Domain Name Rights Coalition

Special Circumstances My Foot:

The "whois" system for domain names is the single greatest violation
of privacy rights on the internet.

A reasonable cure has been put forth that would require only that domain name registrants designate a contact, who could be an agent, to receive communications pertaining to the technical operation of the domain.  This is not unlike the way that corporations keep much of their structure private by designating an agent for the receipt of legal notices.  ICANN and Verisign both do this.

The industry that protects intellectual property (not to be confused with the industry that creates intellectual property) does not like this proposal; they would prefer that every person go naked on the internet, with their names and numbers tattooed to their chests, and live in glass houses.

The trademark industry wants domain name registrants to reveal their information, and that of their families and children, to the anonymous predators of the world on a 24x7 basis.

The trademark industry will allow but one exception - if a person claims sanctuary on the basis of "special circumstance".  What this means is that a few shelters for bettered women might be allowed to refrain from publishing their contact information.

This "special circumstances" proposal is contrary to one of the most fundamental tenets of modern society, that a person is presumed innocent until proven guilty.  The "special circumstances" proposal is nothing short of a systematic conclusion that you and I and every other domain name registrant is to be presumed to be a thief and unworthy of privacy.  The burden is placed not only on us to rebut that presumption but to do so in advance even of an accusation.

We are being told in no uncertain terms that our privacy, and that of our families and children, is worth less than a trademark.

The "special circumstances" shoe should be put on the other foot.  If a trademark owner wants to penetrate the privacy of the Whois data that owner should be obligated to make a specific accusation, saying on a permanent public record, what rights of that owner are being violated by the accused domain name owner and what facts exist to support that accusation.

In other words, the trademark owner should be required to demonstate, with concrete accusations backed by concrete facts, that special circumstances exist that are sufficient to violate a person's right to privacy.

We have seen how the music and movie vigilantes, the RIAA and MPOA, have run amok making groundless accusations against thousands of innocent people.  These are the law-firm office mates of the trademark people who want to violate our privacy in our domain names.  There is much reason to be skeptical of their intentions.

Posted by mikki at 10:19 PM | Permalink | Comments (0)

Prof refuses to quit using Tor:


Cory Doctorow:

The Chronicle of Higher Education has an amazing story by a brave prof, Paul Cesarini, who got leaned on by his university's IT department to stop using Tor, the anonymizing network tool. They even wanted him to stop teaching it. Cesarini stuck to his guns -- and won.

My visitors next produced page after page of logs detailing my apparent use of Tor. While I couldn't dispute most of the details in the logs, they seemed inaccurate. For example, the technician said I had been using Tor earlier that morning. In fact, I had been at Wal-Mart that morning looking for a good deal on an HDTV; I had reached my office only about five minutes earlier.

More important, the logs did not prove any wrongdoing on my part. All they demonstrated was that I, like thousands of others around the world, had installed and infrequently used Tor. In my case, of course, there was no wrongdoing.

Nonetheless, my visitors made two requests: that I stop using Tor, and that I avoid covering it in class.

Having been on the administrative end of academic technology, I appreciate the difficulties facing the information-technology staff. No one pats you on the back if nothing goes wrong, but if something does — if a virus or worm sweeps through the campus's network infrastructure, or someone hijacks some computers to churn out spam — you are off everyone's Christmas-card list. The last thing my former colleagues needed was some smarmy faculty member spouting off about academic freedom and threatening to demonstrate Tor to 100-plus students each semester.

Their job is to protect the network that allows me to do my job: to teach classes that are mostly or entirely online, and to conduct research. If they weren't here as the first or even only line of defense against the unscrupulous elements of our technological society, my university would cease to function. It's as simple as that.

Link

(via /.)

Posted by mikki at 10:13 AM | Permalink | Comments (0)

Beyond Whois - Data Mining IANA Protocol Numbers:

We all know about how the "whois" database is being mined by spammers and other scum.

This morning I woke up to find a scam email in my inbox, nothing odd about that.  What was odd, however, was that it was very clear that this email was created by mining the IANA protocol number assignments.

Posted by mikki at 05:40 PM | Permalink | Comments (0)

Judging the judge's Google leanings | News.blog | CNET News.com:


A federal judge this week granted a partial victory to the federal government in its quest to get Google to turn over search results.

