Remember the "Global Uniform Name Space" that ICANN's ex-president made such a noise about in his unilateral, never approved ICANN policy document, ICP-3?
I've always considered that policy to be brain-dead and detached from reality. (See "Thoughts on Internet Naming Systems - http://www.cavebear.com/rw/nrc_presentation_july_11_2001.ppt)
I'm here at Networld+Interop and I noticed that there are products on the show floor that happily rewrite domain names and URL's - sort of like NAT but at the DNS and URL layer.
If these products fly - and some of 'em do look useful - then DNS names and URL's will be context sensitive just like IP addresses are context sensitive when used in the presence of NATs. And I expect that context sensitive DNS/URL names will harm the connectivity of the internet no more than do context sensitive IP addresses - i.e. not much. (Web servers and content management systems have been playing with URL's for years - these new products go much further.)
Despite great wailing, gnashing of teeth, and rending of garments, it is quite clear that the notion that there is a global uniform name space on the internet, if it ever existed, is now dying, if not utterly dead.
It's National Damn Spam week. Everybody seems to be announcing some sort of way to stop the scourge of unsolicited commercial e-mail.
My own proposal is quite straightforward - Any spammer advertising a body enhancement must first cut off that same part from his/her own body.
The 1930's were a time of faith in technology. The world was in dire economic straits. And from the US to the USSR technology seemed to hold the answer. One has only to look at the science fiction stories and comics from that period to see the brave new worlds that people thought could come from technology. (Even the darkest stories - Fritz Lang's Metropolis, Charlie Chaplin's Modern Times - didn't really question the benefits of technology as much as they questioned the unequal distribution of its benefits and its destructive effects on workers.)
In 1933 H.G. Wells wrote a story about how the world might be if the existing power structures - politicians and patricians - were to be replaced by an oligarchy or meritocracy of technologists. That story eventually became the 1936 film Things To Come [link to poster] [link to review].
This is a film worth seeing. (The VHS tape versions are often of awful quality, I have heard that the image and sound quality of the DVD version is also poor.)
Things To Come has three parts.
Part I begins with a war - remember this movie came out in 1936, well before WW-II - and this war lasts until 1963, more than 25 years. During the war nations crumble. Social order fails. Petty baronies arise. Disease is everywhere and the last remnants of technology are fading. It is a time of despair; hope is gone.
And then, out of the air comes salvation - the United Airmen/Wings over the World. A small cadre of technologists has preserved civilization (and technology). The world is saved.
In Part II the world is reconstructed. Huge machines and engines mine the earth and construct a new civilization. The landscape above is pristine English countryside. Below are perfect subterranean cities run with perfect justice and order - by the technologists, of course.
In part III space is about to be explored. But the old power structures - those evil politicians and patricians - resurface to sow discord and to bring back the causes of "the war".
Things To Come is a paean to technology and technologists. Things To Come elevates technologists to the highest levels of social wisdom and asserts, with no limitations, that we would be better off if we handed all matters, social, political, economic, aesthetic, and religious, to technologists.
Eventually the ideas of Things To Come fell by the wayside, victims of war and of books, such as Rachel Carson's Silent Spring. We have learned that technology is not the answer to all things.
But with the rise of the Internet, the idea of technology and technologists as the vanguard of a new and enlightened social order has re-emerged. The IETF is held as a model society, its methods are held as models for decision-making in any and all contexts, technical or not.
ICANN would fit perfectly into the kind of thinking found in Things To Come - ICANN justifies its existence on the basis of its relationship to technology. ICANN justifies its social commandments on the basis of that technology. ICANN invokes the image of technology to excuse itself from well developed mechanisms of public accountability. ICANN's legacy comes directly from the United Airmen.
It seems apt to confront the ideas of H. G. Wells with those of another writer.
Francois Marie Arouet, better known as Voltaire (1694-1778), rejected dogma and unearned authority.
I believe that Voltaire would have rejected both Things To Come and ICANN on the basis that both are are founded on an expression of the dogmatic claim that technologists deserve authority simply because they are technologists. Voltaire would have rejected this institutionalization of science and technology as a new kind of perfect and infallible religion. Voltaire would have said that technocracy is not the best of all possible worlds.
