ICANT
Internet overseer ICANN loses a THIRD time in Whois GDPR legal war
The internet's domain names overlord has failed in a third attempt to keep to the wheels from falling off its Whois service in Europe, raising questions over its competence. US-based Internet Corporation for Assigned Names and Numbers (ICANN) was slammed by the Appellate Court of Cologne, Germany, for not having "sufficiently …
COMMENTS
-
-
-
Tuesday 7th August 2018 15:58 GMT Anonymous Coward
ICANT Lose
Looks like ICANN are having a Denzel Washington 'Training-Day' meltdown moment of denial:
..... "You think you can do this to ME? I'm the police! I run shit here, you just live here! King Kong ain't got SHIT on me! - I'm winning anyway / I can't lose"....
https://www.youtube.com/watch?v=AkNDQD0gkAU&t=0h0m45s
-
-
-
Wednesday 8th August 2018 11:41 GMT Caffeinated Sponge
Re: not in the cross-fire yet?
Pretty much. Ever since the ‘Patriot Act’, the rest of the world has been cautious of doing any business with the US that could expose data it wanted to be secure. Demonstrations such as this that US companies don’t give a fig about non-US law when doing business overseas really doesn’t help the case. Almost all that is needed to close the deal is for someone in the Whitehouse Lobby to point the Dotard In Chief at the problem, and let him declare all non-US laws illegal or similar...
-
-
-
-
Tuesday 7th August 2018 12:59 GMT Anonymous Coward
Re: "no one is holding out much hope"
Careful what you wish for, you may get it and then you'll discover ICANN is vaguely useful.
While ICANN is far from perfect, it's imperfections have created many of the freedoms that have allowed the Internet to grow and provide information to so many. It has also created a money gobbling NGO that acts largely in it's own interests (hence the dispute with GDPR which it thinks it can ignore), but appears to be more government neutral than any of the alternatives.
-
Wednesday 8th August 2018 02:02 GMT eldakka
Re: "no one is holding out much hope"
it's imperfections have created many of the freedoms that have allowed the Internet to grow and provide information to so many.
Organisations don't do this, the people in organisations do this.
Are the same people currently responsible for the current clusterfuck that is ICANN the same people who did many of these other useful things, or is this a newer generation in charge that have had nothing to do with the previous 'good things" that have come out of ICANN?
ICANN didn't exist prior to its incorporation on September 30, 1998. Most of the "good stuff" that I believe you must be referring to pre-date the founding of ICANN. Since then ICANN has been mostly in either maintenance mode of those benefits put in place prior to it - standing on the shoulders of, and taking credit for, those that came before it - or in clusterfuck mode, breaking those same benefits or trying to maintain itself with no regard for its "citizens", that is the civilian population who use the Internet, with the only regard for its own enrichment and power - "Respect my authorita!"
edit: typos
-
-
-
Tuesday 7th August 2018 07:44 GMT JimC
Mind you I'm more than a bit uncomfortable
about the sale of domain names without a legit contact. Admittedly that horse has largely bolted, but there damn well ought to be a traceble organisation behind every spam and malware domain registration. OTOH publicly publishing names is clearly a bad thing: I was on the wrong end of that 25 years ago - which is another story.
-
Tuesday 7th August 2018 09:41 GMT big_D
Re: Mind you I'm more than a bit uncomfortable
You still need to provide a valid name and address for billing. But the anscilliary whois crud is not collected and the data is not published in whois, because it would be illegal.
If you can get an EU issued warrant to look at the information about a domain, the registrar will have to hand over the informaiton it does have, but it can't hand over the information without either the warrant or the explicit written permission of the identifiable persons in the data.
-
Tuesday 7th August 2018 10:32 GMT pɹÉÊoÉ snoɯÊuouÉ
Re: Mind you I'm more than a bit uncomfortable
" ....but there damn well ought to be a traceble organisation behind every spam and malware domain registration. OTOH publicly publishing names is clearly a bad thing:
I have about a dozen or so domain names that I use for various projects and I have lost count of the number scam emails telling me they are about to expire and need to pay some stupid amount to renew.
the fix is the contact email is one used only for the registration and it dumps everything except from the registrar and hosting company. Phone number is a cheap 20 quid a year, premium number, when any spam calls come in on that number I'll talk to them for hours if they like.... lastly, a PO box for the address..
