Whatever happened to Good Faith Negotiations?
Dear Mr. Cerf and the ICANN Board, Ms. Doria and the GNSO Council:
As you know, I have been an active participant in the Whois process over many years. I served on the Whois Task Forces and organized the *Building Bridges on ICANN's Whois Question* Conference at ICANN's Vancouver Meeting (12/05). I have not been involved in the Whois process for over a year, did not serve on the recent Whois Working Group, and write as an observer and admirer of the progress made to date.
The entire record of the last 7 years of Whois debates supports key changes soon to ICANN's Whois Policies. This letter outlines the agreements of the past Whois Task Forces (on which I participated), the major strides of the recent Whois WG (on which I did not participate), and the clear path ahead to resolve the few remaining open issues.
The letter closes with my dismay that so much pressure is being brought to bear on ICANN to reverse its work of the last 7 years, and discard the thousands of hours that so many good faith ICANN participants have invested in the reports, negotiations and hard-fought compromises of this important Whois process.
*I. *_*The Whois Task Forces found that Data Protection Laws Exist Throughout the World and Apply to Whois Data*_
Dating back to 2003, I served on the Whois Task Force. After extensive research, the Task Force found that data protection laws worldwide, and on every continent, protect the disclosure and publication of personal data. Starting with the EU Data Protection Directive, data protection laws impact registrars, registries and registrants around the world (see, e.g, "Table of Task Force  Data Analysis, July 2004" posted at _www.ncdnhc.org <http://www.ncdnhc.org/>_ under "What's New, Whois Conflicts with National Law" and the Task Force 2 report.)
As the Electronic Privacy Information Center notes in its comments, ICANN has now heard from many Data Protection Commissioners, including Germany, Canada, Italy, France, Belgium, and two chairs of the Article 29 Working Party representing the EU Data Protection Commissioners collectively. They speak and write to ICANN of the protections their laws guarantee to the privacy of individuals, and the conflicts that exist with the privacy laws of their countries.
At the ICANN Rome meeting, Mr. Giovanni Buttarelli, Secretary-General of Italy's Data Protection Commission, specifically noted that registrars and registries violate Italian data protection laws with their publication of personal data, and that his jurisdiction extends to them if their business operates within Italy, and if they are marketing to Italian citizens.
At ICANN's Vancouver meeting in December 2005, I organized the Whois conference *Building Bridges on ICANN's Whois Question*, the first conference to bring together GNSO and ccNSO to discuss the Whois questions. We learned in our opening session that ccTLDs have changed their Whois policies to comply with national data protection laws. Three ccTLDs on three continents spoke of their major Whois changes, namely Nominet (.UK), CIRA (.CA) and JPRS (.JP). Many members of the ccNSO nodded their agreement and spoke in the hallways of similar changes.
Overall, the Data Protection Commissioners have participated patiently in the Whois process, always urging ICANN to go forward, but always warning of their deep concerns with the illegalities of current practices. See, e.g,. /Comments to ICANN from Commissioners and Organizations Regarding Whois and the Protection of Privacy, /_http://www.ncdnhc.org/policydocuments/whois-ncuc-backgrounder.pdf. <http://www.ncdnhc.org/policydocuments/whois-ncuc-backgrounder.pdf>_
* The result is that the Whois Task Forces, over many years of work, **recommended changes to ICANN's Whois Policy to reflect data protection laws and privacy rights worldwide (as a protection both for the registrants, and the registries and registrars who serve them).*
*II. *_*The Whois Working Group, in its "Final Outcomes Report" of August 2007, Reached Broad Agreement and Tremendous Compromises*_
* *I was not a member of the recent Whois Working Group (WG), but I admire the bold way in which it moved the ICANN Whois debate forward. Chaired by Intellectual Property Constituency co-founder Philip Sheppard, the Whois WG found agreement and made progress where I never thought it possible. They did so despite a tight timeframe and a large and diverse membership. They have my admiration.