ICANN and its supporters, taking a cue from Doctor Pangloss, however, argues that we should accept ICANN's proclamations affecting social, economic, and business issues simply because we ought to blindly believe that technologists and scientists are better suited to make such decisions than others.
But we know better. We know that scientists and technologists, worthy as they are in their fields, have as a class no special or unique skills to design and impose social and economic order.
We would be better served if we listened to Voltaire and questioned ICANN's assertions of supremacy simply because ICANN decides matters that are related to, but that are not themselves, of a technical nature.
In my previous entry (It's 2am, Do You Know Where Your Forum Is?) I pointed out that ICANN's ALAC doesn't seem to have followed through on its promise of timely publication of the comments it has received.
Because of the ALAC's lack, I published my own comments on the GA mailing list - see http://www.dnso.org/clubpublic/ga/Arc12/msg01087.html
I have heard that my comment, which was properly sent to the ALAC (and, as indicated in my mail server logs, was accepted by their computers) has been lost.
What kind of crazy game is this? Not only does the ALAC fail to live up to its promise of public publication, but it can't even find materials that were sent to it!
I took a look at the archives of the discussion among the ALAC members. It appears that the ALAC's carnival of chaos goes even deeper. There is round after round of e-mails citing nit-picking reasons why they haven't managed to publish the comments that have been received. One ALAC member, in apparent disgust with the bumbling of ICANN's vaunted technical staff, has said that he/she will go out and do it himself/herself.
For a body that is supposed to preserve the technical stability of the crown jewel assets of the Internet - the dominant DNS root - it is very disconcerting to see the deep degree of technical ineptitude that ICANN can display, particularly in matters of public involvement. (We ought not to forget ICANN's sad technical performance during the at-large election process in year 2000.)
On April 9 ICANN's so-called "At Large Advisory Committee" (ALAC) put out a paper entitled "Proposed Criteria and Accreditation Process for At-Large Structures, and Proposed Guidelines for Regional At-Large Organizations' (RALOs) Memorandum of Understanding (MOU) with ICANN".
That paper called for comments to be submitted to a "forum".
As of this date (April 23), which happens to be the closing date for comments, that "forum" has not been made visible to the public.
The word "forum" invokes an image of a place where people gather and exchange ideas. However the ALAC's failure to make the comments visible denies people the ability to exchange ideas and to build new ideas and compromises based on that exchange.
ICANN's history has rarely, if ever, allowed there to be a real marketplace of ideas - ICANN generally operates by allowing people to throw comments over a wall to silently meet their fate at the hands of unknown persons using unknown criteria.
It is sad that ICANN's ALAC has followed the same path.
Brownian motion is the ceaseless random movement of particles suspended in a warm fluid. The particles move because they are buffeted by random collisions with molecules and atoms speeding this way and that under the impetus of heat. The greater the heat, the greater the motion. But no matter how much motion and how much heat, Brownian motion brings no progress.
Today I learned from Bret Fausett's ICANN Blog that ICANN has just published its Sixth Status Report Under ICANN/US Government Memorandum of Understanding, dated March 31, 2003. This report is subtitled "Report by ICANN to United States Department of Commerce Re: Progress Toward Objectives of Memorandum of Understanding" (emphasis added.)
Let's take a look at that those claims of "progress":
ICANN is an entity with many particles - the report tells us that the number of employees is now 23, not to mention its 18 non-employee Board members and umpteens of people on umpteens of "committees: and "organizations".
And ICANN is an entity with much heat to impel those particles into rapid motion - the budget is approaching $8,000,000 per year. And like Brownian motion, the result is a ceaseless random motion that cumulates to neither advance nor retreat, it cumulates to nothing more than zero.
This report claims that ICANN has moved much. The report also reveals that ICANN has accomplished little. The report is written in the prolix manner of a student who is required to turn in ten pages of writing but who only has one page to say.