-
Tuesday 7th August 2018 12:52 GMT clanger9
Re: Mind you I'm more than a bit uncomfortable
I love the idea of providing a premium rate contact phone number! Why didn't I think of that??
I have had to put up with idiot spam calls for years thanks to ICANN (on the basis that I already pay 'em enough for the domain, I'll be damned if I have to pay extra to have then not publish my phone number...).
-
-
Tuesday 7th August 2018 15:15 GMT JohnFen
Re: Mind you I'm more than a bit uncomfortable
"there damn well ought to be a traceble organisation behind every spam and malware domain registration"
Nobody is saying otherwise. The issue is that the contact information for registrees is made publicly available. There's no reason why ICANN couldn't stop that but still have a record of who registered what as well as the ability to contact them when such contact is legally required.
-
Tuesday 7th August 2018 22:42 GMT Alan Brown
Re: Mind you I'm more than a bit uncomfortable
"about the sale of domain names without a legit contact. Admittedly that horse has largely bolted,"
That horse bolted long before 1998. ICANN didn't even _start_ taking an interest in whois accuracy until it was threatened with legal action over all the faked addresses and collateral damage ensuing (one kiddy porn domain was registered to a residential address in Guildford inhabited by a very confused and upset little old lady, as one example) and then when it realised it could be a money earner things started going cha-ching.
-
-
-
-
Tuesday 7th August 2018 11:08 GMT I ain't Spartacus
The only advantage of ICANN I can see is that it pretty much now can't do anything. Well it created all the shitty .word extensions, but we can pretty much just ignore those and they'll go away. Feel free to block at your firewall if you can be arsed, nothing of value will be lost.
And that will keep them in champagne, bonuses, 5 star travel and hookers for a few more years.
But given the decisions of a few governments concerning the internet, then it's probably better that they can't get anything done either.
As for GDPR, that will sort itself out. The registrars will comply with the law, because it's stupid to do anything else. And there's nothing ICANN can do about it, but sulk.
The only problem comes if there's something urgent to be sorted out in the domain name space. Because ICANN don't do urgent. Or competent. Or reasonable. But if that means the job goes to the ITU, then at least we'll have had some years when the basically nobody was running things.
-
Tuesday 7th August 2018 13:14 GMT Spanners
"a true global politics free body created"
Anything from the USA that is dissolved and replaced could well be replaced by something even worse.
Expect it to have less representation from real humand beings.
Expect it to have more representation from big corporations.
Ecpect more advertising.
Expect it to have poorer security.
Expect it to be selective about legal systems.
The last item will be fun. To do anything in the way of legal activity, you must do it in the courthouse of Cowchip in East Texas. Only lawyers accredited to that court will be able to speak.
-
Tuesday 7th August 2018 13:55 GMT Jellied Eel
Time for ICANN to be disolved and a true global politics free body created.
Easier said than done. ICANN is suffering from growing pains and an inflated sense of importance. GDPR should have been no suprise to it, and in political terms, ICANN should have been influencing that. Then if it failed, it had 2+ yrs to work on policy and prepare. The organisation's not exactly short of lawyers on staff or on speed dial.
For whatever reason, it failed to either influence the EU, or adapt to the legislation. And responded in typical NGO fashion by forming a WG to deliberate some more, which allows the WG members to feel gainfully employed and justify their expenses.. Even though as the article points out, it's comprised of a lot of the people who misread the situation in the first place.
Trying to create an ICANN2 would inevitably lead to the same problems. Transfering responsibility to other existing standards/governance bodies like the ITU has long been threatened, but isn't exactly politics-free, although it's probably better at dealing with regulators.
-
Tuesday 7th August 2018 14:51 GMT Anonymous Coward
Be careful what you wish for.
The ITU is already trolling opinions that *they* should run the Internets because they're the International Telecommunication Union, that's why. And they can point to the hodge-podge of IP address allocation as proof. Never would have happened under the ITU's watch.
-
Tuesday 7th August 2018 16:18 GMT Loyal Commenter
And they can point to the hodge-podge of IP address allocation as proof. Never would have happened under the ITU's watch.
Well, we can at least assume that an international body wouldn't have allocated a quarter of all IP addresses to a mixture of US government and US businesses, including ones that no longer exist, like DEC.
