Hello Ron, I can understand your frustration, but it is a complex issue. >From your message, I see two main issues: (1) The ability to collect a list of domain name owners with their contact details - possibly augmented by additional customer lists, and the ability to share such a list with many parties. (2) The mis-use of a such a list for unsolicited phone calls, faxes, emails etc, and the possibility of misleading conduct etc in the process. With regard to the first issue, the information about domain name owners is actually broken up into two databases: (a) Information about a domain name registrant and the admin/technical contact information for that registrant is managed by auDA and stored on a database on AUNIC (which is in turn hosted by NetRegistry) (b) The DNS information about a domain name (ie the domain name, and the nameserver information necesary to resolve a domain name to a physical IP address) is stored on a database at Melbourne IT, along with information on the expiry dates of domain name registrations. The database is used to produce the zonefile that is used by the authoritative nameserver at the University of Melbourne (munnari) to provide the DNS service for ".au". There are also secondary nameservers that have access to the zonefile. I recently received a relatively complete database that incorporated information from both databases collected over time. Over the past 12 months, both auDA and Melbourne IT have reacted to concerns in the industry about access to the information in the databases in bulk form. As David Keegel (auDA Board member and system administrator for AUNIC) has pointed out, auDA shut down bulk access to AUNIC data last year, and this year put limits on how many individual queries can be made on AUNIC in a short time frame to prevent systematic data mining of AUNIC. However recent postings to this list indicate that this information is still being obtained somehow. Melbourne IT in turn has been restricting access to the expiry dates associated with domain names in an attempt to prevent third parties from mis-using this data. Again, like auDA, when one method of acquiring the data is restricted, the third parties often find another method. The security of this data has progressively been tightened each time Melbourne IT has become aware of third parties acquiring the information in bulk. In general the issue of collection of customer lists etc - relates to the more generic problems of privacy and security of information. The capability of computers and the capability of networks that link the computers make it easier to build such lists, and hence has resulted in recent changes to the privacy legislation to provide stronger controls and ability to enforce those controls. Note however that much of the privacy act relates to businesses with a turn-over of more than $3 million. Neither auDA or many of the domain name retailers fall into that category. Under the new competition model - all the data will be concentrated in the new registry operator - hence making it even more important to protect the security of this data. The levels of security envisaged by auDA are stated in its draft technical standard for discussion today. The second issue relates to the use of data obtained from the databases above. In general terms the legislation governing business practices is the Trade Practices Act that applies to all industries. The ACCC is responsible for monitoring compliance with this act and investigating complaints of consumers that relate to the Act. To date it appears that the ACCC has found limited instances of abuse by domain name retailers with respect to the Act - or maybe some retailers have changed their practices after warnings and the matter has not proceeded to court. Of course an individual company can take action against another company under the Trade Practices Act - but no companies to my knowledge have taken that step in the domain name industry in Australia. The approach that has often been suggested by this list is for Melbourne IT itself to take action against its resellers. However this also has problems. Firstly Melbourne IT provides DNS registry services to all domain name retailers in ".com.au", and is itself a domain name retailer. It is difficult to be both the umpire and a player, and appear impartial. Melbourne IT itself could be seen to be acting in a manner contrary to the Trade Practices Act. The action Melbourne IT has taken includes: · obtained undertakings in relation to potential infringement of trademarks and passing off · has called on auda and the ACCC to take action and suggested they release and publicise consumer warnings (which they did) · has cooperated with the ACCC in their investigations · has redrafted its own renewal notices to carry consumer warnings · has lobbied government and made public comments arguing for a code of practice · has called on the Privacy Commissioner to consider the specific regulations in the light of these practices There have been two other main alternatives, to the Trade Practices Act and the ACCC: (1) The Government creates specific industry regulation and licences companies operating in the industry (2) An industry group forms an industry association, and develops codes of practice that are voluntary. The group then creates consumer awareness of the voluntary code via consumer education. An example of the first alternative - is liquor licencing, and an example of the second alternative is the Internet Industry Association (IIA). The telecommunications industry uses a mixture. As Chris Disspain pointed out in a previous message, the ACA (Australian Communications Authority) licences telecommunications carriers. The ACA also sets standards that must be complied with by the carriers. The ACIF (Australian Communications Industry Forum) creates industry standards and codes of practice. Some of these are voluntary, and some are endorsed by the ACA and must be complied with. auDA, like its counterpart at the international level (ICANN), is a new experiment in regulation. It is a private company that has control over the resource (".au") and will licence domain name retailers, and it is also the industry self-regulator for setting standards and codes of practice with the participation of the industry. It would be analagous to ACIF having direct control of radio frequency spectrum, or the IIA selecting who could be an ISP. Because of the unique position and power of auDA (and ICANN) it is extremely important that it continues to operate in an open, consultative, and transparent manner. Under the new competition model, auDA is responsible for the security and privacy of the domain name data through its licencing of the registry operator or operators, and is also responsible for the use of domain name information through its licencing of some domain name retailers as registrars. Thus it is very important that consumers and members of the industry continue to closely review the recent drafts published on auDAs websites (ie the draft technical standard for registries and registrars, and the registrars licence and accreditation agreements published yesterday), and provide public input into auDA. Melbourne IT believes that it is important to establish a code of practice in the industry, and for auDA to enforce compliance with this code through the registrar agreements. It is important that this code of practice is widely supported by the industry, and not imposed with potentially over-regulation of the industry. As for the technical standards, where a public meeting will be held today, Melbourne IT recommends that a public meeting (or possibility meetings in different cities to save people travelling) be held to talk through the registrar accreditationand agreements to provide better feedback to auDA. As auDA have limited resources and don't want to delay the introduction of the new competition model, maybe another party can volunteer to provide a space for a public meeting and coordinate input to auDA within auDA's timeframe for public comment. Judging by the number of posts to this list there certainly seems to be plenty of public interest in a code of practice. Regards, Bruce Tonkin > > > > > This is utter bullsh*t. One or more lists are now > circulating. One or more > disreputable businesses are abusing the information, thence > OUR customers > and sometimes colleagues. Stopping access is now wholly > irrelevant - it's > too late for that - it's the abuse that has to be stopped, > because otherwise > it will surely continue and grow. > > It's apparent to me that contributors to this forum (i.e. the industry > served by auDA / MIT) want these practices stopped and the > perpetrators > punished. Now! But to no avail. One of two possibilities therefore > exists. MIT / auDA either will not, or cannot take steps to > act on our, the > industry's, behalf - despite channel partner contracts and/or codes of > practice. > > If the former, MIT / auDA are tacitly endorsing the abuse of > which many of > us have complained, in which case we might as well all do it - and our > customers and the industry be dammed. If the latter, we're clearly > incapable of self-regulation and the Government's faith in > our ability to do > so is severely misplaced. What's more, if our > representatives and industry > icons fail to heed member's calls, we don't even deserve the > honour and > responsibility of self-regulation. > > Whatever way it's looked at, the industry can only degenerate > into a dirty > free-for-all where anything goes - and we'll all be losers > because of it. > > MIT and auDA - are you endorsing names list abuse, or can't > you stop it on > behalf of the industry you purport to represent? Because in > my book, both > are totally unacceptable and the industry deserves the > appalling reputation > it's acquiring. > > Ron Stark > Business Park Pty Ltd > mail: ronstark§businesspark.com.au > tel: +61 (0)3 9592 6895 fax: +61 (0)3 9591 0729 > mob: +61 (0)41 812 9922 > > -- > This article is not to be reproduced or quoted beyond this > forum without > express permission of the author. 329 subscribers. > Archived at http://listmaster.iinet.net.au/list/dns (user: > dns, pass: dns) > Email "unsubscribe" to dns-request§auda.org.au to be removed. > -- This article is not to be reproduced or quoted beyond this forum without express permission of the author. 315 subscribers. Archived at http://listmaster.iinet.net.au/list/dns (user: dns, pass: dns) Email "unsubscribe" to dns-request§auda.org.au to be removed.Received on Mon Oct 01 2001 - 23:07:15 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:04 UTC