Hi,

Thanks to everyone who sent in a response indicating support to this thread. I’ve sent in the attached copy of the statement as NCSG input, but Kathy was kind enough to list everyone who endorsed the comment. The public comment period closes in about 90 minutes, but it is still sometimes possible to send in responses shortly after it is closed.

If anyone else would like to be listed as a supporter, you can do this by responding (sooner better than later) to this thread, or send in an email to [log in to unmask] indicating your support to the NCSG statement.

The attached NCSG statement should be made available here very soon as well: http://forum.icann.org/lists/comments-whois-ars-pilot-23dec14/

Thanks.

Amr





On Mar 13, 2015, at 10:06 PM, Tapani Tarvainen <[log in to unmask]> wrote:

> Please add my name as well.
> 
> -- 
> Tapani Tarvainen
> 
> On Fri, Mar 13, 2015 at 02:54:52PM -0400, Nicolas Adam ([log in to unmask]) wrote:
> 
>> Please add my name also. Good work.
>> 
>> Nicolas Adam
>> 
>> On 13/03/2015 2:11 PM, Kathy Kleiman wrote:
>>> 
>>> 
>>> Dear All,
>>> 
>>> Attached please find an important set of comments. They are to the
>>> Whois Accuracy Pilot Study Report – by a group of researchers at
>>> the University of Chicago called NORC. Buried in this report turns
>>> out to be a many issues important to us in the Whois domain name
>>> registration databases – including the question of postal
>>> addresses (should we be validating and publishing the physical
>>> addresses of political dissident groups, religious minorities,
>>> girls’ schools in areas where many do not like girls education?Is
>>> there a danger to be evaluated *before* we undertake this new
>>> policy?)
>>> 
>>> Identity Validation is a very open question as well, yet NORC
>>> seems ready to start work in this area. I have written a set of
>>> questions that say STOP – and let’s consider the policy
>>> implications of these acts before we develop plans to put them
>>> into effect. The comments are below (with a full copy attached).
>>> 
>>> *They are due tonight!If you can sign on, please do. Please let me
>>> know your name and/or organization and/or country.*
>>> 
>>> **
>>> 
>>> Great tx to Stephanie Perrin for editing! Here are some thoughts
>>> of members on our Policy Committee:
>>> 
>>> -Kathy’s drafted, what I believe to be, an excellent comment in
>>> response. – Amr Elsadr
>>> 
>>> -Great job Kathy!!  I support this document.  -- Stephanie Perrin
>>> 
>>> -Feel free to add my name as endorsing the document – Ed Morris
>>> 
>>> Best and tx!!
>>> Kathy (Kleiman)
>>> 
>>> *
>>> WHOIS Accuracy Pilot Study Report*
>>> 
>>> Burying Extremely Divisive Policy Questions in a Technical
>>> Implementation Report Written by an ICANN Contractor is Improper
>>> and, in this Case, Dangerous
>>> 
>>> 
>>> These are comments written in response to the WHOIS Accuracy Pilot
>>> Study Report. Buried in this Report – which purports to be an
>>> implementation report of an ICANN Contractor (NORC/University of
>>> Chicago) -- are some of the most controversial and unsettled
>>> issues in ICANN policy discussions and history. These issues are
>>> the subject of deep and bitter divides over many years of ICANN
>>> work, the subject of interest across the world, and the focus of a
>>> series of explosive comments in Singaporewhen the ICANN Community
>>> began to realize what was happening.
>>> 
>>> 
>>> It is inappropriate in the extreme, for ICANN policy issues to be
>>> buried in a ICANN Contractor’s implementation report, and even
>>> further, deep in its Appendix B,/Next Steps for the Development of
>>> the WHOIS Accuracy Report System (ARS). /This follows pages of
>>> study “methods and approach” language and sample design which are
>>> obscure even to those who follow Whois policy issues on a regular
>>> basis.We submit that after the many years of heated controversy
>>> over this topic, it is disingenuous at the very least to allow
>>> this to happen policy debate to continue its development in this
>>> manner.