-
Wednesday 8th August 2018 08:53 GMT Degenerate Scumbag
The class A allocations made sense at the time they were made. The ipv4 system was simply not designed to scale to anything like the number of nodes we now have on the internet. The majority of the address space was expected to go unused before classless inter-domain routing was implemented.
-
Wednesday 8th August 2018 10:07 GMT Roland6
And they can point to the hodge-podge of IP address allocation as proof. Never would have happened under the ITU's watch.
Well, we can at least assume that an international body wouldn't have allocated...
Well if you look at history, I suggest the ITU would have adopted ISO OSI Network Addressing, in its full glory [sarcasm] and just made IPv4 addresses a permitted format...
-
-
-
Tuesday 7th August 2018 08:43 GMT Da Weezil
"I can't see the need for most of the information in WHOIS records. Just knowing who the registrar is should be enough for most purposes. No?"
*Nail - Head*.
Registrant information should not be openly published - rather it should be that you need to go to the registrar and request the details - with a justifying reason for the request.
If ICANN cant work in the real world and abide by laws in that world it needs to be abolished.
-
Tuesday 7th August 2018 14:58 GMT Anonymous Coward
"Registrant information should not be openly published - rather it should be that you need to go to the registrar and request the details - with a justifying reason for the request."
That was basically one of ICANN's proposals. It got rejected:
"Those "changes" let registrars collect, but not publish, the same Whois data they now collect; provide some kind of "authorized access" to the records; and still allowed third parties to spam registrants.
But that effort failed, with even the US government criticizing its approach."
-
Tuesday 7th August 2018 15:22 GMT JohnFen
I don't think it was rejected for the reason you're implying here. I think that the rejection was due to who it was going to consider as having "authorized access". Where that should have been "someone with a subpoena"*, it was going to be a whole lot more broad than that.
*in cases where contact was needed for technical, rather than legal, reasons, then registrars could forward the contact request to the domain name owner and let them handle it as they see fit.
-
-
-
Tuesday 7th August 2018 10:29 GMT Roland6
>I can't see the need for most of the information in WHOIS records.
That's because it dates from a different era:
RFC812 (Original Whois 1982):
"WHO SHOULD BE IN THE DATA BASE
DCA requests that each individual with a directory on an
ARPANET host, who is capable of passing traffic across the
ARPANET, be registered in the NIC Identification Data Base.
To register, send full name, middle initial, U.S. mailing
address (including mail stop and full explanation of
abbreviations and acronyms), ZIP code, telephone (including
Autovon and FTS, if available), and one network mailbox, via
electronic mail to NIC@SRI-NIC."
This was also in RFC954 which was then updated by RFC3912.
What is notable is that it seems no one has actually read the Abstract to RFC3912:
"This document updates the specification of the WHOIS protocol,
thereby obsoleting RFC 954. The update is intended to remove the
material from RFC 954 that does not have to do with the on-the-wire
protocol, and is no longer applicable in today's Internet."
Which seems to make it crystal clear that the "Who should be in the Database" section is "no longer applicable in today's Internet". Interestingly, RFC3912 contains no material to indicate just what a Whois server database needs or should contain...
-
-
Tuesday 7th August 2018 14:18 GMT Jellied Eel
There's also the consent issue, along with remembering the original rules for domain registration. So .com being commercial, .org being non-profit and .net being infrastructure.
In a practical sense, WHOIS should have provided the legal entity, and a tech/abuse contact. Registrars didn't like this because it revealed customer info, cried 'privacy' and WHOIS results ended up containing the registrar's contact info. In doing so, it lost most of it's value as an operations tool for finding out who to contact in the event of technical problems.
Along side that of course were other privacy concerns, ie people's names, phone numbers etc and the never ending spam or slamming attempts. For the traditional domains, most of that could (and should) have been hidden by role accounts like abuse@ or info@.. Which would still have got spammed heavily, but aren't really personal data.
By allowing registrars to hide end-user info, WHOIS lost most of it's utility to the Internet at Large, especially as a lot of registrars are unresponsive to queries regarding domains they're hosting. So as WHOIS became increasingly useless and redundant, policy should have changed. ICANN doesn't really need the personal info of end-users, just a way to contact them in the event of dispute or problems, which it could do via the registrars.
-
Tuesday 7th August 2018 16:08 GMT Roland6
@Jellied Eel - There's also the consent issue...
