Hi Mikhail,
I forward your support to Kathy.
Thx!
Nicolas
-------- Forwarded Message --------
Subject: Re: Signatures sought: Timely Comments on Whois Accuracy Pilot
Study Report
Date: Fri, 13 Mar 2015 19:47:55 +0000
From: Mikhail M. Komarov <[log in to unmask]>
To: Nicolas Adam <[log in to unmask]>
Please count on me
With best wishes,
Mikhail Komarov
National Research University Higher School of Econimics
Moscow,Russia
Sent from iPhone
13 ìàðòà 2015 ã., â 21:50, Nicolas Adam <[log in to unmask]
<mailto:[log in to unmask]>> íàïèñàë(à):
> Please add my name also. Good work.
>
> Nicolas Adam
>
> On 13/03/2015 2:11 PM, Kathy Kleiman wrote:
>>
>>
>> Dear All,
>>
>> Attached please find an important set of comments. They are to the
>> Whois Accuracy Pilot Study Report – by a group of researchers at the
>> University of Chicago called NORC. Buried in this report turns out to
>> be a many issues important to us in the Whois domain name
>> registration databases – including the question of postal addresses
>> (should we be validating and publishing the physical addresses of
>> political dissident groups, religious minorities, girls’ schools in
>> areas where many do not like girls education?Is there a danger to be
>> evaluated *before* we undertake this new policy?)
>>
>> Identity Validation is a very open question as well, yet NORC seems
>> ready to start work in this area. I have written a set of questions
>> that say STOP – and let’s consider the policy implications of these
>> acts before we develop plans to put them into effect. The comments
>> are below (with a full copy attached).
>>
>> *They are due tonight!If you can sign on, please do. Please let me
>> know your name and/or organization and/or country.*
>>
>> **
>>
>> Great tx to Stephanie Perrin for editing! Here are some thoughts of
>> members on our Policy Committee:
>>
>> -Kathy’s drafted, what I believe to be, an excellent comment in
>> response. – Amr Elsadr
>>
>> -Great job Kathy!! I support this document. -- Stephanie Perrin
>>
>> -Feel free to add my name as endorsing the document – Ed Morris
>>
>> Best and tx!!
>> Kathy (Kleiman)
>>
>> *
>> WHOIS Accuracy Pilot Study Report*
>>
>> Burying Extremely Divisive Policy Questions in a Technical
>> Implementation Report Written by an ICANN Contractor is Improper and,
>> in this Case, Dangerous
>>
>>
>> These are comments written in response to the WHOIS Accuracy Pilot
>> Study Report. Buried in this Report – which purports to be an
>> implementation report of an ICANN Contractor (NORC/University of
>> Chicago) -- are some of the most controversial and unsettled issues
>> in ICANN policy discussions and history. These issues are the subject
>> of deep and bitter divides over many years of ICANN work, the subject
>> of interest across the world, and the focus of a series of explosive
>> comments in Singaporewhen the ICANN Community began to realize what
>> was happening.
>>
>>
>> It is inappropriate in the extreme, for ICANN policy issues to be
>> buried in a ICANN Contractor’s implementation report, and even
>> further, deep in its Appendix B,/Next Steps for the Development of
>> the WHOIS Accuracy Report System (ARS). /This follows pages of study
>> “methods and approach” language and sample design which are obscure
>> even to those who follow Whois policy issues on a regular basis.We
>> submit that after the many years of heated controversy over this
>> topic, it is disingenuous at the very least to allow this to happen
>> policy debate to continue its development in this manner.
>>
>> We are deeply concerned that ICANN Staff has not flagged this Report,
>> or this Comment Proceeding, for what it appears to be – a process to
>> seek permission from the ICANN Community for the:
>>
>> a)*wholesale checking of the physical addresses of online speakers
>> across the world (whether using domain names for political speech,
>> personal speech, or religious, ethnic or sexual minority
>> expression)*thus creating an unprecedented inextricable link between
>> a speaker and her physical location, and
>>
>> b)*the**radical new concept of Identity Validation for each and every
>> domain name Registrant to the ICANN Community, *a concept with
>> inconceivable implications for political, ethnic and religious
>> minorities worldwide, as well as entrepreneurs, emerging
>> organizations and those operating today without identities who seek
>> to create them.
>>
>> We respectfully add the issues below to this debate.
>>
>> *I.**ICANN has never been given a mandate for Address Checking on a
>> Massive Scale*
>>
>> Although the Contractor’s Report seems to suggest that the ICANN
>> Community has approved the massive checking of postal addresses in
>> the existing gTLD Whois databases, that is not the case.
>>
>>
>> A.The Whois Review Team Final Report set the standard of
>> “contactability” -- reaching the domain name registrant with
>> questions and concerns – not absolute accuracy of all data in the whois
>>
>> The Current NORC Study (2014) and its accompanying ICANN Staff
>> Summary accompanying this NORC’s Pilot Report misrepresent the WHOIS
>> Policy Review Team Final Report and its Recommendations. The goal of
>> the Whois Review Team was “Contactibility” and “Reachability” of the
>> Registrant. To this end WHOIS Policy Review Team Final Report looked
>> “holistically” at the Whois record and did not seek the accuracy of
>> each and every element of a Registrant’s Whois record.
>>
>>
>> Specifically, the NORC Report of 2009/2010 (an earlier report called
>> the NORC Data Accuracy Study) created five categories for ranking the
>> data quality of a Whois record: *Full Failure* (overwhelmingly
>> inaccurate); *Substantial Failure* (most data inaccurate); *Limited
>> Failure* (data to some degree present and considered useful);
>> *Minimal Failure* (may benefit from additional information, but data
>> provided is accurate) and *No Failure *(data complete and accurate).
