<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV>Dear NCUCers,</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Here is the letter on WHOIS that went to the ICANN board.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Thank you all for your help with this, and especially Kathy K.</DIV><DIV>who has been fighting the good fight on WHOIS for many</DIV><DIV>years. We also gathered the support of several of the prominent </DIV><DIV>members of the EPIC Advisory Board. That may help.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Good luck to those in LA!</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Best</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Marc and Allison.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>--------------</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>October 30, 2007</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Mr. Vinton Cerf, Chairman</DIV><DIV>Mr. Paul Twomey, President & CEO</DIV><DIV>Internet Corporation for Assigned Names and Numbers</DIV><DIV>4676 Admiralty Way, Suite 330</DIV><DIV>Marina del Rey, CA 90292-6601</DIV><DIV>USA</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Dear Mr. Cerf, Mr Twomey, and Members of the ICANN Board,</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The purpose of this letter is to express our support for changes to WHOIS services </DIV><DIV>that would protect the privacy of individuals, specifically the removal of registrants' </DIV><DIV>contact information from the publicly accessible WHOIS database.[1] It is also to propose </DIV><DIV>a sensible resolution to the long-running discussion over WHOIS that would establish a bit </DIV><DIV>of "policy stability" and allow the various constituencies to move on to other work</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>EPIC has had long-standing involvement in the WHOIS issue. As a member of </DIV><DIV>the WHOIS Privacy Steering Committee, EPIC assisted in the development of the </DIV><DIV>WHOIS work program, and has been a member of the Non-Commercial Users </DIV><DIV>Constituency for several years. EPIC has submitted extensive comments to ICANN on </DIV><DIV>WHOIS, and has testified before the US Congress in support of new privacy safeguards </DIV><DIV>for WHOIS as well as filing a brief in the US courts on the privacy implications of the </DIV><DIV>WHOIS registry.[2] The Public Voice coalition also organized an important letter in 2003 </DIV><DIV>to ICANN regarding WHOIS policy that was signed by 57 organizations from more than </DIV><DIV>20 countries which recommended simply that ICANN consider the views of consumer </DIV><DIV>organizations and civil liberties groups.[3]</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Both the WHOIS Task Force and the WHOIS Working Group agree that new </DIV><DIV>mechanisms must be adopted to address an individual's right to privacy and the protection </DIV><DIV>of his/her data.[4] Current ICANN WHOIS policy conflicts with national privacy laws, </DIV><DIV>including the EU Data Protection Directive, which requires the establishment of a legal </DIV><DIV>framework to ensure that when personal information is collected, it is used only for its </DIV><DIV>intended purpose. As personal information in the directory is used for other purposes and </DIV><DIV>ICANN's policy keeps the information public and anonymously accessible, the database </DIV><DIV>could be found illegal according to many national privacy and data protection laws </DIV><DIV>including the European Data Protection Directive, European data protection laws and </DIV><DIV>legislation in Canada and Australia.[5] </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The Article 29 Working Party, an independent European advisory body on data </DIV><DIV>protection and privacy, states that "in its current form the [WHOIS] database does not </DIV><DIV>take account of the data protection and privacy rights of those identifiable persons who </DIV><DIV>are named as the contacts for domain names and organizations."[6] The conflict with </DIV><DIV>national privacy law is real and cannot be dismissed. A sensible resolution of the WHOIS </DIV><DIV>matter must take this into account.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>In addition, country code Top Level Domains are moving to provide more privacy </DIV><DIV>protection in accordance with national law. For example, regarding Australia's TLD, .au, </DIV><DIV>the WHOIS policy of the .au Domain Administration Ltd (AUDA) states in section 4.2, </DIV><DIV>"In order to comply with Australian privacy legislation, registrant telephone and </DIV><DIV>facsimile numbers will not be disclosed. In the case of id.au domain names (for </DIV><DIV>individual registrants, rather than corporate registrants), the registrant contact name and </DIV><DIV>address details also will not be disclosed."[7] </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The Final Outcomes Report recently published by the WHOIS Working Group </DIV><DIV>contains several key compromises and useful statements and represents significant </DIV><DIV>progress on substantive WHOIS issues. The WHOIS Working Group found agreement in </DIV><DIV>critical areas that advance the WHOIS discussion within ICANN and provide clear </DIV><DIV>guidance to the ICANN Board.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>In its report, the WHOIS Working Group accepted the Operational Point of </DIV><DIV>Contact (OPoC) proposal as a starting point, and the best option to date. The OPoC </DIV><DIV>proposal would replace publicly available registrant contact information with an </DIV><DIV>intermediate contact responsible for relaying messages to the registrant. The Working </DIV><DIV>Group agreed that there may be up to two OPoCs, and that an OPoC can be the </DIV><DIV>Registrant, the Registrar, or any third party appointed by the Registrant. The Registrant is </DIV><DIV>responsible for having a functional OPOC. The Working Party also agreed that the OPOC </DIV><DIV>should have a consensual relationship to the Registrant with defined responsibilities. This </DIV><DIV>would necessitate the creation of a new process, and changes to the Registrar </DIV><DIV>Accreditation Agreement and Registrar-Registrant agreements to reflect this relationship.