My Whois Comments - Kathy
KathrynKL at AOL.COM
KathrynKL at AOL.COM
Sun Oct 28 15:11:02 CET 2007
With thanks to EPIC for analysis of the substantive issues, attached please
find my comments in the Whois proceeding. After so many years in the
process, I am dismayed to see the Intellectual Property Constituency and its
following back away from the very compromises they pushed so hard to achieve.
We still have three more days. Please submit your own comments - short or
long!
Kathy
------------------------------------------------------------------------------
------------------------------------------------------------------
Dear Mr. Cerf and the ICANN Board, Ms. Doria and the GNSO Council:
As you know, I have been an active participant in the Whois process over
many years. I served on the Whois Task Forces and organized the Building
Bridges on ICANN's Whois Question Conference at ICANN's Vancouver Meeting (12/05).
I have not been involved in the Whois process for over a year, did not
serve on the recent Whois Working Group, and write as an observer and admirer of
the progress made to date.
The entire record of the last 7 years of Whois debates supports key changes
soon to ICANN's Whois Policies. This letter outlines the agreements of the
past Whois Task Forces (on which I participated), the major strides of the
recent Whois WG (on which I did not participate), and the clear path ahead to
resolve the few remaining open issues.
The letter closes with my dismay that so much pressure is being brought to
bear on ICANN to reverse its work of the last 7 years, and discard the
thousands of hours that so many good faith ICANN participants have invested in the
reports, negotiations and hard-fought compromises of this important Whois
process.
I. The Whois Task Forces found that Data Protection Laws Exist Throughout
the World and Apply to Whois Data
Dating back to 2003, I served on the Whois Task Force. After extensive
research, the Task Force found that data protection laws worldwide, and on every
continent, protect the disclosure and publication of personal data. Starting
with the EU Data Protection Directive, data protection laws impact
registrars, registries and registrants around the world (see, e.g, “Table of Task
Force [2] Data Analysis, July 2004” posted at www.ncdnhc.org under “What's New,
Whois Conflicts with National Law” and the Task Force 2 report.)
As the Electronic Privacy Information Center notes in its comments, ICANN
has now heard from many Data Protection Commissioners, including Germany,
Canada, Italy, France, Belgium, and two chairs of the Article 29 Working Party
representing the EU Data Protection Commissioners collectively. They speak and
write to ICANN of the protections their laws guarantee to the privacy of
individuals, and the conflicts that exist with the privacy laws of their
countries.
At the ICANN Rome meeting, Mr. Giovanni Buttarelli, Secretary-General of
Italy's Data Protection Commission, specifically noted that registrars and
registries violate Italian data protection laws with their publication of personal
data, and that his jurisdiction extends to them if their business operates
within Italy, and if they are marketing to Italian citizens.
At ICANN's Vancouver meeting in December 2005, I organized the Whois
conference Building Bridges on ICANN's Whois Question, the first conference to bring
together GNSO and ccNSO to discuss the Whois questions. We learned in our
opening session that ccTLDs have changed their Whois policies to comply with
national data protection laws. Three ccTLDs on three continents spoke of
their major Whois changes, namely Nominet (.UK), CIRA (.CA) and JPRS (.JP). Many
members of the ccNSO nodded their agreement and spoke in the hallways of
similar changes.
Overall, the Data Protection Commissioners have participated patiently in
the Whois process, always urging ICANN to go forward, but always warning of
their deep concerns with the illegalities of current practices. See, e.g,.
Comments to ICANN from Commissioners and Organizations Regarding Whois and the
Protection of Privacy,
_http://www.ncdnhc.org/policydocuments/whois-ncuc-backgrounder.pdf_ (http://www.ncdnhc.org/policydocuments/whois-ncuc-backgrounder.pdf)
.
The result is that the Whois Task Forces, over many years of work,
recommended changes to ICANN's Whois Policy to reflect data protection laws and
privacy rights worldwide (as a protection both for the registrants, and the
registries and registrars who serve them).
II. The Whois Working Group, in its “Final Outcomes Report” of August 2007,
Reached Broad Agreement and Tremendous Compromises
I was not a member of the recent Whois Working Group (WG), but I admire the
bold way in which it moved the ICANN Whois debate forward. Chaired by
Intellectual Property Constituency co-founder Philip Sheppard, the Whois WG found
agreement and made progress where I never thought it possible. They did so
despite a tight timeframe and a large and diverse membership. They have my
admiration.
The strides achieved by the Whois WG, Chairman Sheppard and each member
include:
1.The Whois WG agreed that an individual person's right to privacy and
protection in his/her data in the Whois database must be protected (Final Outcomes
Report (“FOR”), p. 3)
2.The Whois WG accepted the OPOC or “Official Point of Contact” proposal.
