TL;DR - Adam is saying that the new top-level domains will require that you prove your identity when you register with them.
First of all, I don't see any evidence of that. None of the links that he provides include any such claim.
Second, he is claiming this only applies to the new global top level domains. So, who cares? Nobody's going to use those anyway. They're going the way of .biz and .info -- a permanently boring ghetto.
Adam also says "The entire reason for even trying to get a DNS provision into law is because it is nearly impossible to track down the owner of a website, or domain name, through today's registration tools."
That's not, actually, the reason. The reason to get the DNS provision into law is to shut down websites operated from outside the United States where the US does not have jurisdiction.
It is relatively easy for law enforcement to track down the owner of a domain. It resolves to an IP address. The IP address is routed by hardware. The hardware is located in physical space. As long as it's all in the United States, it's just not that hard to find the operator of a website based on the domain name, and that is not what the entertainment lobby is concerned about. They are concerned with what happens when the operator is outside the US and they don't have jurisdiction, so they want laws passed to ensure that US-based ISPs are obliged to block access to foreign infringers.
Yes, thank you for making me feel a little more confident that I'm not missing the obvious-point-to-be-mad-about because I'm jaded/apathetic.
How many real life cases has it been impossible to ascertain the identity of trouble-causing site's owner, anyway? Everyone knows who is behind Wikileaks, for example. Anyone else wanting to do disagreeable things is far more likely to do it on the many existing platforms instead of hatching the complex fake-identiy/credit-card scheme to purchase a TLD that can't be easily tracked to him/her.
To become effective participnts in politica, the tech community activists have to tilt less at thinly supported grand conspiracies and focus on the more mundane workings of the sausage factory that produces our laws and regulations.
EDIT: I realize I've set up a straw,an, and in fact, there are many dissidents who'd like to have less requirements in registering a domain name...but why they would go that route rather than creating fake accounts on well-used services...in any case, Joel currently has the benefit of the doubt in arguing that the OP is factually wrong
It's actually pretty common for it to be impossible to determine who the actual human is that registered a domain.
Between pre-paid credit cards, non-verification of whois records and corporate registrations there are too many ways to avoid disclosing your identity.
(Currently, from memory, the only verification most registrars do is make you is enter a real credit card number even if you aren't paying with that. Pre-paid credit cards remove any identifying information from that.)
It may be hard to determine who's registered a domain name, but if you're doing anything other than simply parking it, there are several points of attack other than the domain name registration (hosting and credit card processing being the most obvious 2).
Hosting is certainly doable with pre-paid credit cards (and sometimes even PayPal).
I'm not sure why this is even relevant anyway - the real problem with enforcing IP rules isn't identifying the person - it's jurisdiction. If a site is hosted outside the US and the domain is registered outside the US, and the country where it is hosted and registered doesn't respect US IP laws then there currently is very little anyone in the US can do about it (easily anyway).
You can use a free host of some sort. You'll get ads, but you'll be difficult to find (tracable to an internet cafe somewhere at most, if you do it right)
On paragraph states:
"Proponents of requiring thick Whois argue that being able to access the thick data at both the registry and the registrar level will ensure greater accessibility of the data. The draft report of the Implementation Recommendations Team put together by ICANN's Intellectual Property Constituency stated "the IRT believes that the provision of WHOIS information at the registry level under the Thick WHOIS model is essential to the cost effective protection of consumers and intellectual property owners."
The doc is probably stale though. Not sure where to find the latest revisions.
The reason to get the DNS provision into law is to shut
down websites operated from outside the United States
where the US does not have jurisdiction.
Could more accurately be stated as:
The reason to get the DNS provision into law is to keep
American's from accessing and funding websites operated
from outside the United States OR where the US does not
have jurisdiction (foreign TLDs).
