<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=UTF-8">
<META content="MSHTML 6.00.6000.16546" name=GENERATOR></HEAD>
<BODY id=role_body style="FONT-SIZE: 10pt; COLOR: #000000; FONT-FAMILY: Arial"
bottomMargin=7 leftMargin=7 topMargin=7 rightMargin=7><FONT id=role_document
face=Arial color=#000000 size=2>
<DIV>With thanks to EPIC for analysis of the substantive issues, attached please
find my comments in the Whois proceeding. After so many years in the
process, I am dismayed to see the Intellectual Property Constituency and its
following back away from the very compromises they pushed so hard to
achieve.</DIV>
<DIV> </DIV>
<DIV>We still have three more days. Please submit your own comments -
short or long! </DIV>
<DIV>Kathy</DIV>
<DIV>------------------------------------------------------------------------------------------------------------------------------------------------<BR>Dear
Mr. Cerf and the ICANN Board, Ms. Doria and the GNSO Council: <BR><BR>As
you know, I have been an active participant in the Whois process over many
years. I served on the Whois Task Forces and organized the Building
Bridges on ICANN's Whois Question Conference at ICANN's Vancouver Meeting
(12/05). I have not been involved in the Whois process for over a year,
did not serve on the recent Whois Working Group, and write as an observer and
admirer of the progress made to date.<BR>The entire record of the last 7 years
of Whois debates supports key changes soon to ICANN's Whois
Policies. This letter outlines the agreements of the past Whois Task
Forces (on which I participated), the major strides of the recent Whois WG
(on which I did not participate), and the clear path ahead to resolve the few
remaining open issues.<BR></DIV>
<DIV> The letter closes with my dismay that so much pressure is being
brought to bear on ICANN to reverse its work of the last 7 years, and discard
the thousands of hours that so many good faith ICANN participants have invested
in the reports, negotiations and hard-fought compromises of this important Whois
process. <BR><BR><STRONG>I. The Whois Task Forces found that Data Protection
Laws Exist Throughout the World and Apply to Whois Data<BR></STRONG></DIV>
<DIV>Dating back to 2003, I served on the Whois Task Force. After
extensive research, the Task Force found that data protection laws worldwide,
and on every continent, protect the disclosure and publication of personal
data. Starting with the EU Data Protection Directive, data protection laws
impact registrars, registries and registrants around the world (see, e.g, “Table
of Task Force [2] Data Analysis, July 2004” posted at www.ncdnhc.org under
“What's New, Whois Conflicts with National Law” and the Task Force 2
report.)<BR></DIV>
<DIV> As the Electronic Privacy Information Center notes in its comments,
ICANN has now heard from many Data Protection Commissioners, including Germany,
Canada, Italy, France, Belgium, and two chairs of the Article 29 Working Party
representing the EU Data Protection Commissioners collectively. They speak
and write to ICANN of the protections their laws guarantee to the privacy of
individuals, and the conflicts that exist with the privacy laws of their
countries. <BR></DIV>
<DIV>At the ICANN Rome meeting, Mr. Giovanni Buttarelli, Secretary-General of
Italy's Data Protection Commission, specifically noted that registrars and
registries violate Italian data protection laws with their publication of
personal data, and that his jurisdiction extends to them if their business
operates within Italy, and if they are marketing to Italian citizens.<BR></DIV>
<DIV>At ICANN's Vancouver meeting in December 2005, I organized the Whois
conference Building Bridges on ICANN's Whois Question, the first conference to
bring together GNSO and ccNSO to discuss the Whois questions. We learned in our
opening session that ccTLDs have changed their Whois policies to comply with
national data protection laws. Three ccTLDs on three continents
spoke of their major Whois changes, namely Nominet (.UK), CIRA (.CA) and JPRS
(.JP). Many members of the ccNSO nodded their agreement and spoke in the
hallways of similar changes.<BR></DIV>
<DIV> Overall, the Data Protection Commissioners have participated
patiently in the Whois process, always urging ICANN to go forward, but always
warning of their deep concerns with the illegalities of current practices. See,
e.g,. Comments to ICANN from Commissioners and Organizations Regarding Whois and
the Protection of Privacy, <A
href="http://www.ncdnhc.org/policydocuments/whois-ncuc-backgrounder.pdf">http://www.ncdnhc.org/policydocuments/whois-ncuc-backgrounder.pdf</A>.
<BR></DIV>
<DIV> The result is that the Whois Task Forces, over many years of work,
recommended changes to ICANN's Whois Policy to reflect data protection laws and
privacy rights worldwide (as a protection both for the registrants, and the
registries and registrars who serve them).<BR><BR><STRONG>II. The Whois Working
Group, in its “Final Outcomes Report” of August 2007, Reached Broad Agreement
and Tremendous Compromises<BR></STRONG></DIV>
<DIV> I was not a member of the recent Whois Working Group (WG), but I
admire the bold way in which it moved the ICANN Whois debate forward.
Chaired by Intellectual Property Constituency co-founder Philip Sheppard, the
Whois WG found agreement and made progress where I never thought it
possible. They did so despite a tight timeframe and a large and diverse
membership. They have my admiration.<BR></DIV>
<DIV> The strides achieved by the Whois WG, Chairman Sheppard and each
member include: <BR></DIV>
<DIV>1.The Whois WG agreed that an individual person's right to privacy and
protection in his/her data in the Whois database must be protected (Final
Outcomes Report (“FOR”), p. 3)<BR></DIV>
<DIV>2.The Whois WG accepted the OPOC or “Official Point of Contact”
proposal. As businesses and organizations list representatives in the
Whois database, so too, should individuals be allowed to publish a
representative's physical address, email address and telephone number (while
mandating also that the registrant provide accurate and complete data to the
OPOC). (FOR, p. 3)<BR></DIV>
<DIV>3.The Whois WG defined and expanded the tasks and responsibilities of the
OPOC. They found broad agreement that: <BR></DIV>
<DIV>- the OPoC can be a Registrar, or third party appointed by the Registrant
(FOR, p. 13),<BR>- the OPOC must have an agreement with the Registrant and
“defined responsibilities” (FOR, p. 14)<BR>- the Registrant must have a
functional OPOC (FOR, p.
