Ross Rader comments in his blog at http://www.byte.org/archives/2003_03_29.html#001734 that he considers my concerns about personal privacy to be "wrongheaded, hysterical and plain out and out 'not likely to happen'. "
Hopefully Ross is right.
However, ICANN, with the backing of the US Department of Commerce is forcing everyone who wants to obtain a domain on the net to publish his/her name, address, and other information into an online database, open 24x7 to any and all anonomous users.
Spammers and pornographers dredge through whois continuously despite hand waving by ICANN and registries and registrars that such conduct is a no-no.
But the risk is much worse than mere spammers and pornographers.
I personally know women who have been stalked when their addresses became known via the whois database.
The fact that there have been only a few documented circumstances to date speaks more to the low technical competence of stalkers and molesters than it does about some intrinsic strength contained in the handwaving by ICANN and the DNS name industry.
DNS registries and registrars, and ICANN itself, should be very concerned about their potential liability should whois data they publish be used for ill ends.
That whois data will be used to stalk a person or to molest a child are quite foreseeable events. The question is not that these things will or will not occur; the question is merely "how often?" Ross claims "not likely", he does not say "never". I doubt that this will provide much comfort for the parents whose child is one of those few exceptions.
The present course of ICANN and the DNS registry industry to dismiss those foreseeable events is an invitation to liability when those events do occur.
As for children - Parents who register a domain name so that their child may build a web site are being required to place their names, addresses, phone numbers, and e-mail addresses into the whois database. Even the most dimwitted of perverts need make only a very short intellectual hop to link the contents of a web page - frequently containing photos of the child - to that address information contained in whois.
Maybe I am hysterical. But then again, I ask the basic question: Why is "whois" information being published at all? The routine answers are that the data is useful when tracking down spammers and for helps trademark owners save money when tracking down purported violators of trademarks.
Are either of these uses of such social value that they require us to place at risk the safety not only of ourselves and our homes but also of our children?
On my scale of values, the protection of our children, ourselves, and our homes more than counterbalances the small benefits gained by anti-spam vigilantes and overpaid trademark lawyers.
If that is hysterical then I am pleased to be hysterical.
I don't know if I am alone in this, but it strikes me as ironic that ICANN gave its outgoing president an Apple iPod as a going away gift.
The iPod represents the epitome and symbol of the fear of the mass-market music companies that "their" copyrighted materials are being improperly, even unlawfully, copied and traded.
And ICANN, if nothing else, represents an epitome and symbol of the efforts of the intellectual property industries to control the Internet so that the iPods owners of the world will be forced to refuel those iPods only from intellectual-property industry approved sources.
Given Stuart Lynn's penchant for issuing dogmatic statements restricting technology and the use of the internet, I would have thought that a more appropriate gift would have been a gilt edged copy of De impressione liborum[*], a decree of the Lateran Council in 1515 that required that those who wish to publish books using the then new technology of moveable type printing obtain, under threat of excommunication, permission from the appropriate church authority.
[*] Look for the string "On printing books"
It is my business judgment that ICANN may have grounds for significant legal claims against Joe Sims.
ICANN's board is poised to have a meaningful change of membership. That new board may well chose to pursue those claims.
It is in the interest of ICANN that the right of a future board to raise these claims be protected and preserved. That right should not discarded or weakened through a thoughtless act of the existing board, particularly when several of the members the existing board are rumored to have obtained their seats through a series of back-room choices and deals involving Joe Sims.
The Joe Sims resolution could be construed as nothing more than a kissy-faced and legally empty exercise.
Or the Joe Sims resolution could be considered as something more. The resolution could be construed as an approval and acceptance by ICANN of what Sims has done, and as a waiver and abandonment of any claims that ICANN might have.
It seems only prudent to ask to clarify whether the resolution was or was not intended to be absolution for any acts of Sims or JDRP, and to confirm that any claims that might exist are neither waived nor prejudiced by the resolution.
Hence my question regarding the intent of the resolution.
I expect that the minutes will not clearly indicate the response, which I interpreted as a confirmation that the resolution was not intended to act as a waiver.
The fact that my request for clarification was construed as some sort of vendetta is reflective of the lack of comprehension by ICANN about proper corporate governance and the role of Directors.
