LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	GAC Communique Human Rights Impact Assessment
From:	farzaneh badii <[log in to unmask]>
Reply To:	farzaneh badii <[log in to unmask]>
Date:	Sat, 16 Dec 2023 18:39:37 -0500
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (2943 bytes) , text/html (12 kB)

Hi NCSG

I have started doing HRIA on GAC Communiques. I started with a Communique
in Cancun.

If NCSG and NCSG Policy Committee wants to, they can send this (with
amendments and comments) as a letter to the Board. I am hopefully going to
periodically do that and the next one is the GAC communique on urgent
requests. Link to document to comment on:
https://docs.google.com/document/d/1kmXgKaob7lIULB_6dXIepeZ7l2e6AzAJcfzAhuBKSEg/edit?usp=sharing

The text:

Governments asking for confidentiality of law enforcement requests for
access to domain name registrants personal, private data: A human rights
impact assessment

WHOIS Disclosure System

a. The GAC advises the Board:

i. To direct ICANN org to promptly engage with the PSWG to identify and
advance

solutions for confidentiality of law enforcement requests so as not to
preclude

participation by law enforcement requesters when measuring usage of the
WHOIS

Disclosure System.

Governmental Advisory Committee/ Cancun, Mexico, 2023
<https://www.icann.org/en/system/files/correspondence/gac-to-icann-20mar23-en.pdf>

Sources used: Business Social Responsibility Rapid Human Rights Assessment:
https://www.bsr.org/files/BSR-Rapid-HRDD-Political-Armed-Conflict-Tool.pdf

Rapid human rights impact assessment:

The situation: WHOIS is the directory that includes the domain name
registrants private, personal, sensitive data such as phone numbers,
physical addresses and email addresses. Domain name owners can set up
websites around the world. This database was public and accessible for
years until General Data Protection Regulation came into effect which
required redaction of data. However, GDPR also had provisions for
disclosing the private data to third parties with a legitimate purpose.
GDPR is vague on how such disclosure can take place.


Rightsholders: Rightsholders in this situation are domain name registrants.

Impacted vulnerable communities: potential impacted communities can be
minority groups that discuss sensitive issues on their blog that are
unfairly illegal in their countries. Such as minority religious groups,
minority political oppositions and others.

What is the severity of the actual or potential human rights impact?

Unfair arrest, potential imprisonment, illegal house raids, cruel
punishments

What are the potential long-term implications of the situation?

Decrease in use of domain names and public websites for exercising
fundamental rights

Inaccuracy of the database

Peer companies that are taking action that the company can consult with
directly?

Regional Internet Registries that have similar WHOIS databases do not make
the requests confidential, they report on which countries asked for the
data in their transparency reports (See RIPE NCC)
https://www.ripe.net/publications/lea-documents

What can ICANN do to avoid, prevent, or mitigate the actual or potential
human rights impacts?

ICANN should not grant law enforcement agencies the option to seek
disclosure of data confidentially from the registrars.



Farzaneh

ATOM RSS1 RSS2

LISTSERV.SYR.EDU