Timely - Please sign on to EPIC letter!

KathrynKL at AOL.COM KathrynKL at AOL.COM
Sat Oct 27 16:52:18 CEST 2007 

Friends in NCUC, we need your help. GNSO Council is now  completely 
OVERWHELMED with letters from the Intellectual Property (IP)  Constituency.  After 
seven years of work, IP wants to send everything back  to beginning -- no privacy, 
no plan, no direction.  We have come too far to  do that.  We have spent too 
many years on Task Forces and Working  Groups.  National laws all over the 
world gives us the right to privacy,  and ICANN knows it.
 
Would you be willing to sign on to the Electronic Privacy Information  
Center's (EPIC's letter) below?  If so, please write to Marc Rotenberg at  _rot
enberg at epic.org_ (mailto:rotenberg at epic.org)  with your name and  organization. 
TIME IS OF THE ESSENSE.  PLEASE WRITE TODAY.
Best,
Kathy Kleiman (NCUC Whois Task Force member 2003-2006)
 
(Comments can be submitted to:  <whois-comments-2007 at icann.org>
Comments may be viewed at:
_http://forum.icann.org/lists/whois-comments-2007/_ 
(http://forum.icann.org/lists/whois-comments-2007/) )


October 25, 2007 
Mr. Vint Cerf, Chairman 
Mr. Paul Twomey, President & CEO 
Internet Corporation for Assigned Names and  Numbers 
4676 Admiralty Way, Suite 330 
Marina del Rey, CA 90292-6601 
USA 
Dear Mr Twomey and Members of the ICANN Board, 

The purpose of this letter is  to express our support for changes to Whois 
services that would protect the  privacy of individuals, specifically the 
removal of registrants’ contact  information from the publicly accessible Whois 
database._1_ (aoldb://mail/write/template.htm#sdfootnote1sym)  It is also to  
propose a sensible resolution to the long-running discussion over Whois that  
would establish a bit of “policy stability” and allow the various constituencies  
to move on to other work 

EPIC has had long-standing  involvement in the Whois issue. As a member of 
the Whois Privacy Steering  Committee, EPIC assisted in the development of the 
Whois work program, and has  been a member of the Non-Commercial Users 
Constituency for several years. EPIC  has submitted extensive comments to ICANN on 
Whois, and has testified before the  US Congress in support of new privacy 
safeguards for WHOIS as well as filing a  brief in the US courts on the privacy 
implications of the WHOIS registry._2_ 
(aoldb://mail/write/template.htm#sdfootnote2sym)  

Both the Whois Task Force and  the Whois Working Group agree that new 
mechanisms must be adopted to address an  individual's right to privacy and the 
protection of his/her data._3_ (aoldb://mail/write/template.htm#sdfootnote3sym)  
Current ICANN  Whois policy conflicts with national privacy laws, including the 
EU Data  Protection Directive, which requires the establishment of a legal 
framework to  ensure that when personal information is collected, it is used only 
for its  intended purpose. As personal information in the directory is used 
for other  purposes and ICANN's policy keeps the information public and 
anonymously  accessible, the database could be found illegal according to many 
national  privacy and data protection laws including the European Data Protection  
Directive, European data protection laws and legislation in Canada and  
Australia._4_ (aoldb://mail/write/template.htm#sdfootnote4sym)  

The Article 29 Working Party,  an independent European advisory body on data 
protection and privacy, states  that “in its current form the [Whois] database 
does not take account of the data  protection and privacy rights of those 
identifiable persons who are named as the  contacts for domain names and 
organizations.”_5_ (aoldb://mail/write/template.htm#sdfootnote5sym)  The conflict with 
 national privacy law is real and cannot be dismissed. A sensible resolution 
of  the Whois matter must take this into account. 

In addition, country code Top  Level Domains are moving to provide more 
privacy protection in accordance with  national law. For example, regarding 
Australia's TLD, .au, the WHOIS policy of  the .au Domain Administration Ltd (AUDA) 
states in section 4.2, "In order to  comply with Australian privacy 
legislation, registrant telephone and facsimile  numbers will not be disclosed. In the 
case of id.au domain names (for individual  registrants, rather than corporate 
registrants), the registrant contact name and  address details also will not be 
disclosed."_6_ (aoldb://mail/write/template.htm#sdfootnote6sym)   

The Final Outcomes Report  recently published by the Whois Working Group 
contains several key compromises  and useful statements and represents significant 
progress on substantive Whois  issues. The Whois Working Group found 
agreement in critical areas that advance  the Whois discussion within ICANN and 
provide clear guidance to the ICANN  Board. 