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The Board should support the agreed standard for disclosure of unpublished </DIV><DIV>Whois personal data – reasonable evidence of actionable harm. But the Board should </DIV><DIV>leave this term undefined, as it is now in the RAA for proxy services. This standard will </DIV><DIV>allow the OPoC contact, registrars and registries to work within the framework of their </DIV><DIV>national and local laws to provide access to this personal data. </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>OPoCs must be allowed to employ strategies and standards similar to those of the </DIV><DIV>registrars and registries to ensure that the person receiving the protected personal WHOIS </DIV><DIV>data is in fact a law enforcement official. </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The OPoC proposal does not impede reasonable law or intellectual property </DIV><DIV>enforcement efforts. In fact, effective implementation of the OPoC proposal would </DIV><DIV>benefit all stakeholders by improving the accuracy of the information in the database. </DIV><DIV>Because personal data will be kept private, individuals will provide more accurate data. </DIV><DIV>As a result, the Whois database will be more useful and more reliable.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The OPoC proposal is not the ideal privacy solution. EPIC, as well as groups such </DIV><DIV>as the Non-Commercial Users Constituency, recommended a distinction between </DIV><DIV>commercial and non-commercial domains in order to protect the privacy of registrants of </DIV><DIV>domain names used for religious purposes, political speech, organizational speech, and </DIV><DIV>other forms of non-commercial speech. EPIC has previously stated that the WHOIS </DIV><DIV>database should not publicize any registrant information, including name and jurisdiction.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The WHOIS Working Group has proposed a workable framework. It is not a </DIV><DIV>perfect framework. But it will help ensure that the WHOIS policy conforms with law and </DIV><DIV>allow ICANN to move forward. If it is not possible to adopt this solution, then the only </DIV><DIV>sensible approach would be to allow the current WHOIS terms to simply sunset. </DIV><DIV>Resolution 3 would be the only real option. </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The signatories to this letter are willing to assist in finishing off the </DIV><DIV>implementation details of the OPoC proposal. </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Sincerely,</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Marc Rotenberg</DIV><DIV>EPIC Executive Director</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Allison Knight</DIV><DIV>Coordinator</DIV><DIV>Public Voice Project</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Valerie Gordon, </DIV><DIV>Jamaica Sustainable Development </DIV><DIV>Network</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Robin Gross</DIV><DIV>IP Justice</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Robert Guerra, CPSR</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Kim Heitman,</DIV><DIV>Board Member EFA</DIV><DIV>Deputy Chair AUDA</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Norbert Klein</DIV><DIV>ICANN GNSO Council member</DIV><DIV>ICANN NCUC</DIV><DIV>Open Institute of Cambodia</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Kathy Kleiman</DIV><DIV>Co-Founder, NCUC</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Dan Krimm</DIV><DIV>TJ McIntyre (Chairman)</DIV><DIV>Digital Rights Ireland</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Ville Oksanen</DIV><DIV>Vice Chairman, EFFI</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Ross Rader, </DIV><DIV>Domain Direct</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Members of the EPIC Advisory Board</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Steven Aftergood, Project Director</DIV><DIV>Federation of American Scientists</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Anita L. Allen</DIV><DIV>Professor of Law and Philosphy</DIV><DIV>University of Pennsylvania</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>David Banisar, Director </DIV><DIV>Freedom of Information Project, Privacy </DIV><DIV>International;</DIV><DIV>Visiting Research Fellow,</DIV><DIV>School of Law, University of Leeds</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Christine L. Borgman</DIV><DIV>Professor & Presidential Chair</DIV><DIV>Dept of Information Studies, UCLA</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>James Boyle</DIV><DIV>Professor of Law</DIV><DIV>Duke Law School</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>David Chaum</DIV><DIV>Founder</DIV><DIV>Punchscan</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Julie E. Cohen</DIV><DIV>Professor Law</DIV><DIV>Georgetown University Law Center</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Simon Davies</DIV><DIV>Director General</DIV><DIV>Privacy International</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>David Farber</DIV><DIV>Distinguished Career Professor of </DIV><DIV>Computer Science and Public Policy,</DIV><DIV>Carnegie Mellon University</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>David H. Flaherty</DIV><DIV>Professor Emeritus</DIV><DIV>University of Western Ontario.