Pleased to add my name Kathy.

Sincerely,

Walid
On Mar 13, 2015 7:13 PM, "Kathy Kleiman" <[log in to unmask]> wrote:

>
>   Dear All,
>
> Attached please find an important set of comments. They are to the Whois
> Accuracy Pilot Study Report – by a group of researchers at the University
> of Chicago called NORC. Buried in this report turns out to be a many
> issues important to us in the Whois domain name registration databases –
> including the question of postal addresses (should we be validating and
> publishing the physical addresses of political dissident groups, religious
> minorities, girls’ schools in areas where many do not like girls education?
> Is there a danger to be evaluated *before* we undertake this new policy?)
>
>
>
>
> Identity Validation is a very open question as well, yet NORC seems ready
> to start work in this area. I have written a set of questions that say STOP
> – and let’s consider the policy implications of these acts before we
> develop plans to put them into effect. The comments are below (with a full
> copy attached).
>
>
>
> *They are due tonight!  If you can sign on, please do. Please let me know
> your name and/or organization and/or country.*
>
>
>
> Great tx to Stephanie Perrin for editing! Here are some thoughts of
> members on our Policy Committee:
>
> -         Kathy’s drafted, what I believe to be, an excellent comment in
> response. – Amr Elsadr
>
> -         Great job Kathy!!  I support this document.  -- Stephanie Perrin
>
> -         Feel free to add my name as endorsing the document – Ed Morris
>
>
>
> Best and tx!!
> Kathy (Kleiman)
>
>
> * WHOIS Accuracy Pilot Study Report*
>
> Burying Extremely Divisive Policy Questions in a Technical Implementation
> Report Written by an ICANN Contractor is Improper and, in this Case,
> Dangerous
>
>
>  These are comments written in response to the WHOIS Accuracy Pilot Study
> Report.  Buried in this Report – which purports to be an implementation
> report of an ICANN Contractor (NORC/University of Chicago) -- are some of
> the most controversial and unsettled issues in ICANN policy discussions and
> history. These issues are the subject of deep and bitter divides over many
> years of ICANN work, the subject of interest across the world, and the
> focus of a series of explosive comments in Singapore when the ICANN
> Community began to realize what was happening.
>
>
>  It is inappropriate in the extreme, for ICANN policy issues to be buried
> in a ICANN Contractor’s implementation report, and even further, deep in
> its Appendix B,* Next Steps for the Development of the WHOIS Accuracy
> Report System (ARS). *  This follows pages of study “methods and
> approach” language and sample design which are obscure even to those who
> follow Whois policy issues on a regular basis.  We submit that after the
> many years of heated controversy over this topic, it is disingenuous at the
> very least to allow this to happen policy debate to continue its
> development in this manner.
>
> We are deeply concerned that ICANN Staff has not flagged this Report, or
> this Comment Proceeding, for what it appears to be – a process to seek
> permission from the ICANN Community for the:
>
> a)      *wholesale checking of the physical addresses of online speakers
> across the world (whether using domain names for political speech, personal
> speech, or religious, ethnic or sexual minority expression)* thus
> creating an unprecedented inextricable link between a speaker and her
> physical location, and
>
>
>
> b)      *the* *radical new concept of Identity Validation for each and
> every domain name Registrant to the ICANN Community, *a concept with
> inconceivable implications for political, ethnic and religious minorities
> worldwide, as well as entrepreneurs, emerging organizations and those
> operating today without identities who seek to create them.
>
>
>
> We respectfully add the issues below to this debate.
>
>
>
> *I.       **ICANN has never been given a mandate for Address Checking on
> a Massive Scale*
>
> Although the Contractor’s Report seems to suggest that the ICANN Community
> has approved the massive checking of postal addresses in the existing gTLD
> Whois databases, that is not the case.
