ICANN ICANN Email List Archives

[whois-rt-draft-final-report]


<<< Chronological Index >>>    <<< Thread Index >>>

NCSG comments for the WHOIS RT

  • To: whois-rt-draft-final-report@xxxxxxxxx
  • Subject: NCSG comments for the WHOIS RT
  • From: Wendy Seltzer <wendy@xxxxxxxxxxx>
  • Date: Sat, 17 Mar 2012 11:22:47 -0400

The Non-Commercial Stakeholders Group is pleased to submit these
comments on the WHOIS Policy Review Team Draft Final Report.

We would like to commend the general readability of the report. WHOIS
has become a very complex issue, and presenting it so clearly and
accessibly facilitates participation in both this consultation process
and participation more generally. We particularly appreciate the hard
work of collecting the WHOIS policies from the various places where
they reside.

High-level recommendations:

The report should explicitly recommend that WHOIS policy recognize
that registrants, both individual and organizations, commercial and
non-commercial, have a legitimate interest in, and in many jurisdictions
the legal right to, the privacy of their personal data.

In the normative discussion, privacy should be given equivalent emphasis
to accuracy. It would be instructive in this regard to reference the
OECD privacy guidelines, agreed to by all OECD member countries with input
from business and civil society. Data accuracy (or 'quality') is considered
by OECD members to be of equal importance to purpose specification, use
limitation and security safeguards, none of which factors are supported by
Whois as it currently operates. (OECD Guideline reference:
http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
)

It is as important that registrants have privacy as that
their data be accurately recorded. At the moment, the report appears,
from its emphasis on access and accuracy, to discount those privacy
concerns that are accepted by all OECD member states and participating
business and civil society actors as having equal importance.


Section F. Findings

The brief ‘tour de table’ provides useful background reading, but
should include reference to the fact that ICANN’s WHOIS policies are
incompatible with the OECD privacy guidelines and also applicable
national laws in many countries, including member states of the
European Union. The European Union's Article 29 Working Party of
national data protection officers provided specific input to ICANN's
2003 Montreal meeting regarding the many ways gTLD WHOIS breaches EU
law. These included the lack of definition of a purpose of WHOIS, lack
of use limitation, misuse of WHOIS data by third parties and the
disproportionality of the publication of personal data. The Article 29
Working Party concluded that "there is no legal ground justifying the
mandatory publication of personal data referring to this person. (the
registrant)".

*(Article 29 WP reference: Opinion 2/2003 on the application of the data
protection principles to the Whois directories
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf)

It is very concerning that the findings of the WHOIS Review Team do not
consider the glaring fact of the illegality of gTLD Whois requirements in
many jurisdictions, and the incompatibility of WHOIS as it currently stands
with the only internationally accepted guidelines on data privacy.


Section G. Recommendations:

1.  Single WHOIS Policy - "The Board should oversee the creation of a
single WHOIS policy document."

We welcome the call for a single WHOIS policy that sets out the
requirements, globally and facilitates registrants who wish to consult
those requirements. WHOIS ‘policy’ is currently inferred from registry
and registrar contracts. A single WHOIS policy should be compatible
with the internationally accepted OECD privacy guidelines, in respect
of a statement of purpose for the use of data, use limitation, data
accuracy and appropriate security safeguards for personal
data. However, gTLD policy development is the responsibility of the
GNSO, not the Board (until the final stages), and must be done through
the bottom up process, with the cooperation of the multiple
stakeholders affected.

3 - "Make Whois a Strategic Priority"

Change "Strategic Priority" to "Strategic Consideration." As the
review team was focused only on WHOIS, it was in no position to
analyze the tradeoffs involved in setting global priorities. Many
items on ICANN's policy agenda may be considered more worthy of the
community's limited time and attention. The appropriate process for
the community to prioritize issues such as Whois is via the Strategic
Plan. No evidence is offered in this report to support prioritizing
WHOIS over other issues of importance to the community as a whole.

5 - Data Accuracy - As many law enforcement comments in the report
suggest, contactability is more important than "accuracy." Separation
of the contact details from the public display could enhance the
accuracy of the contact details available to appropriately qualified
requesters.

10-16. "Data Access: Privacy and Proxy Services."

The recommendations should explicitly acknowledge the importance of
privacy and proxy services in providing options to legitimate Internet
users to preserve their privacy. National laws in the United States,
for example, recognize privacy interests not only for individuals, but
for associations. The report further documents the legitimate
interests of even commercial Internet users in private domain name
registrations.
*       In relation to the references to national legislation: it is
important to note that this reference may be problematic if national
legislation violates international human rights standards, for example,
relating to freedom of expression (see the citation of this report below).
*       Freedom of association: proxy registration services can support the
rights of human rights defenders to carry out lawful activity without
persecution. Threats to registrants include surveillance of registrants
through use of information which is accessed via WHOIS data - continuing to
expand the nature of information held in WHOIS will only heighten the
safety concerns of human rights defenders. In addition, just in time
attacks on
websites of civil society organisations have been used to disrupt lawful
activity and democratic participation in a number of countries: see
Deibert, R., Palfrey, J., Rohozinski, R. & Zittrain, J. (Eds.) (2011).
Access
Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. MIT
Press.
*       Governments whose legislation is in violation of these rights
should not be able to rely on such laws when requesting WHOIS data
access and
proxy information. It would be unreasonable to require Registrars to
carry out an
additional analysis. Other options include:
(1)     Provide that LEA WHOIS data requests may be refused where there are
reasonable grounds to believe that such requests may violate registrants'
rights of freedom of expression or freedom of association
(2)     Require LEA to verify that national laws comply with human rights
standards
(3)     Require LEA to verify that WHOIS requests do not violate
international human rights standards


17 - Data access - "ICANN should set up a dedicated, multilingual
interface website to provide thick Whois data for" COM and NET, who
have thin whois.  This is subject to existing policy and policy-making
by the GNSO. It is inappropriate for the Review Team to intervene at
this level of detail into the GNSO policy process, *and in a way that
privileges certain substantive outcomes over others.*


Section E. Work of this RT

A factual point. There is only one Chatham House rule, so the statement
referring to it should use the singular.


Freedom of Expression References:

As noted by the UN Special Rapporteur on Freedom of Opinion and Expression
in his annual report of 2011:

               23.     The vast potential and benefits of the Internet are
rooted in its unique characteristics, such as its speed, worldwide reach
and relative anonymity. At the same time, these distinctive features of the
Internet that enable individuals to disseminate information in "real time"
and to mobilize people has also created fear amongst Governments and the
powerful. This has led to increased restrictions on the Internet through
the use of increasingly sophisticated technologies to block content, monitor
and identify activists and critics, criminalization of legitimate
expression,
and adoption of restrictive legislation to justify such measures. In this
regard, the Special Rapporteur also emphasizes that the existing
international human rights standards, in particular article 19, paragraph 3
of the ICCPR, remain pertinent in determining the types of restrictions
that are in breach of States' obligations to guarantee the right to
freedom of
expression.
               24.     As set out in article 19, paragraph 3 of the ICCPR,
there are certain, exceptional types of expression which may be
legitimately restricted under international human rights law,
essentially to safeguard
the rights of others. This issue has been examined in the previous annual
report of the Special Rapporteur. However, the Special Rapporteur deems it
appropriate to reiterate that any limitation to the right to freedom of
expression must pass the following three-part, cumulative test:
(1)     it must be provided by law, which is clear and accessible to
everyone (principles of predictability and transparency); and
(2)     it must pursue one of the purposes set out in article 19, paragraph
3 of the ICCPR, namely (i) to protect the rights or reputations of others,
or (ii) to protect national security or of public order, or of public
health or morals (principle of legitimacy); and
(3)     it must be proven as necessary and the least restrictive means
required to achieve the purported aim (principles of necessity and
proportionality).
        Moreover, any legislation restricting the right to
freedom of expression must be applied by a body which is independent of any
political, commercial, or other unwarranted influences in a manner that is
neither arbitrary nor discriminatory, and with adequate safeguards against
abuse, including the possibility of challenge and remedy against its
abusive
application.
And further:

26      However, in many instances, States restrict, control, manipulate and
censor content disseminated via the Internet without any legal basis, or on
the basis of broad and ambiguous laws; without justifying the purpose of
such actions; and/or in a manner that is clearly unnecessary and/or
disproportionate to achieve the intended aim, as explored in the following
sections. Such actions are clearly incompatible with States' obligations
under international human rights law, and often create a broader chilling
effect on the right to freedom of opinion and expression.
(full reference: Frank La Rue "Report of the Special Rapporteur on the
promotion and protection of the right to freedom of opinion and expression"
(26 April 2011, A/HRC/17/27) also available at: http://scr.bi/z6lZ8N )








<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy