TF2 Suggestions

Comments on WHOIS Task Force 2: Suggestions from NCUC

Please don't copy the following word for word, but here are some key points to make:

Overall, the TF2 Report is good -- pretty balanced and a good presentation of our interests. Thus, for comments, praise the positive (to reinforce our issues) and then criticize the negatives. An outline of key issues below. ÊÊ

A. Highlight the positives.

1. For the first time, an ICANN report highlights both the uses of WHOIS and the abuses of WHOIS data. We want to emphasize the abuses and possible abuses of continuing an open directory with this data (address, phone and email) available to all. What are you organization's concerns for itself or its members regarding this data? (Please consider mentioning your own concerns, or those on behalf of human rights organizations, other noncommercial organizations, and individuals). ÊÊ

2. For the first time, an ICANN report outlines the privacy laws and freedom of expression protections in laws around the world (Sections 2.3 and 3.3/National Law, and first section of Appendix). Please support the report here. If you are in a country with comprehensive data laws, please talk about the human rights principles underlying your national privacy laws. If you are in a country with free speech laws, please write about the importance of speaking privately and even anonymously, even in public dialogue.Ê ÊÊ

3. We have a great recommendation: that "Registries and Registrars should not have to violate local data protection laws in order to conform with WHOIS policy. If there is a conflict of law and WHOIS policy, as process should be in place to allow for registrars to show such conflict and make appropriate changes needed for it to conform to the respective local laws." (See 1.4, 2.3, and 3.3). Please support this recommendation! ÊÊ

ÊÊÊ B. Opportunity to comment and shape the work ahead: Tiered Access

Background: The Registrars for a long time have proposed a Tiered Access system. While they agree that all personal data should not be public, Registrars do not want to be involved in the day to day task of screening all the requests for domain name holders. Thus, they propose an automated system for making personal data available to those who say they need it. This system is called Tiered Access ("TA"). TA is a series of gates or tiers. Still in formation, it is beginning to gain momentum. Comments now would be very timely and useful! [Sections 2.4, 2.5, 3.4, 3.5]

1. Support the concept of "Tier 1" -- that personal or sensitive data including address, phone and email for individuals, organizations and even companies (such as small business) *would not* be published on the first Tier and not available to all. (Note: 3.5 recommendation proposes that a registrant could choose to put all this data into the WHOIS directory, but that would be his/her/its choice).

2. Argue that "Tier 2" needs to be much better defined. Registrars call Tier 2 the place for "known users with known uses" to access personal/sensitive domain name data. But what are the limits and protections for domain name owners? These we must fight for. Please think of your own ideas for protections against abuse, but here are some of mine:

A. Tier 2 should still not publish all the personal/sensitive data. Let it be name/email (ideally) or name/address (alternatively). But not all the data.Ê

B. No unlimited access to the WHOIS database, even if you are the world's most famous intellectual property law firm. Although you are a "known user," you should still not have infinite access to the WHOIS personal data and database. Searches should be one by one, and for each and every access, the user (however famous) should enter a clear and specific text reason for the legal problem being raised by the domain name and the legal reason for needing to contact the domain name holder. This explanation must be sent to the domain name holder.

C. The system must provide *immediate notification by email to the domain name holder* whenever his/her/its personal/sensitive data is released to any third party in Tier 2. Such immediate notification will allow domain name holders to better protection themselves -- and flee if their address (as a human rights organization, an abortion clinic, or a woman with a stalking ex-spouse) has just been given away. (Domain name holders should have the option to "opt-out" of such immediate notification if their safety is not in danger, perhaps for a weekly listing.)

3. Support the concept of a Tier 3 that all the data is available to ICANN-accredited registrars and registries for technical purposes, such as domain name transfers.

Task Force 2 Preliminary Report