EPIC Comments on WHOIS
KathrynKL at AOL.COM
KathrynKL at AOL.COM
Wed Oct 31 18:20:11 CET 2007
With great thanks to Marc, might I suggest that our NCUC Council reps send
this on to the entire GNSO Council. May EPIC's comments and all of our
thoughts help you in the very important meeting today!
Best,
Kathy
Dear NCUCers,
Here is the letter on WHOIS that went to the ICANN board.
Thank you all for your help with this, and especially Kathy K.
who has been fighting the good fight on WHOIS for many
years. We also gathered the support of several of the prominent
members of the EPIC Advisory Board. That may help.
Good luck to those in LA!
Best
Marc and Allison.
--------------
October 30, 2007
Mr. Vinton Cerf, Chairman
Mr. Paul Twomey, President & CEO
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6601
USA
Dear Mr. Cerf, Mr Twomey, and Members of the ICANN Board,
The purpose of this letter is to express our support for changes to WHOIS
services
that would protect the privacy of individuals, specifically the removal of
registrants'
contact information from the publicly accessible WHOIS database.[1] It is
also to propose
a sensible resolution to the long-running discussion over WHOIS that would
establish a bit
of "policy stability" and allow the various constituencies to move on to
other work
EPIC has had long-standing involvement in the WHOIS issue. As a member of
the WHOIS Privacy Steering Committee, EPIC assisted in the development of
the
WHOIS work program, and has been a member of the Non-Commercial Users
Constituency for several years. EPIC has submitted extensive comments to
ICANN on
WHOIS, and has testified before the US Congress in support of new privacy
safeguards
for WHOIS as well as filing a brief in the US courts on the privacy
implications of the
WHOIS registry.[2] The Public Voice coalition also organized an important
letter in 2003
to ICANN regarding WHOIS policy that was signed by 57 organizations from
more than
20 countries which recommended simply that ICANN consider the views of
consumer
organizations and civil liberties groups.[3]
Both the WHOIS Task Force and the WHOIS Working Group agree that new
mechanisms must be adopted to address an individual's right to privacy and
the protection
of his/her data.[4] Current ICANN WHOIS policy conflicts with national
privacy laws,
including the EU Data Protection Directive, which requires the establishment
of a legal
framework to ensure that when personal information is collected, it is used
only for its
intended purpose. As personal information in the directory is used for other
purposes and
ICANN's policy keeps the information public and anonymously accessible, the
database
could be found illegal according to many national privacy and data
protection laws
including the European Data Protection Directive, European data protection
laws and
legislation in Canada and Australia.[5]
The Article 29 Working Party, an independent European advisory body on data
protection and privacy, states that "in its current form the [WHOIS]
database does not
take account of the data protection and privacy rights of those identifiable
persons who
are named as the contacts for domain names and organizations."[6] The
conflict with
national privacy law is real and cannot be dismissed. A sensible resolution
of the WHOIS
matter must take this into account.
In addition, country code Top Level Domains are moving to provide more
privacy
protection in accordance with national law. For example, regarding
Australia's TLD, .au,
the WHOIS policy of the .au Domain Administration Ltd (AUDA) states in
section 4.2,
"In order to comply with Australian privacy legislation, registrant
telephone and
facsimile numbers will not be disclosed. In the case of id.au domain names
(for
individual registrants, rather than corporate registrants), the registrant
contact name and
address details also will not be disclosed."[7]
The Final Outcomes Report recently published by the WHOIS Working Group
contains several key compromises and useful statements and represents
significant
progress on substantive WHOIS issues. The WHOIS Working Group found
agreement in
critical areas that advance the WHOIS discussion within ICANN and provide
clear
guidance to the ICANN Board.
In its report, the WHOIS Working Group accepted the Operational Point of
Contact (OPoC) proposal as a starting point, and the best option to date.
The OPoC
proposal would replace publicly available registrant contact information
with an
intermediate contact responsible for relaying messages to the registrant.
The Working
Group agreed that there may be up to two OPoCs, and that an OPoC can be the
Registrant, the Registrar, or any third party appointed by the Registrant.
