[anti-abuse-wg] GDPR - positive effects on email abuse

In message <DB5PR06MB1590C02F44652D27CC3C6167946C0 at DB5PR06MB1590.eurprd06.prod.
outlook.com>, Brian Nisbet <brian.nisbet at heanet.ie> wrote:

>Thank your words on this. I have no problem with occasional intemperance,
>but there is a marked difference between that and some of the repeated
>language and references that have marked some of this thread.
>
>You wish for a line to be drawn at references to babies (and after our
>recent referendum in Ireland, there has been a lot of that), whereas (and I
>don't disagree with you particularly) one of my issues relates to repeated
>use of the term 'shy transvestites' and also the accusations of mental
>illness/disease.

With respect to my use of the term "shy transvestites" I believe that it
was clear, or at the very least, that it should have been clear, to all
readers here, that I have used this particular turn of a phrase merely
as a retorical shorthand for the infinitesimally small... or perhaps even
non-existant... groups of natural persons for whom the application of the
GDPR to WHOIS is alleged to be of some benefit.

Who are these people?  Who are the people who supposedly will benefit
from this absurd and massive upheaval to long established norms on the
Internet?  Even the ardent proponents of the destruction of the open
WHOIS system have failed to identify even a single actual beneficiary
of this massive global change, thus leaving detractors, such as myself,
to speculate about who... other than cybercriminals, lazy/greedy
registrars, and state-sponsored fake new purveyors... will actually
benefit from this change.  In the utter absence of any group of law-
abiding non-financially-motivated natural persons who can be pointed
to as "beneficiaries" of this change, one is forced to try to concoct
some theoretical set of beneficiaries, even just to be able to question
the size of that set and/or the size of the alleged/purported benefit
that will accrue to to them.

The beneficiaries, if any, of the application of GDPR to WHOIS must,
by definition, be some natural persons who (a) need to have their own
domain names and who also (b) have a -reasonable- fear of -serious-
persecution, for their beliefs, for their lifestyles, or for whatever.

For the proponents of applying GDPR to WHOIS, the mere vague possiblity
of some kind of persecution is not enough to make their case.  Nor is
it sufficient to assert a concern about inconsequential types of
persecution.  I, for example, could assert, perhaps even reasonably,
that I am being "persecuted", right here, on this mailing list as a
result of my unpopular and minority viewpoints.  But I would never
claim that this "persecution" of me personally rises to the level where
any planet-wide system of accountability should be thrown out the
window in order to protect me from it.  Nor would I personally ever
even want that.  I am not shy, and I am happy to express my views, in
public, and with my name attached to them.

So, in order to justify the application of GDPR to WHOIS, the proponents
of this global change must be able to point to at least -some- actual
identifiable group of natural persons who -will- materially benefit from
this change.  That group or groups of natural persons, if it exists at
all, must have a reasonable expectation of -material- persecution -and-
they must also lack the intestinal fortitude to stand up, as I and
millions of others do, and publically declare "I am a member of group X
and proud of it!"

So what group of natural persons fits both of the above conditions?

In our modern enlightened era (and with the exception of certain backward
countries, e.g. Russia) merely being gay is not enough to cause one to
experience serious persecution.  Tranvestism, on the other hand, is
still likely to result in material persecution in many parts of the globe.
Despite this, an increasing number of transvestites live openly as such,
and willingly accept the kinds of persecution that are, unfortunately,
heaped upon them as a result of their openness.  So really, it appears
that -at best- the proponents of applying GDPR to WHOIS can -only- claim
that -only- that subset of the world's transvestites who are "shy" (for
lack of a better term) are the beneficiaries of applying GDPR to WHOIS.

If there are any other purported or alleged beneficiaries of the destruction
of the open WHOIS system, then let the proponents of that destruction come
forward now and identify them.  In lieu of such identification, I hope and
believe that we can and should all agree that even the set of -theoretical-
beneficiaries is vanishingly small.

