Proposed comments for the WHOIS RT
Nicolas Adam
nickolas.adam at GMAIL.COM
Fri Mar 16 19:58:55 CET 2012
Amazing work.
Nicolas
On 16/03/2012 11:20 AM, Maria Farrell wrote:
> I also support submitting. (Well, I would, wouldn't I!)
>
> Maria
>
> On 15 March 2012 19:15, Robin Gross <robin at ipjustice.org
> <mailto:robin at ipjustice.org>> wrote:
>
> GreAt. Thank you very much. Let's submit.
>
> Robin
>
> On Mar 15, 2012, at 6:31 PM, Wendy Seltzer <wendy at SELTZER.COM
> <mailto:wendy at SELTZER.COM>> wrote:
>
> > Thanks very much to Maria and Joy for contributions to this,
> proposed
> > comments for the WHOIS RT. Comments are due March 18, but I'd
> like to
> > send them before leaving tomorrow, if possible.
> >
> <http://www.icann.org/en/news/announcements/announcement-05dec11-en.htm>
> >
> > We would like to commend the general readability of the report.
> WHOIS
> > has become a very complex issue, and presenting it so clearly and
> > accessibly facilitates participation in both this consultation
> process
> > and participation more generally. We particularly appreciate the
> hard
> > work of collecting the WHOIS policies from the various places where
> > they reside.
> >
> > High-level recommendations:
> >
> > The report should explicitly recommend that WHOIS policy recognize
> > that registrants, both individual and organizations, commercial and
> > non-commercial, have a legitimate interest in, *and in many
> jurisdictions
> > the legal right to, the privacy of their personal data*.
> >
> > In the normative discussion, privacy should be given equivalent
> emphasis
> > to accuracy. *It would be instructive in this regard to
> reference the
> > OECD privacy guidelines, agreed to by all OECD member countries
> with input
> > from business and civil society. Data accuracy (or 'quality') is
> considered
> > by OECD members to be of equal importance to purpose
> specification, use
> > limitation and security safeguards, none of which factors are
> supported by
> > Whois as it currently operates. (OECD Guideline reference:
> >
> http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
> > ) *
> >
> > It is as important that registrants have privacy as that
> > their data be accurately recorded. At the moment, the report
> appears,
> > from its emphasis on access and accuracy, to discount those privacy
> > concerns *that are accepted by all OECD member states and
> participating
> > business and civil society actors as having equal importance.*
> >
> >
> > Section F. Findings
> >
> > The brief ‘tour de table’ provides useful background reading, but
> > *should* include
> > reference to the fact that ICANN’s Whois policies are
> > incompatible with the OECD privacy guidelines and also
> applicable national
> > laws in many countries, including
> > member states of the European Union.*The European Union's Article 29
> > Working Party of national data protection officers provided
> specific input
> > to ICANN's 2003 Montreal meeting regarding the many ways gTLD Whois
> > breaches EU law. These included the lack of definition of a
> purpose of
> > Whois, lack of use limitation, misuse of Whois data by third
> parties and
> > the disproportionality of the publication of personal data. The
> Article 29
> > Working Party concluded that "there is no legal ground
> justifying the
> > mandatory publication of personal data referring to this person.
> (the
> > registrant)". *
> >
> > *(Article 29 WP reference: Opinion 2/2003 on the application of
> the data
> > protection principles*
> >
> > *to the Whois directories *
> >
> http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf)
> >
> > *It is very concerning that the findings of the Whois Review
> Team do not
> > consider the glaring fact of the illegality of gTLD Whois
> requirements in
> > many jurisdictions, and the incompatibility of Whois as it
> currently stands
> > with the only internationally accepted guidelines on data privacy. *
> >
> >
> > Section G. Recommendations
> >
> > 1. Single Whois Policy - "The Board should oversee the creation
> of a
> > single Whois policy document."
> >
> > We welcome the call for a single Whois policy that sets out the
> > requirements, globally and facilitates registrants who wish to
> consult
> > those requirements. Whois ‘policy’ is currently inferred from
> registry
> > and registrar contracts.* A single Whois policy should be
> compatible with
> > the internationally accepted OECD privacy guidelines, in respect
> of a
> > statement of purpose for the use of data, use limitation, data
> accuracy and
> > appropriate security safeguards for personal data.* However,
> gTLD policy
> > development is the
> > responsibility of the GNSO, not the Board (until the final stages),
> > and needs to be developed through the bottom up process, with the
> > cooperation of the multiple stakeholders affected.
> >
> > 3 - "Make Whois a Strategic Priority"
> >
> > Change "Strategic Priority" to "Strategic Consideration." As the
> > review team was focused only on WHOIS, it was in no position to
> > analyze the tradeoffs involved in setting global priorities. Many
> > items on ICANN's policy agenda *may be considered* more worthy
> of the
> > community's
> > limited time and attention. *The appropriate process for the
> community to
> > prioritize issues such as Whois is via the Strategic Plan.* No
> evidence
> > is offered in this report to support prioritizing
> > WHOIS o*ver other issues of importance to the community as a whole.*
> >
> > 5 - Data Accuracy - As many law enforcement comments in the report
> > suggest, contactability is more important than "accuracy."
> Separation
> > of the contact details from the public display could enhance the
> > accuracy of the contact details available to appropriately qualified
> > requesters.
> >
> > 10-16. "Data Access: Privacy and Proxy Services."
> >
> > The recommendations should explicitly acknowledge the importance of
> > privacy and proxy services in providing options to legitimate
> Internet
> > users to preserve their privacy. National laws in the United States,
> > for example, recognize privacy interests not only for
> individuals, but
> > for associations. The report further documents the legitimate
> > interests of even commercial Internet users in private domain name
> > registrations.