In its report, the Whois  Working Group accepted the Operational Point of 
Contact (OPoC) proposal as a  starting point, and the best option to date. The 
OPoC proposal would replace  publicly available registrant contact information 
with an intermediate contact  responsible for relaying messages to the 
registrant. The Working Group agreed  that there may be up to two OPoCs, and that an 
OPoC can be the Registrant, the  Registrar, or any third party appointed by the 
Registrant. The Registrant is  responsible for having a functional OPOC. The 
Working Party also agreed that the  OPOC should have a consensual relationship 
to the Registrant with defined  responsibilities. This would necessitate the 
creation of a new process, and  changes to the Registrar Accreditation 
Agreement and Registrar-Registrant  agreements to reflect this relationship. 

The Board should support the  agreed standard for disclosure of unpublished 
Whois personal data – reasonable  evidence of actionable harm. But the Board 
should leave this term undefined, as  it is now in the RAA for proxy services. 
This standard will allow the OPoC  contact, registrars and registries to work 
within the framework of their  national and local laws to provide access to 
this personal data.  

OPoCs must be allowed to  employ strategies and standards similar to those of 
the registrars and  registries to ensure that the person receiving the 
protected personal Whois data  is in fact a law enforcement official.  

The OPoC proposal does not  impede reasonable law or intellectual property 
enforcement efforts. In fact,  effective implementation of the OPoC proposal 
would benefit all stakeholders by  improving the accuracy of the information in 
the database. Because personal data  will be kept private, individuals will 
provide more accurate data. As a result,  the Whois database will be more useful 
and more reliable. 

The OPoC proposal is not the  ideal privacy solution. EPIC, as well as groups 
such as the Non-Commercial Users  Constituency, recommended a distinction 
between commercial and non-commercial  domains in order to protect the privacy of 
registrants of domain names used for  religious purposes, political speech, 
organizational speech, and other forms of  non-commercial speech. EPIC has 
previously stated that the Whois database should  not publicize any registrant 
information, including name and jurisdiction. 

The Whois Working Group has  proposed a workable framework. It is not a 
perfect framework. But it will help  ensure that the WHOIS policy conforms with law 
and allow ICANN to move forward.  If it is not possible to adopt this 
solution, then the only sensible approach  would be to allow the current Whois terms 
to simply sunset. Resolution 3 would  be the only real option.  

The signatories to this letter  are willing to assist in finishing off the 
implementation details of the OPoC  proposal.  

Sincerely, 



Marc Rotenberg 
EPIC Executive Director 



Allison Knight 
Coordinator, Public Voice Project 
 
_1_ (aoldb://mail/write/template.htm#sdfootnote1anc)   EPIC’s comments on the 
ICANN Whois Task Force’s "Preliminary Task Force Report  on Whois Services," 
January 12, 2007, available at  
<http://www.epic.org/privacy/whois/comments.html>.
 
_2_ (aoldb://mail/write/template.htm#sdfootnote2anc)   [cite]
 
_3_ (aoldb://mail/write/template.htm#sdfootnote3anc)   Final Report of the 
Whois Task Force, March 12, 2007, available at  
<http://gnso.icann.org/issues/whois-privacy/whois-services-final-tf-report-12mar07.htm>;  and Final Report of 
the Whois Working Group, August 20, 2007, available at  
<http://gnso.icann.org/drafts/icann-whois-wg-report-final-1-9.pdf>.
 
_4_ (aoldb://mail/write/template.htm#sdfootnote4anc)   Privacy and Human 
Rights: An International Survey of Privacy Laws and  Developments (EPIC and 
Privacy International 2006), available at  <http://www.epic.org/phr06>.
 
_5_ (aoldb://mail/write/template.htm#sdfootnote5anc)   Letter from Article 29 
Working Party to Vinton Cerf, March 12, 2007,  available at  
<http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf>.
 
_6_ (aoldb://mail/write/template.htm#sdfootnote6anc)   For additional country 
code Top Level Domain policy examples, see  EPIC Testimony Before House 
Subcommittee, Financial Institutions and Consumer  Credit, Committee on Financial 
Services “ICANN and the WHOIS Database: Providing  Access to Protect Consumers 
from Phishing,” available at  
<http://financialservices.house.gov/media/pdf/071806mr.pdf>.



************************************** See what's new at http://www.aol.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20071027/ae4bf05c/attachment.html>

More information about the Ncuc-discuss mailing list