My Whois Comments - Kathy

KathrynKL at AOL.COM KathrynKL at AOL.COM
Sun Oct 28 15:11:02 CET 2007 

With thanks to EPIC for analysis of the substantive issues, attached please  
find my comments in the Whois proceeding.  After so many years in the  
process, I am dismayed to see the Intellectual Property Constituency and its  
following back away from the very compromises they pushed so hard to  achieve.
 
We still have three more days.  Please submit your own comments -  short or 
long! 
Kathy
------------------------------------------------------------------------------
------------------------------------------------------------------
Dear  Mr. Cerf and the ICANN Board, Ms. Doria and the GNSO Council:  

As  you know, I have been an active participant in the Whois process over 
many  years.  I served on the Whois Task Forces and organized the Building  
Bridges on ICANN's Whois Question Conference at ICANN's Vancouver Meeting  (12/05). 
 I have not been involved in the Whois process for over a year,  did not 
serve on the recent Whois Working Group, and write as an observer and  admirer of 
the progress made to date.
The entire record of the last 7 years  of Whois debates supports key changes 
soon to ICANN's  Whois  Policies.   This letter outlines the agreements of the 
past Whois Task  Forces (on which I participated), the major strides of  the 
recent Whois WG  (on which I did not participate), and the clear path ahead to 
resolve the few  remaining open issues.

The letter closes with my dismay that so much pressure is being  brought to 
bear on ICANN to reverse its work of the last 7 years, and discard  the 
thousands of hours that so many good faith ICANN participants have invested  in the 
reports, negotiations and hard-fought compromises of this important Whois  
process. 

I. The Whois Task Forces found that Data Protection  Laws Exist Throughout 
the World and Apply to Whois Data

Dating back to 2003, I served on the Whois Task Force.  After  extensive 
research, the Task Force found that data protection laws worldwide,  and on every 
continent, protect the disclosure and publication of personal  data.  Starting 
with the EU Data Protection Directive, data protection laws  impact 
registrars, registries and registrants around the world (see, e.g, “Table  of Task 
Force [2] Data Analysis, July 2004” posted at www.ncdnhc.org under  “What's New, 
Whois Conflicts with National Law” and the Task Force 2  report.)

As the Electronic Privacy Information Center notes in its comments,  ICANN 
has now heard from many Data Protection Commissioners, including Germany,  
Canada, Italy, France, Belgium, and two chairs of the Article 29 Working Party  
representing the EU Data Protection Commissioners collectively.  They speak  and 
write to ICANN of the protections their laws guarantee to the privacy of  
individuals, and the conflicts that exist with the privacy laws of their  
countries.  

At the ICANN Rome meeting, Mr. Giovanni Buttarelli, Secretary-General of  
Italy's Data Protection Commission, specifically noted that registrars and  
registries violate Italian data protection laws with their publication of  personal 
data, and that his jurisdiction extends to them if their business  operates 
within Italy, and if they are marketing to Italian citizens.

At ICANN's Vancouver meeting in December 2005, I organized the Whois  
conference Building Bridges on ICANN's Whois Question, the first conference to  bring 
together GNSO and ccNSO to discuss the Whois questions. We learned in our  
opening session that ccTLDs have changed their Whois policies to comply with  
national data protection laws.   Three ccTLDs on three continents  spoke of 
their major Whois changes, namely Nominet (.UK), CIRA (.CA) and JPRS  (.JP).  Many 
members of the ccNSO nodded their agreement and spoke in the  hallways of 
similar changes.

Overall, the Data Protection Commissioners have participated  patiently in 
the Whois process, always urging ICANN to go forward, but always  warning of 
their deep concerns with the illegalities of current practices. See,  e.g,. 
Comments to ICANN from Commissioners and Organizations Regarding Whois and  the 
Protection of Privacy, 
_http://www.ncdnhc.org/policydocuments/whois-ncuc-backgrounder.pdf_ (http://www.ncdnhc.org/policydocuments/whois-ncuc-backgrounder.pdf) 
.  

The result is that the Whois Task Forces, over many years of work,  
recommended changes to ICANN's Whois Policy to reflect data protection laws and  
privacy rights worldwide (as a protection both for the registrants, and the  
registries and registrars who serve them).

II. The Whois Working  Group, in its “Final Outcomes Report” of August 2007, 
Reached Broad Agreement  and Tremendous Compromises

I was not a member of the recent Whois Working Group (WG), but I  admire the 
bold way in which it moved the ICANN Whois debate forward.   Chaired by 
Intellectual Property Constituency co-founder Philip Sheppard, the  Whois WG found 
agreement and made progress where I never thought it  possible.  They did so 
despite a tight timeframe and a large and diverse  membership.  They have my 
admiration.