>
>
> A.     The Whois Review Team Final Report set the standard of
> “contactability” -- reaching the domain name registrant with questions and
> concerns – not absolute accuracy of all data in the whois
>
> The Current NORC Study (2014) and its accompanying ICANN Staff Summary
> accompanying this NORC’s Pilot Report misrepresent the WHOIS Policy Review
> Team Final Report and its Recommendations.  The goal of the Whois Review
> Team was “Contactibility” and “Reachability” of the Registrant. To this end
> WHOIS Policy Review Team Final Report looked “holistically” at the Whois
> record and did not seek the accuracy of each and every element of a
> Registrant’s Whois record.
>
>
> Specifically, the NORC Report of 2009/2010 (an earlier report called the
> NORC Data Accuracy Study) created five categories for ranking the data
> quality of a Whois record: *Full Failure* (overwhelmingly inaccurate); *Substantial
> Failure* (most data inaccurate); *Limited Failure* (data to some degree
> present and considered useful); *Minimal Failure* (may benefit from
> additional information, but data provided is accurate) and *No Failure *(data
> complete and accurate).
>
>
> * The Whois Review Team called for ICANN to significantly reduce the
> number of “Full Failure” and “Substantial Failure” Whois Records ---
> Avoidance of “No Failure” was not a goal at all.  *As shared many times
> in meetings of the Whois Review Team and members of the ICANN Community,
> including the GAC, what the WHOIS Review Team recommended was that Whois
> information be sufficiently available and accurate for the Registrant to be
> reached –for legitimate technical, administrative and other questions:
> [Recommendation] “*6. ICANN should take appropriate measures to reduce
> the number of WHOIS registrations that fall into the accuracy groups
> Substantial Failure and Full Failure (as defined by the NORC Data Accuracy
> Study, 2009/10) by 50% within 12 months and by 50% again over the following
> 12 months.*”
>
>
> Thus, for the Whois Review Team, “No Failure” (full accuracy of all
> fields) was *not the goal*;  “contactability” and “reachability” of
> Registrants was.
>
>
>         B. 2013 Registrar Accreditation Agreement
>
>
> The WHOIS Review Team Final Report noted that efforts were already
> underway to improve accuracy and contactibility of Registrants in the
> then-pending “direct negotiations with Registrars on revisions to the RAA.”
> These negotiations resulted in the 2013 RAA which furthered the goal of
> reaching Registrants through verified phone numbers and email addresses:
>
>             1.f : “Verify:
>
>                                                 i.      the email address
> of the Registered Name Holder (and, if different, the Account Holder) by
> sending an email requiring an affirmative response through a tool-based
> authentication method such as providing a unique code that must be returned
> in a manner designated by the Registrar, or
>
>                                               ii.      the telephone
> number of the Registered Name Holder (and, if different, the Account
> Holder) by either (A) calling or sending an SMS to the Registered Name
> Holder's telephone number providing a unique code that must be returned in
> a manner designated by the Registrar, or (B) calling the Registered Name
> Holder's telephone number and requiring the Registered Name Holder to
> provide a unique code that was sent to the Registered Name Holder via web,
> email or postal mail.
>
> As with the Final Report of the Whois Review Team, the goal of the 2013
> RAA was “contactability” and “reachability” of the domain name Registrant
> for technical or administrative questions by third parties.
>
> C.     Where Did the “No Failure” Standard Come From for NORC – the
> Validation and Verification of Each and Every Whois Element Without Policy
> Processes or Assessments of the Risks and Harms?
>
> Consistent with the Whois Review Team Final Report and the 2013 RAA, we
> can understand the NORC methodology and approach to checking email
> addresses and telephone numbers – but postal address validation?  Where
> is the underlying GNSO Policy driving this direction to NORC from ICANN
> Staff?
>
> *Where is the assessment of the risks and benefits of updating the
> physical addresses of hundreds of millions of political, personal,
> religious, ethnic and sexual speakers – including dissidents, minorities
> and those discriminated against by the laws and customs of various regions?*
>  Where is NORC evaluating the wholesale and massive verification of
> postal address in the existing gTLD WHOIS databases without such an
> assessment?  How did ICANN Staff come to direct it?
>
>
> The NORC Contractor seems to have jumped from the logical – checking email
> and phone – to checking physical addresses.  But this leap from an open
> and undecided policy question to a mere implementation issue should be
> disturbing to everyone in the ICANN Community. What we know from history
> and the most tragic of recent events is that speech and physical location
> are a dangerous combination.