>>> 
>>> We are deeply concerned that ICANN Staff has not flagged this
>>> Report, or this Comment Proceeding, for what it appears to be – a
>>> process to seek permission from the ICANN Community for the:
>>> 
>>> a)*wholesale checking of the physical addresses of online speakers
>>> across the world (whether using domain names for political speech,
>>> personal speech, or religious, ethnic or sexual minority
>>> expression)*thus creating an unprecedented inextricable link
>>> between a speaker and her physical location, and
>>> 
>>> b)*the**radical new concept of Identity Validation for each and
>>> every domain name Registrant to the ICANN Community, *a concept
>>> with inconceivable implications for political, ethnic and
>>> religious minorities worldwide, as well as entrepreneurs, emerging
>>> organizations and those operating today without identities who
>>> seek to create them.
>>> 
>>> We respectfully add the issues below to this debate.
>>> 
>>> *I.**ICANN has never been given a mandate for Address Checking on
>>> a Massive Scale*
>>> 
>>> Although the Contractor’s Report seems to suggest that the ICANN
>>> Community has approved the massive checking of postal addresses in
>>> the existing gTLD Whois databases, that is not the case.
>>> 
>>> 
>>> A.The Whois Review Team Final Report set the standard of
>>> “contactability” -- reaching the domain name registrant with
>>> questions and concerns – not absolute accuracy of all data in the
>>> whois
>>> 
>>> The Current NORC Study (2014) and its accompanying ICANN Staff
>>> Summary accompanying this NORC’s Pilot Report misrepresent the
>>> WHOIS Policy Review Team Final Report and its Recommendations. The
>>> goal of the Whois Review Team was “Contactibility” and
>>> “Reachability” of the Registrant. To this end WHOIS Policy Review
>>> Team Final Report looked “holistically” at the Whois record and
>>> did not seek the accuracy of each and every element of a
>>> Registrant’s Whois record.
>>> 
>>> 
>>> Specifically, the NORC Report of 2009/2010 (an earlier report
>>> called the NORC Data Accuracy Study) created five categories for
>>> ranking the data quality of a Whois record: *Full Failure*
>>> (overwhelmingly inaccurate); *Substantial Failure* (most data
>>> inaccurate); *Limited Failure* (data to some degree present and
>>> considered useful); *Minimal Failure* (may benefit from additional
>>> information, but data provided is accurate) and *No Failure *(data
>>> complete and accurate).
>>> 
>>> */
>>> The Whois Review Team called for ICANN to significantly reduce the
>>> number of “Full Failure” and “Substantial Failure” Whois Records
>>> --- Avoidance of “No Failure” was not a goal at all./*As shared
>>> many times in meetings of the Whois Review Team and members of the
>>> ICANN Community, including the GAC, what the WHOIS Review Team
>>> recommended was that Whois information be sufficiently available
>>> and accurate for the Registrant to be reached –for legitimate
>>> technical, administrative and other questions: [Recommendation]
>>> “*6. ICANN shouldtakeappropriatemeasurestoreduce thenumberofWHOIS
>>> registrationsthatfallintotheaccuracygroupsSubstantial Failureand
>>> Full Failure(asdefinedbytheNORCDataAccuracyStudy,2009/10)by50%within12months
>>> andby50%againoverthefollowing12months.*”
>>> 
>>> 
>>> Thus, for the Whois Review Team, “No Failure” (full accuracy of
>>> all fields) was */not the goal/*;“contactability” and
>>> “reachability” of Registrants was.