In doing so, it lost most of it's value as an operations tool for finding out who to contact in the event of technical problems.
The issue is that as it stands the Whois service dates from the era when the "Internet" wasn't a public network as we now understand a public network to be. When RFC's 812 and 954 were penned, the "Internet" was still a private(ish) network mainly used by academics and a small community of collaborators, who were developing this non-proprietary network - hence why it was useful to be able to directly contact people and discuss connection and interop issues (many people forget that prior to Interop 1986 - one of the great moments in Internet history, the Internet wasn't as interoperable as it is today).
I suspect that much of the consent, privacy and reporting issues you allude to arise from the closed community ARPANET/Internet being opened to the public at large, without regard for it's fitness for purpose - this mirrors the often seen way, where prototype IT systems are dropped into production...
-
Tuesday 7th August 2018 16:55 GMT Jellied Eel
without regard for it's fitness for purpose - this mirrors the often seen way, where prototype IT systems are dropped into production...
Exactly! When WHOIS began, the Internet was between relatively trusted peers and there were fewer privacy issues given the records served a purpose. Fast-forward to now and the creation of personal TLDs like '.me' and ICANN's created it's own privacy problems. Which it was warned about decades ago.
(Damn, I feel old..)
ICANN also morphed from an oversight body to a more blatantly commercial operation, so regarded exclusivity over individual WHOIS entries as it's own IP, which obviously has a value.. But it doesn't really need to know about individual records other than maybe for billing purposes. And by allowing data to be hidden behind registrar entries, WHOIS has lost utility for most purposes. Especially given it never really had a good handle on national issues, eg Germany's strict privacy rules. I think the issue now is ensuring registrars act responsibly, ie law enforcement liason and dispute resolution.
-
-
-
-
-
-
Tuesday 7th August 2018 08:55 GMT Doctor Syntax
"The truth however is that ICANN continues to be baffled by the fact that the European court system has no interest in its corporate interests and refuses to be told that the Whois service is as important as ICANN considers it to be."
I think it's more of a case that ICANN isn't as important as it thinks itself to be.
-
-
Wednesday 8th August 2018 14:39 GMT John Brown (no body)
"As much as I'd like this to be the case, I'm pretty sure there's an agenda going on.
ICANN seems in far too much of a hurry to lose this case."
You're not the only one who thinks this. I've made similar comments in the past as have others. They are taking on obviously lose-lose battles. Like there's some contractual or legal things they need to comply with and can't get out of but might eventually be able to point to superseding legal rulings that lets them off the hook by "losing" against the EU and GDPR.
It's also worth noting that other jurisdictions are looking closely at GDPR and implementing their own version, such as India. The US lack of privacy protection is beginning to stand out more as an outlier on the world stage more in keeping with the likes of China than democratic nations.
-
-
-
Tuesday 7th August 2018 11:14 GMT I ain't Spartacus
I'm not sure anyone can really be arsed. The people who really want to control the internet are worried about censoring people and information they don't like. But nobody else will follow them down that particular rabbit hole. At least yet.
Everybody else just wants a quiet life. And so willl do as little as they can, so long as the lights stay on and the packets keep on moving.
-
Wednesday 8th August 2018 14:41 GMT John Brown (no body)
"Everybody else just wants a quiet life. And so willl do as little as they can, so long as the lights stay on and the packets keep on moving."
But it's worth keeping half an eye on, just in case.
How does the saying go? All it takes for evil to win is for good men to do nothing, or words to that effect.
-
-
-
-
Tuesday 7th August 2018 10:04 GMT Dazed and Confused
Re: Costs?
While part of me agrees with your sentiments the problem is that ICANN doesn't have any money of it's own. So if you award costs against ICANN then that money needs to come from somewhere and that somewhere will be you an me. The one groups of people who won't end up paying are the people who run ICANN which is presumably the people you want to suffer.
-
Tuesday 7th August 2018 11:10 GMT Martin Gregorie
Re: Costs?
While part of me agrees with your sentiments the problem is that ICANN doesn't have any money of it's own.
Are you sure? IIRC there have been several stories in El Reg about the millions ICANN made by selling rights over newly invented TLDs to various registrars. For some reason TLD name auctions starting at $185,000 a pop spring to mind. IIRC quite a lot of it is said to be still in the ICANN bank account despite what they've spent on running conferences in exotic places.
