Call for constituency statements: WHOIS Consensus Policy & Procedure for conflicts

Milton Mueller mueller at SYR.EDU
Thu Jun 23 10:00:48 CEST 2005


We will need to develop comments on the following recommendation for Whois. Kathy Kleiman was instrumental in developing this so she may want to make suggestions as to our comments. 

>>> "GNSO.SECRETARIAT at GNSO.ICANN.ORG" 
Just a reminder that the GNSO Constituencies should prepare their
constituency statements on:

1. WHOIS COMBINED TASK FORCE Consensus Policy/Advice Recommendation 2 on conflicts between national privacy laws and registries' or registrars' contractual obligations to ICANN. (see the text below)

Constituency statements are required by 21 JULY 2005.
http://www.gnso.icann.org/calendar/#july 
Task force members should forward this request to their constituencies, and may wish to encourage development of these statements during the meetings in Luxembourg.

Please take note of the ICANN bylaws detailing the GNSO policy
development process which outline the essential elements of a
constituency statement. These requirements are included at the bottom of
this email.

Kind regards,
Glen

WHOIS COMBINED TASK FORCE
Policy/Advice Recommendation 2 on conflicts between national privacy laws
and registries' or registrars' contractual obligations to ICANN.

Preamble:

Task Force 2 spent over a year collecting data and working on the conflict
between a registrar/registry's legal obligations under privacy laws and
their contractual obligations to ICANN.  Its report included the statement:
"The Task Force believes that there is an ongoing risk of conflict between a
registrar's or registry's legal obligations under local privacy laws and
their contractual obligations to ICANN.  TF2 Report, Section 2.3,
http://www.gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html.

By vote of the Task Force, now merged, on May 24, 2005, the work of Task
Force 2 is hereby divided into a recommendation for "consensus policy"
accompanied by "well-developed advice for a procedure."

I.  Task Force Policy for WHOIS Conflicts with Privacy Law

CONSENSUS POLICY RECOMMENDATION

In order to facilitate reconciliation of any conflicts between
local/national mandatory privacy laws or regulations and applicable
provisions of the ICANN contract regarding the collection, display and
distribution of personal data via Whois, ICANN should:

1.  Develop and publicly document a procedure for dealing with the situation
in which a registrar or registry can credibly demonstrate that it is legally
prevented by local/national privacy laws or regulations from fully complying
with applicable provisions of its ICANN contract regarding the collection,
display and distribution of personal data via WHOIS.

2.  Create goals for the procedure which include:

        a.  Ensuring that ICANN staff is informed of a conflict at the
earliest appropriate juncture;

        b.  Resolving the conflict, if possible, in a manner conducive to
ICANN's Mission, applicable Core Values and the stability and uniformity of
the Whois system;

        c.  Providing a mechanism for the recognition, if appropriate, in
circumstances where the conflict cannot be otherwise resolved, of an
exception to contractual obligations with regard to collection, display and
distribution of personally identifiable data via Whois; and

        d.  Preserving sufficient flexibility for ICANN staff to respond to
particular factual situations as they arise.

II.  Text of Recommended Procedure

WELL-DEVELOPED ADVICE ON A PROCEDURE FOR HANDLING WHOIS CONFLICTS
   WITH PRIVACY LAW

Based on extensive research and negotiation among Task Force 2 together with
the merged Task Force and ICANN staff, the following procedure for handling
the policy recommendation set out in Section I above is set out as a
Recommended Step-by-Step Procedure for Resolution of WHOIS Conflicts with
Privacy Law.  We encourage ICANN staff to use this Recommended Procedure as
a starting point for developing the procedure called for in the Consensus
Policy Recommendation above.

Step One: Notification of Initiation of Action

Once receiving notification of an investigation, litigation, regulatory
proceeding or other government or civil action that might affect its
compliance with the provisions of the RAA or other contractual agreement
with ICANN dealing with the collection, display or distribution of
personally identifiable data via Whois ("Whois Proceeding"), a Registrar/
Registry must within thirty (30) days provide ICANN's General Counsel (or
other staff member as designated by ICANN)  with the following information:

*       Summary description of the nature and status of the action (e.g.,
inquiry, investigation, litigation, threat of sanctions, etc.)
*       Contact information for the responsible official of the
registrar/registry for resolving the problem.
*       Contact information for the responsible territorial government
agency
or other claimant and a statement from the registrar/registry authorizing
ICANN to communicate with those officials or claimants on the matter. If the
registrar/registry is prevented by applicable law from granting such
authorization, the notification should document this.
*       The text of the applicable law or regulations upon which the local
government or other claimant is basing its action or investigation, if such
information has been indicated by the government or other claimant.

Meeting the notification requirement permits Registrars/Registries to
participate in investigations and respond to court orders, regulations, or
enforcement authorities in a manner and course deemed best by their counsel.

Depending on the specific circumstances of the Whois Proceeding, the
Registrar/Registry may request that ICANN keep all correspondence between
the parties confidential pending the outcome of the Whois Proceeding.  It is
recommended that ICANN respond favorably to such requests to the extent that
they can be accommodated with other legal responsibilities and basic
principles of transparency applicable to ICANN operations.

