Proposed comments for the WHOIS RT

Nicolas Adam nickolas.adam at GMAIL.COM
Fri Mar 16 19:58:55 CET 2012


Amazing work.

Nicolas

On 16/03/2012 11:20 AM, Maria Farrell wrote:
> I also support submitting. (Well, I would, wouldn't I!)
>
> Maria
>
> On 15 March 2012 19:15, Robin Gross <robin at ipjustice.org 
> <mailto:robin at ipjustice.org>> wrote:
>
>     GreAt.  Thank you very much.  Let's submit.
>
>     Robin
>
>     On Mar 15, 2012, at 6:31 PM, Wendy Seltzer <wendy at SELTZER.COM
>     <mailto:wendy at SELTZER.COM>> wrote:
>
>     > Thanks very much to Maria and Joy for contributions to this,
>     proposed
>     > comments for the WHOIS RT.  Comments are due March 18, but I'd
>     like to
>     > send them before leaving tomorrow, if possible.
>     >
>     <http://www.icann.org/en/news/announcements/announcement-05dec11-en.htm>
>     >
>     > We would like to commend the general readability of the report.
>     WHOIS
>     > has become a very complex issue, and presenting it so clearly and
>     > accessibly facilitates participation in both this consultation
>     process
>     > and participation more generally. We particularly appreciate the
>     hard
>     > work of collecting the WHOIS policies from the various places where
>     > they reside.
>     >
>     > High-level recommendations:
>     >
>     > The report should explicitly recommend that WHOIS policy recognize
>     > that registrants, both individual and organizations, commercial and
>     > non-commercial, have a legitimate interest in, *and in many
>     jurisdictions
>     > the legal right to, the privacy of their personal data*.
>     >
>     > In the normative discussion, privacy should be given equivalent
>     emphasis
>     > to accuracy. *It would be instructive in this regard to
>     reference the
>     > OECD privacy guidelines, agreed to by all OECD member countries
>     with input
>     > from business and civil society. Data accuracy (or 'quality') is
>     considered
>     > by OECD members to be of equal importance to purpose
>     specification, use
>     > limitation and security safeguards, none of which factors are
>     supported by
>     > Whois as it currently operates. (OECD Guideline reference:
>     >
>     http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
>     > ) *
>     >
>     > It is as important that registrants have privacy as that
>     > their data be accurately recorded. At the moment, the report
>     appears,
>     > from its emphasis on access and accuracy, to discount those privacy
>     > concerns *that are accepted by all OECD member states and
>     participating
>     > business and civil society actors as having equal importance.*
>     >
>     >
>     > Section F. Findings
>     >
>     > The brief ‘tour de table’ provides useful background reading, but
>     > *should* include
>     > reference to the fact that ICANN’s Whois policies are
>     > incompatible with the OECD privacy guidelines and also
>     applicable national
>     > laws in many countries, including
>     > member states of the European Union.*The European Union's Article 29
>     > Working Party of national data protection officers provided
>     specific input
>     > to ICANN's 2003 Montreal meeting regarding the many ways gTLD Whois
>     > breaches EU law. These included the lack of definition of a
>     purpose of
>     > Whois, lack of use limitation, misuse of Whois data by third
>     parties and
>     > the disproportionality of the publication of personal data. The
>     Article 29
>     > Working Party concluded that "there is no legal ground
>     justifying the
>     > mandatory publication of personal data referring to this person.
>     (the
>     > registrant)". *
>     >
>     > *(Article 29 WP reference: Opinion 2/2003 on the application of
>     the data
>     > protection principles*
>     >
>     > *to the Whois directories  *
>     >
>     http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf)
>     >
>     > *It is very concerning that the findings of the Whois Review
>     Team do not
>     > consider the glaring fact of the illegality of gTLD Whois
>     requirements in
>     > many jurisdictions, and the incompatibility of Whois as it
>     currently stands
>     > with the only internationally accepted guidelines on data privacy. *
>     >
>     >
>     > Section G. Recommendations
>     >
>     > 1.  Single Whois Policy - "The Board should oversee the creation
>     of a
>     > single Whois policy document."
>     >
>     > We welcome the call for a single Whois policy that sets out the
>     > requirements, globally and facilitates registrants who wish to
>     consult
>     > those requirements. Whois ‘policy’ is currently inferred from
>     registry