For those who may have missed it, my contention is, and remains, that
the application of GDPR to WHOIS will foster and support dramatically
more spamming and outright cybercrime than currently exists, that the
price of these new ills will fall upon, quite literally, *billions* of
ordinary Internet users, and that, at most, only a few very small and
select handfuls of people are ever likely to derive any benefit whatsoever
from this massive destruction of a reasonable social contract that has
stood the test of time, and that has worked well enough for more than
35 years.

This tradeoff, subjecting billions of Internet users worldwide to more
spam and less security, all for the alleged benefit of an as yet
unidentified select few, is quite obviously ludicrous.  Whether is it
sufficiently so to rise to the level of clinical insanity is left as an
exercise for the reader.

The bottom line is that the application of GDPR to the entire global WHOIS
system is self-evidently a kind of European-led and European-mandated grand
experiment in social engineering, promulgated by bureaucrats.  Nobody yet
knows how much abuse it will create, how much abuse it will prevent, what
the outcome of the abundant litigation to follow will be, or what the
effects will be upon already fraught transatlantic relationships.  As
Europeans, more than anyone else, should be painfully aware, the entire
history of the 20th century is littered with the tombstones of exactly
such top-down bureaucrat-inspired and equally misguided experiments in
social engineering.  This one, like so many others before it, will not
end well.


Regards,
rfg


P.S.  Last night I read an article in TheRegister reporting on the fact
that ICANN has apparently initiated a "shot across the bow" and has already
filed suit against the parent company of Tucows because that company has
already elected to use GDPR as an excuse to break the terms of their
pre-existing contract with ICANN.

The article itself was most interesting, but for me personally, the comments
on the story were even more startling.  It was clear that 100% of them were
posted by Europeans, and each and every one of them took the side of Tucows
and against ICANN.  Every comment effectively accused ICANN of being the
world's #1 enemy of personal privacy.

Those comments, and their consistant one-sidedness, underscored a point
which was made in TheRegister's news article itself, i.e. that opinions on
these topics are vastly divergent depending on which side of the pond
one lives on.

Public opinion polls show, apparently, that folks on the left side of the
pond place a dramatically higher value on personal privacy than we yanks
do, whereas we here on the right side of the pond have an almost religious
attachment to our right of free speech and free expression.  Here, every
school boy knows the story of John Hancock, who audaciously signed the
Declaration of Independence in big enough letters so that King George could
read his signature without even putting on his glasses.  Our most sacred
traditions, deriving from our national history, include a prideful openness
verging on defiance.  In contrast, the views of you folks on the left side
of the pond have likewise been formed, in no small measure, by your very
different continental histories, including the wars and mass persecutions
of the 20th century, and the state secret police forces that followed,
at least in the East.

Regardless of our differing emphases on core principals and values, I do
believe that there is only one provably reasonable solution to the dilema
created by the unilateral imposition, by Europe, of GDPR on the global
WHOIS system.  The costs of this new European foray into legally dubious
extra-territorial jurisdiction are immense... including but not limited
to the extraordinary deluge of litigation that is now inevitable... while
the benefits of this global change are demonstratably non-existant or
nearly so.

Believe me, essentially nobody on my side of the pond minds at all if you
Europeans want to enact laws or regulations to keep sneeky advertisers
from tracking you as you travel from web site to web site.  In fact most
of us will and do applaud you for that, and hope to even benefit from such
restrictions ourselves.  Nor does any reasonably enlightened person
on this side of the pond mind at all if you make it harder for state-
sponsored actors (e.g. NSA, CIA, BDN, FSB) to hoover up information on
ordinary Internet users.  An awful lot of us here are still hopping mad
about that too, since the Snowden revelations.  But unilaterally destroying
WHOIS is a bridge too far.  It benefits almost no one and screws almost
everyone.  My hope is that courts on both sides of the pond will trash
this misguided effort at global regulation, but if not, then I do hope that
ordinary Europeans will think clearly about this issue and then reach
the only reasonble solution possible.  Application of GDPR to WHOIS has
got to go.  The European Charter is not a suicide pact, and even you
Europeans are not obliged to shoot yourselves (and, coincidently, everyone
else) in the foot by making the Internet even more criminal-friendly than
it already is.