Quote:
Originally posted by thewitt
I ... pulled that out of thin air because it's true.
|
I see. Well... I guess
that just about says it all, doesn't it?
Quote:
Originally posted by thewitt
The domain registrars have only one recourse today to keep registration information valid, and that's to put a domain on hold.
|
Putting the domain "on hold" is not only
not the registrar's only recourse, it's not even among the registrar's choices as prescribed by ICANN regulations. From
the May 10th ICANN advisory that caused the recent spate of articles on this subject -- and concomitant discussions, such as this one -- in the first place:
If the registrant fails to respond "for over fifteen calendar days to inquiries by Registrar concerning the accuracy of contact details", then pursuant to RAA Subsection 3.7.7.2 the registrant is in "material breach" of its registration agreement with the registrar. That subsection also provides that "willful provision of inaccurate or unreliable information" shall constitute a material beach of the registration agreement. Under either of these circumstances, the RAA provides that the material breach of the registration agreement shall be "a basis for cancellation of the Registered Name registration." Accordingly, if the registrar's investigation results in a determination that the registrant is in material breach of its registration agreement, then in the absence of extenuating circumstances the registrar should cancel the domain registration.
"Cancellation" means cancellation. Period. It couldn't be more clear. The registrar is required by ICANN to have a registration agreement with the registrant which sets forth, among other things, the registrant's ability to cancel a registration when there is a material breach of said agreement; and said agreement
must require that the data in WHOIS records be accurate. This is a civil matter, not a criminal one. And no registrar that follows ICANN's rules and creates, executes and fairly enforces an adequate registration agreement has anything to fear in the way of lawsuits from registrants who end-up getting their registrations cancelled as a consequence of their provable (by a preponderance of the evidence) material breach thereof. This is a slam dunk for the registrar. There's no liability issue here. Never was.
Quote:
Originally posted by thewitt
There are not other penalties available to them, and as such the current ICANN regulations are not enforceable - and as you have stated, this frustrates law enforcement as well as any other agency that attempts to use this data.
|
While law enforcement is frustrated by the lack of accurate data in some WHOIS records, the proximate cause of that condition is not the unenfoceability of ICANN regulations -- which, incidentally, are completely enforceable, as clearly shown above.
Quote:
Originally posted by thewitt
If a registrant supplies false data, who will know?
|
Knowing -- at least on some levels -- is not as difficult as it seems. While there is no foolproof method, just as there is no foolproof burglar alarm system, there certainly are a number of automated procedures that could go a long way toward eliminating certain kinds of false information in WHOIS records. Again, from
the May 10th ICANN advisory:
Although 3.7.8 [of the RAA] envisions that ICANN may develop a policy requiring registrars to verify the contact details at the time of registration, ICANN has not yet done so. Nonetheless, registrars will find that implementing readily-available techniques to verify the format of data in the registration process (such as screening for blank fields or checking that addresses have valid post codes) will diminish the need for manual processes that would later be necessary to comply with the requirement to investigate reported inaccuracies.
Quote:
Originally posted by thewitt
The reality is even with the new law, it's not going to get any better.
|
I believe that's wrong; that it will get better... or at least it could.
And it's not a law yet. Far from it, it will no doubt take several introductions of such legislative language before any of it actually begins to stick. I certainly wouldn't hold my breath for Coble and Berman's bill to even clear committee, much less be presented for a vote. But this is probably the beginning of a several year process wherein the language that may eventually become law will be refined until it's ready.
Quote:
Originally posted by thewitt
The only time it will come to light is in the case of a UDRP dispute or the potential law enforcement activities.
|
No surprises there. Many laws are enforced that way. Just ask the IRS.
Quote:
Originally posted by thewitt
No one will be policing the hundreds of thousands of new registrations in order to see if they were made with legal data or not.
|
I can virtually assure you that the authors of the bill have no interest in seeing that happen. Laws like this are not written so that massive infrastructure to enforce them will need to be created. Laws like this are written for basically two reasons:
1. So that a certain percentage of those who might otherwise have done what the law forbids will, because of the law, decide not to after all, and,
2. so that law enforcement will have yet another tool it can use when pursuing a bad actor against whom it may be having a bit of difficulty making its case in chief, but whom it can nevertheless charge with other crimes -- like, for example, falsifying WHOIS data, knowingly and with intent to defraud.
Apparently you're just not watching enough
Law & Order on Wednesday nights. With a strong case against him for the five year felony of falsifying WHOIS data, a suspected pedophile against whom the feds may have a not-as-strong-as-desired case for child pornography is a much easier person to both investigate, and to intimidate into a plea on the lesser offense. It's a tool -- more a means, than an end.
Quote:
Originally posted by thewitt
The reality is there are still very few options here. Put the domain on hold so it's unusable, or take it away completely. Fine the owner or put them in jail? Sure - assuming you can find them to serve them. Remember, they didn't use valid data to register their domain in the first place.
|
The flaw in your thinking -- one of them, at least -- is your perception of what the goal is. So it shouldn't be a surprise that you've missed the boat regarding the options...
If the WHOIS data for a given domain is false -- whether or not said falsification was knowing and/or with intent to defraud and/or whether or not there even is a law which prohibits it -- ICANN regulations clearly state that "if the registrar's investigation results in a determination that the registrant [has, in fact, falsified], then in the absence of extenuating circumstances the registrar should cancel the domain registration." That's it. Judge, jury, executioner. Done deal. End of discussion. It doesn't seem to me that many options more than that are required.
If, in addition, legislative language like Coble's and Berman's ever becomes the letter of the law, it will never be used to patrol the Internet for WHOIS scofflaws. Nor will it matter that anyone with whom the FBI would like to chat, as you put it, "didn't use valid data to register their domain in the first place." To begin with, were it prohibited by law, then that they did and that it's an easily-provable felony would simply be used as a tool when they're finally caught-up with. Seems to me like little more of an option than that would be necessary, either.
And, in addition, make no mistake about it: If you use a credit card to register a domain, and then if you actually turn around and use it anywhere in the United States, and if I had the resources of the FBI -- and the power of subpoena and search warrant -- I'd find you in fairly short order, sir. Make
no mistake about it.
Quote:
Originally posted by thewitt
All the law does is put some teeth into existing regulations, making it less likely that you as a registrar will be sued when you take a domain out of circulation. It will have very little real application in enforcement of the law.
|
A mere re-statement of that which you didn't state terribly well the first time -- only now worse. And it's every bit the flawed thinking now that it was then. Coble and Berman didn't give one bit of notice to existing ICANN regulations when they wrote their legislative language. They didn't care a whit if registrars had exposure to civil liability on account of their having, as you put it, "taken out of circulation" domain names with falsified WHOIS data. In fact, they didn't care if WHOIS records, generally, were accurate or not... as is clearly evidenced by their inclusion of the predicate condition of knowing intent to defraud as requisite to criminal culpability.
And, perhaps not surprisingly, your closing comment is dead wrong in my opinion. If such a bill were to ever become law, I assure you that you would quickly and clearly see, as you put it, its "application in enforcement of the law."
Just watch.
Linear Mode