U.S. District Judge James Ware said he would likely give the Justice Department access to a portion of Google's index of Web sites, but not to its users' search terms. The Justice Department is looking for the data to help it back its case in a pending trial over an antipornography law.

Google had resisted the subpoena for search data (unlike some of its competitors), saying that the data would not be relevant and that the request would put consumers' privacy at risk.

The case afforded the blogosphere plenty of opportunity for outrage: People were angry with the government, with Google and with the judge.

Posted by mikki at 12:49 PM | Permalink | Comments (0)

Proposed New Jersey Laws Would Chill Free Speech:

EFF and Other Groups Call for Bills' Withdrawal

San Francisco - A diverse coalition of companies, public interest organizations, and legal scholars, including the Electronic Frontier Foundation (EFF), craigslist, Public Citizen, the US Internet Industry Association (USIIA), the Center for Democracy and Technology (CDT) and Professors Lyrissa C. Barnett Lidsky and Jennifer M. Urban, sent an open letter today to three New Jersey assemblymen, urging them to withdraw their support from two bills designed to eliminate anonymous online speech.

Assembly bills A1327 and A2623 would require Internet service providers to record users' identities and reveal them in any claim of defamation. While aimed at curbing online bad actors, the bills instead run afoul of the First Amendment—which protects the right to speak anonymously—as well as a federal law designed to protect speech in online fora. The bills would require identification of an online poster before the facts were resolved, leading to a flood of unsubstantiated claims designed simply to unmask online speakers.

"Protecting anonymity is vital to maintaining the diversity of viewpoints on the Internet," said EFF Staff Attorney Kurt Opsahl. "Keeping online debates robust enables democracy, even if it allows name-calling and strongly worded opinions about political figures."

The open letter calls for Assemblymen Peter J. Biodi, Wilfredo Caraballo, and Upendra J. Chivukula not to waste taxpayer resources in defending these bills that will inevitably be struck down in court. New Jersey courts are already handling claims of defamation online in a careful and constitutionally appropriate manner, balancing a speaker's anonymity rights with the merits of the plaintiff's claim. The well-established standard in New Jersey and elsewhere for deciding whether to order the identification of anonymous defendants has functioned well to separate ill-founded lawsuits from cases in which identification is appropriate.

As evidence of this balanced approach, the open letter points to the cases available for review on a web site maintained by the Cyberslapp Coalition—several of whose members signed the open letter—at www.cyberslapp.org. The Cyberslapp web site provides briefs, evidence, and opinions from nearly four dozen "John Doe" cases in which the standard has been discussed and applied. The site, which permits search both by keyword and by state of decision, is provided free of charge as a resource for litigants on both sides of Doe disputes.

For the full text of the open letter:
http://eff.org/Privacy/Anonymity/NewJerseyLetter.pdf

The Cyberslapp Coalition:
http://www.cyberslapp.org

Contact:

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Posted by mikki at 02:11 PM | Permalink | Comments (0)

BBC NEWS | Technology | Google set for court in data spat:


Google is to take on the US government in court on Tuesday as the internet search engine fights demands to hand over records and lists of data.
The Justice Department wants Google to provide a week's worth of search records, saying it needs the data to help it better police cyberspace.

But Google complains that complying with the request would compromise its business and the privacy of its users.

Similar requests were made of other net firms such as Microsoft, Yahoo and AOL.

Posted by mikki at 02:09 PM | Permalink | Comments (0)

Editorial: New Jersey Assemblyman Wants to End Online Anonymity:


New Jersey Assemblyman Peter J. Biondi has proposed a pile of
unconstitutional filth that would end online forum anonymity...

Every court that has addressed the issue has held that
individual internet subscribers have a right to engage in
anonymous internet speech.

-- US District Court Judge Victor Marrero, ACLU vs Ashcroft

Not to be deterred by precedent or the fact...

Posted by mikki at 11:58 AM | Permalink | Comments (0)

First Thoughts on ICANN's "Whois" Report:

I just glanced through ICANN's Whois Report - or more properly it's Preliminary
task force report on the purpose of Whois and of the Whois contacts.

Much seems centered around two different points of view of the purpose of
whois data.

