Proposed comments for the WHOIS RT
Robin Gross
robin at IPJUSTICE.ORG
Fri Mar 16 02:15:54 CET 2012
GreAt. Thank you very much. Let's submit.
Robin
On Mar 15, 2012, at 6:31 PM, Wendy Seltzer <wendy at SELTZER.COM> wrote:
> Thanks very much to Maria and Joy for contributions to this, proposed
> comments for the WHOIS RT. Comments are due March 18, but I'd like to
> send them before leaving tomorrow, if possible.
> <http://www.icann.org/en/news/announcements/announcement-05dec11-en.htm>
>
> We would like to commend the general readability of the report. WHOIS
> has become a very complex issue, and presenting it so clearly and
> accessibly facilitates participation in both this consultation process
> and participation more generally. We particularly appreciate the hard
> work of collecting the WHOIS policies from the various places where
> they reside.
>
> High-level recommendations:
>
> The report should explicitly recommend that WHOIS policy recognize
> that registrants, both individual and organizations, commercial and
> non-commercial, have a legitimate interest in, *and in many jurisdictions
> the legal right to, the privacy of their personal data*.
>
> In the normative discussion, privacy should be given equivalent emphasis
> to accuracy. *It would be instructive in this regard to reference the
> OECD privacy guidelines, agreed to by all OECD member countries with input
> from business and civil society. Data accuracy (or 'quality') is considered
> by OECD members to be of equal importance to purpose specification, use
> limitation and security safeguards, none of which factors are supported by
> Whois as it currently operates. (OECD Guideline reference:
> http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
> ) *
>
> It is as important that registrants have privacy as that
> their data be accurately recorded. At the moment, the report appears,
> from its emphasis on access and accuracy, to discount those privacy
> concerns *that are accepted by all OECD member states and participating
> business and civil society actors as having equal importance.*
>
>
> Section F. Findings
>
> The brief ‘tour de table’ provides useful background reading, but
> *should* include
> reference to the fact that ICANN’s Whois policies are
> incompatible with the OECD privacy guidelines and also applicable national
> laws in many countries, including
> member states of the European Union.*The European Union's Article 29
> Working Party of national data protection officers provided specific input
> to ICANN's 2003 Montreal meeting regarding the many ways gTLD Whois
> breaches EU law. These included the lack of definition of a purpose of
> Whois, lack of use limitation, misuse of Whois data by third parties and
> the disproportionality of the publication of personal data. The Article 29
> Working Party concluded that "there is no legal ground justifying the
> mandatory publication of personal data referring to this person. (the
> registrant)". *
>
> *(Article 29 WP reference: Opinion 2/2003 on the application of the data
> protection principles*
>
> *to the Whois directories *
> http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf)
>
> *It is very concerning that the findings of the Whois Review Team do not
> consider the glaring fact of the illegality of gTLD Whois requirements in
> many jurisdictions, and the incompatibility of Whois as it currently stands
> with the only internationally accepted guidelines on data privacy. *
>
>
> Section G. Recommendations
>
> 1. Single Whois Policy - "The Board should oversee the creation of a
> single Whois policy document."
>
> We welcome the call for a single Whois policy that sets out the
> requirements, globally and facilitates registrants who wish to consult
> those requirements. Whois ‘policy’ is currently inferred from registry
> and registrar contracts.* A single Whois policy should be compatible with
> the internationally accepted OECD privacy guidelines, in respect of a
> statement of purpose for the use of data, use limitation, data accuracy and
> appropriate security safeguards for personal data.* However, gTLD policy
> development is the
> responsibility of the GNSO, not the Board (until the final stages),
> and needs to be developed through the bottom up process, with the
> cooperation of the multiple stakeholders affected.
>
> 3 - "Make Whois a Strategic Priority"
>
> Change "Strategic Priority" to "Strategic Consideration." As the
> review team was focused only on WHOIS, it was in no position to
> analyze the tradeoffs involved in setting global priorities. Many
> items on ICANN's policy agenda *may be considered* more worthy of the
> community's
> limited time and attention. *The appropriate process for the community to
> prioritize issues such as Whois is via the Strategic Plan.* No evidence
> is offered in this report to support prioritizing
> WHOIS o*ver other issues of importance to the community as a whole.*
>
> 5 - Data Accuracy - As many law enforcement comments in the report
> suggest, contactability is more important than "accuracy." Separation
> of the contact details from the public display could enhance the
> accuracy of the contact details available to appropriately qualified
> requesters.
>
> 10-16. "Data Access: Privacy and Proxy Services."
>
> The recommendations should explicitly acknowledge the importance of
> privacy and proxy services in providing options to legitimate Internet
> users to preserve their privacy. National laws in the United States,
> for example, recognize privacy interests not only for individuals, but
> for associations. The report further documents the legitimate
> interests of even commercial Internet users in private domain name
> registrations.
> * In relation to the references to national legislation: it is
> important to note that this reference may be problematic if national
> legislation violates international human rights standards, for example,
> relating to freedom of expression (see the citation of this report below).