>>> 
>>> 
>>>       B. 2013 Registrar Accreditation Agreement
>>> 
>>> 
>>> The WHOIS Review Team Final Report noted that efforts were already
>>> underway to improve accuracy and contactibility of Registrants in
>>> the then-pending “direct negotiations with Registrars on revisions
>>> to the RAA.” These negotiations resulted in the 2013 RAA which
>>> furthered the goal of reaching Registrants through verified phone
>>> numbers and email addresses:
>>> 
>>> 1.f : “Verify:
>>> 
>>> i.the email address of the Registered Name Holder (and, if
>>> different, the Account Holder) by sending an email requiring an
>>> affirmative response through a tool-based authentication method
>>> such as providing a unique code that must be returned in a manner
>>> designated by the Registrar, or
>>> 
>>> ii.the telephone number of the Registered Name Holder (and, if
>>> different, the Account Holder) by either (A) calling or sending an
>>> SMS to the Registered Name Holder's telephone number providing a
>>> unique code that must be returned in a manner designated by the
>>> Registrar, or (B) calling the Registered Name Holder's telephone
>>> number and requiring the Registered Name Holder to provide a
>>> unique code that was sent to the Registered Name Holder via web,
>>> email or postal mail.
>>> 
>>> As with the Final Report of the Whois Review Team, the goal of the
>>> 2013 RAA was “contactability” and “reachability” of the domain
>>> name Registrant for technical or administrative questions by third
>>> parties.
>>> 
>>> C.Where Did the “No Failure” Standard Come From for NORC – the
>>> Validation and Verification of Each and Every Whois Element
>>> Without Policy Processes or Assessments of the Risks and Harms?
>>> 
>>> Consistent with the Whois Review Team Final Report and the 2013
>>> RAA, we can understand the NORC methodology and approach to
>>> checking email addresses and telephone numbers – but postal
>>> address validation?Where is the underlying GNSO Policy driving
>>> this direction to NORC from ICANN Staff?
>>> 
>>> */Where is the assessment of the risks and benefits of updating
>>> the physical addresses of hundreds of millions of political,
>>> personal, religious, ethnic and sexual speakers – including
>>> dissidents, minorities and those discriminated against by the laws
>>> and customs of various regions?/*Where is NORC evaluating the
>>> wholesale and massive verification of postal address in the
>>> existing gTLD WHOIS databases without such an assessment?How did
>>> ICANN Staff come to direct it?
>>> 
>>> 
>>> The NORC Contractor seems to have jumped from the logical –
>>> checking email and phone – to checking physical addresses. But
>>> this leap from an open and undecided policy question to a mere
>>> implementation issue should be disturbing to everyone in the ICANN
>>> Community. What we know from history and the most tragic of recent
>>> events is that speech and physical location are a dangerous
>>> combination.
>>> 
>>> 
>>> When individuals armed with automatic rifles wish to express their
>>> disagreement with the legal speech of a satirical magazine, they
>>> find the location in Parisand kill writers, publishers and
>>> cartoonists. When they want to express contempt for those
>>> practicing another religion, they bring their guns to kosher
>>> grocery stores in Parisand synagogues in Copenhagen. Tracking down
>>> and beheading Christian minorities is a horror of daily life in
>>> some parts of the world.
>>> 
>>> 
>>> The UN Declaration of Human Rights, adopted in 1948, states:
>>> 
>>> * Everyone has the right to freedom of opinion and expression; this
>>>   right includes freedom to hold opinions without interference and
>>>   to seek, receive and impart information and ideas through any
>>>   media and regardless of frontiers.
>>> 
>>> 
>>> It does not say that everyone must put their address on that
>>> speech. Where, as here, the Internet has become the major path of
>>> communication for that speech, the requirement of a physical
>>> address for every speaker may well violate the requirement of the
>>> right to speak and the protection for that expression.
>>> 
>>> 
>>> Further, the validation of postal addresses represents a major
>>> change of policy – one not mandated or requested by the Whois
>>> Review Team, the 2013 RAA or by any Policy-Development Team we
>>> know of.