The site can (and most likely will) remain up for the rest of the world. Just not those using US-based name servers and ISPs. (...IANAL)
I feel very "get off of my law'ish" when I say that I miss anonymity on the net. The way people share information, personal information, so freely disturbs me. Now it is looking to be a government mandated thing. Has there ever been a shift this big in regards to privacy?
> The way people share information, personal
> information, so freely disturbs me.
I'm curious for your perspective on this. Are you just talking about people sharing their personal lives via Facebook (or location data via Foursquare, etc)?
Are you also including:
* People that participate on mailing lists under their real name?
* People that blog under their real name?
* People that use their real name everywhere to build a 'personal brand' as a self-marketing scheme for things like getting jobs/contracts?
This isn't meant to be snarky, I'm actually interested in the answer. Because some of those things (like using your real name on mailing lists/usenet) are not new.
You mentioned the biggest offending platform, facebook. I look at my feed and see people, my age and older, go into minute detail about their everyday lives. I look at reddit and see young men and women expose themselves for no reason in particular. Then you have people who act surprised when their very public actions are used against them or in ways that they didnt expect.
I have no problem with people choosing to share their name, build their brand, and use it to network because they are typically aware of the potential downsides to doing such things. It is the lax actions of the kids that bother me the most. That picture of yourself you posted is now on the internet where it will most likely live forever. That [rac|sex|age|etc.]ist post you put on twitter/facebook will live with you. Shit, wasnt there a post a few weeks back about banks scouring your facebook situation to determine your credit worthiness? There was an npr story about how a guy developed an iphone app that could take your picture, scan fb, find your page, find other pics of you online, and guess your social -- just from a single picture.
I just need to get with the times in a lot of cases, but oversharing is something that I'm not cool with.
I've always write with my real name in professional forums, like this. But I don't have a Facebook or Google+ account. It's the personal part that concerns me. I feel that social sistes have all the wrong incentives about privacy.
I could use a more private solution. Actually I think that it's something people want and sooner or later someone will figure out how to make a "more private social" site.
Despite all the claims that confirming ID is just common sense, the fact is that there are thousands of sites which are run by dissidents protesting oppression and crimes of their governments. Anonymous/Fake Credential registrations allow this to happen. So this is still very troublesome for free speech.
The main point of the writer is that one can no longer hide ones identity when registering domain names.
I actually think this is a GOOD idea. Here's why. Assuming currently you can register a domain name with false credentials, the government can still track you down, because you are leaving some sort of trail - you log into the server, you pay the registration fees etc. However I can't figure out who you are? If you are a business, I can't track you down, if you want to hide.
If you had to present your true identity and I could look it up using a "whois" then I can say "Ah hah! Company X is actually run by person M who cheated me a few months ago, so I'm not going to deal with them"
You are missing the point, completely. The only thing this facilitates is:
a) Companies generating blanket lawsuits
b) The government tracking who says what where
Hiding your identity has never been a problem for resourceful criminals. You either setup an company with a new name or get a proxy ('testa ferro' is the term I prefer) to do it for you.
Now, how many whistleblowers you'd think would be able to go through that just to make us (the general public) a favor? How many political dissidents would?
In other words, yours is equivalent to the argument most people brandish when talking about gun laws: "if guns were banned, then gun violence would go down!". No, it wouldn't. Those outside the law would get them in the black market, and those of us that abide to the rule of law would lose a valuable weapon (no pun intended).
>"if guns were banned, then gun violence would go down!". No, it wouldn't. Those outside the law would get them in the black market, and those of us that abide to the rule of law would lose a valuable weapon (no pun intended).
How does it follow that violence would not go down? Clearly if only 'business criminals' have access to guns, as opposed to everyone, there are in total less gun holders, and thus less gun violence...
This is starting to go offtopic but, I'd like to see data that shows that gun related death excluding accident are more linked to business criminals or gangs.
My current belief is most gun death are due to smaller things like family issues, neighboors getting in fights etc.
"Assuming currently you can register a domain name with false credentials, the government can still track you down, because you are leaving some sort of trail - you log into the server, you pay the registration fees etc."