Certainly there is some progress - ICANN has finally created a long overdue body to examine privacy. And ICANN has adopted a "redemption grace" mechanism for those who fail to make timely renewals of domain names. ICANN did make a good start by forming a committee on corporate governance, but the follow-through appears to be aimed squarely at creating a rubber stamp for the status quo.
Much of ICANN's report is filled with what amounts to self-congratulation about establishing bodies created through ICANN's "reform" effort. I consider ICANN's so-called "reform" to be a retrograde change that does nothing to advance the public interest. Instead I find that this "reform" more deeply entrenches ICANN as a body regulating social, business, and economic (but not technical) policies that has been captured by those it purports to regulate. So to my mind, creation of a bewildering number of "committees" and "organizations" is nothing more than empire building that has value only in the eyes of the professional bureaucrat.
Many of ICANN's claims of progress are questionable. For example, the highly critical matter of DNS security is covered in the report with a reference to two documents. The first is a document that is well written and accurate but that covers a topic well known and long-discussed in the internet technical community. In other words, it offers nothing more than a Readers Digest version of a much larger and richer body of already existing material.
The second mentioned document is the Whois Recommendation of the Security and Stability Advisory Committee. It is well considered and well argued (even though I disagree with many of its conclusions) by well informed and thoughtful people. This report is indeed "progress", but unfortunately it bears the burden of being the sole demonstrable "progress" made by ICANN's vaunted security committee despite its 18 months of existence.
ICANN is claiming that it is 'monitoring of deployment of "anycast"'. I find that claim to be quite misleading. ICANN was, at best, an after-the-fact observer of a fait accompli. This technical deployment, something that I welcome, does have risks, risks of a scope and scale that are much greater than the risk caused by the deployment of new TLDs. Yet the conception, design, and deployment was done in spite of ICANN, and not by ICANN (or IANA.) I applaud the engineering and innovation of the root server operators. I reject the claim that ICANN's involvement was more than passive observation of something that was happening beyond ICANN's ability to affect.
The report makes the claim that progress was made because ICANN (or IANA) has dropped its demand for access to ccTLD zone files before updating the list of IP addresses for the servers for that ccTLD. That requirement was created out of thin air through a unilateral "staff" decision and with no community input. For ICANN to claim that removing that requirement is "progress" is facile and misleading - ICANN (or IANA) simply removed a wart of its own creation.
It is amusing to see ICANN claim as progress the receipt of documents sent by other bodies. It takes a lot of chutzpah to claim that receiving a letter is "progress", particularly when the claim that this is progress is listed under ICANN's obligation to "provide expertise".
I am repeatedly amused by ICANN's listing of the number of numbers that have been assigned by IANA. Most of that job consists of the following steps:
Yes, sometimes step #3 is more complex - sometimes a simple formula must be computed or a designated expert consulted. But for the vast bulk of the numbers (such as the "Private Enterprise Numbers" [you may want to see who has number #12]) the flow chart above pretty much describes the job.
The report fails to give what would be some rather interesting accounts - How many hours of meetings were held with doors closed to the public? How many miles were flown by ICANN personnel? How many visits were made by ICANN or its agents to the US Department of Commerce? What type of material was redacted from the "public" version of reports made by ICANN to the US Department of Commerce? How many layers of institutional insulation were imposed between ICANN's Board and the members of the public? (Answer: 4).
The report also failed to note the growth of hostility to ICANN among the internet technical community and the increasing number of bodies that are calling for ICANN's relationship to IANA to be clarified and strictly limited, and for several technical matters to be severed from ICANN (and IANA) and placed into the hands of less politicized bodies.
Nor did ICANN's report note the number of half-measures that are likely to simply ossify into biased and prejudiced policies without the second half ever being considered - things like "accuracy" in the whois database - with only the thinnest of pretenses of ever asking why whois data is gathered in the first place and what privacy limitations ought to obtain.
Apart from the content, the report demonstrates a serious failure of ICANN's ability to govern itself. No notice of this report was given to ICANN's Board of Directors. Once again ICANN's "staff" bypassed the Board of Directors, indicating once again a failure of proper organizational subordination. And ICANN's Board of Directors once again silently accepted the abuse of its position and authority, thus nullifying even the most tenuous claims that the Board of Directors and ICANN represent the public interest.
