Europe throws Whois privacy plan in the trash

Wonderful article, lebarondemerde .
Thanks for sharing it! I've been so pi**ed off at ICANN, for a little over a year now, for being more, and more a do-nothing organization. Yet, they keep raising the rates.
It was nice to read such a well written article, that really stuck it to them. <evil grin>
Go .eu!

--Chris
 
ICANN keeps raising the rates? Last I saw, their rates were under one US dollar.

If anything, the EU has become a stumbling block to progress, all in the name of "privacy".
 
ICANN keeps raising the rates? Last I saw, their rates were under one US dollar.
If anything, the EU has become a stumbling block to progress, all in the name of "privacy".
Thanks for the reply drhowarddrfine !
It was my understanding that the .eu is really pushing privacy. Preventing ICANN from posting all the whois (registrant/tech/admin) data. Seems a good thing.
Where have I gone wrong in my understanding?
 
Chris_H My reply to you was about their rates iirc, the ICANN fee on our domain names is 35 cents or 70 cents or something like that.

My second line is my comment about people, the EU commission in this case, dabbling in things I believe they have no knowledge of. While the idea is good, they seem unaware of the complications they cause.
 
Thanks for the reply, drhowarddrfine !
Hmm.. as (ICANN) rates go. That's not what all my registrars are telling me. They all indicate the opposite. While I'm not contending your assertion. I'm just indicating where my understanding came from. :)
(.eu)
That's probably "spot on". While I appreciate what they're trying to do. Only time will reveal the actual effect(s)/benefit(s); if any. :)

Thanks again, drhowarddrfine

--Chris
 
My registar charges me 1€ for my .ch domain ( unless you want to register more than 5 years, 10 maxium, when they charge 7€ for the last 5 ).
 
My second line is my comment about people, the EU commission in this case, dabbling in things I believe they have no knowledge of. While the idea is good, they seem unaware of the complications they cause.

IDK if EU had some proper knowledge people at their background, but it is important to point ICANN was warned 15 years ago, and several (probably all now) EU registers already created their own in house solutions and all seems to be working.

IMO, the real reason of ICANN doing nothing are the lobby of those copyright trolls ( and similar ) who make money sending mass notices and now will/would have to actually make some proof of their right at some Tribunal in advance, what break their money milking scheme.
 
IMO, the real reason of ICANN doing nothing are the lobby of those copyright trolls ( and similar ) who make money sending mass notices and now will/would have to actually make some proof of their right at some Tribunal in advance, what break their money milking scheme.
This sure appears to be the case.
Then again. Maybe it all boils down to a control issue. They're (now) apparent lack of.
Reminds me of InternetPollutions ahem, Solutions. When the US GOV told them they no longer had complete control of the Internet, and they (US GOV) wanted to make it a "competitive" market.
They threw an absolute fit. Like a squalling child. <roll eyes>

--Chris
 
It's more complicated than that.

On one side is the EU. The EU bureaucracy is full of dreamers, who have no idea about technology. But they have very good ideas about their goals, which is total privacy. In theory, that is a laudable goal. But in practice, it is not that easy. Furthermore, the EU is famously corrupt, and deeply in the pockets of commercial and governmental interests (often through the member countries who send staff to Brussels). And they are power hungry, and want to assert themselves. Beating up on people is a great way to assert themselves; whether they are right or wrong is secondary.

On the other side is the need for the internet to function, which needs some accountability. People who are connected to the internet have the unfortunate power to do damage: send spam, perform DoS attacks, host malware. That means that people who connect to the internet need to be authenticated in some fashion, so we at least know who they are, and can find them if needed. ICANN, from its very long experience with keeping the internet working, focuses more on that aspect. It's a little bit like saying that anyone who drives a car needs to have a driver's license, and needs to be able to authenticate (identify) themselves on demand. In the case of traffic laws, only the traffic police needs to actually inspect licenses; on the internet there is no police, so everyone needs to be able to check authentication. It's very closely related to saying: if you want to serve web pages, you need to do it over https (not plain http, but with SSL), and you need to have a valid and authenticated certificate. For example, a few days ago I was looking at my web server logs, and finding suspicious attacks, coming from certain IP addresses. I need to be able to do "whois 12.34.56.78", and be able to distinguish whether it's coming from a fly-by-night hosting company in Thailand and Columbia (which is what I found in this case), or from a reputable source such as Netcraft. Trying to hide the identity of participants in traffic behind the guise of "privacy" is idiotic: when you are out in public, you have to show your face, if you are doing something that all too often causes damage.

