] President Bush said Thursday that he had been surprised
] to learn in the newspaper of his administration's
] decision last week to require Americans to have passports
] to enter the country from Mexico or Canada by 2008. He
] said he had asked the State and Homeland Security
] Departments to look into other means of tightening border
] security.

Thank you Mr. Bush!

Er... Wait... Fingerprints? I agree that we should not implement a policy that slows the flow of cross border traffic. I don't agree that the solution is to biometric everyone.

There are deep questions here that require some pause for reflection.

You want to have an efficient border. You want to control access. Biometrics, properly implemented, are well suited to this application, whereas they are not well suited to many applications people attempt to apply them to. But this is simply the technical argument.

The real question is whether we want to collect biometrics from everyone. Do you want your government files to be nonreputible? In many people's cases it doesn't matter, because you've already given up your fingerprint for immigration or drivers licenses or because you were booked on a charge. The frogs are already fairly warm.

Its really hard to go through life without getting fingerprinted by the government.

I think that driver's license biometrics are unconstitutional. I have never, ever seen driver's license biometrics actually used to authenticate a holder of a driver's license. Its simply a way of collecting biometrics that police can use in investigations. You could almost argue that its a "pre-search." Its clearly a 4th amendment violation to fingerprint everyone in a town in the wake of a crime to find the criminal, but if we do it in the context of driver's licenses then its not a "search" and so its OK(?!)

This is an example of creeping technological efficiency on the part of the government. The threat is that technological efficiency serves the government regardless of whether it's intentions are good. One reflexively fears this, thinking of the IBM punch card systems used to tabulate Jews in Germany.

But what is the alternative? If you want to control border access then it makes sense to apply these technologies. The alternative is to not control border access. But people reflexively see border control as a smart anti-terrorism strategy.

Is it? Objectively, has anyone really asked and answered whether this is the right way to deal with terrorism? Or is it simply a system that is more effective for other purposes that gets sold as an anti-terror tool? What are those other purposes?

These are the questions which are typically overlooked in these kinds of discussions. I imagine they are being overlooked here. The problem is that I don't know who knows enough about this problem to really know who is able to address these questions critically. Terrorists were stopp... [ Read More (0.5k in body) ]

The New York Times - A Surprised Bush Says He Wants New Travel Rules Reconsidered

] "Bogus "Whois Problem Reports" are increasingly going
] from being an annoyance to being a real security risk.
] Some recent incidents I've experienced due to Whois
] Problem Reports *merely* being filed:
]
] * Dotster, about two weeks ago, threatened to delete a
] domain if I didn't respond.
]
] * BulkRegister, just yesterday, threatened to suspend a
] domain if I didn't respond within 5 calendar days.

Anyone can go to ICANN's webform and submit a complaint about any website. There is no human intervention because ICANN felt that there were few abuses of the system back when no body knew about it. You registrar will automatically generate an email and send it to you. If you don't respond within a very short period of time you loose the domain. The time to switch to registrars who protect anonymnity is now.

ICANN destroys internet anonymnity

From the Congressional Record on September 21st, 2004 around 15:00:

Congressman Sensenbrenner (R Wisconsin)
"Because of the short time remaining in this session, H.R. 3632 also incorporates the text of three other noncontroversial bills, H.R. 3754, H.R. 112, and H.R. 4646, in the manager's amendment."

Congresswoman Christensen (D Virgin Islands)
"Title II of the bill before us contains the provisions of H.R. 3754, a largely uncontroversial bill reported out by the Committee on the Judiciary on a voice vote in June of this year. Title II is designed to improve the accuracy and completeness of the Whois database by providing additional civil and criminal remedies for domain name fraud."

Fucking lieing scum. Google "Fraudulent Online Identity Sanctions Act" (HR 3754) and look for yourself at how "largely uncontroversial" it is.

] We strongly encourage members of the general public and
] non-commercial communities, etc. to submit comments on
] each Report. The outcome of the WHOIS Policy Development
] Process will have a significant impact on privacy, civil
] liberties, and freedom of expression for Internet users.

If any of you have taken an interest in my comments to ICANN, pro or con, you should submit your own comments. Its important that ICANN hear from you.

Submit your comments to ICANN

] The U.S. Congress is hard at work trying to punish
] Internet users who value their privacy.
]
] That's not how Capitol Hill politicians describe a new
] bill introduced last week, of course, but that's what it
] would accomplish if it becomes law.

Declan speaks out against last weeks Whois hearing...

Privacy reduction's next act | CNET News.com

] The primary intended use for this is to allow
] identifiable participants in the domain name system to
] vote on matters that affect the whole domain name system
] in an easy (and easily-verifiable) fashion. The method
] for voting is specifying a string in the whois data for a
] domain name.

I beleive that the primary problem with the DNS that has lead to the present difficulties with Verisign, as well as previous difficulties, and future difficulties as well, is that the regulatory body which controls the DNS, ICANN, does not have democratic legitimacy. ICANN attempted to enable open elections, but this process fell apart for various reasons. A former roommate of mine (for a short period of time) wrote this essay at circleid on the subject. I'd like to know what people think.

A Voting System for Internet by Domain Name Owners - Part I

] One group in Poland is currently advertising "invisible
] bulletproof hosting" in online forums for spammers. For
] $1,500 per month, the group says it can protect a site
] from network sleuthing tools used by spam opponents, such
] as traceroute and whois.

Wired News: Cloaking Device Made for Spammers

] This response will address the IAB commentary, using
] observed operational data to put the issues into context.

Verisign links the question about services OTHER then HTTP/SMTP to their website about sitefinder. Why not a direct link to the information they are apparently referencing? Why not paraphrase? The reasons are obvious. Verisign recommends that impacted parties replace DNS queries with WHOIS lookups. This is an extremely stupid idea. Verisign knows that whois is not designed to handle the load, but I'll bet they figure no one will actually do this. Alternately, the offer that all software be modified to cross check DNS replies against a wildcard lookup. They claim these recommendations are in keeping with Internet standards.

Everytime Verisign says there are no stability problems with the Internet I imagine the Iraqi information minister. If there is no stability problem, then why do you need to provide all this technical information about how people can adapt their already deployed technology to interoperate with your change??

VeriSign Responds to IAB Site Finder Commentary

] Network Solutions, a full-service provider of domain
] names, Web sites and e-mail services, today announced
] specific precautions customers can take to protect their
] personal information associated with their domain name
] registrations with the launch of a new consumer privacy
] advocate Web site, http://www.internetprivacyadvocate.org

It would obviously be totally out of character for them to do something benevolent. So what is the deal here? OIC, they want you to file a comment asking ICANN to allow Network Solutions to prohibit bulk whois transfers. Obvious there are privacy implications, but obviously bulk whois transfers were not created for the benefit of spammers in the first place. Who needs bulk access to this data? Who is getting screwed here? Anyone know?

Network Solutions(R) Launches Internet Privacy Web Site

"People who provide false data when registering a domain name on the Web could be thrown into jail for up to five years, if a recently introduced bill becomes law. "

Well, THATS a bad idea... Whois is a relic of the past. Why should you be forced to give up your telephone number to the world simply because you want to register a domain!!

The proper way to investigate a host is to look the IP address up in ARIN's database and then contact the ISP it was assigned to.

Lawmakers seek to purify Web records - Tech News - CNET.com