Re: [gnso-whois-wg] Draft final report Whois group v 1.5
Philip Sheppard ha scritto: What we need to hear now are any divergences to the agreed, supported or alternate views outlined in the draft. Please do this NOT by use of the tracking function in Word but by e-mail and reference to the line number in the report. (Multiple author word tracking is almost impossible to edit and messes up the line numbering function so making discussion on any new points troublesome.) I will use section numbers, since for some reason line numbers don't seem to work properly in my Openoffice. 1. I find the second paragraph strongly biased. I would like to see a clear statement that the balance between privacy and exceptions set in national laws has precedence over whatever global policy by ICANN. Also, the sentence "This is consistent with the typical exceptions provided by data privacy laws across the globe." is factually wrong; at least for what regards Europe, the only expert opinion that we have had from privacy authorities says the exact opposite, i.e. that the original OPOC proposal already goes beyond the allowance of the laws. There has been no actual effort to assess compliance of the proposal with the various national privacy laws - actually, there have been clear efforts to ignore the assessments that were received - and so there is no basis to claim any consistency with them. 2.3 and 2.4 I am not unsupportive of these sections (though I find the registrars' concerns on implementation very reasonable), but I would point out that being able to register and immediately use a domain name is very important for that 99.9999% of registrants who are honest and well intentioned. So I would ask to include a requirement, for whatever mechanism is devised to obtain confirmations about validity and willingness of the OPOC, to allow for real-time or quasi-real-time conclusion of the entire procedure, so that, if there are no problems and the OPOC replies quickly, the domain name can be used without delays. 3.2 I disagree strongly with the second AGREED and with the entire REVEAL concept. Again, in my country, the REVEAL function as described here would in most cases be a criminal offence by the OPOC and by any party involved in the disclosure of the information, unless the registrant has voluntarily consented to it in advance. As I know that several IPR lawyers here disagree with this assessment, I will add that, if ICANN ever approved this provision, I will be eager to test my statement above in a tribunal. Anyway, I am ready to present a written alternate view for inclusion in the report with whatever level of support it will have. 3.3 In the text, there still is a case in which the OPOC is expected to "remedy"; this is justified as being in the interest of the registrant. I agree; however, it should be the registrant to judge whether such behaviour by the OPOC is in his/her interest or not. Thus, I would ask to add that "In any case, REMEDY by the OPOC may only happen if it has been authorized by the registrant, though this authorization may be given in advance." Otherwise, I cannot agree with the AGREED in this section. 6.2 I find that this depiction is, at best, incomplete. It misses to acknowledge that any access without consent by the data subject might be illegal. Also, if you specify that access must be timely, you should also specify other features, such as the fact that the data accessed must not be further communicated or published in any way. 6.5 I really disagree with the AGREED statement. Actually, it is unclear to me how can you state that something is AGREED and then state an alternate view... in any case, I support the alternate view. 6.6 I disagree with the final AGREED and with the paragraphs preceding it. I do not see it as impractical to create a hierarchical structure for authenticating law enforcement agencies, starting from the governmental representatives of each country in the GAC and asking them to identify an agency in their country which could in turn identify further LEAs and other interested parties to be authorized (and this could easily be done through digital signatures and key-signing procedures). If companies such as Verisign and Thawte can authenticate any kind of commercial entity everywhere around the world, it seems hard to think that this can't be done for a limited number of well known public entities devoted to law enforcement. And I hope that it's not really true that in the U.S. you are not sure about who is a policeman and who is not... 7. For the record, I note that while I personally think that it's right to publish the name and country of the registrant in any case, that might still be incompatible with privacy laws, so that needs to be assessed with the relevant public authorities. Thanks, -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> finally with a new website at http://bertola.eu/ <--------
|