The Public Voice
 
NewsEventsTake ActionIssues & ResourcesAbout Us
 
News  

Non-Commercial Users Constituency Statement on WHOIS Task Force 3


WHOIS Task Force 3 (TF3) deals with the accuracy of WHOIS data, established to determine the best mechanisms to improve the quality of the data. The Non-Commercial Users Constituency (NCUC) approach to Task Force 3 is guided by the following principles:

- First, the NCUC does not believe that accuracy of WHOIS data is unconditionally desirable. These task forces were established with the assumption for task force 3 that accuracy is desirable in all cases and regardless of the extent of the WHOIS data elements. The NCUC recognizes the need to protect such extensive and public data from identity theft and spam and to protect freedom of speech. Submission of personally identifiable contact data should be a choice, not a requirement. Many people are indeed forced to enter incorrect data in order to protect themselves.

- Second, the NCUC thinks it imperative that ICANN recognize the well-established data protection principle that the purpose of data and data collection processes must be well-defined before policies regarding its use and access can be established. The purpose of WHOIS originally was identification of domain owners for purposes of solving technical problems. The purpose was _not_ to provide law enforcement or other self-policing interests with a means of circumventing normal due process requirements for access to contact information. None of the current WHOIS Task Forces are mandated to revise the purpose. Therefore, the original purpose must be assumed until and unless ICANN initiates a new policy development process to change it.

- Third, registrants should be allowed to protect their personally identifiable information, a protection recognized by the European Data Protection Directive, Article 29 Working Party, by the OECD Privacy Guidelines and by data protection legislation across the world. As George Papapavlou and Giovanni Buttarrelli pointed out, it is possible that WHOIS data accuracy requirements may indeed be breaking many of these laws. The NCUC submits that accuracy is desirable solely to the extent necessary to serve the purpose of the data collection and the interest of the data subject; accordingly, technical information should be accurate. However, there should be no penalization for inaccurate data entry given that the extent and the accessibility of the data currently required goes well beyond the purpose of data collection. As Papapavlou discussed, when there are various options to achieve a purpose, priority must be given to the least privacy-intrusive option.

- Fourth, while this task force was established with privacy defined as out of scope, privacy is key to accuracy of data entry. Data protection principles have to be implemented and enforced as a whole. The best way to improve the accuracy is to provide privacy and security. Show registrants that their data will be safeguarded, that their e-mail accounts will be protected from spam and that they themselves will be protected from stalkers and other criminals, and they will be more likely to enter accurate data. Users will continue to feel the need to protect their privacy by their own means, to defend themselves, if the policies of WHOIS data do not.

- Finally, if there is a way to facilitate accuracy of data for those who wish to submit accurate data, in other words opt-in, the NCUC would be supportive. We are against, however, calls to require accurate data entry and penalize or even criminalize those who choose not to. This task force has reached out to various companies in order to collect data on verification procedures, but has found this process difficult (ironically, because companies are concerned with the privacy of their policies and procedures). The responses submitted to the TF3 questionnaire are sparse. We do not have enough data to allow Task Force 3 to reach any conclusion of best practices for verifying accuracy. However, this Task Force has received testimony that domain name holders in numerous cases are having a very difficult time updating, revising and changing their own data. This is currently the most important issue facing the task force: that the data subjects themselves cannot update their domain name information. Further, it is a violation of the EU Privacy Directive. Accordingly, this TF must first take on clear proposals for revisions of the procedures by which registrars, thick registries, and resellers handle instructions from domain name holders to update and/or correct domain name data. These procedures must include: clear instructions to domain name holders on how to update their information; special email addresses for expedited and priority handling of such updates; and TF3-proposed revisions to the Registrars Accreditation Agreement to insure that the EU Privacy Directive rules on the ability of domain name holders to update and policy the accuracy of their own data is ensured and followed.



Task Force 3 Preliminary Report

 
 
Current News
Archive
The Megaphone
(Newsletter of the Public Voice)

 
 
Top  
Home