If whois information is private, then the only people who can get it are the big players: the big corporations that can buy the data somewhere, and government agencies that simply take it. And please don't think that "government agencies" means a friendly swiss police man, who hands you a chocolate after politely asking you to not drive quite so fast, or a british bobbie. But instead the intelligence agency of a really annoying country with no respect for human rights. I think if the spooks in Elbonia are able to figure out that 12.34.56.78 is an ISP in country X, I should be able to figure that out too. It's like free software: information wants to be available. Do you really want a playing field that is so uneven?

The real reason the EU is so adamant about it: it gives them an opportunity to beat up the US. Which makes sense; the US president and current administration really deserve to be beaten up. But hiding whois information behind privacy is technically dumb, even when done in the service of a laudable political goal (like annoying the US). And it is doubly bad when it is done in the service of the EU playing power games.
 
  • Thanks
Reactions: PMc
Thanks for taking the time for such a long post. :)
I think we can agree that all governments are guilty of corruption. It goes hand-in-hand with the need (greed) for power. We'll be fighting that till the end of time, as all those before us have.
Privacy, wonderful as it is, is a 2 way street. It serves us, as well as it does, those who seek to do others (or us) harm (even when their the government ;)). I don't see IP holders ever being made so anonymous that you can't/won't be able to hold them accountable for some (ill) action. There are too many laws, ISPs, and the Telcoms have to abide by (held accountable for), already. Should we believe that when somebody screams foul, that nothing can/will happen. Of course not. So in the end. I guess I see the .eu' effort a "sounds good" plan. But one that cannot ever be achieved. I'll applaud their effort(s). But I guess that's probably about as far as it'll go -- an effort, how ever dubious their motivation. :)
Striking the perfect balance should be the a goal we should all ascribe to. :)

Thanks again, ralphbsz !

--Chris
 
ralphbsz
That is not totally true, the whois data will be still available for anyone with valid reasons to get this information but for that one would need to get an order from a judge. Something like that would be quite simple and cheap in my country (not so different in most parts of Europe), the problem you see is the US Legal system that is rather expensive and "complicated".

Also, the EU point is to hide just the information of who is the owner, nothing more. In practice that would not change very much since most registers already sell privacy packages (and certainly are not liking the idea of the end that income).
 
I won't argue with that; If I could be a US dictator for a day. The first thing on my TODO list would be to make the act of being a "practicing attorney", a crime punishable by death! :)
Attorneys serve, and create laws. Because the laws serve themselves. Not the people they pledge to serve.

As long as anyone has access to the internet (Europe, or US, or...) they can get access to the holders (names) of those IPs.
So yes. The EU' efforts are just that, an effort. However dubious. :)

--Chris
 
What make the US Legal system really complicated are not the attorneys ( they just use the system ) but the fact it is 'Common Law'.

Common Law is a hell to work with since the 'case law' ( judicial opinions ) is its primary source, while on Civil/Latin Law the codified statutes predominate, and so is rather more predicable.

An extended EXPLANATION.
 
Well, I won't argue that aspect. Indeed. That is true. But the attorneys (many of whom later become judges) will continue to write laws that ultimately serve themselves (perpetuate their future). All awhile, telling you that they're writing them for your benefit.

Oh, and thanks for the link, lebarondemerde !

--Chris
 
I'm having a slow day, so I'm going to throw my 2-cents into the pile.

I think the reason we are seeing the heavy handed nature of the GDRP is because the big Internet companies have been claiming for years that "self regulation" is the best choice to ensure a balance of personal privacy and advancement on the Internet. However the European Union is of the opinion that the "self regulation" has been an utter and complete failure. The reaction to that is the GDRP and some less aggressive compromises in the past that have proven to be an utter failure like EU-US Safe Harbor framework.

When I look at the GDRP and compare it to the current state of privacy on the Internet (as I understand it to be), I am hoping that the apparent extreme nature of the GDRP is intentionally extreme as a counter-point to the equally extreme lack of privacy and deceptive practices of the big Internet companies (I hope I don't need to dig up the links to the publicized disaster of recent privacy revelations from the big companies to demonstrate this point) and many smaller ones (I'm sure).

