Availability of aggregate repository data

[Robert Frank <bobf@corsearch.com>]

I have previously posted notices as to why just providing the names does
no one really much good.  Suffice it to say that it is inefficient to
give an attorney or investigator or marketing person a name and
say, "This is a name that is close to yours but I don't have all the
guts such as who owns the name or their address."  To expect
professional trademark search firms to conduct a whois on all
matches and fuzzy matches gets us back into the mess we presently
find ourselves with NSI.  We presently run over 1,000 whois queries
per day to find the details for the matches and fuzzy matches related 
to the trademarks we are searching.  Often it takes longer to run the whois
queries than it takes to do the entire rest of the search.  Adding on that 
there will be  several places that we will have to go to get the various
whois queries run and you will see fees for professional domain name
searches going through the roof (and timelines for completing
searches slowing down which diminishes the "I want my name
right now" forces.)

I don't buy the privacy issue.  When trademarks and patents and
copyrights are filed with the US government or any of the various
states, that information is all readily  available.  There is not one
trademark owner who has received a registration within the last
few years who shortly after receipt of the registration did not also receive a
nice letter from a business offering to sell them a wood or bronze
engraving of their registration certificate.  And several scoundrels
have also tracked trademark filings and as soon as the filing hit the
public search room, filed for a domain name identical to the trademark.
Then they would contact the trademark owner and offer to sell them
the domain name.  The point is that there will always be those who 
will figure out a way to rip-off the system and we can't build a system
that is 100% abuse proof.

I was contacted by a business in California who had downloaded all
the domain names from Internic. Then, over a two week period they
conducted a whois on all 500,000 domain names (this was last year).
He would sell me, for $12,000 per year, the database, complete with
all the guts, plus updates every two weeks.  The point being that if
you are concerned about privacy and you release the domain names
in one swoop and allow whois for the details, someone will eventually
compile all the information and your privacy concerns went down the
tubes.


Robert Frank, President
CORSEARCH, Inc.

(Speaking on behalf of myself and my company about something  I know a bit about.)


----------
From: 	Kent Crispin[SMTP:kent@songbird.com]
Sent: 	Tuesday, January 14, 1997 7:18 AM
To: 	iahc-discuss@iahc.org
Subject: 	Availability of aggregate repository data

On a different subject.

Alex Horns, Robert Frank, and others have made the request that 
aggregate information maintained by the repository or others be made 
available to facilitate fuzzy matches of domain names.

It has been pointed out that there are privacy laws regarding 
database information.  These laws are especially strong when it comes 
to giving out aggregate lists with addresses, phone numbers, and the 
like.

Here are examples of the kind of abuse involved: first, advertisers
may get the list and send unwanted email to all domain name contacts. 
Second, I might be the contact for both "hotbabes.com" and
"council_of_churches.org", and I might find it embarassing for that 
fact to be widely known.

So there are aruments, legal and otherwise, against making aggregate 
contact data available.

However, aggregate contact data is *not needed* for the purpose 
specified by Alex Horns, Robert Frank, and others.  The only 
aggregate data needed is just the list of domain names, so that fuzzy 
matches can be made.  Only if a match is found is contact information 
needed.

I understand the need to have the names available in aggregate form,
but I am concerned about making the contact information available.  
And it may in fact be illegal in some jurisdictions.

Therefore I propose that an ftp-able list of active domain names be 
always available, and that "whois" data only be available through 
direct individual query.

To be more precise, I propose that the MoU direct the above.

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com,kc@llnl.gov		the thief he kindly spoke...
PGP fingerprint:   5A 16 DA 04 31 33 40 1E  87 DA 29 02 97 A3 46 2F