHOIS
    data, these are manageable problems. ISPs have the resources to
    maintain accurate contact information and full time incident response
    contacts. We simply need to put appropriate policies in place to
    improve practices. This is a much more realistic goal then getting
    everyone in the world to keep their DNS WHOIS data up to date all the
    time. Why are we spending so much time talking about DNS WHOIS when
    fixing IP address WHOIS is the best, and easiest way to improve the
    security and reliability of the Internet?
    
    You guys are standing along side corrupt interests.
    
    A large number of the people who are advocating accurate DNS WHOIS data
    have absolutely no interest in the security or reliability of the
    Internet. They are not trying to find a way to contact people because
    of technical issues. They are intellectual property holders and they
    want every website to have a public address where they can serve
    threats of prosecution should they decide that the contents of the
    website in question offend their interests.
    
    These people do not want to comply with the due process that our legal
    system affords defendants in such cases because its expensive, and
    because it means explaining their claims to a judge. They don't want to
    deal with ISPs for similar reasons. Frequently, as I'm sure you are
    aware, legal threats are sent out which have absolutely no basis in
    law. The individuals who receive them often have to comply because they
    simply don't have the resources to defend themselves even if they are
    in the right. Consider the archives at http://www.chillingeffects.org/
    
    How much time should be required between, for example, the appearance
    of forged e-mails or wider Internet postings containing libelous
    materials, false accusations aimed at ruining reputations or causing
    massive financial loss, vs. the ability of the aggrieved party to start
    discovering who is behind the attack before reputations or even entire
    organizations are massively damaged?
    
    EXACTLY the amount of time that a COURT needs to deliberatively balance
    the interests of both parties to the dispute. Not every party who
    claims a grievance is in the right! We have a process in the United
    States that allows an aggrieved party to prosecute a John Doe defendant
    and obtain access to that defendant if their claim is reasonable. We
    even have facilities for accelerating the usual processes if the
    circumstances are extenuating. To build an alternate structure with the
    intent of short cutting these processes is to do an end run around our
    democratic system of government!
    
    These are not technical security and reliability issues. These are
    content issues, and they should be dealt with through the legal system,
    not through ICANN. I strongly urge you to carefully reconsider your
    position on this matter.
    
    Tom Cross
    Just an ordinary unknown computer geek.
    
    
    _______________________________________________
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)
    



    This archive was generated by hypermail 2b30 : Thu Jun 24 2004 - 11:43:02 PDT