There is no doubt that I do not like Joe Sims. And there is no doubt that he does not like me.
And there is equally no doubt that I wish him a speedy and total departure from ICANN.
To my mind, the resolution was overstating the degree of Sim's future separation from ICANN. Even if Sims never shows his face again, I suspect that Sims will be deriving a substantial revenue stream for a long time from ICANN via his share of the fees received from ICANN by Jones Day.
And if the history of ICANN's various advisory committees is any guide - a history in which faces from ICANN's past are resurrected again and again - we ought not to be surprised to see Sims sitting on any number of future ICANN advisory committees.
Separate and distinct from the issue of preserving ICANN's rights, I see no reason to thank Sims. Thus my "no" vote on the resolution despite attempts to shout me down and to railroad the resolution by acclamation.
I can't described how badly ICANN has fumbled the issue of privacy of the whois databases.
ICANN has been in existence for more than four years, and during that entire time, ICANN has again and again has not merely evaded the issue of privacy but has actively taken measures to eliminate privacy.
Does anyone in ICANN have children or grandchildren, nieces or nephews who use the Internet? Would they be willing to publish the names, addresses, e-mails, and phone numbers of those children on a public registry open 24x7 to all the predators and pornographers of the world?
Yet that is exactly what ICANN has done - ICANN has created Megan's Law in reverse - instead of publishing the names of the predators to warn the potential victims, ICANN's policies publish the names of the potential victims to be perused by would-be predators and pornographers.
And why is ICANN pursuing this insane policy? The answer is that a few business interests want to save a few dollars when they accuse someone of abusing a trademark.
Is ICANN's judgment so skewed that it is willing to sacrifice our privacy and the safety of our children to benefit a few trademark holders? Is it ICANN's judgment that it is more important to protect trademarks than to protect our children from pornography?
ICANN is on the verge of adopting mandatory requirements for "accuracy" in domain name registrations. Accuracy is nice, but in the absence of real privacy protections accuracy is really nothing but a euphemism for painting a more precise target on the backs of citizens and their families.
It will be a sorry, but very foreseeable day, when ICANN is asked to apologize to the parents of a child who, as the result of publishing a personal web page for a school or church project, has been molested by a predator who learned the child's name, address, and phone number from the whois database.
It is time for ICANN to remember that ICANN was established to benefit the public and that ICANN obtains substantial benefits because of its public-benefit, charitable status. It is time for ICANN to remember that it exists to serve the public interest. It is time for ICANN to protect personal privacy instead of destroying it.
I predict that should ICANN adopt the completely unbalanced "accuracy" requirements that there will rise a new industry consisting of entities that are willing to perform proxy registrations on behalf of people who wish to protect their privacy.
Sure, ICANN is establishing a "privacy" committee. And perhaps it might eventually be as productive as ICANN's vaunted security committee - a committee that has been in existence ever since November 2001 but has yet to do anything about security.
Folks might notice that I'm not in Rio at the ICANN meeting.
Instead I'm in Colorado at the IFIP/IEEE International Symposium on Integrated Network Management.
When I committed to give a keynote talk I had expected that as of this date I would no longer be on the ICANN board.
The title of my keynote is "From Barnstorming to Boeing - Transforming the Internet Into a Lifeline Utility"
The presentation (MS Powerpoint, 55kbytes) and my speaker's notes (Adobe Acrobat, 155kbytes) are online.
In many senses, what is heppening here in Colorado will have more impact on the technology and usability of the net than anything that may occur in Brazil at this ICANN meeting - As is becoming increasingly apparent, ICANN has abrogated most meaningful technical roles and serves primarly as a body "regulating" DNS registration services for the benefit of certain special interests (euphemistically known in ICANN-ese as "stakeholders".)
In any event, I do plan to try to be on the phone for the ICANN board meeting in RIO. (I will not be alone - apparently several board members will also be calling in.) It will be at 4:30am here in Colorado and my net access will be constrained.
I see that the whois report is coming up for a vote.
Unless things change substantially, I am likely to find myself voting to reject this report.
The issue of personal privacy is intrinsic to the issues surrounding "whois". That was quite clear even in the days of the IFWP meetings.