But I notice a very glaring omission in both points of view:  Neither
defines who is the intended beneficiary of this violation of privacy.

Both formulations are ambiguous with regards to the intended beneficiary of
the information.  Is the beneficiary intended to be the owner of the domain
in the sense that publication allows the owner to learn more quickly that
something might be awry?  Or is the intended beneficiary meant to be the
person who feels somehow wronged or harmed by the actions of the domain name
owner?

How can one grant any validity to this report if it can not define the
intended beneficiary of this highly intrusive, privacy-busting, heavy-handed,
one-sided regulation of internet activity?

This document makes many claims that the destruction of privacy would create
some benefits to certain groups.  But privacy is a balancing of equities
and this document merely piles up anecdotal benefits without engaging in a
principled weighing of the competing equities.

Nor does the document address any measures to remediate the intrusion -
measures such as requiring those who wish to view whois to state, in writing on
a permanent record, the grounds and facts that create a need to view the
information, such as requiring that those who view whois to identify themselves
into a permanent record and authenticate that identity, such as publishing
statistics about how many times each viewer has examined whois, etc etc.

And missing from the voices in the document are the victims - the people
whose personal privacy is penetrated and whose families and lives could be, and
have been, harmed and endangered by ICANN's policies.  ICANN long ago
excluded the voice of the public.  But without that voice this document
must be considered vacuous, the product of systemic bias, and as nothing more
than an instance of Benjamin Franklin's two wolves and a lamb voting on what to
have for lunch.

The document makes claims based on some sort of notion of inertia deriving
from "historical uses" of whois.  I am one of those people who
have been part of the internet since the early 1970's.  My name is to be
found in many of the early versions of whois - such as the ARPAnet directories
from that era.  And I can state from my own experience that the original
purpose of such publications was a quasi-private roster of friends in a small
club and not a directory that was intended to be open to public access.  In
other words, the so-called history mentioned in the report is nothing more than
hearsay, gossip, and fantasy that diverges from the reality experienced by those
of us who were actually there.

On a minor note - the formatting of the document, in a word, sucketh. 
The business, registrar, ISP, and intellectual property constituency statements
are all headed by text in grand 20+pt font while the non-commercials are hidden
under a 12 point header that is lost in the numbering system.

As a whole, the document is worthless.  Only the Non-Commercial
constituency approaches the questions based on a principled analysis; the other
groups are simply making self-aggrandizing assertions.

I wonder - how many companies of the business constituency, lawyers of the
intellectual property constituency, and members of the other constituencies
would be willing to put their personal contact information and their company and
law-firm org-charts, and phone and address directories, up for anonymous public
browsing 24x7?  My guess is that the number would closely approximate
zero.  Yet these same people, who most likely stamp every one of their
company directories with non-disclosure labels, are the most willing to condemn
internet users to a hell that they themselves are not willing to endure.

Posted by mikki at 12:16 PM | Permalink | Comments (0)

Political bloggers jailed, detained:


It's been a bad week for bloggers in Libya, Egypt and China, where authorities are cracking down on online critics.

Posted by mikki at 09:14 AM | Permalink | Comments (0)

FCC Extends Wiretap Rules To Broadband Internet Services: "The Federal Communications Commission ruled August 5 that broadband Internet access and 'interconnected VoIP' services must be designed to make government wiretapping easier, under the terms of the 1994 Communications Assistance for Law Enforcement Act (CALEA). CDT believes the decision exceeds the terms of the statute. The ruling imposes undue burdens on innovation and threatens the privacy of Internet users. CDT is considering a court challenge."

(Via Center for Democracy and Technology.)

Posted by mikki at 12:19 PM | Permalink | Comments (0)

CDT Opposes "Write Your Own Subpoena" Power for FBI: "CDT will testify Tuesday, May 24, before the Senate Intelligence Committee in opposition to a proposal to expand the PATRIOT Act by granting the FBI power to issue so-called 'administrative subpoenas,' which would allow the FBI to demand disclosure of records without judicial approval. CDT will urge the Committee to focus on adding checks and balances to the PATRIOT Act rather than creating new, unchecked powers. CDT's analysis shows that administrative subpoena power for the FBI is unprecedented."

(Via Center for Democracy and Technology.)

