Proposed comments for the WHOIS RT
Maria Farrell
maria.farrell at GMAIL.COM
Fri Mar 16 16:20:52 CET 2012
I also support submitting. (Well, I would, wouldn't I!)
Maria
On 15 March 2012 19:15, Robin Gross <robin at ipjustice.org> wrote:
> GreAt. Thank you very much. Let's submit.
>
> Robin
>
> On Mar 15, 2012, at 6:31 PM, Wendy Seltzer <wendy at SELTZER.COM> wrote:
>
> > Thanks very much to Maria and Joy for contributions to this, proposed
> > comments for the WHOIS RT. Comments are due March 18, but I'd like to
> > send them before leaving tomorrow, if possible.
> > <http://www.icann.org/en/news/announcements/announcement-05dec11-en.htm>
> >
> > We would like to commend the general readability of the report. WHOIS
> > has become a very complex issue, and presenting it so clearly and
> > accessibly facilitates participation in both this consultation process
> > and participation more generally. We particularly appreciate the hard
> > work of collecting the WHOIS policies from the various places where
> > they reside.
> >
> > High-level recommendations:
> >
> > The report should explicitly recommend that WHOIS policy recognize
> > that registrants, both individual and organizations, commercial and
> > non-commercial, have a legitimate interest in, *and in many jurisdictions
> > the legal right to, the privacy of their personal data*.
> >
> > In the normative discussion, privacy should be given equivalent emphasis
> > to accuracy. *It would be instructive in this regard to reference the
> > OECD privacy guidelines, agreed to by all OECD member countries with
> input
> > from business and civil society. Data accuracy (or 'quality') is
> considered
> > by OECD members to be of equal importance to purpose specification, use
> > limitation and security safeguards, none of which factors are supported
> by
> > Whois as it currently operates. (OECD Guideline reference:
> >
> http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
> > ) *
> >
> > It is as important that registrants have privacy as that
> > their data be accurately recorded. At the moment, the report appears,
> > from its emphasis on access and accuracy, to discount those privacy
> > concerns *that are accepted by all OECD member states and participating
> > business and civil society actors as having equal importance.*
> >
> >
> > Section F. Findings
> >
> > The brief ‘tour de table’ provides useful background reading, but
> > *should* include
> > reference to the fact that ICANN’s Whois policies are
> > incompatible with the OECD privacy guidelines and also applicable
> national
> > laws in many countries, including
> > member states of the European Union.*The European Union's Article 29
> > Working Party of national data protection officers provided specific
> input
> > to ICANN's 2003 Montreal meeting regarding the many ways gTLD Whois
> > breaches EU law. These included the lack of definition of a purpose of
> > Whois, lack of use limitation, misuse of Whois data by third parties and
> > the disproportionality of the publication of personal data. The Article
> 29
> > Working Party concluded that "there is no legal ground justifying the
> > mandatory publication of personal data referring to this person. (the
> > registrant)". *
> >
> > *(Article 29 WP reference: Opinion 2/2003 on the application of the data
> > protection principles*
> >
> > *to the Whois directories *
> >
> http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf)
> >
> > *It is very concerning that the findings of the Whois Review Team do not
> > consider the glaring fact of the illegality of gTLD Whois requirements in
> > many jurisdictions, and the incompatibility of Whois as it currently
> stands
> > with the only internationally accepted guidelines on data privacy. *
> >
> >
> > Section G. Recommendations
> >
> > 1. Single Whois Policy - "The Board should oversee the creation of a
> > single Whois policy document."
> >
> > We welcome the call for a single Whois policy that sets out the
> > requirements, globally and facilitates registrants who wish to consult
> > those requirements. Whois ‘policy’ is currently inferred from registry
> > and registrar contracts.* A single Whois policy should be compatible with
> > the internationally accepted OECD privacy guidelines, in respect of a
> > statement of purpose for the use of data, use limitation, data accuracy
> and
> > appropriate security safeguards for personal data.* However, gTLD policy
> > development is the
> > responsibility of the GNSO, not the Board (until the final stages),
> > and needs to be developed through the bottom up process, with the
> > cooperation of the multiple stakeholders affected.
> >
> > 3 - "Make Whois a Strategic Priority"
> >
> > Change "Strategic Priority" to "Strategic Consideration." As the
> > review team was focused only on WHOIS, it was in no position to
> > analyze the tradeoffs involved in setting global priorities. Many
> > items on ICANN's policy agenda *may be considered* more worthy of the
> > community's
> > limited time and attention. *The appropriate process for the community to
> > prioritize issues such as Whois is via the Strategic Plan.* No evidence
> > is offered in this report to support prioritizing
> > WHOIS o*ver other issues of importance to the community as a whole.*
> >
> > 5 - Data Accuracy - As many law enforcement comments in the report
> > suggest, contactability is more important than "accuracy." Separation
> > of the contact details from the public display could enhance the
> > accuracy of the contact details available to appropriately qualified
> > requesters.
> >
> > 10-16. "Data Access: Privacy and Proxy Services."
> >
> > The recommendations should explicitly acknowledge the importance of
> > privacy and proxy services in providing options to legitimate Internet
> > users to preserve their privacy. National laws in the United States,
> > for example, recognize privacy interests not only for individuals, but
> > for associations. The report further documents the legitimate
> > interests of even commercial Internet users in private domain name
> > registrations.
