Input from the Australian Government on the WHOIS service

Fri Apr 21 15:27:45 CEST 2006

People, this is the message and statement Milton and I suggest NCUC 
sends Ashley Gross and the GNSO council, with copy to all GAC reps.

Please read and send any comments/ammendments asap.

frt rgds

--c.a.

++++++++++++
Dear Bruce,

Regarding Australia's contribution to GNSO on the Whois issues recently 
submitted by the GAC representative Ashley Gross, the NCUC would like 
that the statement below be conveyed to her as an official inquiry from 
NCUC and copied to GNSO Council, as well as to all GAC members.

fraternal regards

--c.a.
Carlos A. Afonso
Chair, NCUC

===============================================================

NCUC statement on Australia's contribution to GNSO on the Whois issues
(submitted to GNSO in April, 2006, by the GAC representative Ashley Gross)

1. We would like to recall the Australian national privacy principles 
(at http://www.privacy.gov.au/publications/npps01.html), which, under 
the heading "Use and disclosure", state: "An organisation must not use 
or disclose personal information about an individual for a purpose (the 
secondary purpose) other than the primary purpose of collection unless:

"(f) the organisation has reason to suspect that unlawful activity has 
been, is being or may be engaged in, and uses or discloses the personal 
information as a necessary part of its investigation of the matter or in 
reporting its concerns to relevant persons or authorities; or

(g) the use or disclosure is required or authorised by or under law; or

(h) the organisation reasonably believes that the use or disclosure is 
reasonably necessary for one or more of the following by or on behalf of 
an enforcement body:

(i) the prevention, detection, investigation, prosecution or punishment 
of criminal offences, breaches of a law imposing a penalty or sanction 
or breaches of a prescribed law;

(ii) the enforcement of laws relating to the confiscation of the 
proceeds of crime;

(iii) the protection of the public revenue;

(iv) the prevention, detection, investigation or remedying of seriously 
improper conduct or prescribed conduct;

(v) the preparation for, or conduct of, proceedings before any court or 
tribunal, or implementation of the orders of a court or
tribunal."

The Australian national privacy principles also state: "If an 
organisation uses or discloses personal information under
paragraph (h), it must make a written note of the use or disclosure."

So, at least in Australia, law enforcement activities are already 
covered under the privacy laws. What is not envisaged in the privacy 
laws is that the method to provide data to law enforcement should be via 
public publication.

There is literally no practical way to restrict the subsequent "use" of 
data once it is published in the public.

In light of the above, is the Australia GAC representative contradicting 
Australia's national policy or suggesting that its laws be changed?

2. Why is the Australia GAC representative supporting Formulation 2, 
when ".au" has a Whois policy and purpose that corresponds to Formulation 1?

3. If GAC itself has not come to a unified position on Formulation 1 
versus Formulation 2 (and we know that it has not), what relevance does 
the position of the Australia GAC representative have?

April 21st, 2006
====================================================

-- 

Carlos A. Afonso
diretor de planejamento
Rits -- http://www.rits.org.br

********************************************
* Sacix -- distribuição Debian CDD Linux   *
* orientada a projetos de inclusão digital *
* com software livre e de código aberto,   *
* mantida pela Rits em colaboração com o   *
* Coletivo Digital.                        *
* Saiba mais: http://www.sacix.org.br      *
********************************************