response from Council of Europe to express concerns for ICANN's privacy compliance on RAA negotiations

[Robin Gross]

All,

The Council of Europe has also responded to NCUC's privacy letter  
(attached) and stated that it shares our concerns about ICANN's  
compliance with privacy rights.

Best,
Robin


Begin forwarded message:

> From: KWASNY Sophie <Sophie.KWASNY at coe.int>
> Date: October 11, 2012 5:42:39 AM PDT
> To: "'robin at ipjustice.org'" <robin at ipjustice.org>
> Cc: THACI Elvana <Elvana.THACI at coe.int>
> Subject: RE: Urgent Request from Non-Commercial Users Constituency  
> for Council of Europe to review ICANN contract for privacy compliance
> Dear Mr Gross,
>
> Please find attached a letter of the Chair of the Consultative  
> Committee of Convention 108 for your attention.
>
> Should you need any complementary information, please do not  
> hesitate to contact me.
>
> Best regards,
> Sophie Kwasny
> Data Protection Unit
> Human Rights and Rule of Law (DG I)
> CONSEIL DE L'EUROPE - COUNCIL OF EUROPE
> tel :  + 33(0) 3 90 21 43 39
>
> www.coe.int/dataprotection
>
> From: Robin Gross [mailto:robin at ipjustice.org]
> Sent: Sunday 22 July 2012 22:20
> To: THACI Elvana
> Cc: David Cake (dave at difference.com.au) (dave at difference.com.au);  
> Wolfgang Kleinwächter
> Subject: Urgent Request from Non-Commercial Users Constituency for  
> Council of Europe to review ICANN contract for privacy compliance
>
> Dear Thaci Elvana:
>
> I am writing to you as a matter of urgency concerning online  
> privacy. I represent the Non-Commercial Users Constituency of ICANN  
> and have concerns regarding ICANN’s the current consultation  
> relating to contracts with Registrars. A short letter from your  
> office would help greatly to balance the negotiation discussion. I  
> ask you to send correspondence to the ICANN Board Chair and CEO.
>
> As you will be aware, the international management of Internet  
> naming and addressing is conducted by ICANN, the Internet  
> Corporation for Assigned Names and Numbers. As part of ICANN’s  
> work, contractual arrangements are entered into with private  
> corporations to offer particular Internet domain names to the  
> public. These private corporations (“Registrars”) in turn  
> undertake to manage the personal details of their customers  
> (“Registrants”) in accordance with the requirements of their  
> contract with ICANN.
>
> Registrars collect and hold personal information about registrants  
> and have obligations to uphold privacy-related principles for the  
> collection, use, storage and disposal of this registration data. It  
> is my belief that ICANN requirements within the contracts with  
> Registrars must uphold and not violate international human rights  
> standards on privacy, in particular collection, access to, and use  
> of such data. Incursions on privacy are permissible, only when  
> restricted to exceptional circumstances, such as access by law  
> enforcement bodies pursuant to a judicial process and in any event  
> subject to rules relating to access to data across national borders.
>
> The aggregated database of registrants’ contact information is  
> called the WHOIS database, and is currently required to be  
> published to unauthenticated requesters. In my view, information  
> within this database must only be collected for the purpose for  
> which is needed, and sensitive information must be made available  
> only to those with demonstrated need. There is no clearly  
> established need for the collection of, for instance, telephone  
> numbers for the purposes of registering a domain name, although  
> Registrars and others may find this convenient. A blanket  
> requirement to provide telephone numbers would, therefore, seem to  
> be an unreasonable intrusion into the privacy rights of  
> registrants. Similarly, physical addresses and secondary identity  
> verification documents are not required for the operation of the  
> domain name system, and in my view should not be permitted or  
> required in the contracts ICANN has with Registrars.
>
> I am sure you will understand that with the creation of a data-rich  
> database, concerns regarding the proper and secure storage and  
> compliant arrangements for the disposal of registration data when  
> it is no longer required become more important and potentially  
> privacy-intrusive. In my view, the current requirements in the new  
> draft contracts with Registrars are likely to infringe national  
> privacy laws and have impact on citizens within your jurisdiction.
>
> For example, WHOIS contact details need only be an email address of  
> a technical officer who is empowered by the registrant to fix  
> technical issues with a domain name address or pass on  
> communications. There is no technical need for identity  
> verification, let alone regular or annual verification, beyond the  
> existing requirements. In many jurisdictions where freedom of  
> expression is tenuous, the greater the degree of anonymity or  
> pseudonymity, the greater the freedom of expression. This is even  
> more acute when the database is stored in a foreign country and  
> subject to different national laws regarding privacy and access by  
> public officials to private databases. It is important, therefore,  
> to ensure that national laws relating to privacy are respected.
>
> The Article 29 Working Party has previously considered WHOIS, and  
> raised concerns as far back as 2003, saying that “it is necessary  
> to look for less intrusive methods that would still serve the  
> purpose of the Whois directories without having all data directly  
> available on-line to everybody.” http://ec.europa.eu/justice/ 
> policies/privacy/docs/wpdocs/2003/wp76_en.pdf   Unfortunately,  
> ICANN’s draft contract goes in the opposite direction,  
> exacerbating the privacy harms.
>
> The draft contracts are open for comment – see http:// 
> www.icann.org/en/news/announcements/announcement-7-04jun12-en.htm -  
> and I would request your organisation review and consider the  
> privacy impacts of these new contracts – in particular the summary  
> of the negotiating team’s responses to law enforcement  
> submissions. On behalf of the Non-Commercial User Constituency, I  
> recommend that your organisation respond to the ICANN consultative  
> process to ensure that privacy considerations and respect for  
> national privacy laws remains a strong feature of ICANN’s  
> contractual arrangements. Your comments would be very helpful in  
> giving balanced background to the negotiations.
>
> I recommend that you send comments directly to Dr. Steve Crocker,  
> Chair of the ICANN Board, and Akram Atallah, interim CEO, via email  
> to the Director of Board Support, diane.schroeder at icann.org.  
> Comments by the end of July would be most helpful, but any  
> information you can add would be welcome.
>
> Please feel free to contact me dave at DIFFERENCE.COM.AU if the NCUC  
> can provide further information or background.
>
> Very truly yours,
>
> David Cake, Chair, Non-Commercial Users Constituency
>
> Robin Gross, Chair, Non-Commercial Stakeholders Group
>
> More info on ICANN RAA contract negotiations:
>      https://community.icann.org/display/RAA/Negotiations+Between 
> +ICANN+and+Registrars+to+Amend+the+Registrar+Accreditation+Agreement
> _______________________________________________
> Robin D. Gross, IP Justice Executive Director
> Web: www.ipjustice.org
> Email: Robin at ipjustice.org
> Phone: +1 415.553.6261
>




IP JUSTICE
Robin Gross, Executive Director
1192 Haight Street, San Francisco, CA  94117  USA
p: +1-415-553-6261    f: +1-415-462-6451
w: http://www.ipjustice.org     e: robin at ipjustice.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20121011/05147a84/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lettreICANN.pdf
Type: application/pdf
Size: 42491 bytes
Desc: not available
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20121011/05147a84/attachment.pdf>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20121011/05147a84/attachment-0001.html>