>>> 
>>> Who has evaluated the impact and dangers of wholesale adoption of
>>> postal address validation of the long-existing gTLD Whois
>>> databases– especially in a world that has changed dramatically in
>>> the last few years – where entire governments have risen and
>>> fallen, where formerly free countries and regions are enslaved by
>>> terrorist organizations and a new set of dictators? While
>>> proxy/privacy registrations are available, */they are a costly
>>> luxury for many and completely unknown to others/*.
>>> 
>>> 
>>> The mandatory validation of the massive number of postal addresses
>>> in the gTLD Whois database – as appears to be the policy proposal
>>> buried between methodology and sample sizes in the Contractor’s
>>> report -- will result in the dangerous, harmful, even
>>> life-threatening exposure of those using their domain names for
>>> nothing more than communicating their ideas, concerns, political
>>> hopes, and religious meetings via private streams of domain name
>>> communications, such as on listservs and email addresses, and more
>>> public resources including websites and blogs.
>>> 
>>> 
>>> No policy we know has ever directed ICANN Staff to instruct a
>>> Contractor to engage in massive Postal Address Validation – and no
>>> policy development process we know has studied, weighed, debated
>>> or valued the enormous impact to speech and expression of going
>>> back over 25+ years of domain names registrations to suddenly
>>> “correct” the postal address and thereby expose battered women’s
>>> shelters, women’s schools in Pakistan, pro-democracy groups,
>>> family planning groups and LBGQT locations worldwide.
>>> 
>>> 
>>> If this is the policy we in ICANN choose to adopt in the future
>>> (as we certainly have NOT adopted it already), then it will
>>> require enormous amounts of preparation, notice and warning to
>>> gTLD domain name
>>> registrants on a global scale. Absent that, we know (without doubt
>>> or hyperbole) that ICANN will have blood on its hands.
>>> 
>>> Overall, ICANN’s Contractor NORC seems to have jumped into
>>> policy-making, not mere implementation.
>>> 
>>> *
>>> II. ****Identity Validation – Really? *
>>> 
>>> 
>>> Buried deep in Appendix B, of the Contractor’s Report, behind
>>> “syntactic accuracy” and “operational accuracy” is the explosive
>>> issue of “exploring accuracy from an identity perspective” (page
>>> 45).
>>> 
>>> At no time has ICANN ever held a Policy Development Processes on
>>> Identity Validation. Accordingly, where does this guidance from
>>> ICANN to its Contractor to explore identity validation
>>> implementation come from?For those who attended the public Whois
>>> meeting in LA, this issue certainly was not flagged in the
>>> discussion; for those who attended the public meeting in
>>> Singapore, this issue was introduced and IMMEDIATELY FLAGGED as
>>> intensely controversial and divisive.
>>> 
>>> 
>>> Identity validation of those engaged in freedom of expression,
>>> publishing and political discussion is a deeply controversial
>>> prospect – and one with heartfelt objection and opposition
>>> grounded in history and law. The United States, for example,
>>> sought to be free of Englandin part because of the mandatory
>>> licensing of its printing presses – and the arrest of all who
>>> published objections to actions of the English crown. Pamphlets
>>> issued without names and addresses are not just a cultural right
>>> in the US, but a constitutional one./McIntyre vs.
>>> //Ohio//Elections Commission, 514 //U.S.//334 (US Supreme Court,
>>> 1995). /
>>> 
>>> 
>>> A.The GAC asked for a weighing of the risks and benefits
>>> 
>>> We note that the GAC has not issued policy in this area. According
>>> to the “Brief Overview” provided by ICANN as introduction to this
>>> Contractor Report and this public comment period, the GAC “asked
>>> for an assessment of the feasibility, costs and benefits of
>>> conducting identity validation as part of the development of the
>>> ARS.”
>>> 
>>> 
>>> Nowhere in this report do we see any assessment of the costs,
>>> delays, risks and harms that might be incurred by gTLD
>>> Registrants, Registrars and Registries worldwide if identity
>>> validation were adopted. Nowhere do we even see an analysis of how
>>> identity validation takes places, what happens when a minority
>>> seeks to register, or when a speaker must disclose and show her
>>> identification as the cost of signing up for a domain name
>>> highlighting family planning, women rights, or women’s education
>>> in parts of the world not as conducive to these fundamental rights
>>> and basic principles. Must she go through her father for this too?
