RE: [gnso-thickwhoispdp-wg] Dangers and risks of thick Whois

["Ray Fassett" <ray@xxxxxxxxx>]

A thought that occurred to me too is that a future consensus policy that
requires registry thick whois will need to take into consideration there
could be an exception process, such as the RSEP (which I think is the
process .CAT used) or the process Susan is pointing out.  I think (but not
sure) in today's operating environment there is not any process for a
registry to achieve an exception to the contractual requirement of having to
abide by all existing or future consensus policies.

Ray



-----Original Message-----
From: owner-gnso-thickwhoispdp-wg@xxxxxxxxx
[mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Don Blumenthal
Sent: Tuesday, January 29, 2013 5:17 PM
To: 'Susan Kawaguchi'; 'Thick Whois'
Subject: RE: [gnso-thickwhoispdp-wg] Dangers and risks of thick Whois


Thanks. While the intro to the provisions has very general language about
"legally prevented," the sections with specifics refer only to situations in
which a contracted party is the subject of government action. Am I missing
something here? Are there other measures that provide protection on the
basis of an Ry or Rr assertion, and not only after information may have been
published in violation of privacy laws?

-----Original Message-----
From: owner-gnso-thickwhoispdp-wg@xxxxxxxxx
[mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Susan Kawaguchi
Sent: Tuesday, January 29, 2013 4:26 PM
To: 'Thick Whois'
Subject: Re: [gnso-thickwhoispdp-wg] Dangers and risks of thick Whois


ICANN has a policy/process in place to manage a situation in which the
registrar/registry has a conflict with local law.

ICANN Procedure For Handling WHOIS Conflicts with Privacy Law,
http://www.icann.org/en/processes/icann-procedure-17jan08.htm


The Whois review team reviewed this policy and discussed it with ICANN
extensively.  There were a couple of registries ( I will have to look back
on my notes to find which ones) that went through this process with ICANN
but it has not been used widely by any means.

Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.

Phone - 650 485-6064





On 1/29/13 12:28 PM, "Ray Fassett" <ray@xxxxxxxxx> wrote:

>
>I am pretty sure .CAT is an example of a thick registry that does not 
>broadcast to the world all thick data it receives from registrars.
>Will they need to, such as in the case of a consensus policy requiring them
to?
>I don't know.
>
>Ray
>
>-----Original Message-----
>From: owner-gnso-thickwhoispdp-wg@xxxxxxxxx
>[mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Avri Doria
>Sent: Tuesday, January 29, 2013 2:29 PM
>To: Thick Whois
>Subject: Re: [gnso-thickwhoispdp-wg] Dangers and risks of thick Whois
>
>
>Hi,
>
>Does this mean that registrars won't need to give true and full 
>personal details to the registries under a thick whois regime?  Or that 
>the registry won't need to broadcast this information to the world?
>
>avri
>
>
>
>On 29 Jan 2013, at 11:18, Ray Fassett wrote:
>
>> The registry can only republish the registrant information provided 
>> to it by the sponsoring registrar of the registration, which I think 
>> is to Alan's point of the registry "holding a copy".  This is true in 
>> the thick registry model in all cases.
>> 
>> Ray
>> 
>> -----Original Message-----
>> From: owner-gnso-thickwhoispdp-wg@xxxxxxxxx
>> [mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Alan 
>> Greenberg
>> Sent: Tuesday, January 29, 2013 1:40 PM
>> To: Avri Doria; Thick Whois
>> Subject: Re: [gnso-thickwhoispdp-wg] Dangers and risks of thick Whois
>> 
>> 
>> I agree on all of these principles, but do not understand the 
>> relevance to thick/thin Whois model. Why does the registry holding a 
>> copy of the data WHICH IS ALREADY PUBLICLY AVAILABLE alter anything?
>> Privacy is still protected by the original registrar or proxy 
>> provider based on the laws in their jurisdiction.
>> 
>> An organization that works on gay issues can register in a country 
>> and with a registrar that will hide their identity under multiple 
>> levels and will even defend a UDRP if necessary, without unmasking 
>> the original
>registrant".
>> All that will show up in the registry database is the top proxy 
>> provider - exactly what the registrar would show in its Whois output 
>> in
>the thin model.
>> 
>> I do note that as alluded to above, that most proxy providers will 
>> unmask the original registrant as soon as a UDRP is filed, even if 
>> that UDRP might have little merit. And even if the UDRP is lost, the 
>> original registrant's name will be published in the public report on 
>> the UDRP. I have never heard of anyone fighting to change that rule!
>> 
>> Alan
>> 
>> At 29/01/2013 01:01 PM, Avri Doria wrote:
>> 
>> 
>>> I disagree.  There are institutions, such a battered spouse 
>>> organizations or organizations of gay activists in most of the world 
>>> that can't afford to have their information made public.
>>> 
>>> One example: I am a member and activist volunteer of APC, 
>>> Association for Progressive Communications - an Internet Human 
>>> Rights group.  Its chair, who used to be the person listed in the 
>>> WHOIS, has gotten phone calls and email death threats based on her 
>>> WHOIS info, and has submitted statement on that at some point - I will
try to dig it up.
>>> 
>>> Another example: Just recently Russia passed rule that makes any 
>>> publication related to gay community or people is considered criminal.
>>> should those organization that work on gay issues be barred from 
>>> protection because the country that holds the thick registry does 
>>> not guarantee protection for organization of endangered peoples?
>>> Better they should have the option of registering with a registrar 
>>> in a country that values and protects privacy not only for 
>>> individuals, but for the organizations of endangered users.
>>> 
>>> avri
>> 
>> 
>> 
>
>
>