RE: [gnso-dow123] Emailing: 2100-9588_22-5986553.htm

["Mansourkia, Magnolia (Maggie)" <maggie.mansourkia@xxxxxxx>]

Milton-
Thanks for your thoughtful response, and here is my take. As I stated
earlier, he ISPCP was not invited or represented and you can see from
our many discussions that many other ISPs hold differing views.  The
fact remains that if either of us is holding the Vancouver/Luxemburg
speakers as the gospel, we won't be convincing each other of anything.
I was not involved in scheduling either series, but I do think its an
interesting point you make--when it came to getting the ISP view, no one
thought that ISPCP members and/or a task force member that is an ISP
should be represented.   No big deal from my perspective, but taking any
of these presentations, Luxemburg included, as gospel doesn't resonate
with me. Its great for getting the different perspectives, and try to
better understand the opposing opinion.

In fact, there is no opt out on mandatory retention in UK, and soon to
be enforced in other member states, to the extent they don't already
have it.  Where exactly are the DPAs who seem to be so up in arms over
Whois?  Why is Whois access so appalling to them (I'm not sure it is,
but even assuming so for arguments' sake)  and mass retention of all
data on all individuals is ok just because its not politically palatable
to them to go after their own Justice Ministries but ICANN is an easy
target.  I'm probably preaching to the choir on the evils of retention,
but my main point is that after all the quotes we've received from the
EU privacy officials there is a stark credibility gap here. 

And, in fact, accountability may not be the point for you, but it is for
many others.  My statement was not about publishing anything, but
rather, that I don't agree with your analogy of a phone number to a
domain name. 
 

Magnolia Mansourkia
Director
Internet and Ecommerce Law, MCI
202-736-6448 Voice
202-736-6460 Fax
222-6448 Vnet


-----Original Message-----
From: Milton Mueller [mailto:Mueller@xxxxxxx] 
Sent: Friday, December 09, 2005 5:01 PM
To: kstubbs@xxxxxxxxxxxx; KathrynKL@xxxxxxx; gnso-dow123@xxxxxxxxxxxxxx;
Mansourkia, Magnolia (Maggie)
Subject: RE: [gnso-dow123] Emailing: 2100-9588_22-5986553.htm

Maggie:

>>> "Mansourkia, Magnolia (Maggie)" <maggie.mansourkia@xxxxxxx>
12/9/2005 12:03 PM >>>
>As a network provider, in fact our largest customer base is covered 
>by the IP Whois database. 

...which does not include any of the objectionable personally
identifiable data, and in fact is what law enforcement folks really rely
on 90% of the time. At the Lux. meeting we learned that most of the
public spokes for law enforcement weren't even able to understand the
distinction between IP and DNS Whois, they had just been briefed to moan
about how badly they need "whois." A sorry indication of the low level
to which debate on this topic has fallen.

>If the ISPCP had been given proper notice and an
>invitation to speak at your conference, everyone 
>could have been educated on this issue. 

In fact, Telus - a major Canadian ISP - was on the panel and a major US
expert on the Telecom Act and US privacy law who has represented ISPs
and cable operators was part of the program.  

>indicated that they need greater tools to fight cyber crimes in 
>GB because their current regime had proven woefully 
>inadequate, and thus they implemented massive data 
>retention requirements.  Their thinking was that, they will 
>just require ISPs, Registrars and any other online
>businesses to collect all data, in mass, regardless type 
>and transfer it to the hands of the government, regardless 
>of whether it is remotely related to an investigation or not.  
>To me, that is a far greater concern for privacy than any 
>Whois access.  

You are right, that is terrible, but it is exactly the same kind of
thinking that demands unrestricted access to whois data! 

Are you suggesting that if there were no opt-out in .uk that law
enforcement would abandon its demand for such data retention? I
seriously doubt it. 

>If your analogy to phone numbers and drivers' licenses related to
>personal email addresses, I could agree with you. But by registering a
>domain and operating a website, a person or organization is holding
>himself/itself out to the public

Maggie, as a lawyer you know better than this. There is well settled US
law on this. Publishing information is not "holding out to the public"
in a business sense. 

>and I believe there should be some
>accountability as a result. 

Again, you know well that accountability is not the issue, it is the due
process that law enforcement and IP lawyers must go through to enforce
accountability. Regardless of how public whois data is, any user can be
held accountable if proper process is followed. And while following
proper process may let a few guilty parties slip away, it is better that
than to subject the 99% who are innocent to harassment, abuse,
unaccountable law enforcement surveillance, etc.