March 29, 2003

Response to Ross Rader

Ross Rader comments in his blog at http://www.byte.org/archives/2003_03_29.html#001734 that he considers my concerns about personal privacy to be "wrongheaded, hysterical and plain out and out 'not likely to happen'. "

Hopefully Ross is right.

However, ICANN, with the backing of the US Department of Commerce is forcing everyone who wants to obtain a domain on the net to publish his/her name, address, and other information into an online database, open 24x7 to any and all anonomous users.

Spammers and pornographers dredge through whois continuously despite hand waving by ICANN and registries and registrars that such conduct is a no-no.

But the risk is much worse than mere spammers and pornographers.

I personally know women who have been stalked when their addresses became known via the whois database.

The fact that there have been only a few documented circumstances to date speaks more to the low technical competence of stalkers and molesters than it does about some intrinsic strength contained in the handwaving by ICANN and the DNS name industry.

DNS registries and registrars, and ICANN itself, should be very concerned about their potential liability should whois data they publish be used for ill ends.

That whois data will be used to stalk a person or to molest a child are quite foreseeable events. The question is not that these things will or will not occur; the question is merely "how often?" Ross claims "not likely", he does not say "never". I doubt that this will provide much comfort for the parents whose child is one of those few exceptions.

The present course of ICANN and the DNS registry industry to dismiss those foreseeable events is an invitation to liability when those events do occur.

As for children - Parents who register a domain name so that their child may build a web site are being required to place their names, addresses, phone numbers, and e-mail addresses into the whois database. Even the most dimwitted of perverts need make only a very short intellectual hop to link the contents of a web page - frequently containing photos of the child - to that address information contained in whois.

Maybe I am hysterical. But then again, I ask the basic question: Why is "whois" information being published at all? The routine answers are that the data is useful when tracking down spammers and for helps trademark owners save money when tracking down purported violators of trademarks.

Are either of these uses of such social value that they require us to place at risk the safety not only of ourselves and our homes but also of our children?

On my scale of values, the protection of our children, ourselves, and our homes more than counterbalances the small benefits gained by anti-spam vigilantes and overpaid trademark lawyers.

If that is hysterical then I am pleased to be hysterical.

Posted by karl at March 29, 2003 4:48 PM