North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICANN requirement for "information refreshing"?

  • From: sjj
  • Date: Wed Jun 19 13:24:45 2002

>> Is funny that both ICANN and law enforcement are trying to clean up whois
>> information to facilitate investigative capabilities. What a crock. I'm not
>> really sure why law enforcement is trying to clean it up as they don't
>> really need it.

 I think that about 15% (hundreds over several years) of our Internet subpoenas
could have been avoided if the LEA had known how to check and evaluate ARIN or
NetSol records. (The other 85% of the Internet subpoenas were for dialup
records, no easy way to avoid those).

>> any smart criminal will simply use another domain name

 I only recall two subpoenas for _just_ domain names.  The rest always had more
info, like email headers or IP addresses.

>> The reality is it will never work, and besides - any smart criminal will
>> simply use another domain name, or not even USE a domain name.....

 For the non-dialups, I can count on one hand the number of requests where the
"circuit holder" and the "suspect" were the same person.  Almost always all
that we responded with was the name of the ISP or business that the entire IP
block was assigned to, which is exactly the type of info you or I would check
ARIN or Network Solutions for, and exactly the information the "criminal"
wouldn't have a chance to fake.  None of these companies were trying to hide
from the legal system.

> Transactional records are easily subpoena'd and carriers/hosters/providers
> are duty bound to provide the information.

 I think the real issue is time and efficiency. If you were law enforcement,
would you want to waste two to four weeks sending a subpoena to a backbone
provider, just to hear back "contact Acme Inc" and "our information for Acme is
the same as their web page's 'Contact Us' link"?  Reasonable public records
(and some training and industry awareness) would let law enforcement quickly
send the "easy subpoena" directly to the correct information holders.

> A WHOIS record is junk for the most part.

 I bet most of the people on this list have used them to run down problems, and
they know how to evaluate them on the "junk" to "good" scale.  I would hate to
see them disappear or become totally useless. (Yes - I admit, law enforcement's
lack of training and industry awareness is more significant, no need to argue
it).