Fwd: [IAG-WHOIS conflicts] Response to final report

[Holly Raiche <h.raiche@xxxxxxxxxxxxxxxx>]

As per Maria’s suggestion, below is a response to the Whois Conflicts report

Begin forwarded message:

> From: Maria Otanes <maria.otanes@xxxxxxxxx>
> Subject: Re: [IAG-WHOIS conflicts] Response to final report
> Date: 24 November 2015 1:56:57 am AEDT
> To: Holly Raiche <h.raiche@xxxxxxxxxxxxxxxx>
> 
> Hi Holly,
> 
> Please send your comments to: comments-iag-whois-05oct15@xxxxxxxxx 
> 
> If you have any questions, please let me know. Thank you!
> 
> Best,
> Maria
> 
> From: <whois-iag-volunteers-bounces@xxxxxxxxx> on behalf of Holly Raiche 
> <h.raiche@xxxxxxxxxxxxxxxx>
> Date: Sunday, November 22, 2015 at 2:38 PM
> To: "whois-iag-volunteers@xxxxxxxxx" <whois-iag-volunteers@xxxxxxxxx>
> Cc: Alan Greenberg <alan.greenberg@xxxxxxxxx>
> Subject: [IAG-WHOIS conflicts] Response to final report
> 
> The following is an informal statement that represents the view of many of 
> the ALAC members.   We simply did not have the bandwidth or time to formally 
> approve this statement, so it cannot be considered as a formal ALAC response. 
>  That said, this issue has been discussed and does have support within ALAC.  
> Again, my apologies in not managing to have the time for this to go through 
> formal ALAC  processes.  I’m happy to take any questions on its content.
> Holly
> 
> The ALAC has deep concerns with the Implementation Advisory Group’s proposed 
> alternative ‘triggers’ and supports the “Minority Views’ of Stephanie Perrin 
> and Christopher Wilkinson.
>  
> The original goal of this policy (concluded by the GNSO in November 2005) was 
> to develop procedures that could reconcile mandatory laws on privacy with the 
> requirements on registries and registrars under contract with ICANN for the 
> collection, display and distribution of WHOIS personal information.   
>  
> Unfortunately, the Task Force charged with implementing the policy adopted a 
> ‘solution’ that is virtually unworkable and has never been used.  Under the 
> ‘solution’ the registrar/registry should notify ICANN within 30 days of 
> situations (an inquiry, litigation or threat of sanctions) when the 
> registry/registrar can demonstrate that it cannot comply with WHOIS 
> obligations due to local or national privacy laws. 
>  
> There are two fundamental reasons why the policy is unworkable. The first is 
> the bizarre outcome that registrars and registries must seek ICANN permission 
> to comply with their applicable local laws.  The second obvious flaw is that 
> it means registrars/registries must wait until there is an ‘inquiry or 
> investigation etc of some sort before the process can be triggered.
>  
> This Implementation Working Group (IWG) was formed to ‘ consider the need for 
> changes to how the procedure is invoked and used’.  The difficulty with that 
> approach is that it does not address the basic flaws in the processes 
> proposed: it still assumes that ICANN has a role in determining 
> registry/registrar compliance with applicable local law and it still believes 
> that solution lies in legal events that ‘trigger’ a resolution process.
>  
> The ISG report proposes an “Alternative Trigger’ (Appendix 1) or a Written 
> Legal Opinion (Dual Trigger) (Appendix 2).  The Alternative Trigger process 
> is far simpler and preferable.  Indeed, the language suggests that the 
> process might be used to reconcile ICANN WHOIS requirements with relevant 
> privacy law more generally, and not on just on a case by case basis.
>  
> There are, however, difficulties with the Alternative Trigger proposal, as 
> follows.
> It relies on advice from law firms (whose advice would not bind the relevant 
> privacy agency), or on agencies themselves (who are most often reluctant to 
> provide such advice)
> The onus is on individual registries/registrars to invoke the process.  There 
> are many smaller registries/registrars that would not have the resources to 
> fund such advice, particularly if it is needed on a case by case basis
> Because laws/regulations on the handling of personal information vary from 
> area to area (whether national or regional), different registries/registrars 
> will be bound by different sets of requirements – in order to comply with the 
> same contractual terms
> It is also not clear why GAC advice is included in both proposed ‘triggers’. 
> The expertise of individual GAC members relates to ICANN’s remit: domain 
> names, IP addresses and protocols.
>  
> The ALAC supports both of the proposals made by Christopher Wilkinson 
> (Appendix 4) which address the issues raised .  The first is – at the least – 
> a ‘block exemption’ for all registries/registrars in the relevant 
> jurisdiction.  This would eliminate the ‘case by case’ approach to the issue 
> and provide certainty for all registries/registrars (whether large or small) 
> in that area. 
>  
> A better approach is his call for a ‘best practice’ policy on the collection, 
> retention and revealing of WHOIS information.  This would ensure that, 
> regardless of the jurisdiction of the registrar/registries – and registrants 
> – all would receive the same privacy protection.
> 
> Holly Raiche
> Carlton Samuels