>     > and registrar contracts.* A single Whois policy should be
>     compatible with
>     > the internationally accepted OECD privacy guidelines, in respect
>     of a
>     > statement of purpose for the use of data, use limitation, data
>     accuracy and
>     > appropriate security safeguards for personal data.* However,
>     gTLD policy
>     > development is the
>     > responsibility of the GNSO, not the Board (until the final stages),
>     > and needs to be developed through the bottom up process, with the
>     > cooperation of the multiple stakeholders affected.
>     >
>     > 3 - "Make Whois a Strategic Priority"
>     >
>     > Change "Strategic Priority" to "Strategic Consideration." As the
>     > review team was focused only on WHOIS, it was in no position to
>     > analyze the tradeoffs involved in setting global priorities. Many
>     > items on ICANN's policy agenda *may be considered* more worthy
>     of the
>     > community's
>     > limited time and attention. *The appropriate process for the
>     community to
>     > prioritize issues such as Whois is via the Strategic Plan.* No
>     evidence
>     > is offered in this report to support prioritizing
>     > WHOIS o*ver other issues of importance to the community as a whole.*
>     >
>     > 5 - Data Accuracy - As many law enforcement comments in the report
>     > suggest, contactability is more important than "accuracy."
>     Separation
>     > of the contact details from the public display could enhance the
>     > accuracy of the contact details available to appropriately qualified
>     > requesters.
>     >
>     > 10-16. "Data Access: Privacy and Proxy Services."
>     >
>     > The recommendations should explicitly acknowledge the importance of
>     > privacy and proxy services in providing options to legitimate
>     Internet
>     > users to preserve their privacy. National laws in the United States,
>     > for example, recognize privacy interests not only for
>     individuals, but
>     > for associations. The report further documents the legitimate
>     > interests of even commercial Internet users in private domain name
>     > registrations.
>     > *       In relation to the references to national legislation: it is
>     > important to note that this reference may be problematic if national
>     > legislation violates international human rights standards, for
>     example,
>     > relating to freedom of expression (see the citation of this
>     report below).
>     > *       Freedom of association: proxy registration services can
>     support the
>     > rights of human rights defenders to carry out lawful activity
>     without
>     > persecution. Threats to registrants include surveillance of
>     registrants
>     > through use of information which is accessed via WHOIS data -
>     continuing to
>     > expand the nature of information held in WHOIS will only
>     heighten the
>     > safety
>     > concerns of human rights defenders. In addition, just in time
>     attacks on
>     > websites of civil society organisations have been used to
>     disrupt lawful
>     > activity and democratic participation in a number of countries: see
>     > Deibert,
>     > R., Palfrey, J., Rohozinski, R. & Zittrain, J. (Eds.) (2011). Access
>     > Controlled: The Shaping of Power, Rights, and Rule in
>     Cyberspace. MIT
>     > Press.
>     > *       Governments whose legislation is in violation of these
>     rights
>     > should
>     > not be able to rely on such laws when requesting WHOIS data
>     access and
>     > proxy
>     > information. It would be unreasonable to require Registrars to
>     carry out an
>     > additional analysis. Other options include:
>     > (1)     Provide that LEA WHOIS data requests may be refused
>     where there are
>     > reasonable grounds to believe that such requests may violate
>     *registrants'
>     > *
>     > rights of freedom of expression or freedom of association
>     > (2)     Require LEA to verify that national laws comply with
>     human rights
>     > standards
>     > (3)     Require LEA to verify that WHOIS requests do not violate
>     > international human rights standards
>     >
>     >>
>     > 17 - Data access - "ICANN should set up a dedicated, multilingual
>     > interface website to provide thick Whois data for" COM and NET, who
>     > have thin whois.  This is subject to existing policy and
>     policy-making
>     > by the GNSO. It is inappropriate for the Review Team to intervene at
>     > this level of detail into the GNSO policy process, *and in a way
>     that
>     > privileges certain substantive outcomes over others.*
>     >
>     >
>     > Section E. Work of this RT
>     >
>     > A factual point. There is only one Chatham House rule, so the