-
Tuesday 7th August 2018 22:59 GMT Alan Brown
Re: Costs?
"The one groups of people who won't end up paying are the people who run ICANN which is presumably the people you want to suffer."
Judges are not stupid people. If they decide that the actions of the board "pierce the corporate veil", then they can hold board members and directors individually and personally liable for illegal behaviour.
Limited liability companies shield the _shareholders_ from unlimited financial liabilities. They do not shield the directors or management from the consequences of illegal or criminal actions.
-
-
-
-
Tuesday 7th August 2018 15:10 GMT Anonymous Coward
Re: EU vs ICANN
"I'm guessing whois is still trundling along like it always has, so as it's illegal now, is the EU actually doing anything about it?"
Most (if not all) registrars have removed all personal information from their whois services by now. Some TLDs (like .us) try to hold their ground.
-
Wednesday 8th August 2018 15:27 GMT Loyal Commenter
Re: EU vs ICANN
Is the EU taking any steps to sue ICANN yet, does anyone know?
I'm assuming that if ICANN continues to fail to comply with the GDPR regulations (which are implemented as national laws by the EU member states), then the next step won't be for the EU to sue them. It will be for them to be prosecuted (a criminal prosecution, not a civil case) by a member state in that nation's courts. Presumably, in a country where they have a presence. Where are their European offices?
-
-
Tuesday 7th August 2018 12:01 GMT Maelstorm
Not legally binding...
Unfortunately, for the EU, any court decision against ICANN is not legally binding. You have to sue them in the district where they are, and that means the USA. I can see ICANN eventually just disallowing European registrars from registering domain names, which will kill the internet in Europe.
With these policies and it's own obtuse and arrogant behavior, Internet governance should be taken over by the UN-UTI or even the World Network Council (WNC).
Either that, or put ICANN back under the direct purview of the US Government.
-
Tuesday 7th August 2018 13:11 GMT DavCrav
Re: Not legally binding...
"I can see ICANN eventually just disallowing European registrars from registering domain names, which will kill the internet in Europe."
No, it would fragment the Internet. I think it's unlikely that the EU would just allow ICANN to take the EU's bit of the Internet off it.
-
Tuesday 7th August 2018 13:24 GMT Loyal Commenter
Re: Not legally binding...
So what you are saying is that we may end up with a separate EU internet segment, without access to sites in the US, Russia, China, etc.
And this is a bad thing? I for one am not too bothered if we see a day where there are no Russian botnets, ad-spamming US sites that pull in scripts from 15 domains, or access to baidu.
-
Tuesday 7th August 2018 14:42 GMT stephanh
Re: Not legally binding...
"So what you are saying is that we may end up with a separate EU internet segment, without access to sites in the US, Russia, China, etc."
More likely a set of regional, independent DNS roots which have some peering arrangements between them. Except when they don't, and URLs start resolving to different sites in different countries because of some political spat.
Not the end of the world, but also far from ideal.
-
Tuesday 7th August 2018 16:29 GMT Loyal Commenter
Re: Not legally binding...
I guess from the downvotes I've accrued, that not too many people here understand irony.
I shouldn't really have to use the 'joke alert' icon...
On a serious note, what this whole escapade exposes is the difference between the internet as we experience it today, as a trans-national phenomenon, and the original ARPAnet, which was, after all, originally developed by the US military (Defence Advanced Research Projects Agency, or DARPA, hence the 'ARPA' part).
There should have been a point, long ago, where the basic addressing system of the internet stopped being under the control of a US-based entity, and instead was governed by an international body formed by an international treaty. This is coming home to roost now that the US attitude towards personal information becomes more apparently different from the attitude held in other parts of the world (US: personal information is a good to be bought and sold; EU: personal information is protected by law as an individual right)
-
Tuesday 7th August 2018 23:02 GMT Alan Brown
Re: Not legally binding...
"There should have been a point, long ago, where the basic addressing system of the internet stopped being under the control of a US-based entity, and instead was governed by an international body formed by an international treaty."
That's what the ITU is arguing.
You really _don't_ want that model. It would have killed the Internet as we know it in the crib as a threat to the global telecommunications cartels and it still has the potential to strangle it.
-
Wednesday 8th August 2018 14:52 GMT John Brown (no body)
Re: Not legally binding...
