EPIC Comments on WHOIS

KathrynKL at AOL.COM KathrynKL at AOL.COM
Wed Oct 31 18:20:11 CET 2007


 
With great thanks to Marc, might I suggest that our NCUC Council reps  send 
this on to the entire GNSO Council.  May EPIC's comments and all of  our 
thoughts help you in the very important meeting today! 
Best,
Kathy



Dear NCUCers,


Here is the letter on WHOIS that went to the ICANN board.


Thank you all for your help with this, and especially Kathy K.
who has been fighting the good fight on WHOIS for many
years. We also gathered the support of several of the  prominent 
members of the EPIC Advisory Board. That may help.


Good luck to those in LA!


Best


Marc and Allison.


--------------




October 30, 2007


Mr. Vinton Cerf, Chairman
Mr. Paul Twomey, President & CEO
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6601
USA


Dear Mr. Cerf, Mr Twomey, and Members of the ICANN Board,


The purpose of this letter is to express our support for changes to WHOIS  
services 
that would protect the privacy of individuals, specifically the removal  of 
registrants' 
contact information from the publicly accessible WHOIS database.[1]   It is 
also to propose 
a  sensible resolution to the long-running discussion over WHOIS  that would 
establish a bit 
of "policy stability" and allow the various constituencies to move on to  
other work


EPIC has had long-standing involvement in the WHOIS issue. As a member of  
the WHOIS Privacy Steering Committee, EPIC assisted in the development of  
the 
WHOIS work program, and has been a member of the Non-Commercial Users  
Constituency for several years. EPIC has submitted extensive comments to  
ICANN on 
WHOIS, and has testified before the US Congress in support of new privacy  
safeguards 
for WHOIS as well as filing a brief in the US courts on the privacy  
implications of the 
WHOIS registry.[2]  The Public Voice coalition also organized an  important 
letter in 2003 
to ICANN regarding WHOIS policy that was signed by 57 organizations from  
more than 
20 countries which recommended simply that ICANN consider the views of  
consumer 
organizations and civil liberties groups.[3]


Both the WHOIS Task Force and the WHOIS Working Group agree that new  
mechanisms must be adopted to address an individual's right to privacy  and 
the protection 
of his/her data.[4]  Current ICANN WHOIS policy conflicts with  national 
privacy laws, 
including the EU Data Protection Directive, which requires the  establishment 
of a legal 
framework to ensure that when personal information is collected, it is  used 
only for its 
intended purpose. As personal information in the directory is used for  other 
purposes and 
ICANN's policy keeps the information public and anonymously accessible,  the 
database 
could be found illegal according to many national privacy and data  
protection laws 
including the European Data Protection Directive, European data  protection 
laws and 
legislation in Canada and Australia.[5] 


The Article 29 Working Party, an independent European advisory body on  data 
protection and privacy, states that "in its current form the [WHOIS]  
database does not 
take account of the data protection and privacy rights of those  identifiable 
persons who 
are named as the contacts for domain names and organizations."[6]   The 
conflict with 
national privacy law is real and cannot be dismissed. A sensible  resolution 
of the WHOIS 
matter must take this into account.


In addition, country code Top Level Domains are moving to provide more  
privacy 
protection in accordance with national law. For example, regarding  
Australia's TLD, .au, 
the WHOIS policy of the .au Domain Administration Ltd (AUDA) states in  
section 4.2, 
"In order to comply with Australian privacy legislation, registrant  
telephone and 
facsimile numbers will not be disclosed. In the case of id.au domain  names 
(for 
individual registrants, rather than corporate registrants), the  registrant 
contact name and 
address details also will not be disclosed."[7]  


The Final Outcomes Report recently published by the WHOIS Working Group  
contains several key compromises and useful statements and represents  
significant 
progress on substantive WHOIS issues. The WHOIS Working Group found  
agreement in 
critical areas that advance the WHOIS discussion within ICANN and provide  
clear 
guidance to the ICANN Board.


In its report, the WHOIS Working Group accepted the Operational Point of  
Contact (OPoC) proposal as a starting point, and the best option to date.  
The OPoC 
proposal would replace publicly available registrant contact information  
with an 
intermediate contact responsible for relaying messages to the registrant.  
The Working 
Group agreed that there may be up to two OPoCs, and that an OPoC can be  the 
Registrant, the Registrar, or any third party appointed by the  Registrant. 
The Registrant is 
responsible for having a functional OPOC. The Working Party also agreed  that 
the OPOC 
should have a consensual relationship to the Registrant with defined  
responsibilities. This 
would necessitate the creation of a new process, and changes to the  
Registrar 
Accreditation Agreement and Registrar-Registrant agreements to reflect  this 
relationship.


