<HTML><FONT FACE=arial,helvetica><HTML><FONT SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0">All:<BR>
Just a fast reminder about the deadline approaching (Thursday!) for public comments to the 3 WHOIS Task Forces that have met for the last six months. If you/your organization have time to do nothing else, would you please consider comments supporting the privacy proposals in the reports of TF1 and TF2? <BR>
<BR>
Frannie has made it easy, with a website at <A HREF="http://www.thepublicvoice.org/take_action/default.html">http://www.thepublicvoice.org/take_action/default.html</A> with key points written by Milton (TF1) and Frannie (TF2), and the email address for comments. Since I am a bit late posting my suggestions for comments, I include them in text below. <BR>
<BR>
Even short comments would be great. Thursday end of day is the deadline.<BR>
Regards and thanks, Kathy (TF2)<BR>
--------------------------------------------------------------------------------------------------<BR>
TF2 Report: Some suggested points comments<BR>
-------------------------------------------------------------------------------------------------<BR>
Overall, I think the TF2 Report is good -- pretty balanced and a good presentation of our interests. Thus, for comments, I would suggest a double strategy: praise the positive (to reinforce our issues) and then criticize the negatives. An outline of key issues below. <BR>
<BR>
A. Highlight the positives.<BR>
1. For the first time, an ICANN report highlights both the uses of<BR>
WHOIS and the abuses of WHOIS data. We want to emphasize the abuses<BR>
and possible abuses of continuing an open directory with this data (address,<BR>
phone and email) available to all. What are you organization's concerns for<BR>
itself or its members regarding this data? (Please consider mentioning your<BR>
own concerns, or those on behalf of human rights organizations, other<BR>
noncommercial organizations, and individuals).<BR>
<BR>
2. For the first time, an ICANN report outlines the privacy laws<BR>
and freedom of expression protections in laws around the world (Sections<BR>
2.3 and 3.3/National Law, and first section of Appendix). Please support<BR>
the report here. If you are in a country with comprehensive data laws,<BR>
please talk about the human rights principles underlying your national<BR>
privacy laws. If you are in a country with free speech laws, please write<BR>
about the importance of speaking privately and even anonymously, even in<BR>
public dialogue. <BR>
<BR>
3. We have a great recommendation: that "Registries and<BR>
Registrars should not have to violate local data protection laws in order to<BR>
conform with WHOIS policy. If there is a conflict of law and WHOIS<BR>
policy, as process should be in place to allow for registrars to show such<BR>
conflict and make appropriate changes needed for it to conform to the<BR>
respective local laws." (See 1.4, 2.3, and 3.3). Please support this<BR>
recommendation!<BR>
<BR>
B. Opportunity to comment and shape the work ahead: Tiered Access <BR>
<BR>
<BR>
Background: The Registrars for a long time have proposed a Tiered Access<BR>
system. While they agree that all personal data should not be public,<BR>
Registrars do not want to be involved in the day to day task of screening all<BR>
the requests for domain name holders. Thus, they propose an automated<BR>
system for making personal data available to those who say they need it. <BR>
This system is called Tiered Access ("TA"). TA is a series of gates or<BR>
tiers. Still in formation, it is beginning to gain momentum. Comments now<BR>
would be very timely and useful! [Sections 2.4, 2.5, 3.4, 3.5]<BR>
<BR>
1. Support the concept of "Tier 1" -- that personal or sensitive data<BR>
including address, phone and email for individuals, organizations and even<BR>
companies (such as small business) *would not* be published on the first<BR>
Tier and not available to all. (Note: 3.5 recommendation proposes that a<BR>
registrant could choose to put all this data into the WHOIS directory, but<BR>
that would be his/her/its choice). <BR>
<BR>
2. Argue that "Tier 2" needs to be much better defined. Registrars<BR>
call Tier 2 the place for "known users with known uses" to access<BR>
personal/sensitive domain name data. But what are the limits and<BR>
protections for domain name owners? These we must fight for. Please<BR>
think of your own ideas for protections against abuse, but here are some of<BR>
mine: <BR>
A. Tier 2 should still not publish all the personal/sensitive data.<BR>
Let it be name/email (ideally) or name/address<BR>
(alternatively). But not all the data. <BR>
<BR>
B. No unlimited access to the WHOIS database, even if you<BR>
are the world's most famous intellectual property law firm. <BR>
Although you are a "known user," you should still not have<BR>
infinite access to the WHOIS personal data and database. <BR>
Searches should be one by one, and for each and every<BR>
access, the user (however famous) should enter a clear and<BR>
specific text reason for the legal problem being raised by the<BR>
domain name and the legal reason for needing to contact the<BR>
domain name holder. This explanation must be sent to the<BR>
domain name holder. <BR>
<BR>
C. The system must provide *immediate notification by email<BR>
to the domain name holder* whenever his/her/its<BR>
personal/sensitive data is released to any third party in Tier<BR>
2. Such immediate notification will allow domain name<BR>
holders to better protection themselves -- and flee if their<BR>
address (as a human rights organization, an abortion clinic,<BR>
or a woman with a stalking ex-spouse) has just been given<BR>
away. (Domain name holders should have the option to<BR>
"opt-out" of such immediate notification if their safety is not<BR>
in danger, perhaps for a weekly listing.)<BR>
<BR>
3. Support the concept of a Tier 3 that all the data is available to<BR>
ICANN-accredited registrars and registries for technical purposes, such as<BR>
domain name transfers.<BR>
<BR>
Thanks again!<BR>
Kathy <BR>
</FONT></HTML>