>     statement
>     > referring to it should use the singular.
>     >
>     > Freedom of Expression References:
>     >
>     > As noted by the UN Special Rapporteur on Freedom of Opinion and
>     Expression
>     > in his annual report of 2011:
>     >
>     >               23.     The vast potential and benefits of the
>     Internet are
>     > rooted in its unique characteristics, such as its speed,
>     worldwide reach
>     > and
>     > relative anonymity. At the same time, these distinctive features
>     of the
>     > Internet that enable individuals to disseminate information in
>     "real time"
>     > and to mobilize people has also created fear amongst Governments
>     and the
>     > powerful. This has led to increased restrictions on the Internet
>     through
>     > the
>     > use of increasingly sophisticated technologies to block content,
>     monitor
>     > and
>     > identify activists and critics, criminalization of legitimate
>     expression,
>     > and adoption of restrictive legislation to justify such
>     measures. In this
>     > regard, the Special Rapporteur also emphasizes that the existing
>     > international human rights standards, in particular article 19,
>     paragraph 3
>     > of the ICCPR, remain pertinent in determining the types of
>     restrictions
>     > that
>     > are in breach of States' obligations to guarantee the right to
>     freedom of
>     > expression.
>     >               24.     As set out in article 19, paragraph 3 of
>     the ICCPR,
>     > there are certain, exceptional types of expression which may be
>     > legitimately
>     > restricted under international human rights law, essentially to
>     safeguard
>     > the rights of others. This issue has been examined in the
>     previous annual
>     > report of the Special Rapporteur. However, the Special
>     Rapporteur deems it
>     > appropriate to reiterate that any limitation to the right to
>     freedom of
>     > expression must pass the following three-part, cumulative test:
>     > (1)     it must be provided by law, which is clear and accessible to
>     > everyone (principles of predictability and transparency); and
>     > (2)     it must pursue one of the purposes set out in article
>     19, paragraph
>     > 3 of the ICCPR, namely (i) to protect the rights or reputations
>     of others,
>     > or (ii) to protect national security or of public order, or of
>     public
>     > health
>     > or morals (principle of legitimacy); and
>     > (3)     it must be proven as necessary and the least restrictive
>     means
>     > required to achieve the purported aim (principles of necessity and
>     > proportionality).
>     >                       Moreover, any legislation restricting the
>     right to
>     > freedom of expression must be applied by a body which is
>     independent of any
>     > political, commercial, or other unwarranted influences in a
>     manner that is
>     > neither arbitrary nor discriminatory, and with adequate
>     safeguards against
>     > abuse, including the possibility of challenge and remedy against its
>     > abusive
>     > application.
>     > And further:
>     >
>     > 26      However, in many instances, States restrict, control,
>     manipulate and
>     > censor content disseminated via the Internet without any legal
>     basis, or on
>     > the basis of broad and ambiguous laws; without justifying the
>     purpose of
>     > such actions; and/or in a manner that is clearly unnecessary and/or
>     > disproportionate to achieve the intended aim, as explored in the
>     following
>     > sections. Such actions are clearly incompatible with States'
>     obligations
>     > under international human rights law, and often create a broader
>     chilling
>     > effect on the right to freedom of opinion and expression.
>     > (full reference: Frank La Rue "Report of the Special Rapporteur
>     on the
>     > promotion and protection of the right to freedom of opinion and
>     expression"
>     > (26 April 2011, A/HRC/17/27) also available at:
>     http://scr.bi/z6lZ8N )
>     >
>     >
>     >
>     >
>     >
>     > --
>     > Wendy Seltzer -- wendy at seltzer.org <mailto:wendy at seltzer.org> +1
>     914-374-0613
>     > Fellow, Yale Law School Information Society Project
>     > Fellow, Berkman Center for Internet & Society at Harvard University
>     > http://cyber.law.harvard.edu/seltzer.html
>     > https://www.chillingeffects.org/
>     > https://www.torproject.org/
>     > http://www.freedom-to-tinker.com/
>     >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20120316/1d7a01db/attachment-0001.html>


More information about the Ncuc-discuss mailing list