draft whois purpose statement
Milton Mueller
mueller at SYR.EDU
Sun Jul 17 17:04:36 CEST 2005
Here is a very important statement regarding the purpose of whois. The
constituency position must be turned in by July 21. Sorry for the late
notice. This version was originally draft by myself and Kathy Kleiman
and vetted by other NCUC members at the Luxembourg meeting. Due to
travel and catch-up I haven't had time to make the edits and send it to
you now. If there are no objections, can I ask Kathy to submit it on
July 21, as I will be on vacation and probably without Internt access?
==========
Statement of the NCUC on WHOIS Purpose
July 21, 2005
Task 1 asks us to "Define the purpose of the WHOIS service in the
context of ICANN's mission and relevant core values, international and
national laws protecting privacy of natural persons, international and
national laws that relate specifically to the WHOIS service, and the
changing nature of Registered Name Holders."
A. The importance of defining "purpose"
Regarding international and national privacy laws, NCUC notes that it
is well-established in data protection law that the purpose of data and
data collection processes must be well-defined before policies regarding
data collection, use and access can be established. The need for an
explicit, well-defined purpose is meant to protect data subjects from
abuse by either the data collectors or third parties using the data. A
definition of purpose is intended to impose strict constraints on the
collection and use of contact data. A specified purpose determines what
data elements should be collected, and therefore actively prevents
collection of any data that is not clearly necessary for that purpose.
Furthermore, a defined purpose helps to ensure that data is used only
for the specified purposes, preventing uses that are different from or
incompatible with the purpose giving rise to their collection. Finally,
sound data protection principles hold that data subjects must be
informed of the purpose for which the Data is intended and whether and
under what conditions the Data is likely to be passed to a third party.
B. WHOIS and ICANN's mission and core values
Regarding ICANN's mission and relevant core values, we note that
ICANN's mission is primarily technical: "to coordinate, at the
overall level, the global Internet's systems of unique identifiers, and
in particular to ensure the stable and secure operation of the
Internet's unique identifier systems." In enumerating ICANN's core
values, we find that the first three are most relevant to a discussion
of WHOIS and its purpose:
1. Preserving and enhancing the operational stability, reliability,
security, and global interoperability of the Internet.
2. Respecting the creativity, innovation, and flow of information made
possible by the Internet by limiting ICANN's activities to those matters
within ICANN's mission requiring or significantly benefiting from global
coordination.
3. To the extent feasible and appropriate, delegating coordination
functions to or recognizing the policy role of other responsible
entities that reflect the interests of affected parties
The original purpose of the WHOIS protocol, when the Internet was an
experimental network, was the identification of and provision of contact
information for domain administrators for purposes of solving technical
problems. Speaking at the "Freedom 2.0" conference held by the
Electronic Privacy Information Center in May 2004, Vinton G. Cerf, the
Chairman of ICANN's Board, confirmed directly that the original
purpose of WHOIS was indeed purely technical. This original purpose is
consistent with the plain language of ICANN's current mission and is
further supported by core value #1, which addresses exclusively
technical values such as stability, reliability, security and
interoperability.
We note also that Core Values #2 and #3 mandate that ICANN limit its
activities to a minimal set of areas requiring global technical
coordination. Thus, even though WHOIS data may be useful for a broad
variety of purposes, uses and users, ICANN's core values require that
it not embrace those purposes and activities just because it can, or
because interested parties find it convenient. ICANN must limit its
activities to matters within its mission and recognize and defer to the
policy role of other responsible entities.
C. Proposed definition of purpose
NCUC proposes the following definition of purpose for the WHOIS
service:
The purpose of the WHOIS is to provide to third parties an accurate and
authoritative link between a domain name and a responsive party who can
either act to resolve, or reliably pass information to those who can
resolve technical and administrative problems associated with or caused
by the domain.
By "technical problems" we mean problems affecting the operational
stability, reliability, security, and global interoperability of the
Internet. By "administrative problems" we mean issues regarding
domain transfers and problems regarding who is responsible for a domain.
D. Excluded or invalid purposes
It is important to also identify purposes that are inconsistent with
ICANN's stated mission and core values.
First, WHOIS is not designed to be a global data mining operation with
completely unlimited access to all registrant data by any Internet user
for any purpose, including marketing.
Second, the purpose of WHOIS is not to support law enforcement or other
self-policing interests. National law enforcement is unrelated to the
basic goals of the WHOIS service and of ICANN's global coordinating
mission. We have no objection to the use of WHOIS by law enforcement but
a WHOIS service is one of many tools law enforcement may use to gain
access to more detailed personal data consistent with existing due
process mechanisms. Such an ancillary use should not expose the data to
uses and abuses incompatible with the primary purpose of WHOIS as stated
above.
Third, the purpose of WHOIS is not to expand the surveillance powers
given to law enforcement under law, or to bypass the protections and
limitations imposed by sovereign governments to prevent the abuse and
misuse of personal data, even by law enforcement. Law enforcement
agencies can obtain wiretap authorizations, subpoena specific subscriber
records through Internet service providers, or learn about a domain name
registrant's identity information through subpoenas of registrar
records.
Finally, the purpose of WHOIS data is not to facilitate legal or other
kinds of retribution by those interested in pursuing companies and
individuals who criticize and compete against them.
More information about the Ncuc-discuss
mailing list