> * Freedom of association: proxy registration services can support the
> rights of human rights defenders to carry out lawful activity without
> persecution. Threats to registrants include surveillance of registrants
> through use of information which is accessed via WHOIS data - continuing to
> expand the nature of information held in WHOIS will only heighten the
> safety
> concerns of human rights defenders. In addition, just in time attacks on
> websites of civil society organisations have been used to disrupt lawful
> activity and democratic participation in a number of countries: see
> Deibert,
> R., Palfrey, J., Rohozinski, R. & Zittrain, J. (Eds.) (2011). Access
> Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. MIT
> Press.
> * Governments whose legislation is in violation of these rights
> should
> not be able to rely on such laws when requesting WHOIS data access and
> proxy
> information. It would be unreasonable to require Registrars to carry out an
> additional analysis. Other options include:
> (1) Provide that LEA WHOIS data requests may be refused where there are
> reasonable grounds to believe that such requests may violate *registrants'
> *
> rights of freedom of expression or freedom of association
> (2) Require LEA to verify that national laws comply with human rights
> standards
> (3) Require LEA to verify that WHOIS requests do not violate
> international human rights standards
>
>>
> 17 - Data access - "ICANN should set up a dedicated, multilingual
> interface website to provide thick Whois data for" COM and NET, who
> have thin whois. This is subject to existing policy and policy-making
> by the GNSO. It is inappropriate for the Review Team to intervene at
> this level of detail into the GNSO policy process, *and in a way that
> privileges certain substantive outcomes over others.*
>
>
> Section E. Work of this RT
>
> A factual point. There is only one Chatham House rule, so the statement
> referring to it should use the singular.
>
> Freedom of Expression References:
>
> As noted by the UN Special Rapporteur on Freedom of Opinion and Expression
> in his annual report of 2011:
>
> 23. The vast potential and benefits of the Internet are
> rooted in its unique characteristics, such as its speed, worldwide reach
> and
> relative anonymity. At the same time, these distinctive features of the
> Internet that enable individuals to disseminate information in "real time"
> and to mobilize people has also created fear amongst Governments and the
> powerful. This has led to increased restrictions on the Internet through
> the
> use of increasingly sophisticated technologies to block content, monitor
> and
> identify activists and critics, criminalization of legitimate expression,
> and adoption of restrictive legislation to justify such measures. In this
> regard, the Special Rapporteur also emphasizes that the existing
> international human rights standards, in particular article 19, paragraph 3
> of the ICCPR, remain pertinent in determining the types of restrictions
> that
> are in breach of States' obligations to guarantee the right to freedom of
> expression.
> 24. As set out in article 19, paragraph 3 of the ICCPR,
> there are certain, exceptional types of expression which may be
> legitimately
> restricted under international human rights law, essentially to safeguard
> the rights of others. This issue has been examined in the previous annual
> report of the Special Rapporteur. However, the Special Rapporteur deems it
> appropriate to reiterate that any limitation to the right to freedom of
> expression must pass the following three-part, cumulative test:
> (1) it must be provided by law, which is clear and accessible to
> everyone (principles of predictability and transparency); and
> (2) it must pursue one of the purposes set out in article 19, paragraph
> 3 of the ICCPR, namely (i) to protect the rights or reputations of others,
> or (ii) to protect national security or of public order, or of public
> health
> or morals (principle of legitimacy); and
> (3) it must be proven as necessary and the least restrictive means
> required to achieve the purported aim (principles of necessity and
> proportionality).
> Moreover, any legislation restricting the right to
> freedom of expression must be applied by a body which is independent of any
> political, commercial, or other unwarranted influences in a manner that is
> neither arbitrary nor discriminatory, and with adequate safeguards against
> abuse, including the possibility of challenge and remedy against its
> abusive
> application.
> And further:
>
> 26 However, in many instances, States restrict, control, manipulate and
> censor content disseminated via the Internet without any legal basis, or on
> the basis of broad and ambiguous laws; without justifying the purpose of
> such actions; and/or in a manner that is clearly unnecessary and/or
> disproportionate to achieve the intended aim, as explored in the following
> sections. Such actions are clearly incompatible with States' obligations
> under international human rights law, and often create a broader chilling
> effect on the right to freedom of opinion and expression.
> (full reference: Frank La Rue "Report of the Special Rapporteur on the
> promotion and protection of the right to freedom of opinion and expression"
> (26 April 2011, A/HRC/17/27) also available at: http://scr.bi/z6lZ8N )
>
>
>
>
>
> --
> Wendy Seltzer -- wendy at seltzer.org +1 914-374-0613
> Fellow, Yale Law School Information Society Project
> Fellow, Berkman Center for Internet & Society at Harvard University
> http://cyber.law.harvard.edu/seltzer.html
> https://www.chillingeffects.org/
> https://www.torproject.org/
> http://www.freedom-to-tinker.com/
>
More information about the Ncuc-discuss
mailing list