The Registrant is
responsible for having a functional OPOC. The Working Party also agreed that
the OPOC
should have a consensual relationship to the Registrant with defined
responsibilities. This
would necessitate the creation of a new process, and changes to the
Registrar
Accreditation Agreement and Registrar-Registrant agreements to reflect this
relationship.
The Board should support the agreed standard for disclosure of unpublished
Whois personal data – reasonable evidence of actionable harm. But the Board
should
leave this term undefined, as it is now in the RAA for proxy services. This
standard will
allow the OPoC contact, registrars and registries to work within the
framework of their
national and local laws to provide access to this personal data.
OPoCs must be allowed to employ strategies and standards similar to those of
the
registrars and registries to ensure that the person receiving the protected
personal WHOIS
data is in fact a law enforcement official.
The OPoC proposal does not impede reasonable law or intellectual property
enforcement efforts. In fact, effective implementation of the OPoC proposal
would
benefit all stakeholders by improving the accuracy of the information in the
database.
Because personal data will be kept private, individuals will provide more
accurate data.
As a result, the Whois database will be more useful and more reliable.
The OPoC proposal is not the ideal privacy solution. EPIC, as well as groups
such
as the Non-Commercial Users Constituency, recommended a distinction between
commercial and non-commercial domains in order to protect the privacy of
registrants of
domain names used for religious purposes, political speech, organizational
speech, and
other forms of non-commercial speech. EPIC has previously stated that the
WHOIS
database should not publicize any registrant information, including name and
jurisdiction.
The WHOIS Working Group has proposed a workable framework. It is not a
perfect framework. But it will help ensure that the WHOIS policy conforms
with law and
allow ICANN to move forward. If it is not possible to adopt this solution,
then the only
sensible approach would be to allow the current WHOIS terms to simply
sunset.
Resolution 3 would be the only real option.
The signatories to this letter are willing to assist in finishing off the
implementation details of the OPoC proposal.
Sincerely,
Marc Rotenberg
EPIC Executive Director
Allison Knight
Coordinator
Public Voice Project
Valerie Gordon,
Jamaica Sustainable Development
Network
Robin Gross
IP Justice
Robert Guerra, CPSR
Kim Heitman,
Board Member EFA
Deputy Chair AUDA
Norbert Klein
ICANN GNSO Council member
ICANN NCUC
Open Institute of Cambodia
Kathy Kleiman
Co-Founder, NCUC
Dan Krimm
TJ McIntyre (Chairman)
Digital Rights Ireland
Ville Oksanen
Vice Chairman, EFFI
Ross Rader,
Domain Direct
Members of the EPIC Advisory Board
Steven Aftergood, Project Director
Federation of American Scientists
Anita L. Allen
Professor of Law and Philosphy
University of Pennsylvania
David Banisar, Director
Freedom of Information Project, Privacy
International;
Visiting Research Fellow,
School of Law, University of Leeds
Christine L. Borgman
Professor & Presidential Chair
Dept of Information Studies, UCLA
James Boyle
Professor of Law
Duke Law School
David Chaum
Founder
Punchscan
Julie E. Cohen
Professor Law
Georgetown University Law Center
Simon Davies
Director General
Privacy International
David Farber
Distinguished Career Professor of
Computer Science and Public Policy,
Carnegie Mellon University
David H. Flaherty
Professor Emeritus
University of Western Ontario.
Austin Hill
Brudder Ventures
Jerry Kang
Professor of Law
UCLA Law School
Chris Larsen
CEO
Prosper Marketplace, Inc.
Mary Minow
Founder
LibraryLaw.com
Pablo Molina
Chief Information Officer
Georgetown University Law Center
Deborah C. Peel, MD,
Founder and Chair
Patient Privacy Rights
Anita Ramasastry
Associate Professor of Law
Director, Shidler Center for Law
Commerce & Technology
University of Washington School of
Law
Ronald L. Rivest
Professor of Electrical Engineering and
Computer Science
Massachusetts Institute of Technology
Pamela Samuelson
Distinguished Professor of Law;
Professor of Information Management;
Chancellor's Professor
School of Law – Boalt Hall
University of California at Berkeley
Bruce Schneier
CTO
BT Counterpaine
Edward G. Viltz
President and Founder
Internet Collaboration Coalition
NOTES
[1] EPIC's comments on the ICANN WHOIS Task Force's "Preliminary Task Force
Report on WHOIS
Services," January 12, 2007, available at
<_http://www.epic.org/privacy/whois/comments.html_ (http://www.epic.org/privacy/whois/comments.html) >.