Step Two: Consultation

Unless impractical under the circumstances, we recommend that the ICANN
General Counsel, upon receipt and review of the notification and, where
appropriate, dialogue with the registrar/registry, consider beginning a
process of consultation with the local/national enforcement authorities or
other claimant together with the registrar/registry.  The goal of the
consultation process should be to seek to resolve the problem in a manner
that preserves the ability of the registrar/registry to comply with its
contractual obligations to the greatest extent possible.

If the Whois proceeding  ends without requiring any changes and/or the
required changes in registrar/registry practice do not, in the opinion of
the General Counsel, constitute a deviation from the R.A.A. or other
contractual obligation , then the General Counsel and the registrar/registry
need to take no further action.

If the registrar/registry is required by local law enforcement authorities
or a court to make changes in its practices affecting compliance with
Whois-related  contractual obligations before any consultation process can
occur, the registrar/registry shall promptly notify the General Counsel of
the changes made and the law/regulation
upon which the action was based.   The Registrar/Registry may request
that ICANN keep all correspondence between the parties confidential
pending the outcome of the Whois Proceeding.   It is recommended that
ICANN respond favorably to such requests to the extent that they can be
accommodated with other legal responsibilities and basic principles of
transparency applicable to ICANN operations.

Step Three:  General Counsel analysis and recommendation

If the local/national government requires changes (whether before, during or
after the consultation process described above)  that, in the opinion of the
General Counsel, prevent full compliance with contractual WHOIS obligations,
ICANN should consider the following alternative to the normal enforcement
procedure.  Under this alternative, ICANN would refrain, on a provisional
basis, from taking enforcement action against the registrar/registry for
non-compliance, while the General Counsel prepares a report and
recommendation and submits it to the ICANN Board for a decision. Such a
report may contain:

i.      A summary of the law or regulation involved in the conflict;

ii.     Specification of the part of the registry or registrar's contractual

WHOIS obligations with which full compliance if being prevented;
iii.    Summary of the consultation process if any under step two; and

iv.     Recommendation of how the issue should be resolved, which may
include whether ICANN should provide an exception for the registrar/registry
from one or more identified WHOIS contractual provisions. The report should
include a detailed justification of its recommendation, including the
anticipated impact on the operational stability, reliability, security, or
global interoperability of the Internet's unique identifier systems if the
recommendation were to be approved or denied .

The registrar/registry should be provided a copy of the report and provided
a reasonable opportunity to comment on it to the Board.  The
Registrar/Registry may request that ICANN keep such report confidential
prior to any resolution of the Board.  It is recommended that ICANN respond
favorably to such requests to the extent that they can be accommodated with
other legal responsibilities and basic principles of transparency applicable
to ICANN operations.

Step Four:  Resolution

Keeping in the mind the anticipated impact on the operational stability,
reliability, security, or global interoperability of the Internet's unique
identifier systems, the Board should consider and take appropriate action on
the recommendations contained in the General Counsel's report as soon as
practicable.  Actions could include, but are not limited to:

*       Approving or rejecting the report's recommendations, with or without

modifications;
*       Scheduling a public comment period on the report; or
*       Referring the report to GNSO for its review and comment by a date
certain.

   Step Five:  Public Notice

        The Board's resolution of the issue, together with the General
Counsel's report, should ordinarily be made public, along with the reasons
for it, and be archived on a public website (along with other related
materials) for future research. Prior to release of such information to the
public, the Registry/Registrar may request that certain information
(including, but not limited to, communications between the
Registry/Registrar and ICANN, or other privileged/confidential information)
be redacted from the public notice.
   In the event that such redactions make it difficult to convey to the
public the nature of the actions being taken by the Registry/Registrar, the
General Counsel should work with the Registry/Registrar on an appropriate
notice to the public describing the actions being taken and the
justification for such actions.

Unless the Board decides otherwise, if the result of its resolution of the
issue is that data elements in the registrar's Whois output will be removed
or made less accessible, ICANN should issue an appropriate notice to the
public of the resolution and of the reasons for ICANN's forbearance from
enforcement of full compliance with the contractual provision in question.


********************************************************************
The constituency statements should be consistent with the ICANN bylaws
detailing the   GNSO Policy-Development Process.
http://www.icann.org/general/archive-bylaws/bylaws-08apr05.htm#AnnexA 

"Section 7, d. Collection of Information.
1. Constituency Statements.
The Representatives will each be responsible for soliciting the position of
their constituencies, at a minimum, and other comments as each
Representative deems appropriate, regarding the issue under consideration.
This position and other comments, as applicable, should be submitted in a
formal statement to the task force chair (each, a "Constituency Statement")
within thirty-five (35) calendar days after initiation of the PDP. Every
Constituency Statement shall include at least the following:

(i) If a Supermajority Vote was reached, a clear statement of the
constituency's position on the issue;

(ii) If a Supermajority Vote was not reached, a clear statement of all
positions espoused by constituency members;

(iii) A clear statement of how the constituency arrived at its position(s).
Specifically, the statement should detail specific constituency meetings,
teleconferences, or other means of deliberating an issue, and a list of all
members who participated or otherwise submitted their views;

(iv) An analysis of how the issue would affect the constituency, including
any financial impact on the constituency; and

(v) An analysis of the period of time that would likely be necessary to
implement the policy."

-- 
Glen de Saint Géry
GNSO Secretariat - ICANN
gnso.secretariat[at]gnso.icann.org
http://gnso.icann.org


More information about the Ncuc-discuss mailing list