>>> 
>>> 
>>> B.ICANN has promised a policy making process.
>>> 
>>> In his response to the GAC on this issue, Dr. Crocker noted concerns:
>>> 
>>> The costs of operating the Accuracy Reporting System are largely dependent
>>> 
>>> upon the number of WHOIS records to be examined, as well as the level of
>>> 
>>> validation (syntactic, operational, or identity). For example, the initial
>>> 
>>> responses to the ICANN RFP reveal that identity validation
>>> services are both
>>> 
>>> costly and difficult to administer on a global basis. */There may
>>> also be data/*
>>> 
>>> */protection and privacy issues of concern to the community when
>>> conducting/*
>>> 
>>> */extensive identity validation on WHOIS records./*Hence, the costs of
>>> 
>>> completing the development of Phase 3 will be determined based on
>>> 
>>> engagement with the community to identify the appropriate level of
>>> identity
>>> 
>>> validation for ICANN to conduct, as well as the costs associated with
>>> 
>>> performing identity validation on a global scale. (https://www.icann.org/en/system/files/correspondence/crocker-to-dryden-02sep14-en.pdf,
>>> emphasis added.)
>>> 
>>> 
>>> As always, policy development must proceed implementation. We call
>>> on ICANN to take this discussion out of the recesses of a
>>> Contractor report, and into the light of the policy development
>>> process.
>>> 
>>> *
>>>       III**. Wide Outreach Needed*
>>> 
>>> One thing the Whois Review Team did note in its Final Review is
>>> the need for clear and concerted outreach on issues that impact
>>> the Whois: “We found great interest in the WHOIS policy among a
>>> number of groups that do not traditionally participate in ICANN’s
>>> more technical proceedings. They include the law enforcement
>>> community, Data Protection Commissioners, and the privacy
>>> community more generally.”The Whois Review Team’s recommendation
>>> specifically call for active and concerted outreach to these
>>> communities of its issue:
>>> 
>>> */Recommendation 3 - Outreach /*
>>> 
>>> ICANN should ensure that WHOIS policy issues are accompanied by
>>> cross-community outreach, including outreach to the communities
>>> outside of ICANN with a specific interest in the issues, and an
>>> ongoing program for consumer awareness.
>>> 
>>> 
>>> That has clearly not happened here – when so much of substance is
>>> buried so deeply in the back of a report. When will ICANN be
>>> undertaking clear, robust global Outreach on these important
>>> freedom of expression and privacy issues and implications?
>>> 
>>> *
>>> IV.**Finally, let’s Add Policy Staff and Freedom of Expression and
>>> Data Protection Expertise*
>>> 
>>> We ask that an ICANN Staff deeply steeped in data protection and
>>> freedom of expression laws and rights be brought on to work on the
>>> development of these address and identity issues. We understand
>>> that ICANN feels previous backgrounds of its staffers do not limit
>>> their activities, but the perception and reality of this issue
>>> would be considered much more balanced if the ICANN Staffers of
>>> the project hailed from an array of backgrounds and had
>>> represented multiple sides of this issue in their prior lives.
>>> 
>>> *
>>> V.**Conclusion*
>>> 
>>> We can’t bury wholesale physical address checking and the new
>>> concept of identity validation in the back of a Contractor Report.
>>> These are NOT policies examined or endorsed by the whole of the
>>> ICANN or even the GNSO communities, nor policies evaluated yet by
>>> the whole of the ICANN Community. The risks and benefits must be
>>> assessed before the implementation is planned.
>>> 
>>> 
>>> Signed,
>>> 
>>> 
>>> MEMBERS OF THE NONCOMMERCIALS STAKEHOLDERS GROUP
>>> [name, and/or organization, and/or country]
>>> 
>>