Re: [gnso-acc-sgb] Follow-up regarding ESA proposal for sub-group (b)

["Milton Mueller" <Mueller@xxxxxxx>]

Michael:
Thanks for the detailed response. Here are some of my reactions:

>>> "Michael Warnecke" <mwarnecke@xxxxxxxxxx> 5/21/2007 10:59 AM >>>
>our proposal includes a meaningful enforcement mechanism: a complaint

>procedure that would permit a third party to challenge the
subscriber's 
>continued access if that party can demonstrate that the subscriber
either 
>materially misrepresented the purpose of its access or grossly abused

>access privileges.

The problem is that your proposal includes no viable mechanism to allow
third parties to monitor what people are doing with the data. How could
a data protection authority, a company or an ordinary user know what
someone else is doing with the data? Abuse would have to be quite gross
for anyone to notice, and the challenge procedure would allow it to
continue for weeks or months.

This constitutes a massive shift in what some constituencies think the
burden of proof should be. Users of whois are considered innocent until
proven guilty, whereas all domain name registrants are considered
potential criminals who can be monitored by anyone for any reason. It is
interesting that you apply two different standards. You think domain
name registrants who _might_ engage in fraud must be subject to constant
surveillance and action against them taken so quickly that no due
process is possible, but you think people using Whois data should be
able to engage in abuse until someone complains and proves their case. 

Don't you think the same standard of equity should apply in both cases?