[Privsec] [Fwd: [Fwd: [NCUC-DISCUSS] Timely - Please sign on to
EPIC letter!]]
Robin Gross
robin at ipjustice.org
Mon Oct 29 21:04:55 GMT 2007
Dear Privacy Activists:
We need your help in the next 2 days to comment to ICANN and ask for
privacy protections in the WHOIS database. Or please sign-on to EPIC's
letter on the issue (see below). The IP constituency is working hard to
undermine efforts to protect privacy with their own letters to ICANN.
We need the privacy community to weigh-in at ICANN too.
Thank you,
Robin
-------- Original Message --------
Subject: [NCUC-DISCUSS] Timely - Please sign on to EPIC letter!
Date: Sat, 27 Oct 2007 10:52:18 EDT
From: KathrynKL at AOL.COM
Reply-To: KathrynKL at AOL.COM
To: NCUC-DISCUSS at LISTSERV.SYR.EDU
Friends in NCUC, we need your help. GNSO Council is now completely
OVERWHELMED with letters from the Intellectual Property (IP)
Constituency. After seven years of work, IP wants to send everything
back to beginning -- no privacy, no plan, no direction. We have come
too far to do that. We have spent too many years on Task Forces and
Working Groups. National laws all over the world gives us the right to
privacy, and ICANN knows it.
Would you be willing to sign on to the Electronic Privacy Information
Center's (EPIC's letter) below? If so, please write to Marc Rotenberg
at rotenberg at epic.org <mailto:rotenberg at epic.org> with your name and
organization.
TIME IS OF THE ESSENSE. PLEASE WRITE TODAY.
Best,
Kathy Kleiman (NCUC Whois Task Force member 2003-2006)
(Comments can be submitted to: <whois-comments-2007 at icann.org>
Comments may be viewed at:
http://forum.icann.org/lists/whois-comments-2007/)
October 25, 2007
Mr. Vint Cerf, Chairman
Mr. Paul Twomey, President & CEO
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6601
USA
Dear Mr Twomey and Members of the ICANN Board,
The purpose of this letter is to express our support for changes to
Whois services that would protect the privacy of individuals,
specifically the removal of registrants’ contact information from the
publicly accessible Whois database.^^1
<aoldb://mail/write/template.htm#sdfootnote1sym> It is also to propose a
sensible resolution to the long-running discussion over Whois that would
establish a bit of “policy stability” and allow the various
constituencies to move on to other work
EPIC has had long-standing involvement in the Whois issue. As a member
of the Whois Privacy Steering Committee, EPIC assisted in the
development of the Whois work program, and has been a member of the
Non-Commercial Users Constituency for several years. EPIC has submitted
extensive comments to ICANN on Whois, and has testified before the US
Congress in support of new privacy safeguards for WHOIS as well as
filing a brief in the US courts on the privacy implications of the WHOIS
registry.^^2 <aoldb://mail/write/template.htm#sdfootnote2sym>
Both the Whois Task Force and the Whois Working Group agree that new
mechanisms must be adopted to address an individual's right to privacy
and the protection of his/her data.^^3
<aoldb://mail/write/template.htm#sdfootnote3sym> Current ICANN Whois
policy conflicts with national privacy laws, including the EU Data
Protection Directive, which requires the establishment of a legal
framework to ensure that when personal information is collected, it is
used only for its intended purpose. As personal information in the
directory is used for other purposes and ICANN's policy keeps the
information public and anonymously accessible, the database could be
found illegal according to many national privacy and data protection
laws including the European Data Protection Directive, European data
protection laws and legislation in Canada and Australia.^^4
<aoldb://mail/write/template.htm#sdfootnote4sym>
The Article 29 Working Party, an independent European advisory body on
data protection and privacy, states that “in its current form the
[Whois] database does not take account of the data protection and
privacy rights of those identifiable persons who are named as the
contacts for domain names and organizations.”^^5
<aoldb://mail/write/template.htm#sdfootnote5sym> The conflict with
national privacy law is real and cannot be dismissed. A sensible
resolution of the Whois matter must take this into account.
In addition, country code Top Level Domains are moving to provide more
privacy protection in accordance with national law. For example,
regarding Australia's TLD, .au, the WHOIS policy of the .au Domain
Administration Ltd (AUDA) states in section 4.2, "In order to comply
with Australian privacy legislation, registrant telephone and facsimile
numbers will not be disclosed. In the case of id.au domain names (for
individual registrants, rather than corporate registrants), the
registrant contact name and address details also will not be
disclosed."^^6 <aoldb://mail/write/template.htm#sdfootnote6sym>
The Final Outcomes Report recently published by the Whois Working Group
contains several key compromises and useful statements and represents
significant progress on substantive Whois issues. The Whois Working
Group found agreement in critical areas that advance the Whois
discussion within ICANN and provide clear guidance to the ICANN Board.