> > * In relation to the references to national legislation: it is
> > important to note that this reference may be problematic if national
> > legislation violates international human rights standards, for example,
> > relating to freedom of expression (see the citation of this report
> below).
> > * Freedom of association: proxy registration services can support
> the
> > rights of human rights defenders to carry out lawful activity without
> > persecution. Threats to registrants include surveillance of registrants
> > through use of information which is accessed via WHOIS data - continuing
> to
> > expand the nature of information held in WHOIS will only heighten the
> > safety
> > concerns of human rights defenders. In addition, just in time attacks on
> > websites of civil society organisations have been used to disrupt lawful
> > activity and democratic participation in a number of countries: see
> > Deibert,
> > R., Palfrey, J., Rohozinski, R. & Zittrain, J. (Eds.) (2011). Access
> > Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. MIT
> > Press.
> > * Governments whose legislation is in violation of these rights
> > should
> > not be able to rely on such laws when requesting WHOIS data access and
> > proxy
> > information. It would be unreasonable to require Registrars to carry out
> an
> > additional analysis. Other options include:
> > (1) Provide that LEA WHOIS data requests may be refused where there
> are
> > reasonable grounds to believe that such requests may violate
> *registrants'
> > *
> > rights of freedom of expression or freedom of association
> > (2) Require LEA to verify that national laws comply with human rights
> > standards
> > (3) Require LEA to verify that WHOIS requests do not violate
> > international human rights standards
> >
> >>
> > 17 - Data access - "ICANN should set up a dedicated, multilingual
> > interface website to provide thick Whois data for" COM and NET, who
> > have thin whois. This is subject to existing policy and policy-making
> > by the GNSO. It is inappropriate for the Review Team to intervene at
> > this level of detail into the GNSO policy process, *and in a way that
> > privileges certain substantive outcomes over others.*
> >
> >
> > Section E. Work of this RT
> >
> > A factual point. There is only one Chatham House rule, so the statement
> > referring to it should use the singular.
> >
> > Freedom of Expression References:
> >
> > As noted by the UN Special Rapporteur on Freedom of Opinion and
> Expression
> > in his annual report of 2011:
> >
> > 23. The vast potential and benefits of the Internet are
> > rooted in its unique characteristics, such as its speed, worldwide reach
> > and
> > relative anonymity. At the same time, these distinctive features of the
> > Internet that enable individuals to disseminate information in "real
> time"
> > and to mobilize people has also created fear amongst Governments and the
> > powerful. This has led to increased restrictions on the Internet through
> > the
> > use of increasingly sophisticated technologies to block content, monitor
> > and
> > identify activists and critics, criminalization of legitimate expression,
> > and adoption of restrictive legislation to justify such measures. In this
> > regard, the Special Rapporteur also emphasizes that the existing
> > international human rights standards, in particular article 19,
> paragraph 3
> > of the ICCPR, remain pertinent in determining the types of restrictions
> > that
> > are in breach of States' obligations to guarantee the right to freedom of
> > expression.
> > 24. As set out in article 19, paragraph 3 of the ICCPR,
> > there are certain, exceptional types of expression which may be
> > legitimately
> > restricted under international human rights law, essentially to safeguard
> > the rights of others. This issue has been examined in the previous annual
> > report of the Special Rapporteur. However, the Special Rapporteur deems
> it
> > appropriate to reiterate that any limitation to the right to freedom of
> > expression must pass the following three-part, cumulative test:
> > (1) it must be provided by law, which is clear and accessible to
> > everyone (principles of predictability and transparency); and
> > (2) it must pursue one of the purposes set out in article 19,
> paragraph
> > 3 of the ICCPR, namely (i) to protect the rights or reputations of
> others,
> > or (ii) to protect national security or of public order, or of public
> > health
> > or morals (principle of legitimacy); and
> > (3) it must be proven as necessary and the least restrictive means
> > required to achieve the purported aim (principles of necessity and
> > proportionality).
> > Moreover, any legislation restricting the right to
> > freedom of expression must be applied by a body which is independent of
> any
> > political, commercial, or other unwarranted influences in a manner that
> is
> > neither arbitrary nor discriminatory, and with adequate safeguards
> against
> > abuse, including the possibility of challenge and remedy against its
> > abusive
> > application.
> > And further:
> >
> > 26 However, in many instances, States restrict, control, manipulate
> and
> > censor content disseminated via the Internet without any legal basis, or
> on
> > the basis of broad and ambiguous laws; without justifying the purpose of
> > such actions; and/or in a manner that is clearly unnecessary and/or
> > disproportionate to achieve the intended aim, as explored in the
> following
> > sections. Such actions are clearly incompatible with States' obligations
> > under international human rights law, and often create a broader chilling
> > effect on the right to freedom of opinion and expression.
> > (full reference: Frank La Rue "Report of the Special Rapporteur on the
> > promotion and protection of the right to freedom of opinion and
> expression"
> > (26 April 2011, A/HRC/17/27) also available at: http://scr.bi/z6lZ8N )
> >
> >
> >
> >
> >
> > --
> > Wendy Seltzer -- wendy at seltzer.org +1 914-374-0613
> > Fellow, Yale Law School Information Society Project
> > Fellow, Berkman Center for Internet & Society at Harvard University
> > http://cyber.law.harvard.edu/seltzer.html
> > https://www.chillingeffects.org/
> > https://www.torproject.org/
> > http://www.freedom-to-tinker.com/
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20120316/b6819eb1/attachment-0001.html>
More information about the Ncuc-discuss
mailing list