>
>
> When individuals armed with automatic rifles wish to express their
> disagreement with the legal speech of a satirical magazine, they find the
> location in Paris and kill writers, publishers and cartoonists.  When
> they want to express contempt for those practicing another religion, they
> bring their guns to kosher grocery stores in Paris and synagogues in
> Copenhagen. Tracking down and beheading Christian minorities is a horror
> of daily life in some parts of the world.
>
>
> The UN Declaration of Human Rights, adopted in 1948, states:
>
>    - Everyone has the right to freedom of opinion and expression; this
>    right includes freedom to hold opinions without interference and to seek,
>    receive and impart information and ideas through any media and regardless
>    of frontiers.
>
>
> It does not say that everyone must put their address on that speech.
> Where, as here, the Internet has become the major path of communication for
> that speech, the requirement of a physical address for every speaker may
> well violate the requirement of the right to speak and the protection for
> that expression.
>
>
> Further, the validation of postal addresses represents a major change of
> policy – one not mandated or requested by the Whois Review Team, the 2013
> RAA or by any Policy-Development Team we know of.
>
> Who has evaluated the impact and dangers of wholesale adoption of postal
> address validation of the long-existing gTLD Whois databases– especially in
> a world that has changed dramatically in the last few years – where entire
> governments have risen and fallen, where formerly free countries and
> regions are enslaved by terrorist organizations and a new set of dictators?
> While proxy/privacy registrations are available, *they are a costly
> luxury for many and completely unknown to others*.
>
>
> The mandatory validation of the massive number of postal addresses in the
> gTLD Whois database – as appears to be the policy proposal buried between
> methodology and sample sizes in the Contractor’s report -- will result in
> the dangerous, harmful, even life-threatening exposure of those using their
> domain names for nothing more than communicating their ideas, concerns,
> political hopes, and religious meetings via private streams of domain name
> communications, such as on listservs and email addresses, and more public
> resources including websites and blogs.
>
>
> No policy we know has ever directed ICANN Staff to instruct a Contractor
> to engage in massive Postal Address Validation – and no policy development
> process we know has studied, weighed, debated or valued the enormous impact
> to speech and expression of going back over 25+ years of domain names
> registrations to suddenly “correct” the postal address and thereby expose
> battered women’s shelters, women’s schools in Pakistan, pro-democracy
> groups, family planning groups and LBGQT locations worldwide.
>
>
> If this is the policy we in ICANN choose to adopt in the future (as we
> certainly have NOT adopted it already), then it will require enormous
> amounts of preparation, notice and warning to gTLD domain name
> registrants on a global scale.  Absent that, we know (without doubt or
> hyperbole) that ICANN will have blood on its hands.
>
> Overall, ICANN’s Contractor NORC seems to have jumped into policy-making,
> not mere implementation.
>
>
> * II. *      *Identity Validation – Really? *
>
>
> Buried deep in Appendix B, of the Contractor’s Report, behind “syntactic
> accuracy” and “operational accuracy” is the explosive issue of “exploring
> accuracy from an identity perspective” (page 45).
>
> At no time has ICANN ever held a Policy Development Processes on Identity
> Validation. Accordingly, where does this guidance from ICANN to its
> Contractor to explore identity validation implementation come from?  For
> those who attended the public Whois meeting in LA, this issue certainly was
> not flagged in the discussion; for those who attended the public meeting in
> Singapore, this issue was introduced and IMMEDIATELY FLAGGED as intensely
> controversial and divisive.
>
>
> Identity validation of those engaged in freedom of expression, publishing
> and political discussion is a deeply controversial prospect – and one with
> heartfelt objection and opposition grounded in history and law.  The United
> States, for example, sought to be free of England in part because of the
> mandatory licensing of its printing presses – and the arrest of all who
> published objections to actions of the English crown.  Pamphlets issued
> without names and addresses are not just a cultural right in the US, but
> a constitutional one.  *McIntyre vs. **Ohio** Elections Commission, 514 *
> *U.S.** 334 (US Supreme Court, 1995). *
>
>
> A.     The GAC asked for a weighing of the risks and benefits
>
> We note that the GAC has not issued policy in this area.  According to
> the “Brief Overview” provided by ICANN as introduction to this Contractor
> Report and this public comment period, the GAC “asked for an assessment of
> the feasibility, costs and benefits of conducting identity validation as
> part of the development of the ARS.”