Yet this report seems to be have been written in spite of privacy concerns. (See, for example the report by EPIC - http://www.epic.org/privacy/whois/)
Below is a copy of what I sent to group several months ago (with a couple of spelling errors corrected.) I consider my comments as valid now as they were then.
Absent a justification why "whois" data should be made public at all, I consider the issue of accuracy to be moot.
And I find the principle of adopting what amounts to a partial report to represent a dangerous indication that privacy in whois will never be addressed.
Adoption of this report would be an affront to the users of the internet, and it would be yet another clear indication that ICANN has become simply a mouthpiece for the industries that have captured it.
From karl@CaveBear.com Tue Oct 22 22:58:10 2002
Date: Sun, 20 Oct 2002 14:48:55 -0700 (PDT)
From: Karl Auerbach <karl@CaveBear.com>
To: comments-whois@dnso.org
Subject: Comment on Oct. 14 Interim report
I see nothing in this interim report that answers the primary question why personally identifiable information must be published to the public at all.
In other words, the report fails to answer what I believe must be the first question: Why is "whois" needed, and by whom?
It is my sense that there is little public value in the existence of a publicly available "whois" database.
There are, of course, small groups who find such a database useful and perhaps even valuable - groups such as marketeers (spammers) and trademark people who seek to redress perceived violations of their rights without resorting to the processes that nations have established for that purpose (i.e. the legal system.)
However, the report fails to indicate that the needs of those groups is of sufficient weight to justify what amounts to a wholesale violation of privacy principles that amounts to nothing less than an anti-privacy tax on anyone who wishes to become visible on the internet through the mechanism of acquiring a domain name.
The report fails to consider privacy protection mechanisms such as the following:
Requirements that the data subjects (i.e. the people named in whois records) have free and effective means to maintain the data.
Requirements that those who examine the records must first identify themselves, offer proof of that identity, and indicate working means of contact, in particular a valid e-mail address.
To ensure that the contact of the person making the inquiry is valid, the response to the query should be returned by e-mail rather than being made online.
Special arrangements might be established for those in operational roles (such as people in ISP network operating centers) to have pre-arranged access credentials.
That the time, date, and identity of every inquiry be recorded and made available to the data subjects.
Requirements that the registries and registrars make no use of the information for any purpose except that for which it was gathered, the maintenance of the registrant's domain name (including the issuance of billing and status statements.)
Requirements that registries and registrars take concrete steps ensure that this data is protected by adequate and appropriate security measures.
ICANN/IANA has issued its long overdue report to NTIA entitled Public Summary of Reports Provided Under Cooperative Research and Development Agreement CN-1634 Between the Internet Corporation for Assigned Names and Numbers and the United States Department of Commerce. This report may be found at http://www.icann.org/general/crada-report-summary-14mar03.htm
I have asked to see the full reports, but so far ICANN's management has not been forthcoming. So I have no information regarding the differences between the public and private versions of the report. I hope that the only difference is the address of the location that ICANN has selected for its god-like master server.
UPDATE: (June 23, 2003) - ICANN's management agreed to let me inspect the full report and has placed no impediments in my path. However due to limits on my own time I have not had the opportunity to actually make that inspection. However, I have reasonable confidence that the only information that was elided from the public report was of such a nature that disclosure would not promote the public interest.
This report purports to describe "Improvements to Management of the Internet Root Server System", frequently referred to as the "enhanced architecture for root server security". The report is the result of a multi-year "Research and Development Agreement" between ICANN and the US Government.
The report as issued addresses only three small issues:
Perhaps the best summary of this report was written over 2000 years ago by Horace: "parturiunt montes nascitur ridiculus mus" ("The mountain labored and brought forth a mouse.")
For truly, this report says little. And what it does say amounts to only a few relatively minor changes to the status quo ante, hardly the kind of hoped-for hardened domain name system root that the users of the Internet deserve.
I have several questions:
The report calls for ICANN to take over preparation of the root zone file. Might it not be more appropriate for this to be a job for IANA and not ICANN? Yes, I realize that in the minds of many observers ICANN and IANA are one entity. However, ICANN and IANA are distinct. ICANN performs the IANA function only as the result of it winning a contract to do so. There is no guarantee that in the future that the IANA contract will stay with ICANN. And thus it seems important to be clear about whether it is ICANN or IANA that has the responsibility to prepare the root zone files.
