I also support submitting. (Well, I would, wouldn't I!)<div><br></div><div>Maria<br><br><div class="gmail_quote">On 15 March 2012 19:15, Robin Gross <span dir="ltr"><<a href="mailto:robin@ipjustice.org">robin@ipjustice.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">GreAt. Thank you very much. Let's submit.<br>
<div class="im HOEnZb"><br>
Robin<br>
<br>
On Mar 15, 2012, at 6:31 PM, Wendy Seltzer <<a href="mailto:wendy@SELTZER.COM">wendy@SELTZER.COM</a>> wrote:<br>
<br>
</div><div class="HOEnZb"><div class="h5">> Thanks very much to Maria and Joy for contributions to this, proposed<br>
> comments for the WHOIS RT. Comments are due March 18, but I'd like to<br>
> send them before leaving tomorrow, if possible.<br>
> <<a href="http://www.icann.org/en/news/announcements/announcement-05dec11-en.htm" target="_blank">http://www.icann.org/en/news/announcements/announcement-05dec11-en.htm</a>><br>
><br>
> We would like to commend the general readability of the report. WHOIS<br>
> has become a very complex issue, and presenting it so clearly and<br>
> accessibly facilitates participation in both this consultation process<br>
> and participation more generally. We particularly appreciate the hard<br>
> work of collecting the WHOIS policies from the various places where<br>
> they reside.<br>
><br>
> High-level recommendations:<br>
><br>
> The report should explicitly recommend that WHOIS policy recognize<br>
> that registrants, both individual and organizations, commercial and<br>
> non-commercial, have a legitimate interest in, *and in many jurisdictions<br>
> the legal right to, the privacy of their personal data*.<br>
><br>
> In the normative discussion, privacy should be given equivalent emphasis<br>
> to accuracy. *It would be instructive in this regard to reference the<br>
> OECD privacy guidelines, agreed to by all OECD member countries with input<br>
> from business and civil society. Data accuracy (or 'quality') is considered<br>
> by OECD members to be of equal importance to purpose specification, use<br>
> limitation and security safeguards, none of which factors are supported by<br>
> Whois as it currently operates. (OECD Guideline reference:<br>
> <a href="http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html" target="_blank">http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html</a><br>
> ) *<br>
><br>
> It is as important that registrants have privacy as that<br>
> their data be accurately recorded. At the moment, the report appears,<br>
> from its emphasis on access and accuracy, to discount those privacy<br>
> concerns *that are accepted by all OECD member states and participating<br>
> business and civil society actors as having equal importance.*<br>
><br>
><br>
> Section F. Findings<br>
><br>
> The brief ‘tour de table’ provides useful background reading, but<br>
> *should* include<br>
> reference to the fact that ICANN’s Whois policies are<br>
> incompatible with the OECD privacy guidelines and also applicable national<br>
> laws in many countries, including<br>
> member states of the European Union.*The European Union's Article 29<br>
> Working Party of national data protection officers provided specific input<br>
> to ICANN's 2003 Montreal meeting regarding the many ways gTLD Whois<br>
> breaches EU law. These included the lack of definition of a purpose of<br>
> Whois, lack of use limitation, misuse of Whois data by third parties and<br>
> the disproportionality of the publication of personal data. The Article 29<br>
> Working Party concluded that "there is no legal ground justifying the<br>
> mandatory publication of personal data referring to this person. (the<br>
> registrant)". *<br>
><br>
> *(Article 29 WP reference: Opinion 2/2003 on the application of the data<br>
> protection principles*<br>
><br>
> *to the Whois directories *<br>
> <a href="http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf" target="_blank">http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf</a>)<br>
><br>
> *It is very concerning that the findings of the Whois Review Team do not<br>
> consider the glaring fact of the illegality of gTLD Whois requirements in<br>
> many jurisdictions, and the incompatibility of Whois as it currently stands<br>
> with the only internationally accepted guidelines on data privacy. *<br>
><br>
><br>
> Section G. Recommendations<br>
><br>
> 1. Single Whois Policy - "The Board should oversee the creation of a<br>
> single Whois policy document."<br>
><br>
> We welcome the call for a single Whois policy that sets out the<br>
