Respect our WHOIS privacy and safety

[Chris Chapman <chris.chapman@xxxxxxxxxxxxx>]

Dear ICANN,

We at Laser Shark believe that the changes proposed in the Privacy and Proxy 
Services Accreditation Issues Policy document are a dangerous move for the 
future of the Internet, and an infringement of our rights as Internet users.

The recent revelations about government surveillance on ordinary civilians have 
heightened the importance of protecting our right to privacy as Internet users. 
We believe that the proposals that have been outlined in this Policy pose a 
credible threat to the privacy, safety and security of Internet users. The 
document states that some members of the Working Group (representing the 
parties that drew up this policy) recommended that "domains used for online 
financial transactions for commercial purpose should be ineligible for privacy 
and proxy registrations." We think that the requirement to provide public 
address information in this way could potentially cause risks both to 
legitimate businesses, but also to non-commercial websites that make 'financial 
transactions', such as charities accepting donations.

"In order to provide physical protection to abused women and children, a 
shelter must keep its physical location private.  As a “commercial user” that 
accepts charitable donations of clothing, furniture, and cash, the shelter may 
not be allowed to use privacy services.  Should the shelter’s location be 
exposed when it serves to protect the physical well being of abused women and 
children?" (via savedomainprivacy.org)

In addition to this, provisions are made in the Policy for the disclosure of 
private address and contact information in the event that a copyright 
infringement claim is made. While we understand the importance of preventing 
copyright infringement and intellectual property theft, we think that this 
particular 'Disclosure Framework' (in Annex E of the document) could create 
more problems than it solves.

"Your local watershed is fighting against polluted wetlands and creates a 
website to energize the campaign.  One of the photographs on the website 
include the logo of company caught red-handed dumping waste into a stream.  The 
company complains about “infringement” and demands that your WHOIS privacy 
provider turn over your name and home address.  Should the Provider be forced 
to cooperate?" (via savedomainprivacy.org)

Finally, we feel additionally concerned about the subversion of due process 
present in the Disclosure Framework. By way of example, if a copyright 
complaint were made against a Laser Shark customer with WHOIS privacy under the 
new rules, we would have to pass that customer's private contact information on 
to the copyright claimant unless we could prove that no infringement took 
place. We would have to go through this process even if the claimant did not 
have a court order or warrant. From the Policy document:

"Disclosure cannot be refused solely for lack of any of the following: (i) a 
court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or 
URS proceeding; nor can refusal to disclose be solely based on the fact that 
the request is founded on alleged intellectual property infringement in content 
on a website associated with the domain name."

This means that a claimant could request a customer's personal information 
without a court order—without due process—and we would have to provide it.

To conclude, we believe that this policy presents a danger to the privacy and 
security of Internet users and domain owners, and urge you to consider these 
views when creating this policy. Everybody deserves their privacy, and nobody's 
privacy should be undermined without due process.

Private information should be kept private.

Yours sincerely,
Chris Chapman
Founder, Laser Shark