>
>
> Nowhere in this report do we see any assessment of the costs, delays,
> risks and harms that might be incurred by gTLD Registrants, Registrars and
> Registries worldwide if identity validation were adopted. Nowhere do we
> even see an analysis of how identity validation takes places, what happens
> when a minority seeks to register, or when a speaker must disclose and show
> her identification as the cost of signing up for a domain name highlighting
> family planning, women rights, or women’s education in parts of the world
> not as conducive to these fundamental rights and basic principles.  Must
> she go through her father for this too?
>
>
> B.     ICANN has promised a policy making process.
>
> In his response to the GAC on this issue, Dr. Crocker noted concerns:
>
> The costs of operating the Accuracy Reporting System are largely dependent
>
> upon the number of WHOIS records to be examined, as well as the level of
>
> validation (syntactic, operational, or identity). For example, the initial
>
> responses to the ICANN RFP reveal that identity validation services are
> both
>
> costly and difficult to administer on a global basis. *There may also be
> data*
>
> *protection and privacy issues of concern to the community when conducting*
>
> *extensive identity validation on WHOIS records.* Hence, the costs of
>
> completing the development of Phase 3 will be determined based on
>
> engagement with the community to identify the appropriate level of identity
>
> validation for ICANN to conduct, as well as the costs associated with
>
> performing identity validation on a global scale. (
> https://www.icann.org/en/system/files/correspondence/crocker-to-dryden-02sep14-en.pdf,
> emphasis added.)
>
>
> As always, policy development must proceed implementation. We call on
> ICANN to take this discussion out of the recesses of a Contractor report,
> and into the light of the policy development process.
>
>
> *         III**. Wide Outreach Needed*
> One thing the Whois Review Team did note in its Final Review is the need
> for clear and concerted outreach on issues that impact the Whois: “We found
> great interest in the WHOIS policy among a number of groups that do not
> traditionally participate in ICANN’s more technical proceedings.  They
> include the law enforcement community, Data Protection Commissioners, and
> the privacy community more generally.”  The Whois Review Team’s
> recommendation specifically call for active and concerted outreach to these
> communities of its issue:
>
> *Recommendation 3 - Outreach *
>
> ICANN should ensure that WHOIS policy issues are accompanied by
> cross-community outreach, including outreach to the communities outside of
> ICANN with a specific interest in the issues, and an ongoing program for
> consumer awareness.
>
>
> That has clearly not happened here – when so much of substance is buried
> so deeply in the back of a report. When will ICANN be undertaking clear,
> robust global Outreach on these important freedom of expression and privacy
> issues and implications?
>
>
> * IV.              **Finally, let’s Add Policy Staff and Freedom of
> Expression and Data Protection Expertise*
>
> We ask that an ICANN Staff deeply steeped in data protection and freedom
> of expression laws and rights be brought on to work on the development of
> these address and identity issues. We understand that ICANN feels previous
> backgrounds of its staffers do not limit their activities, but the
> perception and reality of this issue would be considered much more balanced
> if the ICANN Staffers of the project hailed from an array of backgrounds
> and had represented multiple sides of this issue in their prior lives.
>
>
> * V.                 **Conclusion*
>
> We can’t bury wholesale physical address checking and the new concept of
> identity validation in the back of a Contractor Report.  These are NOT
> policies examined or endorsed by the whole of the ICANN or even the GNSO
> communities, nor policies evaluated yet by the whole of the ICANN
> Community. The risks and benefits must be assessed before the
> implementation is planned.
>
>
> Signed,
>
>
> MEMBERS OF THE NONCOMMERCIALS STAKEHOLDERS GROUP
> [name, and/or organization, and/or country]
>