ICANN ICANN Email List Archives

[gnso-whoisprivacy-cmts]


<<< Chronological Index >>>    <<< Thread Index >>>

EPIC Comments on WHOIS

  • To: gnso-whoisprivacy-cmts@xxxxxxxxx
  • Subject: EPIC Comments on WHOIS
  • From: Marc Rotenberg <rotenberg@xxxxxxxx>
  • Date: Fri, 30 Sep 2005 17:08:10 -0400



EPIC supports the GNSO's proposal to allow registrars and
registries to conform with national and local laws regarding
privacy and data protection.  We believe that this is a critical
first step in reforming Whois privacy policies, and that the
proposal should be implemented immediately.

With this proposal, registrants will be somewhat more secure in
their ability to apply the privacy protections offered to them by
law.  Registrars are also less likely to be faced with the choice
of either honoring their contractual agreements under the RAA or
obeying the laws of their country. Furthermore, registrants will
no longer be subject to the same level of uncertainty as to
whether their registrar will comply with the RAA or with the
applicable law.

We note, however, that this is only a first step, and that a
comprehensive reform of Whois privacy policy is crucial.  The
current proposal requires registrars to "prove" or "credibly
demonstrate" a conflict of law.  This burden of persuasion creates
a high bar for a registrar to find a conflict, and may encourage
registrars to simply hope that the conflict will go unnoticed or
be unenforced.  Similarly, the recommended procedures only provide
procedures for when an investigation, litigation, or other civil
or governmental proceeding has been initiated.  This suggests that
registrars and registries are only obligated to take action when,
and that ICANN will only provide exceptions for, situations that
have already generated enforcement actions.

If this is the case, registrars who see clear conflicts between
the RAA and local laws have no clear procedure to follow, and are
not guaranteed an exception from ICANN penalties for
non-compliance.  In such a situation, the proposed policy
discourages voluntary compliance with local law, and registrars
must wait to be sued, prosecuted, or investigated before they may
apply for an exception that would allow them to comply both with
ICANN policy and the law.

User consent is often insufficient to reconcile these problems.  A
mere boilerplate demand by registrars that users consent to Whois
distribution of their private information cannot universally meet
the requirements of every data protection law, present and future.

More importantly, presenting users with a consent disclaimer does
nothing to protect users' privacy rights. Privacy protections for
Whois should not be limited to exceptions made in policy for
national laws.

ICANN has a uniquely powerful role in managing an important facet
of the premier means of global communication.  As such, it has the
responsibility to take steps to assure the rights of Internet
users, not merely recalcitrantly follow in the footsteps of
various local governments.  While EPIC supports the adoption of
the proposal, we would encourage GNSO to take further and more
thorough action to protect users' privacy.

Sincerely,


Marc Rotenberg EPIC Executive Director

Sherwin Siy
EPIC IPIOP Fellow


/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ \/\/\/\/\/\/\/\/\/\/\/\
Marc Rotenberg, Executive Director
Electronic Privacy Information Center (EPIC)
1718 Connecticut Ave., NW, Suite 200
Washington, DC 20009
+1 202 482 1140 x1016 [tel] +1 202 483 1248 [fax]
htttp://www.epic.org/




<<< Chronological Index >>>    <<< Thread Index >>>