> > * In relation to the references to national legislation: it is
> > important to note that this reference may be problematic if national
> > legislation violates international human rights standards, for
> example,
> > relating to freedom of expression (see the citation of this
> report below).
> > * Freedom of association: proxy registration services can
> support the
> > rights of human rights defenders to carry out lawful activity
> without
> > persecution. Threats to registrants include surveillance of
> registrants
> > through use of information which is accessed via WHOIS data -
> continuing to
> > expand the nature of information held in WHOIS will only
> heighten the
> > safety
> > concerns of human rights defenders. In addition, just in time
> attacks on
> > websites of civil society organisations have been used to
> disrupt lawful
> > activity and democratic participation in a number of countries: see
> > Deibert,
> > R., Palfrey, J., Rohozinski, R. & Zittrain, J. (Eds.) (2011). Access
> > Controlled: The Shaping of Power, Rights, and Rule in
> Cyberspace. MIT
> > Press.
> > * Governments whose legislation is in violation of these
> rights
> > should
> > not be able to rely on such laws when requesting WHOIS data
> access and
> > proxy
> > information. It would be unreasonable to require Registrars to
> carry out an
> > additional analysis. Other options include:
> > (1) Provide that LEA WHOIS data requests may be refused
> where there are
> > reasonable grounds to believe that such requests may violate
> *registrants'
> > *
> > rights of freedom of expression or freedom of association
> > (2) Require LEA to verify that national laws comply with
> human rights
> > standards
> > (3) Require LEA to verify that WHOIS requests do not violate
> > international human rights standards
> >
> >>
> > 17 - Data access - "ICANN should set up a dedicated, multilingual
> > interface website to provide thick Whois data for" COM and NET, who
> > have thin whois. This is subject to existing policy and
> policy-making
> > by the GNSO. It is inappropriate for the Review Team to intervene at
> > this level of detail into the GNSO policy process, *and in a way
> that
> > privileges certain substantive outcomes over others.*
> >
> >
> > Section E. Work of this RT
> >
> > A factual point. There is only one Chatham House rule, so the
> statement
> > referring to it should use the singular.
> >
> > Freedom of Expression References:
> >
> > As noted by the UN Special Rapporteur on Freedom of Opinion and
> Expression
> > in his annual report of 2011:
> >
> > 23. The vast potential and benefits of the
> Internet are
> > rooted in its unique characteristics, such as its speed,
> worldwide reach
> > and
> > relative anonymity. At the same time, these distinctive features
> of the
> > Internet that enable individuals to disseminate information in
> "real time"
> > and to mobilize people has also created fear amongst Governments
> and the
> > powerful. This has led to increased restrictions on the Internet
> through
> > the
> > use of increasingly sophisticated technologies to block content,
> monitor
> > and
> > identify activists and critics, criminalization of legitimate
> expression,
> > and adoption of restrictive legislation to justify such
> measures. In this
> > regard, the Special Rapporteur also emphasizes that the existing
> > international human rights standards, in particular article 19,
> paragraph 3
> > of the ICCPR, remain pertinent in determining the types of
> restrictions
> > that
> > are in breach of States' obligations to guarantee the right to
> freedom of
> > expression.
> > 24. As set out in article 19, paragraph 3 of
> the ICCPR,
> > there are certain, exceptional types of expression which may be
> > legitimately
> > restricted under international human rights law, essentially to
> safeguard
> > the rights of others. This issue has been examined in the
> previous annual
> > report of the Special Rapporteur. However, the Special
> Rapporteur deems it
> > appropriate to reiterate that any limitation to the right to
> freedom of
> > expression must pass the following three-part, cumulative test:
> > (1) it must be provided by law, which is clear and accessible to
> > everyone (principles of predictability and transparency); and
> > (2) it must pursue one of the purposes set out in article
> 19, paragraph
> > 3 of the ICCPR, namely (i) to protect the rights or reputations
> of others,
> > or (ii) to protect national security or of public order, or of
> public
> > health
> > or morals (principle of legitimacy); and
> > (3) it must be proven as necessary and the least restrictive
> means
> > required to achieve the purported aim (principles of necessity and
> > proportionality).
> > Moreover, any legislation restricting the
> right to
> > freedom of expression must be applied by a body which is
> independent of any
> > political, commercial, or other unwarranted influences in a
> manner that is
> > neither arbitrary nor discriminatory, and with adequate
> safeguards against
> > abuse, including the possibility of challenge and remedy against its
> > abusive
> > application.
> > And further:
> >
> > 26 However, in many instances, States restrict, control,
> manipulate and
> > censor content disseminated via the Internet without any legal
> basis, or on
> > the basis of broad and ambiguous laws; without justifying the
> purpose of
> > such actions; and/or in a manner that is clearly unnecessary and/or
> > disproportionate to achieve the intended aim, as explored in the
> following
> > sections. Such actions are clearly incompatible with States'
> obligations
> > under international human rights law, and often create a broader
> chilling
> > effect on the right to freedom of opinion and expression.
> > (full reference: Frank La Rue "Report of the Special Rapporteur
> on the
> > promotion and protection of the right to freedom of opinion and
> expression"
> > (26 April 2011, A/HRC/17/27) also available at:
> http://scr.bi/z6lZ8N )
> >
> >
> >
> >
> >
> > --
> > Wendy Seltzer -- wendy at seltzer.org <mailto:wendy at seltzer.org> +1
> 914-374-0613
> > Fellow, Yale Law School Information Society Project
> > Fellow, Berkman Center for Internet & Society at Harvard University
> > http://cyber.law.harvard.edu/seltzer.html
> > https://www.chillingeffects.org/
> > https://www.torproject.org/
> > http://www.freedom-to-tinker.com/
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20120316/1d7a01db/attachment-0001.html>
More information about the Ncuc-discuss
mailing list