17)<BR>- that
ICANN should not set up any centralized form of accreditation of the OPOCs (FOR,
p. 15).<BR></DIV>
<DIV>In an issue long pushed by the Business Constituency, the Whois WG also
agreed that a registrant should be able to list two OPOCs, thus allowing large
organizations to list more than one organizational contact (FOR, p.
13).<BR></DIV>
<DIV> As EPIC notes in its comments, the NCUC and individuals gave up a lot
to reach the compromises of the Whois WG Final Outcomes Report. In
particular, they compromised on the closely-held right to anonymity, and
the rights of non-commercial organizations to privacy, including battered
women's shelters, religious organizations, political groups and other
non-commercial organizations.<BR><BR><STRONG>III. The Whois WG Even Offers Key
Agreement on the Thorniest of Issues – Access (to the Underlying
Data)<BR></STRONG></DIV>
<DIV> Even on the thorniest of issues, access of the underlying personal
data, the Whois WG made clear and unambiguous progress. The WG report gave ICANN
a clear roadmap for moving forward by adopting a standard for disclosure of the
underlying data. The standard is “reasonable evidence of actionable harm.”
</DIV>
<DIV>That's huge progress! <BR></DIV>
<DIV>From here, we can let the governments work with ICANN to define how law
enforcement should identify themselves and how private parties should seek
access to the underlying data. During my tenure on the Whois Task Forces, US
Government representatives expressed a strong interest in working with ICANN on
this issue. In his letter to the Board of last week, the EU's Article 29 Working
Party Chairman, Mr. Schaar, indicated a similar willingness. <BR></DIV>
<DIV>The path is clear. The main concept and structure of the OPOC have
been agreed on and worked out; the path for the negotiation of the Access
provision has been laid. The work ahead is defined and clear.
<BR><BR><STRONG>IV. Doesn't Good Faith Count Here? <BR></STRONG></DIV>
<DIV> For years, I have seen the concept of “good faith” and “bad faith”
invoked against domain name registrants. Shouldn't it provide a standard
for other areas of domain name policy as well? <BR></DIV>
<DIV> As I watch the international campaigns from large intellectual
property owners and business organizations flood the GNSO forum, I wonder if the
participants know of the high level of representation their interests have
received throughout the Whois process. During the years I worked on the
Whois Task Forces, the Intellectual Property Constituency, Business Constituency
and ISP Constituency were always well represented by active, articulate and
well-prepared representatives. Their members participated in every aspect of
research, negotiating, drafting and editing processes. They had the
budgets to attend every meeting. They worked on every issue and they drove
very hard compromises.<BR></DIV>
<DIV>Shouldn't we all be required to stand by a process in which we all
participated with such great activity and in such good faith?
<BR><BR><STRONG>V. Conclusion: If we turn back now, why message will it send to
future participants in ICANN? <BR></STRONG></DIV>
<DIV> ICANN operates on a grassroots principles. Policy is made in
the Supporting Organizations and brought to the Board. Over seven years, all the
constituencies, hundreds of people, and numerous government representatives
(from many agencies and levels) have participated in the Whois process.
For my part, I fought hard for the time to attend the teleconferences, money to
attend the meetings, and studies and research to inform the process. <BR></DIV>
<DIV>Of course having access to the personal data of millions of domain names
registrants makes life easier for those with concerns about website content and
other bad acts. But this data similar exposes individuals to physical harm
as well as online harassment and other illegal acts. Naturally, the
various sides would like to “have it all.” <BR></DIV>
<DIV>But the Whois WG gave us an OPOC plan with details, and a standard for
access to underlying data – clear agreements which provide a roadmap that will
allow registries and registrars to comply with law, protect the privacy of some
domain name registrants (although only some) and provide access to those who
need the underlying personal data and having “reasonable evidence of actionable
harm.”<BR></DIV>
<DIV>The Whois WG has my huge respect and admiration. This process was
difficult; their progress was huge. We should now be close to the end of
many, many long years of work. <BR><BR>To the GNSO Council and the Board,
I leave with the hope that you move forward on Whois. I support Motions 1
and 3. We either move forward together on OPOC, or drop the required Whois
publication provisions for lack of consensus and support. I trust you will
find the path that takes us forward, not back. <BR><BR>Sincerely,<BR>/s/ Kathryn
Kleiman<BR>Kathryn Kleiman, Esq.<BR>Past member of Whois Task Forces on behalf
of the NCUC<BR></DIV></FONT><BR><BR><BR><DIV><FONT style="color: black; font: normal 10pt ARIAL, SAN-SERIF;"><HR style="MARGIN-TOP: 10px">See what's new at <A title="http://www.aol.com?NCID=AOLCMP00300000001170" href="http://www.aol.com?NCID=AOLCMP00300000001170" target="_blank">AOL.com</A> and <A title="http://www.aol.com/mksplash.adp?NCID=AOLCMP00300000001169" href="http://www.aol.com/mksplash.adp?NCID=AOLCMP00300000001169" target="_blank">Make AOL Your Homepage</A>.</FONT></DIV></BODY></HTML>