False. During registration, I could use a public computer, or one of those services which hides my IP address. For payment, I can use a disposable credit card. Anonymity is a de facto requirement for free speech.
"Anonymity is a shield from the tyranny of the majority ... It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation -- and their ideas from suppression -- at the hand of an intolerant society."
How is a domain name not speech? Someone might want to be anonymous if they own recoveringpedophiles.com or fucktheusa.com or ... There are plenty of legitimate reasons to be anonymous.
What you're saying is that you want everyone that sets up a domain to be required to not be anonymous. You're idea is that people that want to be anonymous should do it on someone else's forums/blog/CMS/etc (presumably someone else that is not anonymous). On the other hand, that someone that runs that forums/blog/CMS/etc is not required to accept anonymous comments or allow people to register for the forums anonymously.
Well, the way I see it, the reason for serious anonymity (as opposed to things like anonymity on forums like this one) is that you fear a powerful agent wants to silence the opinion/information you have to present. Like the poster above has mentioned, if you have a physical machine it's not that difficult to track it down.
I think it is more practical to post the information anonymously on a website, just as in the olden days you would post the materials anonymously to newspapers or TV stations.
If every website in the world stops accepting anonymous submissions, we are in deep do do already.
You're falling into the "if you've got nothing to hide, then you have nothing to fear" camp even if you aren't directly saying it. You're alluding to the fact that anyone that 'really' needs anonymity has something to hide from powerful people.
In reality, there are a lot more reasons that someone might want anonymity. Someone hosting a forum for battered women might not want to get contacted by violent ex-husbands/ex-boyfriends looking to find the woman that left them (and went into hiding).
> anyone that 'really' needs anonymity has something to hide from powerful people
I'm on your side in this discussion, anonymity is a foundation of free speech. But I want to say that with battered women and people protesting powerful corporations and governments both, the person does have something to hide from powerful people - their identity - and that is perfectly reasonable. Wanting to hide my identity from powerful people who have the ability to harm me and whose crimes I am criticizing is common sense. I feel this idea that hiding something is intrinsically bad has become really widespread and has been accepted as axiomatic rather than being properly critiqued. I, and many others, definitely have something to hide from powerful people who can harm us because they don't want their dark deeds known and they will kill or hurt who they have to to make sure that happens.
My point was that at the extreme end of the power scale (governments, corporations), they can probably find you if you are paying for a server somewhere. But at the lower end of the scale (angry, violent ex-husbands) it's less likely that they will track you down through your server's ISP.
I felt that the idea that requiring identification for DNS registration was ok because 'you can just post anonymous comments on blogs somewhere' is dismissing perfectly valid use-cases for 'anonymous' DNS.
To an extent anonymity is the internet, for better or worse. Considering the economic growth associated it would seem for the better. Unfortunately bureaucracy seeps into the cracks of any complex system and ultimately changes the dynamic until a new system must be created. I feel like the only control we have is the pace; not the eventual steady state. The internet is interesting because it's the only unregulated communication medium, and the largest at that. Once security or code is written, who comes to remove it? How can any group stay abreast of all issues?
It would seem a constitutional amendment would be the best option.
I hate to disagree with you, but we already have a constitutional amendment, as well as the key text of the constitution itself. The federal government is not given the power to pass whatever legislation it wants, so long as congress votes in favor, and the president sign and the supreme court doesn't strike it down.
I know this is the perspective most people have, but the reality is the constitution strictly limits what the government can do. This specification is known as the "enumerated powers" clause of the constitution.
Much of what government does now- from the FCC to the FDA is not authorized by in the enumerated power. If it isn't authorized then it is illegal, under the document that enabled the creation of these branches of government in the first place.
I don't think there's a higher form of the word "illegal" than that.
