Protect the Individual's Right to Privacy

[Myriam <myriam@xxxxxxxxxxxxxx>]

Question: Should registrants of domain names associated with commercial
activities and which are used for online financial transactions be 
prohibited from using, or continuing to use, P/P services? If so, why,
and if not, why not?

Yes, there must be a way to anonymize personally identifiable
information.

1. If you seriously think that criminals will publish their real
personal information or somehow be intimidated by the requirement to
have publicly available whois data you don't need to read any further.

2. Don't try to play the role of world police. There are TLDs that
prohibit the use of whois privacy/proxy services, but you should leave
it up to them, as well as letting the customer decide if they are
willing to register a name that will publicize their private and
personally identifiable information.

3. This type of information should be regulated on the _content_ side,
not on the domain level, because
(a) the owner has the ability to limit the spread of their sensitive
information by noindexing the respective page, disallowing/limiting bot
access etc;
(b) commercial use is not tied to a domain name - if you use a subdomain
on wordpress.com, you won't have to deal with this at all;
(c) there is no way for an individual to ever have their personal
information removed from domaintools.com like whois scrapers again - a
practice that is most definitely illegal in many countries.

4. ICANN's goal is to promote competition, not stifle it. The only
profiteers of prohibiting P/P services will be medium to large
businesses that can afford virtual offices or management services. The
CEO's private home address will surely not end up on uncountable whois
scrapers - it's the small business owners, especially those working from
home, that will suffer.

5. The potential for abuse, harassment, fraud and identity theft is
enormous.

6. There is no clear definition of "domain names associated with
commercial activities and which are used for online financial
transactions". Does this include the webmaster running Adsense on
his/her blog? An author selling their book on Amazon? Or do you only
refer to websites handling sensitive information such as credit card
data? What if they redirect the payment process through a different
domain - is domain A then exempt? What if PayPal is handling the payment
process?

Question: If you agree with this position, do you think it would be
useful to adopt a definition of “commercial” or “transactional” to
define those domains for which P/P service registrations should be
disallowed? If so, what should the definition(s) be?

It will be next to impossible to define “commercial” or “transactional”
in a way that will not require an immense amount of micromanagement. If
you are going to adopt this policy, sensible definitions would be:

* websites that collect and store personally identifiable information
* websites that collect or process financial information
* companies with more than x employees
* companies with more than $1MM in revenue/year, balance sum etc.

If any of these companies are willing to supply you with the required
information is another matter.

Question: Would it be necessary to make a distinction in the WHOIS data
fields to be displayed as a result of distinguishing between domain
names used for online financial transactions and domain names that are
not?

It doesn't matter to the average user. I don't know anybody that will
review whois information before making a decision to buy from a specific
seller. Most sensible would be to drop the requirement for some fields
in the whois entry for "non-transactional" domains/sites and make them
voluntary, such as address, phone etc.