The Board should support the agreed standard for disclosure of  unpublished 
Whois personal data – reasonable evidence of actionable harm.  But  the Board 
should 
leave this term undefined, as it is now in the RAA for proxy  services.  This 
standard will 
allow the OPoC contact, registrars and registries to work within the  
framework of their 
national and local laws to provide access to this personal data.   


OPoCs must be allowed to employ strategies and standards similar to those  of 
the 
registrars and registries to ensure that the person receiving the  protected 
personal WHOIS 
data is in fact a law enforcement official.  


The OPoC proposal does not impede reasonable law or intellectual property  
enforcement efforts. In fact, effective implementation of the OPoC  proposal 
would 
benefit all stakeholders by improving the accuracy of the information in  the 
database. 
Because personal data will be kept private, individuals will provide more  
accurate data. 
As a result, the Whois database will be more useful and more  reliable.


The OPoC proposal is not the ideal privacy solution. EPIC, as well as  groups 
such 
as the Non-Commercial Users Constituency, recommended a distinction  between 
commercial and non-commercial domains in order to protect the privacy of  
registrants of 
domain names used for religious purposes, political speech,  organizational 
speech, and 
other forms of non-commercial speech. EPIC has previously stated that the  
WHOIS 
database should not publicize any registrant information, including name  and 
jurisdiction.


The WHOIS Working Group has proposed a workable framework. It is not a  
perfect framework. But it will help ensure that the WHOIS policy conforms  
with law and 
allow ICANN to move forward. If it is not possible to adopt this  solution, 
then the only 
sensible approach would be to allow the current WHOIS terms to simply  
sunset. 
Resolution 3 would be the only real option. 


The signatories to this letter are willing to assist in finishing off the  
implementation details of the OPoC proposal. 


Sincerely,


Marc Rotenberg
EPIC Executive Director


Allison Knight
Coordinator
Public Voice Project


Valerie Gordon, 
Jamaica Sustainable Development 
Network


Robin Gross
IP Justice


Robert Guerra, CPSR


Kim Heitman,
Board Member EFA
Deputy Chair AUDA


Norbert Klein
ICANN GNSO Council member
ICANN NCUC
Open Institute of Cambodia


Kathy Kleiman
Co-Founder, NCUC


Dan Krimm
TJ McIntyre (Chairman)
Digital Rights Ireland


Ville Oksanen
Vice Chairman, EFFI


Ross Rader, 
Domain Direct






Members of the EPIC Advisory Board


Steven Aftergood, Project Director
Federation of American Scientists


Anita L. Allen
Professor of Law and Philosphy
University of Pennsylvania


David Banisar, Director 
Freedom of Information Project, Privacy 
International;
Visiting Research Fellow,
School of Law, University of Leeds


Christine L. Borgman
Professor & Presidential Chair
Dept of Information Studies, UCLA


James Boyle
Professor of Law
Duke Law School


David Chaum
Founder
Punchscan


Julie E. Cohen
Professor Law
Georgetown University Law Center


Simon Davies
Director General
Privacy International


David Farber
Distinguished Career Professor of 
Computer Science and Public Policy,
Carnegie Mellon University


David H. Flaherty
Professor Emeritus
University of Western Ontario.


Austin Hill
Brudder Ventures


Jerry Kang
Professor of Law
UCLA Law School


Chris Larsen
CEO
Prosper Marketplace, Inc.