I am not living in Europe (or the USA) but I hope that the EU regulators have some awareness that the the final state of Internet privacy will end-up somewhat less than what they have advocated. They may not be aware of how technically infeasible some of what they are demanding is but I hope they do realize that some parts of it will be very difficult (or impossible) to achieve from a technological standpoint.

I do believe that the need for proper privacy regulation is long overdue.

As to the Whois mess; that needed to be fixed decades ago. Whois was and remains an utter privacy disaster for any small domain owners (like me).
 
The UK's combined 4 countries population compares to 15 EU member states (countries). After Brexit the EU will barely represent half of Europe. Alienating the UK and the US as it is, along with Russia ... and with many of EU rules being riddled with holes, makes one wonder how serious the EU's policies such as massive Google fines etc. will be taken/followed. Wouldn't take much for the Euro to be sunk, taking the EU with it if US/UK/Russia collaborate to do so (under Trump the will seems apparent).
 
Attorneys serve, and create laws.
Attorneys do not write laws. Neither do judges. At least not in the US which I believe is the subject. Unless the attorney winds up being a senator or state representative which are members of the legislative branch of government. Lawyers and judges participate in judicial branch which interprets the law.
 
I understood that affirmation in a meaning of the attorneys/lobbyists writing the laws to the politicians approve/push later, what is true for most cases around the World.
 
Correction;
Attorneys write laws for the senators (most of whom were also lawyers, or went to law school before becoming senators) to approve, and enact into law.
I hope I better articulated, this time. ;)

Thanks for the reply, drhowarddrfine :)

--Chris
EDIT
So in the end. US attorneys do write, and enact the laws. ;)
 
rufwoof, some solid numbers may help you to give more solid affirmations:
  1. the EU consists of 28 countries which will go down to 27 in 2019.

  2. the population in the EU today is 512.6 million people, and in 2019 it will go down to 512.6-65.6 = 447 million, which still would be 6.8times more than the population in the UK and 1.3times more than the US population.

  3. the combined forces of the UK and Russia could well play a bigger role in the world, if they wouldn't be mucked around by the frequent 3 AM tweets of the U.S. president.
BTW: The EU finished last year a free trade agreement with Canada - 36.3 million people, and just last month with Japan, 127 million people. I am living in Brazil, said to have 210 million people, and the Mercosur (Brazil, Argentina, Uruguay, Paraguay = 264 million people in total) and the EU are in a good mood to negotiate just another trade agreement. Let yet alone China, whose relationship to the EU is warming up.
 
There are others problems no one talk about.

What make UK so important is the 'City of London' ( aka the London financial district ), all big players in there already have their plans post-Brexit, and almost all of them are planning to move on to Frankfurt or Paris. At same time you still have Switzerland actively working to bring some to Zurich.

The public available data say about three quarters of the jobs in the City of London are in the financial area, what means a huge problem ( of all kinds ) if/when those big players leave.

In regards to USA, the big issue it has with EU is not anything usually available on the media but the Euro currency. The US Dollar is the standard currency for international trade. Since a while EU is discreetly pushing Euro ( and also China the Yuan ) for that, and it is already being used by people who make business mostly or exclusively with EU ( some member ).

If Euro ( and/or Yuan ) get serious traction and supplant the US Dollar on a considerable amount of transactions, the USA will lost ( at least great part of it ) its ability to manage its ridiculous big debt and its ease to deal with economic crisis.

With the US Dollar being de facto the international currency, the USA can solve the hard part of its internal economic and financial problems just printing a lot of money, because all the bad and suffering it brings is shared almost with the entire World. China learned it on 2008.

They ( China ) bought an immense amount of US debt over the years with the aim of protect themselves with the ability to flood the international markets with US Dollars, and in 2008 they saw that would not work how they expected it to work because that was exactly what USA did to get out of the economic crisis. Now China want to get rid of the thing but they can't, and so they are buying other currencies to balance the problem they created for themselves.
 