Posted by mikki at 09:03 AM | Permalink | Comments (0)

We definitely have quite a bit to worry about from mandatory federal ID cards that have technology that can read them up to 30 feet away. With identity theft as rampant as it is NOW, shouldn't the Feds take a second, third and a fourth look at this idea and the technology behind it before implementation of such a risky scheme?

As usual, EPIC has the facts. Read on.

Federal ID cards need more thought | CNET News.com: "In response to the Perspectives column written by Phil Libin, 'Technology alarmism in spades': We are writing in response to Phil Libin's CNET News.com column on May 17, 2005, 'Technology alarmism in spades.' In it, Mr. Libin criticized the Electronic Privacy Information Center's April 2005 Spotlight on Surveillance report, 'Homeland Security ID Card Is Not So Secure,' which is an evaluation of the Department of Homeland Security's Access Card (DAC). Mr. Libin also posted a longer criticism of the report on his blog, 'Vastly Important Notes.' Mr. Libin's column and blog entry contain several errors, and EPIC takes this opportunity to refute his criticisms. Mr. Libin's most significant error is his assertion that the DAC's ISO 14443 technology is not Radio Frequency Identification (RFID). However, technology experts, the industry and CNET News.com itself, label ISO 14443 as RFID. RFID is a generic category that encompasses many types of chips: Some are passive (they are dormant until read at close range); some are active (they are always ready to be read at a greater distance); some offer plaintext or encrypted data in addition to authentication mechanisms (ISO 14443 A&B). What they have in common is that they use radio waves to request and transmit data, as opposed to contact cards, which require physical contact with a reader to receive and transmit information."

(Via .)

Posted by mikki at 12:52 AM | Permalink | Comments (0)

ChoicePoint Wins Menace Award: "The data broker takes top honors at this year's U.S. Big Brother Awards, which spotlight invasive privacy practices in business and government. Other winners include a California elementary school and the Department of Education. By Joanna Glasner."

(Via Wired News.)

Posted by mikki at 10:45 AM | Permalink | Comments (0)

Juxtaposition: "

Today's news brought two items that are interesting in their separate ways but much more interesting when placed side by side.

First we see an article (also at) in which the US National Institutes Health (NIH), a US Federal agency, is resisting Freedom of Information (FOIA) Requests to reveal documents that the NIH is required to publish under the Federal Ethics In Government Act.

What reason did the NIH use to refuse the request? They claimed that these documents, documents mandated by Federal statute to reveal conflicts of interest by high Federal officials, were being withheld because they would be an 'unwarranted invasion of privacy' of those officials. (I wonder what the US tax authority, the IRS, would say if taxpayers were to use that excuse to withhold their tax forms?)

Second we see a letter from a commissioner of the US Federal Trade Commission (FTC) asking ICANN to be more demanding in its private contracts to require the opening of the the private customer records ('whois') of domain name registries and registrars to the public on a 24x7x365 basis.

In other words, we see the US FTC requesting nominally private corporations and businesses to engage in privacy-busting behavior of the first order. In fact the requested behavior is so outrageous that is likely to be in violation of the privacy laws of many countries.

Why does the FTC want this? Because they are very lazy. The FTC people apparently feel that their power to issue subpoenas or to otherwise use supervised legal methods of obtaining access to private business records, which is what the 'whois' database is, is simply too much of a bother. They'd rather do their investigation via a web browser. I'm all for efficiency - but not when that efficiency comes at the expense of our civil rights. The FTC apparently believes that it is OK to expose the private data of families and their children to predators if that exposure makes life a bit easier for some lazy FTC investigator.

So from these two articles I would have to conclude that the Executive Branch of our US Government believes:

A) that high officials deserve privacy even if that means violating the express requirements of a Federal statute and

B) that peons, oops, I mean citizens, have no right to privacy and that the private customer records of businesses, even in the absence of any accusation of wrongdoing or threat to health or safety, are to be published for the benefit of predators, spammers, and competitors.

And thinking of FTC and investigations - I wonder when the FTC is going to get back to its real job, which is to track down and stop unfair trade practices in the US. When is the FTC going to send a letter to ICANN asking ICANN to explain exactly and precisely why ICANN is not an illegal combination in restraint of trade?

(Via CaveBear Blog.)

Posted by mikki at 04:37 PM | Permalink