Mary Minow
Founder
LibraryLaw.com


Pablo Molina
Chief Information Officer
Georgetown University Law Center


Deborah C. Peel, MD,
Founder and Chair
Patient Privacy Rights


Anita Ramasastry
Associate Professor of Law
Director, Shidler Center for Law
Commerce & Technology
University of Washington School of 
Law


Ronald L. Rivest
Professor of Electrical Engineering and 
Computer Science
Massachusetts Institute of Technology


Pamela Samuelson
Distinguished Professor of Law; 
Professor of Information Management; 
Chancellor's Professor
School of Law – Boalt Hall
University of California at Berkeley


Bruce Schneier
CTO
BT Counterpaine


Edward G. Viltz
President and Founder
Internet Collaboration Coalition


NOTES


[1]  EPIC's comments on the ICANN WHOIS Task Force's "Preliminary  Task Force 
Report on WHOIS 
Services," January 12, 2007, available at 
<_http://www.epic.org/privacy/whois/comments.html_ (http://www.epic.org/privacy/whois/comments.html) >.
[2]  See, e.g., EPIC, "Privacy Issues Report: The Creation of A New  Task 
Force is Necessary For an 
Adequate Resolution of the Privacy Issues Associated With WHOIS," .before  
the GNSO Council (Mar. 10, 
2003), See EPIC Testimony Before House Subcommittee, Financial  Institutions 
and Consumer Credit, 
Committee on Financial Services "ICANN and the WHOIS Database: Providing  
Access to Protect 
Consumers from Phishing," (July 18, 2006), available 
athttp://financialservices.house.gov/media/pdf/071806mr.pdf; Brief Amicus  
Curiae of EPIC, Peterson v. 
Nat. Telecomm. & Info. Admin., No. 06-1216 (4th Cir. Apr. 24, 2006),  
available at. 
_http://www.epic.org/privacy/peterson/epic_peterson_amicus.pdf_ 
(http://www.epic.org/privacy/peterson/epic_peterson_amicus.pdf) ;  See generally EPIC WHOIS 
page, 
_http://www.epic.org/privacy/whois/_ (http://www.epic.org/privacy/whois/) .
[3]   The Public Voice, "WHOIS Letter to ICANN," (Oct. 28,  2003), 
_http://thepublicvoice.org/news/whoisletter.html_ 
(http://thepublicvoice.org/news/whoisletter.html) .
[4]  Final Report of the WHOIS Task Force, March 12, 2007, available  at 
<_http://gnso.icann.org/issues/whois-_ (http://gnso.icann.org/issues/whois-) 
privacy/whois-services-final-tf-report-12mar07.htm>; and Final Report  of the 
WHOIS Working Group, 
August 20, 2007, available at 
<_http://gnso.icann.org/drafts/icann-whois-wg-report-final-1-9.pdf_ 
(http://gnso.icann.org/drafts/icann-whois-wg-report-final-1-9.pdf) >.
[5]  EPIC and Privacy International, PRIVACY AND HUMAN RIGHTS: AN  
INTERNATIONAL SURVEY OF PRIVACY 
LAWS AND DEVELOPMENTS 154-57 ("WHOIS"), available at 
<_http://www.epic.org/phr06_ (http://www.epic.org/phr06) >.
[6]  Letter from Article 29 Working Party to ICANN Chair Vinton  Cerf, March 
12, 2007, available at 
<_http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf_ 
(http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf) >.
[7]  For additional country code Top Level Domain policy examples,  see EPIC 
Testimony Before House 
Subcommittee, Financial Institutions and Consumer Credit, Committee on  
Financial Services "ICANN and 
the WHOIS Database: Providing Access to Protect Consumers from Phishing,"  
available at 
<_http://financialservices.house.gov/media/pdf/071806mr.pdf_ 
(http://financialservices.house.gov/media/pdf/071806mr.pdf) >.





Begin forwarded message:


From: Marc Rotenberg <_rotenberg at epic.org_ (mailto:rotenberg at epic.org) >
Date: October 30, 2007 7:28:16  PM EDT
To: _whois-comments-2007 at icann.org_ (mailto:whois-comments-2007 at icann.org) 
Cc: Marc Rotenberg <_rotenberg at epic.org_ (mailto:rotenberg at epic.org) >, 
Allison Knight  <_knight at epic.org_ (mailto:knight at epic.org) >
Subject: Comments on WHOIS -  NGOs and EPIC Advisory Board 






=





 
 










/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
/\/\/\/\/\/\/\
Marc Rotenberg, Executive Director
Electronic Privacy Information Center (EPIC)
1718 Connecticut Ave., NW, Suite 200
Washington, DC 20009
+1 202 483 1140 x106 [tel]  
+1 202 483 1248 [fax]
 EPICMarc [voip-skype]
htttp://_www.epic.org_ (http://www.epic.org/) /



=


 



************************************** See what's new at http://www.aol.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20071031/1ed4b890/attachment.html>


More information about the Ncuc-discuss mailing list