> requirements, globally and facilitates registrants who wish to consult<br>
> those requirements. Whois ‘policy’ is currently inferred from registry<br>
> and registrar contracts.* A single Whois policy should be compatible with<br>
> the internationally accepted OECD privacy guidelines, in respect of a<br>
> statement of purpose for the use of data, use limitation, data accuracy and<br>
> appropriate security safeguards for personal data.* However, gTLD policy<br>
> development is the<br>
> responsibility of the GNSO, not the Board (until the final stages),<br>
> and needs to be developed through the bottom up process, with the<br>
> cooperation of the multiple stakeholders affected.<br>
><br>
> 3 - "Make Whois a Strategic Priority"<br>
><br>
> Change "Strategic Priority" to "Strategic Consideration." As the<br>
> review team was focused only on WHOIS, it was in no position to<br>
> analyze the tradeoffs involved in setting global priorities. Many<br>
> items on ICANN's policy agenda *may be considered* more worthy of the<br>
> community's<br>
> limited time and attention. *The appropriate process for the community to<br>
> prioritize issues such as Whois is via the Strategic Plan.* No evidence<br>
> is offered in this report to support prioritizing<br>
> WHOIS o*ver other issues of importance to the community as a whole.*<br>
><br>
> 5 - Data Accuracy - As many law enforcement comments in the report<br>
> suggest, contactability is more important than "accuracy." Separation<br>
> of the contact details from the public display could enhance the<br>
> accuracy of the contact details available to appropriately qualified<br>
> requesters.<br>
><br>
> 10-16. "Data Access: Privacy and Proxy Services."<br>
><br>
> The recommendations should explicitly acknowledge the importance of<br>
> privacy and proxy services in providing options to legitimate Internet<br>
> users to preserve their privacy. National laws in the United States,<br>
> for example, recognize privacy interests not only for individuals, but<br>
> for associations. The report further documents the legitimate<br>
> interests of even commercial Internet users in private domain name<br>
> registrations.<br>
> * In relation to the references to national legislation: it is<br>
> important to note that this reference may be problematic if national<br>
> legislation violates international human rights standards, for example,<br>
> relating to freedom of expression (see the citation of this report below).<br>
> * Freedom of association: proxy registration services can support the<br>
> rights of human rights defenders to carry out lawful activity without<br>
> persecution. Threats to registrants include surveillance of registrants<br>
> through use of information which is accessed via WHOIS data - continuing to<br>
> expand the nature of information held in WHOIS will only heighten the<br>
> safety<br>
> concerns of human rights defenders. In addition, just in time attacks on<br>
> websites of civil society organisations have been used to disrupt lawful<br>
> activity and democratic participation in a number of countries: see<br>
> Deibert,<br>
> R., Palfrey, J., Rohozinski, R. & Zittrain, J. (Eds.) (2011). Access<br>
> Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. MIT<br>
> Press.<br>
> * Governments whose legislation is in violation of these rights<br>
> should<br>
> not be able to rely on such laws when requesting WHOIS data access and<br>
> proxy<br>
> information. It would be unreasonable to require Registrars to carry out an<br>
> additional analysis. Other options include:<br>
> (1) Provide that LEA WHOIS data requests may be refused where there are<br>
> reasonable grounds to believe that such requests may violate *registrants'<br>
> *<br>
> rights of freedom of expression or freedom of association<br>
> (2) Require LEA to verify that national laws comply with human rights<br>
> standards<br>
> (3) Require LEA to verify that WHOIS requests do not violate<br>
> international human rights standards<br>
><br>
>><br>
> 17 - Data access - "ICANN should set up a dedicated, multilingual<br>
> interface website to provide thick Whois data for" COM and NET, who<br>
> have thin whois. This is subject to existing policy and policy-making<br>
> by the GNSO. It is inappropriate for the Review Team to intervene at<br>
> this level of detail into the GNSO policy process, *and in a way that<br>
> privileges certain substantive outcomes over others.*<br>
><br>
><br>
> Section E. Work of this RT<br>
><br>