"the original ARPAnet, which was, after all, originally developed by the US military (Defence Advanced Research Projects Agency, or DARPA, hence the 'ARPA' part)."
Just as an FYI, ARPA was created in 1958. Later, in 1972 when much of the non-military research had been moved off to other agencies such as NASA, ARPA became DARPA.
-
-
-
-
Tuesday 7th August 2018 13:21 GMT phicoh
Re: Not legally binding...
I don't see why the EU would sue ICANN at this stage, but there seems to be enough to connect ICANN to the EU to allow EU courts to claim jurisdiction: for one ICANN decided to sue in the EU. The second is that ICANN hosts meetings in the EU. A third is that ICANN is formally responsible for all the country TLDs, which includes the EU countries.
So it would be hard for ICANN to claim that it doesn't do business in Europe.
-
-
Tuesday 7th August 2018 22:26 GMT Anonymous Coward
Is it just me?
...or does the attitude of ICANN to the EU remind you of any other group at the moment?
The EU is rock solid. It has a huge number of intelligent, clued up members who don't give a monkeys what ICANN wants the rules to be. It simply reiterates the facts, and protects the rights and interests of its members.
You can come in expecting to throw your weight around and you'll be politely, but oh so firmly, shown the door.
-
Tuesday 7th August 2018 22:26 GMT Anonymous Coward
Is it just me...
...or is anyone else reminded of another group currently trying to get their own way with the EU at the moment?
The EU is rock solid. It has a huge number of intelligent, clued up members who don't give a monkeys what ICANN wants the rules to be. It simply reiterates the facts, and protects the rights and interests of its members.
You can come in expecting to throw your weight around and you'll be politely, but oh so firmly, shown the door.
-
Wednesday 8th August 2018 03:30 GMT Scotty Bones
Cut the EU off
While I think most of us can agree that ICANN generally sucks, So does Europe when they think they can impose their own crappy laws on the entire world (your not that big a deal, really). I have an easy solution to this problem. Cut the EU off from the global DNS system, then see how long it takes them to come to their senses when you guys can only surf the web via IP address. I guarantee your nutty leadership comes to the table to negotiate. Problem solved.
-
Wednesday 8th August 2018 10:00 GMT Roland6
Re: Cut the EU off
>Cut the EU off from the global DNS system
That would be an interesting experiment, given the fundamental design principles embedded in the DNS! :)
About all the US would be able to achieve is to replicate what China has done and effectively separate itself off from the rest of the world.
-
Wednesday 8th August 2018 12:18 GMT I ain't Spartacus
Re: Cut the EU off
Scotty Bones,
Nope. The EU are trying to impose their laws within the EU. And succeeding so far. Which seems entirely fair enough. It's not like they're unreasonable demands, so ICANN could just have mandated them for EU registrars and then either ignored them elsewhere or made them a "global best practise" or somesuch.
But they chose to stick their head in the sand. They haven't yet really tried the approach of saying you can't tell us what to do we're in California. They've tried to negotiated (badly and stupidly) and then to use the courts in the EU. And they can't try the extra-territoriality approach, because they have to enforce their contracts with the registrars in courts in Europe. Which they can't because the damned contract is blatantly illegal. Which any lawyer could tell them.
So it's all basically fine. There's no drama here. ICANN are proven to be incompetent. Again. EU law will get enforced by the registrars operating within the EU. And ICANN can't do anything to stop them, because obeying the law trumps contract clauses. And would do so in a US court too. In an ideal world ICANN would have complied with the law as written 20 years ago - as they've been repeatedly told. But now the new versions of that data protection law have much scarier fines, big corporations are jumping right smart to do it. And because the law isn't unreasonable, there's now starting to be political pressure even in the US to give their consumers similar protections. This is a case where I think the EU have got it broadly right, and this kind of law will be non-controversial in a decade's time.
-
Wednesday 8th August 2018 13:48 GMT FrozenShamrock
Re: Cut the EU off
Seriously, you're embarrassing the rest of us. Europe is trying to enforce their laws for businesses operating within Europe with European businesses and individuals. ICANN, and putzes such as yourself, are trying to impose US laws and pro-corporate capitalism wherever they go, even outside the US. How you would like it if, say, the Saudis decided that since we import their oil we have to follow Sharia law at our gas stations?
-