Further, and to really put the boot behind this point, the First Amendment itself says:
"Congress shall make no law ... abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
This means the congress doesn't have the enumerated power, and further it is explicitly forbidden from, passing laws that allow the government to silence websites.
If a website is engaging in trademark infringement or copyright infringement, they are naturally liable in civil court. But that doesn't give the government the power to shut them down (other than them losing a civil case that takes all their funding, or whatever.)
If any of these sites have a blog, then blocking the DNS or taking other actions to restrict access to that blog is a violation of the constitution.
Further, there's Federal Law on this issue-- US Code 18-242, which makes it a crime (a felony if armed) to violate someone's constitutional rights "under color of law". Which means the government agents who enforce these "laws" are also criminals.
But the idea that a law could be illegal, and that government employees enforcing them could be criminals is just beyond the comprehension of most people. They seem to believe, unlike the framers of the constitution, that the government IS the law.
And so they continue to get away with it and continue to expand their powers.
Your comment suggests a method of defense against DNS takedowns: Governmental action forcing an ISP to block traffic to a blog is almost indisputably a violation of first amendment rights. Therefore, even sites devoted to illegal activity cannot be blocked via DNS without violating the first amendment, so long as they host a blog.
If a US citizen decided for philosophical reasons to host their blog on thepiratebay.org, I can imagine some interesting legal battles down the road.
There are a couple of factual errors in this piece that I feel obligated to point out:
1. The root DNS server pool only hosts glue pointing TLDs to other pools of servers that administrate those TLDs. No amount of pressure on ICANN or the root server operators can debilitate a single non-TLD domain name.
2. Not all registrars and/or TLD operators exist in the US. All it would take is doing business with an international registrar that doesn't agree with the rules to circumvent DNS tampering laws.
3. In. Theory
There are a couple of factual errors in this piece that I feel obligated to point out:
1. The root DNS server pool only hosts glue pointing TLDs to other pools of servers that administrate those TLDs. No amount of pressure on ICANN or the root server operators can debilitate a single non-TLD domain name.
2. Not all registrars and/or TLD operators exist in the US. All it would take is doing business with an international registrar that doesn't agree with the rules to circumvent DNS tampering laws.
3. In theory, ICANN already requires registrants to maintain accurate information in WHOIS. Registrants should be receiving annual notices from registrars to remind them of this fact. We can all see how well this is working. :p
The issue with providing "identity" to register a domain is that there's no portable, international way of doing so. What does an "identity" consist of? A name?
There's plenty of good discussion on this topic in the nymwars.
However, I do agree with SOPA being a red herring, and it's unfortunate that big. Players are still planning a blackout even though the legislature is already backpedaling on the worst bits of the language.
What if next month the DOPA (Decapitating Online Piracy Act) bill comes along and it's much worse. Would big sites be willing to continue shutting down their services for each crazy bill that comes around?
I feel like the endgame of the US futzing with the Internet will just result in other, international bodies taking on the operations of core infrastructure (a la The ORSN project; Vixie saw SOPA coming!), edging out US influence on this medium that the whole world enjoys.
A gTLD has an initial price of "$185,000, with an annual fee of $25,000". Someone who wants to run a piracy website will probably opt for a cheaper domain. And anyone who can shell out tham much cash can probably afford a lawyer or some other level of indirection to hide their true identity.
The other legislation he mentions is probably also important, so I hope people will pay attention and block or attempt to modify it if that is necessary.
I thought he was going to say something about NDAA, because although protecting the internet is very important to our freedom, the new NDAA legislation with regards to indefinite detention of American citizens without trial is a direct attack that has already been successful and needs to be repealed.
In theory, you're supposed to provide accurate WHOIS information when registering a .com second level domain.
I don't like ICANN's gTLD racket, but the whole crux of their plan is that they will be doing $185,000 worth of due diligence legal research before granting it. Even if ICANN for some reason wanted not to require registration info, it's generally illegal (in the US) to transfer that kind of cash anonymously.