The strides achieved by the Whois WG, Chairman Sheppard and each member include:
The Whois WG agreed that an individual person's right to privacy and protection in his/her data in the Whois database must be protected (Final Outcomes Report ("FOR"), p. 3)
The Whois WG accepted the OPOC or "Official Point of Contact" proposal. As businesses and organizations list representatives in the Whois database, so too, should individuals be allowed to publish a representative's physical address, email address and telephone number (while mandating also that the registrant provide accurate and complete data to the OPOC). (FOR, p. 3)
The Whois WG defined and expanded the tasks and responsibilities of the OPOC. They found broad agreement that:
- the OPoC can be a Registrar, or third party appointed by the Registrant (FOR, p. 13),
- the OPOC must have an agreement with the Registrant and "defined responsibilities" (FOR, p. 14)
- the Registrant must have a functional OPOC (FOR, p. 17)
- that ICANN should not set up any centralized form of accreditation of the OPOCs (FOR, p. 15).
In an issue long pushed by the Business Constituency, the Whois WG also agreed that a registrant should be able to list two OPOCs, thus allowing large organizations to list more than one organizational contact (FOR, p. 13).
As EPIC notes in its comments, the NCUC and individuals gave up a lot to reach the compromises of the Whois WG Final Outcomes Report. In particular, they compromised on the closely-held right to anonymity, and the rights of non-commercial organizations to privacy, including battered women's shelters, religious organizations, political groups and other non-commercial organizations.
*III. *_*The Whois WG Even Offers Key Agreement on the Thorniest of*_* *_*Issues -- Access (to the Underlying Data)*_
/*Even on the thorniest of issues, access of the underlying personal data, the Whois WG made clear and unambiguous progress. */The WG report gave ICANN a clear roadmap for moving forward by adopting a standard for disclosure of the underlying data. The standard is /"reasonable evidence of actionable harm."/ That's huge progress!
From here, we can let the governments work with ICANN to define how law enforcement should identify themselves and how private parties should seek access to the underlying data. During my tenure on the Whois Task Forces, US Government representatives expressed a strong interest in working with ICANN on this issue. In his letter to the Board of last week, the EU's Article 29 Working Party Chairman, Mr. Schaar, indicated a similar willingness.
The path is clear. The main concept and structure of the OPOC have been agreed on and worked out; the path for the negotiation of the Access provision has been laid. The work ahead is defined and clear.
_*IV. Doesn't Good Faith Count Here? *_
* *For years, I have seen the concept of "good faith" and "bad faith" invoked against domain name registrants. Shouldn't it provide a standard for other areas of domain name policy as well?
As I watch the international campaigns from large intellectual property owners and business organizations flood the GNSO forum, I wonder if the participants know of the high level of representation their interests have received throughout the Whois process. During the years I worked on the Whois Task Forces, the Intellectual Property Constituency, Business Constituency and ISP Constituency were always well represented by active, articulate and well-prepared representatives. Their members participated in every aspect of research, negotiating, drafting and editing processes. They had the budgets to attend every meeting. They worked on every issue and they drove very hard compromises.
Shouldn't we all be required to stand by a process in which we all participated with such great activity and in such good faith?
_*V. Conclusion: If we turn back now, why message will it send to future participants in ICANN? *_
* *ICANN operates on a grassroots principles. Policy is made in the Supporting Organizations and brought to the Board. Over seven years, all the constituencies, hundreds of people, and numerous government representatives (from many agencies and levels) have participated in the Whois process. For my part, I fought hard for the time to attend the teleconferences, money to attend the meetings, and studies and research to inform the process.
Of course having access to the personal data of millions of domain names registrants makes life easier for those with concerns about website content and other bad acts. But this data similar exposes individuals to physical harm as well as online harassment and other illegal acts. Naturally, the various sides would like to "have it all."
But the Whois WG gave us an OPOC plan with details, and a standard for access to underlying data -- clear agreements which provide a roadmap that will allow registries and registrars to comply with law, protect the privacy of some domain name registrants (although only some) and provide access to those who need the underlying personal data and having "reasonable evidence of actionable harm."
The Whois WG has my huge respect and admiration. This process was difficult; their progress was huge. We should now be close to the end of many, many long years of work.
To the GNSO Council and the Board, I leave with the hope that you move forward on Whois. I support Motions 1 and 3. We either move forward together on OPOC, or drop the required Whois publication provisions for lack of consensus and support. I trust you will find the path that takes us forward, not back.
/s/ Kathryn Kleiman
Kathryn Kleiman, Esq.
Past member of Whois Task Forces on behalf of the NCUC
Kleiman Whois Comments.pdf