Proposed comments on Whois TF 1 Report

[Adam Peake]

At 4:00 PM -0400 6/7/04, Milton Mueller wrote:
>Please comment: I would like to report unanimous support from NCUC
>when we file the comments.


Think it's fine.

Thanks Milton.

Adam Peake
GLOCOM Tokyo

(er. still not a member, haven't been billed!)



>=====
>
>NCUC Comments on TF 1 Report
>
>The NCUC supports Task Force 1's clear distinction between the
>treatment of sensitive and non-sensitive data. Access to sensitive
>data, such as registrant's name, address, telephone number, and
>email address, should be more limited than access to non-sensitive
>data, such as technical contact name and contact information.
>
>NCUC members support the report's conclusion that domain name
>registrants should be notified when their sensitive data is
>accessed. Domain name registrants have a right to know who requested
>the data and what purpose it was requested for. It is unfair and
>illogical to say that data users can hide and have privacy while
>data subjects cannot. Both parties have legitimate needs; both
>parties can be involved in abusive actions. There must be
>reciprocity among the two. The only exception would be rare cases of
>governmental law enforcement investigations when such notification
>would defeat the purpose of an ongoing investigation. We believe
>that those kinds of exceptions should be handled by national legal
>systems; e.g., through subpoenas and search warrants, and not by
>ICANN policy.
>
>We also wish to emphasize that all requests for sensitive data
>should be made on an individual basis. The report is not entirely
>clear about this; in fact, its discussion of an "individual use
>list" is confused. (See comments of NCUC Task Force member Milton
>Mueller). Although we agree that the process may need to be
>automated to minimize burdens on registrars, we strongly support the
>report's conclusion that the release of the data should come with
>restrictions on re-use and should be formatted in human-readable as
>opposed to machine-readable form.
>
>The NCUC believes that the discussion of "uses" of Whois data in
>Section III must also acknowledge the potential for "abuses" of the
>data. It is unacceptable that ICANN policy considers only the
>convenience and "needs" of those who consume other people's data,
>and not also consider the risks, threats and inconveniences that can
>come from abuse of anonymous and unrestricted access to personal
>contact information. Identity theft, stalking, and spamming are all
>documented problems that arise from unrestricted public display of
>Whois data. The final report must acknowledge this.
>
>The report asks for comment on the issue of competition vs. national
>law. We believe there is no conflict between compliance with
>national law and robust competition in the domain name market. We
>believe that permitting registrar practices to vary in accordance
>with the privacy policies of different national jurisdiction serves
>the public interest by fostering global consumer choice. In a
>globalized market, governments that do not protect the privacy of
>their citizens may in fact lose customers for registrars in their
>jurisdiction. We believe in letting domain name registrants vote
>with their pocketbooks for the level of privacy protection they
>prefer. This is not likely to be the strongest or even a major
>criterion in most consumer selections of domain name providers. At
>any rate, ICANN needs to get used to the fact that it is subordinate
>to sovereign laws.
>
>NCUC does not oppose taking into consideration the costs and
>technical feasibility of various changes. However, we are concerned
>that cost-benefit analysis could be used as a delaying tactic. We
>note that no cost-benefit study was done before implementing any
>other Whois-related policies. We ask why, when privacy protections
>are being considered, cost suddenly becomes an issue. We are not
>convinced that a formal study is required, in that the record of the
>current Whois Task Forces contains significant claims and evidence
>about costs associated with current practices. If real cost-benefit
>studies are done, we will demand that noncommercial users be
>represented and that experts in the assessment of non-monetary
>costs, such as Internet user privacy, risks of identify theft,
>spamming and stalking, be included in the study, or that the study's
>methodology permit reasonable monetization of the value to domain
>name registrants of protecting their personal contact data, as well
>as the value to registrars of protecting their customer information.