ICANN ICANN Email List Archives

[At-Large Advisory Committee]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [alac] Proposed ALAC restatement on WHOIS

  • To: <alac@xxxxxxxxx>, <wendy@xxxxxxxxxxx>
  • Subject: Re: [alac] Proposed ALAC restatement on WHOIS
  • From: "Ken Hamma" <KHamma@xxxxxxxxx>
  • Date: Thu, 23 Oct 2003 09:37:40 -0700

Wendy,

I think this is an excellent statement and fully reflects the tenor of the 
conversation this morning.  Because it is a bit long - not a bad thing - it 
might be good to provide visual (e.g. bold or separate lines) emphasis for:

Accuracy was only half the equation, with privacy protections the necessary 
complement.

and

It is time for ICANN to move forward on privacy.

ken


Kenneth Hamma
Asst. Director, Getty Museum
Sr. Advisor for Information Policy, Getty Trust

1200 Getty Center Drive, 1000
Los Angeles, CA  90049-1687

v  +1 310 440 7186
e  khamma@xxxxxxxxx
f  +1 310 440 7752

http://www.getty.edu
http://getty.art.museum

>>> Wendy Seltzer <wendy@xxxxxxxxxxx> 10/23/03 08:51AM >>>
Here is a proposed restatement of our February 2003 statement on WHOIS 
accuracy.  I think it would be most effective if we could put a statement 
on the record during the Carthage meeting.

--Wendy

In February 2003, the Interim At-Large Advisory Committee issued a formal
statement on the issues of WHOIS accuracy and bulk access,
<http://alac.icann.org/whois/whois_final_report_accuracy-20feb03.htm>.  At
the time, we remarked on the privacy concerns raised by the (then-proposed)
policy mandating that domain name registrants submit accurate and truthful
identifying information while giving them no opportunity to protect that
information from disclosure or public display.  Accuracy was only half the
equation, with privacy protections the necessary complement.  Although we did
not then seek to delay enforcement of accuracy requirements, we recommended
that work be commenced swiftly to give registrants more and better privacy
options.

We concluded that:
     The Task Force's recommendations to systematically enforce the accuracy
     of WHOIS data shift the existing balance between the interests of data
     users and data subjects in favor of data users. In an environment where
     registrants have perceived "inaccurate" data to be one of the most 
practical
     methods for protecting their privacy, this shift of balance is reason for
     concern. It will inevitably increase the need for privacy protection
     mechanisms to be built into the contractual framework.

Unfortunately, there has been little progress since February.  Indeed, on
the privacy  front, there has been regress.  Domain name registrants are
forbidden from using pseudonyms or fuzzy,  "inaccurate" data in order to
protect their privacy, yet there are no new safeguards or mechanisms by
which they can shield their identifying details from disclosure.  As many of
us feared at the time the "accuracy" mandate was imposed on registrants and
registrars, domain name registrants, including members of the at-large
public, lose out.

The small businessperson working from a home office must list that home
address and telephone number, as must the weblogger who wishes to publish at
her own domain name.  The political dissident who wants to criticize his
country's political regime is told to disclose his identity or find a
trustworthy friend who is willing to do so instead.  Domain names are
indisputably a tool of online expression, on an Internet in which
individuals can speak alongside corporations and governments, yet many
individuals are chilled by the prospect of signing a "speakers' registry"
before they can participate fully.  [Compare the U.S. Supreme Court decision
striking down a town ordinance that made individuals register for a permit
before canvassing door-to-door. (Watchtower v. Village of Stratton, 2002)]

Proxy or escrow services, proposed by many as a privacy solution, have not
developed to fill the gap.  They do not work in practice, giving up the
names of their clients on a mere request; and even in theory they are a poor
second-best for registrants seeking full control of their identities.  The
public deserves better.

It is time for ICANN to move forward on privacy.  One simple solution,
requiring no new infrastructure, would be to make all data fields in WHOIS
optional, allowing domain name registrants themselves to make the choice
between contactability and privacy.  A more complete solution would also
permit registrants to give accurate information to their registrars without
putting that into the generally-accessible WHOIS (the online equivalent of
an unlisted telephone number).

ICANN owes it to the Internet-using public to complete the equation begun
early this year.  It should remedy the imbalance between data users and data
subjects by allowing registrants to limit data collection and disclosure in
domain name registration and WHOIS, and should do so without delay.


--
Wendy Seltzer -- wendy@xxxxxxxxxxx 
Staff Attorney, Electronic Frontier Foundation
Fellow, Berkman Center for Internet & Society at Harvard Law School
http://cyber.law.harvard.edu/seltzer.html 
Chilling Effects: http://www.chillingeffects.org/ 




<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy