[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some food for thought

To: ietf-whois@xxxxxxx
Subject: Re: Some food for thought
From: Eric Brunner-Williams in Portland Maine <brunner@xxxxxxxxxxx>
Date: Mon, 18 Feb 2002 19:43:29 -0800
Cc: brunner@xxxxxxxxxxx
List-archive: <http://www.imc.org/ietf-whois/mail-archive/>
List-id: <ietf-whois.imc.org>
List-unsubscribe: <mailto:ietf-whois-request@imc.org?body=unsubscribe>
Sender: owner-ietf-whois@xxxxxxxxxxxx

Oki all,

Privately I got one response indicating that the data contained in the 2-CD
offering I described on the 13th is the result of WHOIS data mining, not a
bulk sale of registrant data by a registry or registrar(s).

For comparison, today's inbox contains this offer (also sanitized):

	Bulk email list for sale: 
	
	1 million emails in total, including 200,000 UK. Emails have
	been validated, removing the bad ones. List comes on a CD in
	two files in "comma separated value" format, one file contains
	200,000 UK addresses, and the other contains 1 million of the
	world + uk.
	
Unlike the whois data, which is "unexpired", but hardly valid simply by
assertion by a whois-server, this data is validated (correct email addrs).
It also lacks any PII. It is priced at 1M units for 5 pounds Sterling, or
about a third of the price of whois-mined data mentioned in my note of
last week (10M for $200).

To my mind, these two "offers" establish the basic value of whois and list
minimally mined end-point identifiers, about $10/million.

This is a data point for the access cost of personally identifying information
(PII) obtained from whois-servers, and re-purposed for UCE (aka "SPAM").

However, several other arguments have been made for the re-purposing of whois
derived PII:

	o civil law enforcement, e.g., libel or trademark infringement,
	o criminal law enforcement, e.g., fraud or something more colorful,
	o isp policy enforcement, e.g., end-system disfunction

For comparison, the purposing according to rfc954:

	o nic policy requirement, e.g., DDN authorized user determination
	o rir policy requirement, e.g., intermediate-system disfunction

Each of the three re-purposing claims for registry (dn/ip/...) PII has been
made with an equivalent access cost (nominal) requirement. The ICANN trade
marks lobby, the US DoC law enforcement lobby, and one anti-SPAM lobby all
require "free" access to (registrar- or registry-resident) PII (these two
locations of PII characterize the "thin" and "thick" registry models, resp).

I don't think any of these three claims is convincing. None places a critical
reliance upon a conversion rate equivalent to the intended use of these two
examples of rational economic use for targeted UCE campaigns. Each claims a
sparse use of the mined data (or mining-enabled service), with each claiming
only a few thousand "hits" per million registrations. Given the disparity in
the sampling (sparce vs dense) between non-marketing and direct marketing,
and the value of successful access (civil,  criminal or AUP prosecution vs
conversion -- an on-line sale or "click-through"), the cost to each purpose
is artificially low.

The equivalence of access cost to SPAM marketing campaigns places no barrier
to civil, criminal, or policy enforcement that is conducted similarly, and
that isn't an outcome that the IETF endorssed in the RAVEN discussion.

Cheers,
Eric

Prev by Date: Some food for thought
Next by Date: NC teleconf 14/02/02 Agenda item 5: WHOIS referral from ICANN
Previous by thread: Some food for thought
Next by thread: NC teleconf 14/02/02 Agenda item 5: WHOIS referral from ICANN
Index(es):
- Date
- Thread