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Austin Hill</DIV><DIV>Brudder Ventures</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Jerry Kang</DIV><DIV>Professor of Law</DIV><DIV>UCLA Law School</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Chris Larsen</DIV><DIV>CEO</DIV><DIV>Prosper Marketplace, Inc.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Mary Minow</DIV><DIV>Founder</DIV><DIV>LibraryLaw.com</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Pablo Molina</DIV><DIV>Chief Information Officer</DIV><DIV>Georgetown University Law Center</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Deborah C. Peel, MD,</DIV><DIV>Founder and Chair</DIV><DIV>Patient Privacy Rights</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Anita Ramasastry</DIV><DIV>Associate Professor of Law</DIV><DIV>Director, Shidler Center for Law</DIV><DIV>Commerce & Technology</DIV><DIV>University of Washington School of </DIV><DIV>Law</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Ronald L. Rivest</DIV><DIV>Professor of Electrical Engineering and </DIV><DIV>Computer Science</DIV><DIV>Massachusetts Institute of Technology</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Pamela Samuelson</DIV><DIV>Distinguished Professor of Law; </DIV><DIV>Professor of Information Management; </DIV><DIV>Chancellor's Professor</DIV><DIV>School of Law – Boalt Hall</DIV><DIV>University of California at Berkeley</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Bruce Schneier</DIV><DIV>CTO</DIV><DIV>BT Counterpaine</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Edward G. Viltz</DIV><DIV>President and Founder</DIV><DIV>Internet Collaboration Coalition</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>NOTES</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>[1] EPIC's comments on the ICANN WHOIS Task Force's "Preliminary Task Force Report on WHOIS </DIV><DIV>Services," January 12, 2007, available at <<A href="http://www.epic.org/privacy/whois/comments.html">http://www.epic.org/privacy/whois/comments.html</A>>.</DIV><DIV>[2] See, e.g., EPIC, "Privacy Issues Report: The Creation of A New Task Force is Necessary For an </DIV><DIV>Adequate Resolution of the Privacy Issues Associated With WHOIS," .before the GNSO Council (Mar. 10, </DIV><DIV>2003), See EPIC Testimony Before House Subcommittee, Financial Institutions and Consumer Credit, </DIV><DIV>Committee on Financial Services "ICANN and the WHOIS Database: Providing Access to Protect </DIV><DIV>Consumers from Phishing," (July 18, 2006), available </DIV><DIV>athttp://financialservices.house.gov/media/pdf/071806mr.pdf; Brief Amicus Curiae of EPIC, Peterson v. </DIV><DIV>Nat. Telecomm. & Info. Admin., No. 06-1216 (4th Cir. Apr. 24, 2006), available at. </DIV><DIV><A href="http://www.epic.org/privacy/peterson/epic_peterson_amicus.pdf">http://www.epic.org/privacy/peterson/epic_peterson_amicus.pdf</A>; See generally EPIC WHOIS page, </DIV><DIV><A href="http://www.epic.org/privacy/whois/">http://www.epic.org/privacy/whois/</A>.</DIV><DIV>[3] The Public Voice, "WHOIS Letter to ICANN," (Oct. 28, 2003), </DIV><DIV><A href="http://thepublicvoice.org/news/whoisletter.html">http://thepublicvoice.org/news/whoisletter.html</A>.</DIV><DIV>[4] Final Report of the WHOIS Task Force, March 12, 2007, available at <<A href="http://gnso.icann.org/issues/whois-">http://gnso.icann.org/issues/whois-</A></DIV><DIV>privacy/whois-services-final-tf-report-12mar07.htm>; and Final Report of the WHOIS Working Group, </DIV><DIV>August 20, 2007, available at <<A href="http://gnso.icann.org/drafts/icann-whois-wg-report-final-1-9.pdf">http://gnso.icann.org/drafts/icann-whois-wg-report-final-1-9.pdf</A>>.</DIV><DIV>[5] EPIC and Privacy International, PRIVACY AND HUMAN RIGHTS: AN INTERNATIONAL SURVEY OF PRIVACY </DIV><DIV>LAWS AND DEVELOPMENTS 154-57 ("WHOIS"), available at <<A href="http://www.epic.org/phr06">http://www.epic.org/phr06</A>>.</DIV><DIV>[6] Letter from Article 29 Working Party to ICANN Chair Vinton Cerf, March 12, 2007, available at </DIV><DIV><<A href="http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf">http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf</A>>.</DIV><DIV>[7] For additional country code Top Level Domain policy examples, see EPIC Testimony Before House </DIV><DIV>Subcommittee, Financial Institutions and Consumer Credit, Committee on Financial Services "ICANN and </DIV><DIV>the WHOIS Database: Providing Access to Protect Consumers from Phishing," available at </DIV><DIV><<A href="http://financialservices.house.gov/media/pdf/071806mr.pdf">http://financialservices.house.gov/media/pdf/071806mr.pdf</A>>.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"><DIV><DIV><BR><DIV>Begin forwarded message:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><B>From: </B></FONT><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica">Marc Rotenberg <<A href="mailto:rotenberg@epic.org">rotenberg@epic.org</A>></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><B>Date: </B></FONT><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica">October 30, 2007 7:28:16 PM EDT</FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><B>To: </B></FONT><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica"><A href="mailto:whois-comments-2007@icann.org">whois-comments-2007@icann.org</A></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><B>Cc: </B></FONT><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica">Marc Rotenberg <<A href="mailto:rotenberg@epic.org">rotenberg@epic.org</A>>, Allison Knight <<A href="mailto:knight@epic.org">knight@epic.org</A>></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT face="Helvetica" size="3" color="#000000" style="font: 12.0px Helvetica; color: #000000"><B>Subject: </B></FONT><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica"><B>Comments on WHOIS - NGOs and EPIC Advisory Board<SPAN class="Apple-converted-space"> </SPAN></B></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV> </BLOCKQUOTE></DIV></DIV></DIV></BODY></HTML>