In its report, the Whois Working Group accepted the Operational Point of
Contact (OPoC) proposal as a starting point, and the best option to
date. The OPoC proposal would replace publicly available registrant
contact information with an intermediate contact responsible for
relaying messages to the registrant. The Working Group agreed that there
may be up to two OPoCs, and that an OPoC can be the Registrant, the
Registrar, or any third party appointed by the Registrant. The
Registrant is responsible for having a functional OPOC. The Working
Party also agreed that the OPOC should have a consensual relationship to
the Registrant with defined responsibilities. This would necessitate the
creation of a new process, and changes to the Registrar Accreditation
Agreement and Registrar-Registrant agreements to reflect this relationship.
The Board should support the agreed standard for disclosure of
unpublished Whois personal data – reasonable evidence of actionable
harm. But the Board should leave this term undefined, as it is now in
the RAA for proxy services. This standard will allow the OPoC contact,
registrars and registries to work within the framework of their national
and local laws to provide access to this personal data.
OPoCs must be allowed to employ strategies and standards similar to
those of the registrars and registries to ensure that the person
receiving the protected personal Whois data is in fact a law enforcement
official.
The OPoC proposal does not impede reasonable law or intellectual
property enforcement efforts. In fact, effective implementation of the
OPoC proposal would benefit all stakeholders by improving the accuracy
of the information in the database. Because personal data will be kept
private, individuals will provide more accurate data. As a result, the
Whois database will be more useful and more reliable.
The OPoC proposal is not the ideal privacy solution. EPIC, as well as
groups such as the Non-Commercial Users Constituency, recommended a
distinction between commercial and non-commercial domains in order to
protect the privacy of registrants of domain names used for religious
purposes, political speech, organizational speech, and other forms of
non-commercial speech. EPIC has previously stated that the Whois
database should not publicize any registrant information, including name
and jurisdiction.
The Whois Working Group has proposed a workable framework. It is not a
perfect framework. But it will help ensure that the WHOIS policy
conforms with law and allow ICANN to move forward. If it is not possible
to adopt this solution, then the only sensible approach would be to
allow the current Whois terms to simply sunset. Resolution 3 would be
the only real option.
The signatories to this letter are willing to assist in finishing off
the implementation details of the OPoC proposal.
Sincerely,
Marc Rotenberg
EPIC Executive Director
Allison Knight
Coordinator, Public Voice Project
1 <aoldb://mail/write/template.htm#sdfootnote1anc> EPIC’s comments on
the ICANN Whois Task Force’s "Preliminary Task Force Report on Whois
Services," January 12, 2007, available at
<http://www.epic.org/privacy/whois/comments.html>.
2 <aoldb://mail/write/template.htm#sdfootnote2anc> [cite]
3 <aoldb://mail/write/template.htm#sdfootnote3anc> Final Report of the
Whois Task Force, March 12, 2007, available at
<http://gnso.icann.org/issues/whois-privacy/whois-services-final-tf-report-12mar07.htm>;
and Final Report of the Whois Working Group, August 20, 2007, available
at <http://gnso.icann.org/drafts/icann-whois-wg-report-final-1-9.pdf>.
4 <aoldb://mail/write/template.htm#sdfootnote4anc> Privacy and Human
Rights: An International Survey of Privacy Laws and Developments (EPIC
and Privacy International 2006), available at <http://www.epic.org/phr06>.
5 <aoldb://mail/write/template.htm#sdfootnote5anc> Letter from Article
29^ Working Party to Vinton Cerf, March 12, 2007, available at
<http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf>.
6 <aoldb://mail/write/template.htm#sdfootnote6anc> For additional
country code Top Level Domain policy examples, see EPIC Testimony Before
House Subcommittee, Financial Institutions and Consumer Credit,
Committee on Financial Services “ICANN and the WHOIS Database: Providing
Access to Protect Consumers from Phishing,” available at
<http://financialservices.house.gov/media/pdf/071806mr.pdf>.
------------------------------------------------------------------------
See what's new at AOL.com <http://www.aol.com?NCID=AOLCMP00300000001170>
and Make AOL Your Homepage
<http://www.aol.com/mksplash.adp?NCID=AOLCMP00300000001169>.
More information about the Privsec
mailing list