I just read about the cease and desist order sent to folks at the InterzOne 2 gathering to prevent a presentation on the weakness of a credit card system.
The thought occurred to me - had today's climate of intellectual property uber alles been around during the 1960's would Rachel Carson have been able to publish Silent Spring? Would Ralph Nader have been able to publish Unsafe At Any Speed?
Many people are alive today because of those books. The world is a better place because of those books.
It seems to me that as a society we are paying a terrible price simply to placate the whining of an industry that is increasingly failing to live up to its obligation to promote the progress of science and useful arts.
If anyone is planning on coming to the Networld+Interop show in Las Vegas in a couple of weeks, stop by the iLabs area on the show floor - I'll be there helping out with various things, most particularly the IP Storage Initiative. (Think "Storage Area Networks", SANs.)
(If you are not familiar with iLabs - its a place where we try to push networking technology to its limits, and often beyond. It's a place where still lives the old spirit of hooking up diverse equipment and pounding on it until it interoperates ... or until we collapse in exhaustion.)
I've spent the last couple of days setting up a test rig to subject ISCSI products to various kinds of network conditions. I'll be using my new tool, Maxwell, the Network Impairment System™, to explore the range of network conditions in which ISCSI works well and those in which it does not (yet).
(We've also used Maxwell to do some tests on voice-over-IP [VOIP] systems - See End-to-End VoIP Product Comparison Testing.)
We've got some cool gear at iLabs - In the storage area networks area alone we've got several racks of some seriously heavy-duty SANs clients, servers, switches, and monitors. We also like to add some amusing stuff - like the various networked toasters we did starting in 1990. (I wrote the SNMP stack for the toasters). So, in addition to the heavy iron, we've got what may be one of the largest collections of high speed ISCSI equipment servicing the lowest speed, smallest capacity, lowest performance storage system around.)
So, if you are in the vicinity, stop by.
I am concerned by certain aspects of the ICANN "Nominating" committee's recent Formal Call for Recommendations and Statements of Interest - not for what is said, but rather, for what is not said.
Let me begin begin and end this blog entry with a single suggestion:
Any person who is considering becoming a Director of ICANN (or any other corporate entity) ought to consult with his or her own personal legal counsel.
(Although I am a licensed California attorney, the above is not intended to be, nor is it, legal advice; you should consult with your own personal legal counsel on these matters.)
This note is in response to sTLD Beauty Contests: An Analysis and Critique of the Proposed Criteria to Be Used in the Selection of New Sponsored TLDs by Karl M. Manheim & Lawrence B. Solum. Other materials related to the issue of deploying new TLDs may be found on the authors' web page at http://gtld-auctions.net/
When I ran in the only open election ever held for an ICANN board seat my published platform set forth my preferred approach to the deployment of new TLDs.
In that platform I proposed that the the top level domain space be expanded not through the deployment of "names" but rather through the deployment of "slots". The difference is subtle. When I say deployment by "names" I mean that the character string that will be the actual domain name label for that new TLD is made part of the selection process. When I say deployment by "slots" I mean that the character string is utterly irrelevant except to know whether that string is already in use. A "slot" is a right or privilege to have a character string of one's choosing inserted into the DNS root zone (along with various NS records pointing to a suite of name servers.)
In other words, I prefer that we deal with "slots" rather than named strings, that we focus on the capabilities of the holder of the slot rather than on the semantics of the string. There are courts a-plenty to handle the real or imagined slights of those who claim to have rights of one kind or another over a given string. If we deal with "names" we are tacitly getting involved in those disputes, if we deal with "slots" we are explicitly saying that we chose not to be a forum for fights over character strings.
So I pose the question of new TLDs not as a question of names but rather of slots - who gets to have a slot in the root zone?
As Ross Rader points out, the most fundamental question is whether the applicant has the technical capacity to run a suite of name servers in accord with the applicable technical standards. I emphasize the word "technical". It is of no importance to me whether the applicant has any business sense, nor do I care about the applicant's motivations. And, as mention in my note Thoughts on whois and privacy I do not necessarily consider the applicant's ability to publish whois information to the world to be necessarily part of that technical competence.
Business acumen and financial strength are not among the criteria that ought to be used to chose between applicants. Yes, we have a world in which the customers of a TLD build their brands on that TLD. But I prefer that the underwriting of that TLD's continued operation be a matter between the customers and the TLD operator and not a regulatory matter imposed ex cathedra by ICANN or any other regulatory body. (I would go so far as to say that perhaps ICANN ought to define good data preservation practices, such as registration data escrow formats. I won't comment further here on ICANN's vanished effort to define escrow formats and impose them.)
So, how do we chose who gets to have a slot?
There are technical limits to the size of the DNS root zone - there simply isn't enough room to give a name to everyone. An allocation mechanism is necessary. And perhaps there also needs to be a garbage collection mechanism as well to reap dead allocations.
The paper sTLD Beauty Contests: An Analysis and Critique of the Proposed Criteria to Be Used in the Selection of New Sponsored TLDs proposes auctions.
Auctions are a means that guarantees the prize to the qualified applicant willing to pay the most money. In practical terms this means that the wealthy will inherit the Internet, or at least the DNS top level domains.
For many, that is an acceptable outcome.
However, I feel that there are social values other than cubic money. And those who live by those other values ought to have a chance to obtain TLD slots.
This is why I feel that allocation ought to be by a lottery system. Everybody who buys a "ticket" has a chance. The wealthy can, by buying more tickets, improve their chances to an arbitrary degree. But no matter how many they buy, there is still is a chance that the small guy might win.
If we have lotteries for a non-trivial number of slots we can expect that at least a few will be won by the less well healed applicants.
I am, of course, ignoring the legal obstacles that face things called "lotteries". There is no doubt that what I suggest is a kind of gambling. But in the great scheme of things, that's a pretty small blemish on what otherwise could be a useful system.
I don't have an opinion at this time regarding the mechanics of the system - I don't know if a ticket ought to be good only for a single try for a single slot or whether it ought to remain in the system.
I do believe, however, that the tickets ought to be quite inexpensive - on the order of a few dollars. ICANN has created a system that delves deeply into useless and irrelevant matters, such as the applicant's business plan. A system that merely inquires whether the applicant is able and willing to abide by internet standards would be orders of magnitude less expensive and intrusive than what ICANN has done.
I also believe that we ought to dispense with the microscopic, and to my mind, useless distinctions between TLDs. As far as I'm concerned the concepts such as "sponsored" and "unsponsored" are nothing more than false creations, proceeding from the heat-oppressed brains of those who have tried (and to an uncomfortable degree, have succeeded in their efforts) to transform ICANN into an overwrought bureaucracy. (My apologies to Shakespeare for my paraphrase from Macbeth, Act II, Scene 1)
Update:
Please see Lawrence Solum's response in which he describes approaches that obtain the benefits of a lottery without some of the drawbacks.
Also see see the thread in ICANNWatch in which an interesting discussion has developed regarding of the various approaches and considerations of TLD allocation mechanisms.
Last week at the the IFIP/IEEE International Symposium on Integrated Network Management I gave a keynote talk on how we might improve the reliability and availability of the net - (See my Blog entry of March 25, 2003.) One of the points that I made was that as the net moves towards being a utility, there must be a significant improvement in the the availability of usable net services and a similar reduction in the time to repair such failures that do occur.
Unfortunately I have had experiences learning what happens when networks crumble whether by human or natural causes. The job of putting things back together is chaotic and ad hoc. Security measures are, at best, a troublesome nuisance and, at worst, an obstacle preventing recovery.
A couple of days after my presentation, during a discussion on Secure BGP by Steve Kent, it occurred to me that I don't have a good mental metric how to evaluate the tradeoff between network security and network recoverability.
If we think of the internet as a utility, the social value of the net is not necessarily maximized by high security. High availability (which implies speedy recovery from those failures that occur) may be of equal, or even greater importance than security.
This raises a question - To what extent is internet security in conflict with internet recoverability? How can we minimize this conflict? And how do we strike the right balance?
It is time for ICANN/IANA to squarely face the question of privacy in the DNS whois database.
Various people whose judgment I value [M. Mueller, B. Fausett] have suggested that ICANN/IANA may finally get to the issue of privacy.
The ICANN Board is establishing a "President’s Standing Committee on Privacy" (why the committee is possessed by ICANN's "president" and not the Board is something we can deal with at another time and another place.)
Privacy is a hard question. It is a matter that pervades all aspects of information handling. It would be entirely inappropriate, and ultimately futile, to try to deal with privacy as an after-the-fact adjustment to the existing DNS whois system. It is necessary to examine the most fundamental questions - such as what reasons, if any, justify there being a whois database at all.
This note contains thoughts on how we might try to deal with these questions in a principled way.
We need a framework to structure our thoughts as we try to answer the question whether there ought to continue to be a whois database in its present form. Fortunately much work was done on privacy frameworks in the United States during the 1970's and later in Europe. Today we have had more than two decades of experience with the principles that came out of that work. Those principles have been found to be sound.
These principles are not absolutes - privacy is a balance between competing rights. Nor is the the balance fixed for all places and times. Privacy is affected by cultural and social values that vary with time and place.
Since privacy is contextual, for the purposes of this note I am using a contemporary Euro-American point of view.
Many of the privacy principles in the various privacy frameworks are concerned with letting the data subject know that his/her data is being collected and ensuring that the data subject can check the data for accuracy. I would suggest that we come back to these principles later, after we deal with the ultimate question of whether whois data should be disseminated at all.
For purposes of this discussion there is one privacy principle that stands out from the rest:
Principle: Personally identifiable information should be used only for those purposes for which it was collected.
Because whois is a running system that has evolved from the days when the internet was largely a friendly club of techies who knew one another we do not have the opportunity to clearly comprehend the purposes for which personal information was included in whois when whois began. Early documents, such as the 1974 ARPAnet Directory reflect the collegial nature of the net in those days. Whois in those days was very much like a club's membership list.
Because the history of whois is not of much help we are forced to look at the uses to which whois data is used today and ask which uses are an essential part of the purposes for which that information was disclosed and which uses are simply excrescences.
The approach I will use to answer that question is to ask what is the understanding of the purpose of the information disclosure in the mind of the person when he/she acquires a domain name? I will infer a more expansive reading to that purpose when the person is engaged in an informed, arms-length transaction; I will infer a less expansive reading when the person is typically less informed and has little, or no, negotiating power beyond simply walking away.
Personally identifiable information in whois is obtained directly from the data subjects as the result of the data subject acquiring a domain name. The disclosure is made because the DNS registrar demands that information as part of the price of obtaining a domain name.
Do we care whether this disclosure of personally identifiable information is a voluntary act? Certainly in the gross sense, the disclosure is voluntary - the person could chose to not obtain a domain name and thus not have to make the disclosure of his/her information. However, we ought not to focus our inquiry on the crude question whether the disclosure is voluntary. Rather we should try to comprehend the forces that drive a person to feel that they must accept the proposition that registration of a domain name requires the disclosure of their personally identifiable information.
Were the internet a trivial bit of fluff with very little relevance to the ability of a person to act as a meaningful part of the social fabric, then I would have no trouble concluding that those who disclose private information are doing so as part of a fair bargain for communications services.
However, the internet is increasingly becoming a utility, a necessary part of daily life. A domain name is increasingly becoming an important part for establishing an empowered role on the internet and in society. A person who wishes to establish a presence on the net beyond the extremely limited presence of an e-mail address or an ISP-hosted "home page" is virtually compelled to obtain his/her own domain name.
Moreover, many aspects of DNS registration contracts, including the obligation to disclose personal information, are not negotiable. Contract terms are established industry-wide by ICANN for the vast bulk of DNS registrations. The exception are the country-code TLDs, which are frequently available only to residents or citizens of the country associated with the ccTLD. In addition, ICANN's reluctance to create new general TLDs has further limited the diversity of contract choices available to those who wish to obtain a domain name.