As businesses and organizations list representatives in the Whois database,
so too, should individuals be allowed to publish a representative's physical
address, email address and telephone number (while mandating also that the
registrant provide accurate and complete data to the OPOC). (FOR, p. 3)
3.The Whois WG defined and expanded the tasks and responsibilities of the
OPOC. They found broad agreement that:
- the OPoC can be a Registrar, or third party appointed by the Registrant
(FOR, p. 13),
- the OPOC must have an agreement with the Registrant and “defined
responsibilities” (FOR, p. 14)
- the Registrant must have a functional OPOC (FOR, p. 17)
- that ICANN should not set up any centralized form of
accreditation of the OPOCs (FOR, p. 15).
In an issue long pushed by the Business Constituency, the Whois WG also
agreed that a registrant should be able to list two OPOCs, thus allowing large
organizations to list more than one organizational contact (FOR, p. 13).
As EPIC notes in its comments, the NCUC and individuals gave up a lot to
reach the compromises of the Whois WG Final Outcomes Report. In particular,
they compromised on the closely-held right to anonymity, and the rights of
non-commercial organizations to privacy, including battered women's shelters,
religious organizations, political groups and other non-commercial organizations.
III. The Whois WG Even Offers Key Agreement on the Thorniest of Issues –
Access (to the Underlying Data)
Even on the thorniest of issues, access of the underlying personal data, the
Whois WG made clear and unambiguous progress. The WG report gave ICANN a
clear roadmap for moving forward by adopting a standard for disclosure of the
underlying data. The standard is “reasonable evidence of actionable harm.”
That's huge progress!
>From here, we can let the governments work with ICANN to define how law
enforcement should identify themselves and how private parties should seek access
to the underlying data. During my tenure on the Whois Task Forces, US
Government representatives expressed a strong interest in working with ICANN on
this issue. In his letter to the Board of last week, the EU's Article 29 Working
Party Chairman, Mr. Schaar, indicated a similar willingness.
The path is clear. The main concept and structure of the OPOC have been
agreed on and worked out; the path for the negotiation of the Access provision
has been laid. The work ahead is defined and clear.
IV. Doesn't Good Faith Count Here?
For years, I have seen the concept of “good faith” and “bad faith” invoked
against domain name registrants. Shouldn't it provide a standard for other
areas of domain name policy as well?
As I watch the international campaigns from large intellectual property
owners and business organizations flood the GNSO forum, I wonder if the
participants know of the high level of representation their interests have received
throughout the Whois process. During the years I worked on the Whois Task
Forces, the Intellectual Property Constituency, Business Constituency and ISP
Constituency were always well represented by active, articulate and
well-prepared representatives. Their members participated in every aspect of research,
negotiating, drafting and editing processes. They had the budgets to attend
every meeting. They worked on every issue and they drove very hard compromises.
Shouldn't we all be required to stand by a process in which we all
participated with such great activity and in such good faith?
V. Conclusion: If we turn back now, why message will it send to future
participants in ICANN?
ICANN operates on a grassroots principles. Policy is made in the Supporting
Organizations and brought to the Board. Over seven years, all the
constituencies, hundreds of people, and numerous government representatives (from many
agencies and levels) have participated in the Whois process. For my part, I
fought hard for the time to attend the teleconferences, money to attend the
meetings, and studies and research to inform the process.
Of course having access to the personal data of millions of domain names
registrants makes life easier for those with concerns about website content and
other bad acts. But this data similar exposes individuals to physical harm
as well as online harassment and other illegal acts. Naturally, the various
sides would like to “have it all.”
But the Whois WG gave us an OPOC plan with details, and a standard for
access to underlying data – clear agreements which provide a roadmap that will
allow registries and registrars to comply with law, protect the privacy of some
domain name registrants (although only some) and provide access to those who
need the underlying personal data and having “reasonable evidence of
actionable harm.”
The Whois WG has my huge respect and admiration. This process was
difficult; their progress was huge. We should now be close to the end of many, many
long years of work.
To the GNSO Council and the Board, I leave with the hope that you move
forward on Whois. I support Motions 1 and 3. We either move forward together on
OPOC, or drop the required Whois publication provisions for lack of consensus
and support. I trust you will find the path that takes us forward, not
back.
Sincerely,
/s/ Kathryn Kleiman
Kathryn Kleiman, Esq.
Past member of Whois Task Forces on behalf of the NCUC
************************************** See what's new at http://www.aol.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20071028/448e886c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Kleiman Whois Comments.pdf
Type: application/pdf
Size: 117715 bytes
Desc: not available
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20071028/448e886c/attachment.pdf>
More information about the Ncuc-discuss
mailing list