NCUC statement on Whois Task force 1 (v3)
Whois Task Force 1 (TF1) deals with the relatively narrow issue of
restricting marketing users' access to Whois data through means other
than bulk access under license.
NCUC notes, however, that the results of Whois TF1 may have
implications for the other task forces, and vice versa. Our approach
to TF1 takes this into account and will be guided by the following
principles:
1. First and foremost, NCUC thinks it imperative that ICANN recognize
the well-established data protection principle that the purpose of data
and data collection processes must be well-defined before policies
regarding its use and access can be established. The purpose of Whois
originally was identification of domain owners for purposes of solving
technical problems. The purpose was _not_ to provide law enforcement
or other self-policing interests with a means of circumventing normal due
process requirements for access to contact information. None of the
current Whois Task Forces are mandated to revise the purpose of the
Whois directory. Therefore, the original, technical purpose
must be assumed until and unless ICANN initiates a new policy
development process to change it.
2. Second, based on input from the community NCUC does not believe it is
possible to develop technical mechanisms that can restrict port 43 or
port 80 access only to a specific type of purpose; e.g., "nonmarketing uses."
Access restrictions imposed by TF1 will inevitably apply to any whois user
regardless of purpose. Moreover, restricting Port 43 access while leaving
Port 80 open will only drive the automated processes to Port 80. Therefore
we question whether TF1 can achieve anything of value.
3. Third, given the limited scope of TF1, we think it important for the
task force to refrain from making judgments about the legitimacy of,
justifications for, or "need" for any non-marketing uses. It is outside the
scope of TF1 to make any such determinations. Accordingly, we will
oppose any access restriction policy based on classification of users.
4. Fourth, we note that automated scripts or programs using port 43 are
effectively a substitute for bulk access. According to George Papapavlou
of the European Union, under data protection law bulk access is a
"disproportionate, privacy infringing step, unless a very convincing,
specific case can be made which has to be followed by due process.
This applies not only to marketing but to any purpose." Therefore,
a policy determination on port 43 access is best made in conjunction
with a determination on bulk access, even though this is ruled out of
scope by the task force's description of work.
5. Fifth, the best way to stop abuse of ports 43 or 80 is to get data that is
valuable to spammers out of the public Whois database. Data that is in
Whois will be accessible to lots of people; therefore, privacy concerns
require getting data out of Whois or reducing access to it for all. This is,
of course, a matter for Whois Task force 2, dealing with data elements.
6. Our participation in the entire Whois process will try to make sure that
minor modifications in port 43 (or 80) access do not become an excuse
for doing nothing else to protect Internet users' privacy.
|