Comments on WHOIS Task Force 2: Suggestions from NCUC
Please don't copy the following word for word, but here are some key points to make:
Overall, the TF2 Report is good -- pretty balanced and a good presentation of our interests. Thus, for comments, praise the positive (to reinforce our issues) and then criticize the negatives. An outline of key issues below. ÊÊ
Ê
A. Highlight the positives.
1. For the first time, an ICANN report highlights both the uses of
WHOIS and the abuses of WHOIS data. We want to emphasize the abuses
and possible abuses of continuing an open directory with this data (address,
phone and email) available to all. What are you organization's concerns for
itself or its members regarding this data? (Please consider mentioning your
own concerns, or those on behalf of human rights organizations, other
noncommercial organizations, and individuals).
ÊÊ
2. For the first time, an ICANN report outlines the privacy laws and freedom of expression protections in laws around the world (Sections 2.3 and 3.3/National Law, and first section of Appendix). Please support the report here. If you are in a country with comprehensive data laws, please talk about the human rights principles underlying your national privacy laws. If you are in a country with free speech laws, please write about the importance of speaking privately and even anonymously, even in public dialogue.Ê ÊÊ
Ê3. We have a great recommendation: that "Registries and Registrars should not have to violate local data protection laws in order to conform with WHOIS policy. If there is a conflict of law and WHOIS policy, as process should be in place to allow for registrars to show such conflict and make appropriate changes needed for it to conform to the respective local laws." (See 1.4, 2.3, and 3.3). Please support this recommendation! ÊÊ
Ê ÊÊÊ
B. Opportunity to comment and shape the work ahead: Tiered Access
Background: The Registrars for a long time have proposed a Tiered Access
system. While they agree that all personal data should not be public,
Registrars do not want to be involved in the day to day task of screening all
the requests for domain name holders. Thus, they propose an automated
system for making personal data available to those who say they need it.
This system is called Tiered Access ("TA"). TA is a series of gates or
tiers. Still in formation, it is beginning to gain momentum. Comments now
would be very timely and useful! [Sections 2.4, 2.5, 3.4, 3.5]
1. Support the concept of "Tier 1" -- that personal or sensitive data including address, phone and email for individuals, organizations and even companies (such as small business) *would not* be published on the first Tier and not available to all. (Note: 3.5 recommendation proposes that a registrant could choose to put all this data into the WHOIS directory, but that would be his/her/its choice).
2. Argue that "Tier 2" needs to be much better defined. Registrars
call Tier 2 the place for "known users with known uses" to access
personal/sensitive domain name data. But what are the limits and
protections for domain name owners? These we must fight for. Please
think of your own ideas for protections against abuse, but here are some of
mine:
A. Tier 2 should still not publish all the personal/sensitive data.
Let it be name/email (ideally) or name/address
(alternatively). But not all the data.Ê
B. No unlimited access to the WHOIS database, even if you
are the world's most famous intellectual property law firm.
Although you are a "known user," you should still not have
infinite access to the WHOIS personal data and database.
Searches should be one by one, and for each and every
access, the user (however famous) should enter a clear and
specific text reason for the legal problem being raised by the
domain name and the legal reason for needing to contact the
domain name holder. This explanation must be sent to the
domain name holder.
C. The system must provide *immediate notification by email
to the domain name holder* whenever his/her/its
personal/sensitive data is released to any third party in Tier
2. Such immediate notification will allow domain name
holders to better protection themselves -- and flee if their
address (as a human rights organization, an abortion clinic,
or a woman with a stalking ex-spouse) has just been given
away. (Domain name holders should have the option to
"opt-out" of such immediate notification if their safety is not
in danger, perhaps for a weekly listing.)
3. Support the concept of a Tier 3 that all the data is available to ICANN-accredited registrars and registries for technical purposes, such as domain name transfers.
Task Force 2 Preliminary Report