(((accurate obsession)))
9.14.1.12.2004@cape-town.za
i'll report later about the wsis workshop. but now, i have some personal thoughts after the meeting between the gnso council and the whois task force 3 members (tf3 is the one expected to come up with measures to enforce the registrants' duty to provide accurate and truthful personal data when registering a domain name).
i'd start by noting that the availability of inexpensive and easily accessible domain names has been a key element in allowing not only large institutions and big corporates, but also small businesses, non profits and individuals to have an effective online presence. any step that tends to make access to domain names more complex or more costly, complicating the process of registering and maintaining them, is of extreme concern and could significantly change the degree and simplicity of free expression that the internet currently provides.
now, i am a member of the task force, so any criticism i make goes to myself as well, but i would really have liked the task force to focus on how to make it easier for registrants to keep their data updated, which is almost impossible up to date: there could be huge improvements in the processes registrars offer to registrants to manage data, and in the technical architecture of the whois itself (i still think that if zone files are distributed, then whois data should be all the same).
instead, mostly due to the pressures by the intellectual property constituency, the task force only focused on punishing random people who mistyped their email address or simply faked it because they didn't want to publish it to the whole world. and it's really random people, since i'd bet that a great percentage of legitimate domain names, if not a majority, is associate to inaccurate data! so the discussion was too polarized on punishments and repression and enforcement.
today the meeting was very nice, since in fact it was a sort of a business negotiation between representatives of american corporate users, american registrar corporations (well, canadian, actually), and american intellectual property law firms that consult to big american corporations.
and again, i am absolutely not anti-american, but i stress this because my honest perception is that in the gnso no one gives a damn about american registrants, and no one ever conceives the existence of non-american registrants, i.e. people who do not read e-mail every two hours and would not anyway be able to understand a notification in english.
so, for half an hour i watched this peaceful exchange of opinions where the difficult issue was whether the cost of kicking out a registrant from his own (paid) domain name when a corporation's law firm wants so should be borne by the registrar or by the complaining corporation, assuming that then ways to charge the registrant's credit card for 20 or 40 dollars will be found so that all those corporates can recover their costs plus a reasonable prize.
finally, i raised my hand and i asked to the participants, "which is the problem we are trying to solve?". i got the answer, "there have been cases where someone registered a confusing domain name and used it to do phishing for customers of big corporations". so, first of all, it is clear to everyone that accuracy is not the point, nor it can be an end in itself - so let's not fool ourselves about this.
now, it is true that phishing scams happen, and of course it is something that should be avoided, in the interest of internet users too - but it seems to me that we might be shooting a sparrow with a cannon, since i guess that perhaps one registration over one million, by excess, falls in that category, while 99.9% of domain name registrations, whether contact data are accurate or not, are made in perfect good faith.
but also, if the problem is that people are using domain names to commit frauds and other crimes, it seems to me that icann or a registrar is not the right type of authority to take action! so i asked, "why can't you go to law enforcement?". and the answer was, "they are not efficient and it will take 20-40 days to get the site shut down, and perhaps even longer if it's a cross-national situation".
and, boy, this is exactly the point that scares me: it seems to me that the gnso is trying to exert the authority of global law enforcement system and turning icann into a global police of the internet, that takes care (and is thus responsible) for crimes that are committed through the internet.
moreover, it scares me that all the architecture of national and international legal due process that humanity has been building for the last thousand years can be suddenly thrown into the trashcan by a handful of people in a room.
now, i also have practical observations about the fact that the intellectual property requests ("let's send an email to the registrant, if he does not respond in 15 days, then let registrars make the domain stop to respond") will possibly have no effect on actual fraudsters - that will have anyway completed their scam in a few days, if not hours, and could as well get an anonymous email address to actually respond to the inquiry - but will be of immense harassment to unexperienced registrants, especially those millions who got the name through a domain name reseller (one more ring in the chain) and will not understand what the notification means (if at all they speak english).
however, my final take is that, even i do share the worries about phishing, icann is really overstepping its authority and getting itself into a mess, both on the practical and political level. and at least, it should have a mandate to do so from the proper authorities.
at most, if what we want to create this kind of "quick-to-react internet content police", then we should ensure that there is much broader agreement on it, and an independent third party that authorizes any kind of restrictive measure (shutting down the website, for example) before it actually happens. i mean, that's how our civil rights are supposed to work.