I agree we may have become too focused on fighting the specific bills, instead of the heart of the issue. For example, the domain seizures via ICE haven't got nearly as much attention, but they're ALREADY happening and are just as dangerous for the future of the web.
Assuming SOPA, et al, are defeated, there is some real news here:
1. The government(S) have decided that anonymity on the internet, is not a god given right.
2. There is a battle going on. Defeating SOPA at best will produce a delay. The language will appear again in other legislation or will change to be less obvious or will pass without anyone realizing it.
3. The intentions of the government are clear. They believe they have the right to regulate the internet, at a fundamental level. This is bad news, because if they are able to do so, we risk the internet becoming like airlines were back in the Pan Am era. (If you haven't seen it The Aviator, by Martin Scorsese is a great movie.)
4. Even if there is no legislation passed, the government is currently (illegally, as far as I can tell) censoring the internet by shunting dot coms and dotnets to a DHS website via Verisign rolling over to their demands (the torrent site attacks of last year.)
5. There is no method that we can use to fight this. Nobody even is trying to fight the PATRIOT ACT, or NDAA, etc. Once passed, they are carved in stone, and even if they aren't passed, what can we do?
It's time to try and find a way to route around censorship, and let my grandma still be able to find what she's looking for without knowing what DNS is.
Playing devil's advocate for a second: The fact that the internet can be almost entirely anonymous and unaccountable is something of a historical accident. There aren't many places as impervious to governmental interference on this planet as the internet.
Having a right to privacy is one thing. Having a right to unaccountability in the face of a legal warrant obtained through due process is another entirely.
Inasmuch as the global, distributed nature of the internet makes executing a warrant near impossible, I am not opposed in principle to legislation enabling technical measures for enforcement. That said, I am vehemently opposed to hamfisted solutions that waive due process in favor of "good faith" takedown notices to ISPs.
The fact that the internet can be almost entirely anonymous and unaccountable is something of a historical accident
The best things in life are something of a historical accident. You can't plan for the good, unexpected stuff. That doesn't mean it is not worth preserving or fighting for.
Don't get me wrong: I am not principally opposed to legal warrants being enforced, if fair and just. But this does exclude special interest groups with a lot of money buying the law in their favor, to be able to remove everything they don't like, such as evidence of their crimes.
US citizen living in Poland here. Here it is how providing the 'real name' will work in local circumstances here: Let's say I want to register piratebay.shark. I go to a nearby bum and for a small fee get his passport, IDs, etc, provide it to GoDaddy for registration. Good Luck ever finding out who I'm.
This may work very well in the US, but not in other places in the world where people had to deal with laws limiting their rights for decades.
> "without onerous licenses and unreasonable disclosures of personal information clearly indicates you will have to provide verification of your identity, which in today's world is not a requirement."
Really? That's his proof that ID will be required? I must be blind, because that doesn't seem clear to me at all. In fact, it almost seems to imply the opposite of what he's saying.
First of all, I don't see any evidence of that. None of the links that he provides include any such claim.
Second, he is claiming this only applies to the new global top level domains. So, who cares? Nobody's going to use those anyway. They're going the way of .biz and .info -- a permanently boring ghetto.
Adam also says "The entire reason for even trying to get a DNS provision into law is because it is nearly impossible to track down the owner of a website, or domain name, through today's registration tools."
That's not, actually, the reason. The reason to get the DNS provision into law is to shut down websites operated from outside the United States where the US does not have jurisdiction.
It is relatively easy for law enforcement to track down the owner of a domain. It resolves to an IP address. The IP address is routed by hardware. The hardware is located in physical space. As long as it's all in the United States, it's just not that hard to find the operator of a website based on the domain name, and that is not what the entertainment lobby is concerned about. They are concerned with what happens when the operator is outside the US and they don't have jurisdiction, so they want laws passed to ensure that US-based ISPs are obliged to block access to foreign infringers.
Adam's analysis in this case is flat-out wrong.