In other words, the rules under which a person parts with his/her personally identifiable information are nearly always not subject to negotiation - they are a take-it-of-leave-it proposition. And because of the social utility of having a domain name, the person is strongly compelled to accept these terms.
Thus, when we come to the question of asking for what purpose DNS information is obtained we ought to take the narrow perspective; we ought to look at the minimal set of uses that are necessary to enable a the DNS registrar to successfully deliver the service for which the data subject has parted with his/her personal information.
In that context, the use for which the information is disclosed is to give the registrar enough information to contact the person for purposes of consummating the registration (including billing for charges incurred) and for periodically renewing the registration.
If, as I suggest, the data subject's intention is for the private information to be used only to achieve the registration of a domain name, than by logical extension, the purpose of the disclosure is not intended to benefit third party trademark holders or anti-spam advocates.
My conclusion therefore is that when people part with their personally identifiable information during the acquisition of a domain name that their expectation of the purpose is that such disclosure is solely to facilitate the acquisition and to facilitate periodic renewals. It is equally part of my conclusion that that the disclosure is not intended to benefit trademark owners or anyone else.
The broader conclusion that I draw is that, consistent with the privacy principle enunciated previously, personally identifiable information disclosed as part of the acquisition of a domain name ought to be used exclusively to accomplish and maintain the registration of the domain name. And further, that it would be an contrary to the intended purpose of the information to disclose it to any third parties without the data subject's express and informed consent.
In other words, the whois data, for purposes of privacy, is for the use of registrars for the sole purpose of servicing the data subjects in their role as customers of those registrars.
So, where does this leave trademark holders and anti-spam folks? Certainly these people have the need to track down those who are impinging on their legitimate rights. But why should that interest automatically supersede that of the data subject's interest in the privacy of information that he/she disclosed for the sole purpose of acquiring a domain name? The answer is simple, it doesn't.
As I mentioned, trademark people who feel that their marks have been violated and anti-spammers who believe that they have been abused do have rights. But these are not rights to access whois data, rather these are rights to invoke processes that may result in a controlled and limited opening of that whois data.
Thus, for example, the trademark owner who believes his/her mark has been abused should be required to demonstrate that there is reason to believe that a particular accused domain name is the source of that abuse. After successfully making this demonstration whois may be opened for the limited purpose of permitting the trademark owner to confront the person in control of that domain name.
There are many, particularly those who obtain free and unlimited whois access under today's regime of zero-privacy, who will complain that being forced to make a preliminary showing before obtaining access to whois will too slow and expensive. My answer to the matter of speed is simply that access to whois data based on nothing more than a mere accusation is an invitation to abuse. I believe that a magisterial process is necessary to determine whether the putative injured party has something more substantial than a bald accusation. My answer to the matter of cost is simply to build recovery of costs into the remedy for successful vindication of a trademark owner's rights. In fairness, however, the accused should recover his/her costs should the trademark owner's accusation fail.
So, in summary, it is my believe, based on established principles of privacy, that the existing whois system should be terminated. It should be replaced by systems of records that exist as private data between a name registrant and the registrar and which are used solely to promote the relationship between the registrant and the registrar. (I am intentionally avoiding delving into the split personality manifested by the ICANN mandated system in which a cloud of front-office registrars envelops a back end database "registry" operator.)
In parallel to this closed whois system there would need to be established a fast and inexpensive magisterial process. Anyone who believes that their rights are being violated would be required to make a minimal demonstration that such a belief is supported by a reasonable amount of concrete evidence. Upon making such a showing, the requested whois records would be disclosed, but only for the limited purpose of further processes to resolve the dispute. I am not here dealing with questions of the nature of that magisterial process. I am not dealing with questions such as whether the data subject has the right to receive notice and the right to present a rebuttal. However, whatever the process, it is necessary that the accusing party fully identify itself, and the fact that such a process occurred and the name of the accusing individual ought, as a matter of fairness, be available to the data subject.
This magisterial process necessarily involves humans and human judgments - it thus has real costs. Because the value of the system comes from its mere existence as well as from specific events, the question of equitably distributing the costs is complex and beyond the scope of this note.