The strides achieved by the Whois WG, Chairman Sheppard and each  member 
include: 

1.The Whois WG agreed that an individual person's right to privacy and  
protection in his/her data in the Whois database must be protected (Final  Outcomes 
Report (“FOR”), p. 3)

2.The Whois WG accepted the OPOC or “Official Point of Contact”  proposal.  
As businesses and organizations list representatives in the  Whois database, 
so too, should individuals be allowed to publish a  representative's physical 
address, email address and telephone number (while  mandating also that the 
registrant provide accurate and complete data to the  OPOC).  (FOR, p. 3)

3.The Whois WG defined and expanded the tasks and responsibilities of the  
OPOC.  They found broad agreement that: 

- the OPoC can be a Registrar, or third party appointed by the Registrant  
(FOR, p. 13),
- the OPOC must have an agreement with the Registrant and  “defined 
responsibilities” (FOR, p. 14)
- the Registrant must have a  functional OPOC (FOR, p.  17)
-               that  ICANN should not set up any centralized form of 
accreditation of the OPOCs (FOR,  p. 15).

In an issue long pushed by the Business Constituency, the Whois WG also  
agreed that a registrant should be able to list two OPOCs, thus allowing large  
organizations to list more than one organizational contact (FOR, p.  13).

As EPIC notes in its comments, the NCUC and individuals gave up a lot  to 
reach the compromises of the Whois WG Final Outcomes Report.  In  particular, 
they compromised on the closely-held right to anonymity, and  the  rights of 
non-commercial organizations to privacy, including battered  women's shelters, 
religious organizations, political groups and other  non-commercial organizations.

III. The Whois WG Even Offers Key  Agreement on the Thorniest of Issues – 
Access (to the Underlying  Data)

Even on the thorniest of issues, access of the underlying personal  data, the 
Whois WG made clear and unambiguous progress. The WG report gave ICANN  a 
clear roadmap for moving forward by adopting a standard for disclosure of the  
underlying data.  The standard is “reasonable evidence of actionable harm.” 
That's huge progress!  

>From here, we can let the governments work with ICANN to define how law  
enforcement should identify themselves and how private parties should seek  access 
to the underlying data. During my tenure on the Whois Task Forces, US  
Government representatives expressed a strong interest in working with ICANN on  
this issue. In his letter to the Board of last week, the EU's Article 29 Working  
Party Chairman, Mr. Schaar, indicated a similar willingness.  

The path is clear.  The main concept and structure of the OPOC have  been 
agreed on and worked out; the path for the negotiation of the Access  provision 
has been laid.  The work ahead is defined and clear.   

IV. Doesn't Good Faith Count Here? 

For years, I have seen the concept of “good faith” and “bad faith”  invoked 
against domain name registrants.  Shouldn't it provide a standard  for other 
areas of domain name policy as well? 

As I watch the international campaigns from large intellectual  property 
owners and business organizations flood the GNSO forum, I wonder if the  
participants know of the high level of representation their interests have  received 
throughout the Whois process.  During the years I worked on the  Whois Task 
Forces, the Intellectual Property Constituency, Business Constituency  and ISP 
Constituency were always well represented by active, articulate and  
well-prepared representatives. Their members participated in every aspect of  research, 
negotiating, drafting and editing processes.  They had the  budgets to attend 
every meeting.  They worked on every issue and they drove  very hard compromises.

Shouldn't we all be required to stand by a process in which we all  
participated with such great activity and in such good faith?   

V. Conclusion: If we turn back now, why message will it send to  future 
participants in ICANN? 

ICANN operates on a grassroots principles.  Policy is made in  the Supporting 
Organizations and brought to the Board. Over seven years, all the  
constituencies, hundreds of people, and numerous government representatives  (from many 
agencies and levels) have participated in the Whois process.   For my part, I 
fought hard for the time to attend the teleconferences, money to  attend the 
meetings, and studies and research to inform the process. 

Of course having access to the personal data of millions of domain names  
registrants makes life easier for those with concerns about website content and  
other bad acts.  But this data similar exposes individuals to physical harm  
as well as online harassment and other illegal acts.  Naturally, the  various 
sides would like to “have it all.” 

But the Whois WG gave us an OPOC plan with details, and a standard for  
access to underlying data – clear agreements which provide a roadmap that will  
allow registries and registrars to comply with law, protect the privacy of some  
domain name registrants (although only some) and provide access to those who  
need the underlying personal data and having “reasonable evidence of 
actionable  harm.”

The Whois WG has my huge respect and admiration.  This process was  
difficult; their progress was huge.  We should now be close to the end of  many, many 
long years of work.  

To the GNSO Council and the Board,  I leave with the hope that you move 
forward on Whois.  I support Motions 1  and 3.  We either move forward together on 
OPOC, or drop the required Whois  publication provisions for lack of consensus 
and support.  I trust you will  find the path that takes us forward, not 
back. 

Sincerely,
/s/ Kathryn  Kleiman
Kathryn Kleiman, Esq.
Past member of Whois Task Forces on behalf  of the NCUC




************************************** See what's new at http://www.aol.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20071028/9312144d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Kleiman Whois Comments.pdf
Type: application/pdf
Size: 117715 bytes
Desc: not available
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20071028/9312144d/attachment.pdf>

More information about the Ncuc-discuss mailing list