> A factual point. There is only one Chatham House rule, so the statement<br>
> referring to it should use the singular.<br>
><br>
> Freedom of Expression References:<br>
><br>
> As noted by the UN Special Rapporteur on Freedom of Opinion and Expression<br>
> in his annual report of 2011:<br>
><br>
> 23. The vast potential and benefits of the Internet are<br>
> rooted in its unique characteristics, such as its speed, worldwide reach<br>
> and<br>
> relative anonymity. At the same time, these distinctive features of the<br>
> Internet that enable individuals to disseminate information in "real time"<br>
> and to mobilize people has also created fear amongst Governments and the<br>
> powerful. This has led to increased restrictions on the Internet through<br>
> the<br>
> use of increasingly sophisticated technologies to block content, monitor<br>
> and<br>
> identify activists and critics, criminalization of legitimate expression,<br>
> and adoption of restrictive legislation to justify such measures. In this<br>
> regard, the Special Rapporteur also emphasizes that the existing<br>
> international human rights standards, in particular article 19, paragraph 3<br>
> of the ICCPR, remain pertinent in determining the types of restrictions<br>
> that<br>
> are in breach of States' obligations to guarantee the right to freedom of<br>
> expression.<br>
> 24. As set out in article 19, paragraph 3 of the ICCPR,<br>
> there are certain, exceptional types of expression which may be<br>
> legitimately<br>
> restricted under international human rights law, essentially to safeguard<br>
> the rights of others. This issue has been examined in the previous annual<br>
> report of the Special Rapporteur. However, the Special Rapporteur deems it<br>
> appropriate to reiterate that any limitation to the right to freedom of<br>
> expression must pass the following three-part, cumulative test:<br>
> (1) it must be provided by law, which is clear and accessible to<br>
> everyone (principles of predictability and transparency); and<br>
> (2) it must pursue one of the purposes set out in article 19, paragraph<br>
> 3 of the ICCPR, namely (i) to protect the rights or reputations of others,<br>
> or (ii) to protect national security or of public order, or of public<br>
> health<br>
> or morals (principle of legitimacy); and<br>
> (3) it must be proven as necessary and the least restrictive means<br>
> required to achieve the purported aim (principles of necessity and<br>
> proportionality).<br>
> Moreover, any legislation restricting the right to<br>
> freedom of expression must be applied by a body which is independent of any<br>
> political, commercial, or other unwarranted influences in a manner that is<br>
> neither arbitrary nor discriminatory, and with adequate safeguards against<br>
> abuse, including the possibility of challenge and remedy against its<br>
> abusive<br>
> application.<br>
> And further:<br>
><br>
> 26 However, in many instances, States restrict, control, manipulate and<br>
> censor content disseminated via the Internet without any legal basis, or on<br>
> the basis of broad and ambiguous laws; without justifying the purpose of<br>
> such actions; and/or in a manner that is clearly unnecessary and/or<br>
> disproportionate to achieve the intended aim, as explored in the following<br>
> sections. Such actions are clearly incompatible with States' obligations<br>
> under international human rights law, and often create a broader chilling<br>
> effect on the right to freedom of opinion and expression.<br>
> (full reference: Frank La Rue "Report of the Special Rapporteur on the<br>
> promotion and protection of the right to freedom of opinion and expression"<br>
> (26 April 2011, A/HRC/17/27) also available at: <a href="http://scr.bi/z6lZ8N" target="_blank">http://scr.bi/z6lZ8N</a> )<br>
><br>
><br>
><br>
><br>
><br>
> --<br>
> Wendy Seltzer -- <a href="mailto:wendy@seltzer.org">wendy@seltzer.org</a> +1 914-374-0613<br>
> Fellow, Yale Law School Information Society Project<br>
> Fellow, Berkman Center for Internet & Society at Harvard University<br>
> <a href="http://cyber.law.harvard.edu/seltzer.html" target="_blank">http://cyber.law.harvard.edu/seltzer.html</a><br>
> <a href="https://www.chillingeffects.org/" target="_blank">https://www.chillingeffects.org/</a><br>
> <a href="https://www.torproject.org/" target="_blank">https://www.torproject.org/</a><br>
> <a href="http://www.freedom-to-tinker.com/" target="_blank">http://www.freedom-to-tinker.com/</a><br>
><br>
</div></div></blockquote></div><br></div>