[2] See, e.g., EPIC, "Privacy Issues Report: The Creation of A New Task
Force is Necessary For an
Adequate Resolution of the Privacy Issues Associated With WHOIS," .before
the GNSO Council (Mar. 10,
2003), See EPIC Testimony Before House Subcommittee, Financial Institutions
and Consumer Credit,
Committee on Financial Services "ICANN and the WHOIS Database: Providing
Access to Protect
Consumers from Phishing," (July 18, 2006), available
athttp://financialservices.house.gov/media/pdf/071806mr.pdf; Brief Amicus
Curiae of EPIC, Peterson v.
Nat. Telecomm. & Info. Admin., No. 06-1216 (4th Cir. Apr. 24, 2006),
available at.
_http://www.epic.org/privacy/peterson/epic_peterson_amicus.pdf_
(http://www.epic.org/privacy/peterson/epic_peterson_amicus.pdf) ; See generally EPIC WHOIS
page,
_http://www.epic.org/privacy/whois/_ (http://www.epic.org/privacy/whois/) .
[3] The Public Voice, "WHOIS Letter to ICANN," (Oct. 28, 2003),
_http://thepublicvoice.org/news/whoisletter.html_
(http://thepublicvoice.org/news/whoisletter.html) .
[4] Final Report of the WHOIS Task Force, March 12, 2007, available at
<_http://gnso.icann.org/issues/whois-_ (http://gnso.icann.org/issues/whois-)
privacy/whois-services-final-tf-report-12mar07.htm>; and Final Report of the
WHOIS Working Group,
August 20, 2007, available at
<_http://gnso.icann.org/drafts/icann-whois-wg-report-final-1-9.pdf_
(http://gnso.icann.org/drafts/icann-whois-wg-report-final-1-9.pdf) >.
[5] EPIC and Privacy International, PRIVACY AND HUMAN RIGHTS: AN
INTERNATIONAL SURVEY OF PRIVACY
LAWS AND DEVELOPMENTS 154-57 ("WHOIS"), available at
<_http://www.epic.org/phr06_ (http://www.epic.org/phr06) >.
[6] Letter from Article 29 Working Party to ICANN Chair Vinton Cerf, March
12, 2007, available at
<_http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf_
(http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf) >.
[7] For additional country code Top Level Domain policy examples, see EPIC
Testimony Before House
Subcommittee, Financial Institutions and Consumer Credit, Committee on
Financial Services "ICANN and
the WHOIS Database: Providing Access to Protect Consumers from Phishing,"
available at
<_http://financialservices.house.gov/media/pdf/071806mr.pdf_
(http://financialservices.house.gov/media/pdf/071806mr.pdf) >.
Begin forwarded message:
From: Marc Rotenberg <_rotenberg at epic.org_ (mailto:rotenberg at epic.org) >
Date: October 30, 2007 7:28:16 PM EDT
To: _whois-comments-2007 at icann.org_ (mailto:whois-comments-2007 at icann.org)
Cc: Marc Rotenberg <_rotenberg at epic.org_ (mailto:rotenberg at epic.org) >,
Allison Knight <_knight at epic.org_ (mailto:knight at epic.org) >
Subject: Comments on WHOIS - NGOs and EPIC Advisory Board
=
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
/\/\/\/\/\/\/\
Marc Rotenberg, Executive Director
Electronic Privacy Information Center (EPIC)
1718 Connecticut Ave., NW, Suite 200
Washington, DC 20009
+1 202 483 1140 x106 [tel]
+1 202 483 1248 [fax]
EPICMarc [voip-skype]
htttp://_www.epic.org_ (http://www.epic.org/) /
=
************************************** See what's new at http://www.aol.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20071031/02321866/attachment.html>
More information about the Ncuc-discuss
mailing list