Re: [gnso-whois-wg] Re: [gnso-acc-sgb] GAC's position on Whois

[Hugh Dierker <hdierker2204@xxxxxxxxx>]

Suzanne,
   
  I concur that as it sits now the public access to the private whois data is 
not a violation of, at least, US law. But the point being that; it is also not 
against the law to hide that data and keep it from being public. I believe that 
is what we are about here. The questions are the who, what, why, when and how 
of accessing that which we will now make private.
   
  So the only real question for the GAC is who, what, when and how do they want 
this private data accessible. Should it be open to everyone, at one extreme, or 
should only be available after a due process judicial order at the other 
extreme? 
   
  I assume GAC has a position somewhere in between and it would be nice to know 
what that is at this time.
   
  Eric

Suzanne Sene <ssene@xxxxxxxxxxxx> wrote:
  hello everyone, and apologies for the somewhat tardy response to this 
particular email exchange. but as a gac member directly involved in the 
detailed deliberations leading up to the adoption of the gac's whois 
principles, it seems timely to share the usg perspective.

as far as the linkage between the legitimate activities outlined in the gac 
document and access to whois data in support of those activities, i would like 
to clarify for the record that access to whois data in support of those 
activities is legal in the united states. in other words, there is no 
inconsistency between public access to whois data and national laws. 

i would also like to comment on milton's interpretation that the gac principles 
"deliberately did not say that access to the whois data as it now exists should 
be retained" -- it would be equally correct to say that the principles do not 
say that it should not. the absence of a formal position either way was quite 
deliberate, due to the differences in national policies, laws and regulations 
that might apply.

cheers, suz.

Suzanne R. Sene
Senior Policy Advisor
NTIA/OIA
202-482-3167 (ph)
202-482-1865 (fax)

>>> "Bertrand de La Chapelle" 5/14/2007 11:45 AM >>>
On 5/14/07, Hugh Dierker wrote:
>
> Dear Sir,
>

Bertrand is OK by the way ...:-)

Your #3 makes perfect sense. Defining first a legitimate purpose is
> paramount to concluding with legitimate users. I mostly am troubled by the
> dual purpose problem. A bank may have a perfectly legitimate reason for
> access but then it may easily corrupt that access for an iligitmate purpose.
>
>

I suppose you mean : "it may abuse its access rights by using them for
another, illegitimate purpose". This is why there may be an interest in
"tailored access modes" for the different purposes.

So once we decide "why" and then we decide "who", who does GAC think should
> decide when.
>

"Who does GAC think should decide when" ? I can't speak for the GAC as a
whole of course. For the moment, the "when" question is addressed in
sub-group A. During its last conference call, an interesting approach
emerged. It was proposed to distinguish between three functions for an OPOC
:
- relay : basically forward requests to the registrant
- reveal : basically transmit or make available information about the
registrant to a requesting party
- remedy : basically taking concrete technical or administrative action upon
request of a third party

The "when" questions (ie the delays for action) could be different for each.
This approach has still to be evaluated further.

Best

Bertrand

Eric
>
> *Bertrand de La Chapelle * wrote:
>
> Dear all,
>
> On 5/12/07, Milton Mueller wrote:
> >
> > Let me correct what seems to be an increasingly common set of errors on
> > interpreting the GAC principles. [snip]
> >
> > Fourth, the GAC statement on Whois deliberately did _not_ say that
> > access to the whois data as it now exists should be retained. It
> > enumerated several "legitimate activities" that use the whois data. That
> > was compromise wording deliberately chosen to avoid saying what
> > Christopher Gibson is saying below. In other words, in the GAC
> > principles it is the activities that are legitimate, but not necessarily
> > the open access to them that we have now.
>
>
>
> 1) As a GAC member directly involved in the last discussions on the GAC's
> WHOIS principles, I fully confirm Milton's comment above, which is of the
> highest importance to understand the GAC's document.
>
> The GAC's position is to recognize that there are legitimate activities
> that have progressively used WHOIS data (because it happened to be
> available) and at the same time that there is conflict between the present
> international WHOIS regime for gTLDs and some national privacy laws (in
> particular within the european union).
>
> It purposefully avoided to say that the use of WHOIS data for these
> activities is "per se" legitimate and that WHOIS data should remain
> accessible in the present form to allow them, precisely because of the legal
> issues of compatibility with national laws.
>
> As a matter of fact, this is the very problem we are all trying to solve :
> how to support legitimate activities and make sure that the WHOIS services
> protect privacy.
>
> 2) I can also confirm that ccTLDs are a different issue, as their
> management is handled by more national frameworks. National privacy laws are
> therefore usually taken into account.
>
> 3) As a side note : the - non-exhaustive - list of "legitimate activities"
> in the GAC principles illustrate the different "purposes" I have refered to
> in the conference calls. Maybe this could be kept in mind while defining the
> "legitimate third parties". Maybe we structure our work more around
> legitimate needs, and try to define the corresponding legitimate parties and
> technical modalities of access to specific sets of whois data ?
>
> And we must also be aware that WHOIS is not the only tool available. Maybe
> other additional procedures could be chartered separately.
>
> 4) Finally, as a general comment, the WHOIS regime for gTLDs is a
> template issue for a recurring problem in terms of "international public
> policy related to the Internet" : what principles, norms, rules and
> decision-making procedures can be established to allow both a sufficiently
> unified global regime and the respect of heterogeneous national
> legislations.
>
> It is also neither surprising nor bad that within each country, LEAs and
> Privacy authorities have different viewpoints. The purpose of public policy
> is not to make one win against the other but precisely to see how both
> legitimate concerns can be combined and conciliated in the best public
> interest balance
>
> Hope the clarification helps us move forward.
>
> Best
>
> Bertrand
>
> --
> ____________________
> Bertrand de La Chapelle
> Délégué Spécial pour la Société de l'Information / Special Envoy for the
> Information Society
> Ministère des Affaires Etrangères / French Ministry of Foreign Affairs
> Tel : +33 (0)6 11 88 33 32
>
> "Le plus beau métier des hommes, c'est d'unir les hommes" Antoine de Saint
> Exupéry
> ("there is no better mission for humans than uniting humans")
>
>
> ------------------------------
> Looking for a deal? Find great prices on flights and hotelswith Yahoo! 
> FareChase.
>
>


-- 
____________________
Bertrand de La Chapelle
Délégué Spécial pour la Société de l'Information / Special Envoy for the
Information Society
Ministère des Affaires Etrangères / French Ministry of Foreign Affairs
Tel : +33 (0)6 11 88 33 32

"Le plus beau métier des hommes, c'est d'unir les hommes" Antoine de Saint
Exupéry
("there is no better mission for humans than uniting humans")


       
---------------------------------
Moody friends. Drama queens. Your life? Nope! - their life, your story.
 Play Sims Stories at Yahoo! Games.