Where is the agreement of the root server operators to this report? Unless those operators agree, this report will be nothing but wasted paper. There exists no formal relationship between ICANN (or IANA) and the root server operators; those operators are free to do what they will. Indeed there is nothing to bind (pun intended) those operators to use any particular source of master root zone files. And given the recent positive and creative, but completely independent, work by the root server operators to deploy new servers (using a technique called anycast), it is not at all clear that the root server operators consider it beneficial to enter into any legally binding obligations with ICANN (or IANA.)
How does this report answer the concerns raised by the distributed denial of service (DDOS) attacks against the DNS roots and the network links leading to them? And the recent report that as many as 98% of DNS packets flowing the roots are garbage packets indicates that the roots could be strongly and negatively affected by the deployment of badly written code in consumer products. I see nothing in the report that improves the resiliency of the DNS roots against DDOS attacks and traffic floods from poorly built equipment. In fact, because the report suggests a single god-like master server as the source of the ultimate root zone file, it seems as if the net is being made more, rather than less, vulnerable.
Another threat to DNS that has been discussed is that of affecting the routing of the net so that some or all of the root servers are left high-and-dry - operational but unable to communicate. ISPs have built a healthy skepticism into the procedures they use when accepting routing information and as a consequence the net has a good resistance to bad routing information. However, the routing system of the net is quite complex and there is no one who can guarantee that routing-based attacks will not occur. In fact, with the root-server operators' adoption of anycast for the root servers, the door for such attacks may be more open than it has been in the past. The report is silent on means to harden the net so that the DNS roots remain reachable.
The report fails to consider that there might be times, such as when there is a major natural event in the vicinity of ICANN's proposed god-like master server, when it is necessary to transport copies of the root zone file by physical means, such as a CDROM. Why does the report adopt the naive point of view that the net will always be available? The root zone file is quite small - when compressed it occupies fewer bits than the typical image of a button on a web page. So it would be quite easy to move it by physical means should that be necessary, but the chances of successfully doing this are greatly reduced if procedures have not been thought out beforehand.
It has been considered prudent practice for operators of servers to maintain generational copies of data that has worked in the recent past. This protects against creeping degradation of the data that may occur over several days and not be noticed until the contents of the most recent backups are themselves degraded. A couple of years ago, when .com disappeared from the root zone, the speed at which the error propagated was constrained by the fact that the root-servers were not-time synchronized with one another with respect to the time when they updated their copies of the root zone. The report inexplicably seems to fail to address operational procedures to deal with data rot and human errors.
It is also considered prudent practice for there to be a rich diversity of server software and operating systems used by root servers. Fortunately, the root server operators themselves have adopted some diversity in operating systems and hardware. And one operator, as I understand it, is using something other than BIND for the actual server software. The report, however, is silent on this issue.
With regard to human errors - Verisign is rumored to have instituted a number of data quality checks on the zone files that it prepares. This report does not indicate how, or even if, that expertise is to find its way into ICANN. Nor does the report indicate the existence of any other accuracy checks that ICANN might apply to validate the correctness of the zone it prepares.
IPv6 is becoming a victim of the chicken-and-egg syndrome. The report does not tell us how this "enhanced architecture" is going to accommodate IPv6.
Why is the report utterly silent on matters of physical security, procedures, and personnel?
A root server that goes out of service for any reason, whether the cause is natural or human, is a root server that needs to be swiftly repaired and restored to service. That takes money. The report does not speak to the sources of such funds and how they may be made available to root server operators who might need them.
The best protection is prevention. The report does not address means through which a prospective attacker might be dissuaded from ill actions by the fear of being caught and prosecuted. Where are the audit systems to note and log attempts to damage the root servers? And where are the procedures to protect such information so that it is legally admissible in court should the perpetrator be found and brought to trial?
Everybody and his brother has a blog. I figured that I ought to have one too.
So, here it is - the CaveBear Blog!
What I intend to do here is simply jot down thoughts about internet governance - not merely ICANN, but rather the whole issue of power and control as nation states erode and pieces of their sovreignty flow into other containers.
I'll also be hitting other topics - like voice-over-IP and such. Those will come along as I get more familiar with this stuff.
Anyway, here we go....