That is not totally true, the whois data will be still available for anyone with valid reasons to get this information but for that one would need to get an order from a judge.
So you expect me to file a court case in a European court (6000 miles away), pay a lawyer a few $10K, and wait a few months for a judge to issue an order, just so I can find out whether the IP address that was doing weird things on my server was from a fly-by-night ISP in Elbonia, or it was Netcraft? Sorry, that fails the reality check.

Something like that would be quite simple and cheap in my country ...
I don't think there is any country where filing in court to get a judge's order is "simple and cheap", and in particular not fast.

In practice that would not change very much since most registers already sell privacy packages (and certainly are not liking the idea of the end that income).
That is already an existing problem, but one with minimal impact. If I do "whois example.com" (I'm deliberately not telling you who example is, random person I know who has a small business), I get the following answer:
Code:
   Domain Name: example.COM
   Registry Domain ID: 1519184_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.networksolutions.com
   Registrar URL: http://networksolutions.com
   Updated Date: 2018-03-09T18:55:08Z
   Creation Date: 1998-07-01T04:00:00Z
   Registry Expiry Date: 2020-06-30T04:00:00Z
   Registrar: Network Solutions, LLC.
   Registrar IANA ID: 2
   Registrar Abuse Contact Email: abuse@web.com
   Registrar Abuse Contact Phone: +1.8003337680
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS3.WORLDNIC.COM
   Name Server: NS4.WORLDNIC.COM
   DNSSEC: unsigned
which tells me exactly nothing, other than that this person registered with NSI = NetworkSolutions, and is privacy enhanced. I'm quite sure that if I called the phone number up there, they would refuse to help, which is exactly the right thing. After all, my problem is not with whoever owns the domain name, it is with whoever operates the computer. However, if I get their IP address (using "host www.example.com"), and run whois on the resulting IP address:
Code:
NetRange:       198.46.80.0 - 198.46.95.255
CIDR:           198.46.80.0/20
NetName:        IMH-198-46-80
NetHandle:      NET-198-46-80-0-1
Parent:         NET198 (NET-198-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS54641
Organization:   InMotion Hosting, Inc. (INMOT-1)
RegDate:        2012-05-02
Updated:        2013-11-01
Ref:            https://rdap.arin.net/registry/ip/198.46.80.0


OrgName:        InMotion Hosting, Inc.
OrgId:          INMOT-1
Address:        6100 Center Drive
Address:        Suite 1190
City:           Los Angeles
StateProv:      CA
PostalCode:     90045
Country:        US
RegDate:        2008-06-03
Updated:        2017-01-28
Ref:            https://rdap.arin.net/registry/entity/INMOT-1

OrgAbuseHandle: SYSTE299-ARIN
OrgAbuseName:   Systems Team
OrgAbusePhone:  +1-888-321-4678
OrgAbuseEmail:  abuse@inmotionhosting.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/SYSTE299-ARIN ...

That is the information I really need, and which the europeans want to hide: If someone from this IP address (which exactly corresponds to the host that was attacking my server) is doing something bad, here is a toll-free phone number where I can reach a human that can put a stop to it, because they are worried about their own reputation.

I have a real problem with the European Commission wanting to hide that because of some misplaced privacy concern.
 
As to the Whois mess; that needed to be fixed decades ago. Whois was and remains an utter privacy disaster for any small domain owners (like me).
I disagree. In my opinion, if you physically connect a computer to the world-wide network, and have the ability to send packets with that computer that can do real damage to other people, then it has to be possible to find and contact you.

But note: I didn't say that it has to be possible to find the person who paid for that server, or who generated the content served by the server. I need to be able to find the person who connected the server to the network, and who has the physical power to make the server stop misbehaving. I have no problem with the fact that the owner of the DNS name can be anonymous (meaning hiding behind an opaque registrar, like in the example I gave above). That's fine. I am a strong believer in free speech rights, including the right to anonymous free speech. What I'm not a fan of is anonymous drive-by shooting (using network packets).
 
Attorneys write laws for the senators
You are distracting the truth. Lawyers help with writing laws to make sure they are legal but lawyers are not a requirement.
most of whom were also lawyers, or went to law school before becoming senators
Also not true. Less than 40% of the House are lawyers and just over 50% in the Senate. (From briefly Googling.)
to approve, and enact into law.
Again, this is a false statement. One need not be a lawyer to become a Senator or a Congressman to approve and enact laws.
 
Back
Top