[Privsec] whois
karen banks
karenb at gn.apc.org
Wed Sep 21 17:21:38 BST 2005
hi tapani
>Do we (CS / Privacy & Security wg) have a position on WHOIS,
>and if we do, what is it?
>
>(I don't even know what _my_ position is...
>I've used WHOIS often enough to find it useful and
>restrictions on it problematic, and I've also
>received spam because of being listed there,
>and I can imagine wanting to register a domain
>without being too easily assosiated with it.)
i have followed the NCUC discussions and subsequent recommendations on
WHOIS and agree with themk. I have posted them here before. Maybe we could
start there?
karen
ps.. apparently the ICANN Whois Taskforce has taken a position on this and
the NCUC supports is - below..
Date: Tue, 20 Sep 2005 14:38:12 EDT
From: KathrynKL at AOL.COM
Subject: [NCUC-DISCUSS] 10/2: Comments on WHOIS Data Protection
Recommendation due
To: NCUC-DISCUSS at LISTSERV.SYR.EDU
Friends:
I am pleased to report that after 3 years of work, the WHOIS Task Force
(TF)finally has a recommendation we can support! Now posted on both the
GNSO and ICANN homepages is a procedure (from the WHOIS TF to the Council)
that would allow Registrars to respect their own privacy laws and protect
personal data -- when threatened with prosecution under their
national/local privacy laws.
This Recommendation is an important first step -- to allow ICANN to work
with Registrars who live in countries that protect and prosecute under
their data protection laws. If passed by GNSO Council and the ICANN Board,
it will be the first time that ICANN has a mandate to create a set of
exceptions to the Registrar contracts -- and the first time that ICANN
officially recognizes that the personal data located in the WHOIS databases
(including name, address, telephone and email) is protected and governed
by national and local laws.
Would you please take a moment to support this important
recommendation? Short comments from your organization, or you as an
individual, are welcome.
PROCEEDING: Combined WHOIS task force (1,2 & 3)
Preliminary Report on a policy recommendation and advice on a
procedure for handling conflicts between a registrar/registry's
legal obligations under privacy laws and their contractual
obligations to ICANN
**DEADLINE: Sunday, October 2, 2005, 5pm.**
LINKS: www.icann.org or www.gnso.icann.org click Public Comment Forum
COMMENTS TO: gnso-whoisprivacy-cmts at icann.org
COMMENTS ARCHIVED
AT: http://forum.icann.org/lists/gnso-whoisprivacy-cmts
If you have any questions, feel free to contact me.
Regards,
Kathy Kleiman (co-author of this Recommendation as one of NCUC's
Representation to the Combined WHOIS TF)
p.s. This Recommendation is an important first step. Milton and I have
told the TF that we must continue to work towards changes in the WHOIS
database that protect the privacy of ALL registrants.
Additional Background useful for preparing comments:
Published back in 2003, the original report of WHOIS Task Force 2 noted
that Registrars were receiving complaints for violations of privacy laws
with the collection and publication of personal data in the WHOIS database
(mandated by ICANN's Registrar Accreditation Agreement). The TF2 report
was strong in its conclusions:
"The Task Force believes that there is an ongoing risk of conflict between
a registrars' or registries' legal obligations under local privacy laws and
their contractual obligations to ICANN. Since the variety of the existing
local privacy laws does not allow for a one-size-fits-all solution, the
registrars and registries encountering such local difficulties should be
allowed an exception from the contractual WHOIS obligation for the part of
the WHOIS data in question by the local regulation, after proving the
existence of such a conflict with a law or regulation."
In this report, TF2 also published a Table of Registrars, their countries
and the data protection laws (overview) of the countries. This Excel
spreadsheet is very interesting, and posted at the NCUC website
www.ncdnhc.org under "Summary of national laws affecting data privacy."
This year the Combined WHOIS TF moved forward with the work above and
created the Policy Recommendation now under review. It received unanimous
support from all the Constituencies at the TF level! Here is the text:
"I. Task Force Policy for WHOIS Conflicts with Privacy Law
CONSENSUS POLICY RECOMMENDATION
In order to facilitate reconciliation of any conflicts between
local/national mandatory privacy laws or regulations and applicable
provisions of the ICANN contract regarding the collection, display and
distribution of personal data via Whois, ICANN should:
Develop and publicly document a procedure for dealing with the
situation in which a registrar or registry can credibly demonstrate
that it is legally prevented by local/national privacy laws or
regulations from fully complying with applicable provisions of
its ICANN contract regarding the collection, display and
distribution of personal data via WHOIS.
Create goals for the procedure which include:
Ensuring that ICANN staff is informed of a conflict at the
earliest appropriate juncture;
Resolving the conflict, if possible, in a manner conducive to
ICANN's Mission, applicable Core Values and the
stability and uniformity of the Whois system;
Providing a mechanism for the recognition, if appropriate, in
circumstances where the conflict cannot be otherwise
resolved, of an exception to contractual obligations to
those registries/registrars to which the specific conflict
applies with regard to collection, display and distribution
of personally identifiable data via Whois; and
Preserving sufficient flexibility for ICANN staff to respond to
particular factual situations as they arise."
Detailed procedures for the handling conflicts with privacy law are set out
in Section II of the report (see links above).
More information about the Privsec
mailing list