>>
>> */
>> The Whois Review Team called for ICANN to significantly reduce the
>> number of “Full Failure” and “Substantial Failure” Whois Records ---
>> Avoidance of “No Failure” was not a goal at all./*As shared many
>> times in meetings of the Whois Review Team and members of the ICANN
>> Community, including the GAC, what the WHOIS Review Team recommended
>> was that Whois information be sufficiently available and accurate for
>> the Registrant to be reached –for legitimate technical,
>> administrative and other questions: [Recommendation] “*6. ICANN
>> shouldtakeappropriatemeasurestoreduce thenumberofWHOIS
>> registrationsthatfallintotheaccuracygroupsSubstantial Failureand Full
>> Failure(asdefinedbytheNORCDataAccuracyStudy,2009/10)by50%within12months
>> andby50%againoverthefollowing12months.*”
>>
>>
>> Thus, for the Whois Review Team, “No Failure” (full accuracy of all
>> fields) was */not the goal/*;“contactability” and “reachability” of
>> Registrants was.
>>
>>
>> B. 2013 Registrar Accreditation Agreement
>>
>>
>> The WHOIS Review Team Final Report noted that efforts were already
>> underway to improve accuracy and contactibility of Registrants in the
>> then-pending “direct negotiations with Registrars on revisions to the
>> RAA.” These negotiations resulted in the 2013 RAA which furthered the
>> goal of reaching Registrants through verified phone numbers and email
>> addresses:
>>
>> 1.f : “Verify:
>>
>> i.the email address of the Registered Name Holder (and, if different,
>> the Account Holder) by sending an email requiring an affirmative
>> response through a tool-based authentication method such as providing
>> a unique code that must be returned in a manner designated by the
>> Registrar, or
>>
>> ii.the telephone number of the Registered Name Holder (and, if
>> different, the Account Holder) by either (A) calling or sending an
>> SMS to the Registered Name Holder's telephone number providing a
>> unique code that must be returned in a manner designated by the
>> Registrar, or (B) calling the Registered Name Holder's telephone
>> number and requiring the Registered Name Holder to provide a unique
>> code that was sent to the Registered Name Holder via web, email or
>> postal mail.
>>
>> As with the Final Report of the Whois Review Team, the goal of the
>> 2013 RAA was “contactability” and “reachability” of the domain name
>> Registrant for technical or administrative questions by third parties.
>>
>> C.Where Did the “No Failure” Standard Come From for NORC – the
>> Validation and Verification of Each and Every Whois Element Without
>> Policy Processes or Assessments of the Risks and Harms?
>>
>> Consistent with the Whois Review Team Final Report and the 2013 RAA,
>> we can understand the NORC methodology and approach to checking email
>> addresses and telephone numbers – but postal address validation?Where
>> is the underlying GNSO Policy driving this direction to NORC from
>> ICANN Staff?
>>
>> */Where is the assessment of the risks and benefits of updating the
>> physical addresses of hundreds of millions of political, personal,
>> religious, ethnic and sexual speakers – including dissidents,
>> minorities and those discriminated against by the laws and customs of
>> various regions?/*Where is NORC evaluating the wholesale and massive
>> verification of postal address in the existing gTLD WHOIS databases
>> without such an assessment?How did ICANN Staff come to direct it?
>>
>>
>> The NORC Contractor seems to have jumped from the logical – checking
>> email and phone – to checking physical addresses. But this leap from
>> an open and undecided policy question to a mere implementation issue
>> should be disturbing to everyone in the ICANN Community. What we know
>> from history and the most tragic of recent events is that speech and
>> physical location are a dangerous combination.
>>
>>
>> When individuals armed with automatic rifles wish to express their
>> disagreement with the legal speech of a satirical magazine, they find
>> the location in Parisand kill writers, publishers and cartoonists.
>> When they want to express contempt for those practicing another
>> religion, they bring their guns to kosher grocery stores in Parisand
>> synagogues in Copenhagen. Tracking down and beheading Christian
>> minorities is a horror of daily life in some parts of the world.
>>
>>
>> The UN Declaration of Human Rights, adopted in 1948, states:
>>
>> * Everyone has the right to freedom of opinion and expression; this
>> right includes freedom to hold opinions without interference and
>> to seek, receive and impart information and ideas through any
>> media and regardless of frontiers.
>>
>>
>> It does not say that everyone must put their address on that speech.
>> Where, as here, the Internet has become the major path of
>> communication for that speech, the requirement of a physical address
>> for every speaker may well violate the requirement of the right to
>> speak and the protection for that expression.
>>
>>
>> Further, the validation of postal addresses represents a major change
>> of policy – one not mandated or requested by the Whois Review Team,
>> the 2013 RAA or by any Policy-Development Team we know of.
>>
>> Who has evaluated the impact and dangers of wholesale adoption of
>> postal address validation of the long-existing gTLD Whois databases–
>> especially in a world that has changed dramatically in the last few
>> years – where entire governments have risen and fallen, where
>> formerly free countries and regions are enslaved by terrorist
>> organizations and a new set of dictators? While proxy/privacy
>> registrations are available, */they are a costly luxury for many and
>> completely unknown to others/*.
>>
>>
>> The mandatory validation of the massive number of postal addresses in
>> the gTLD Whois database – as appears to be the policy proposal buried
>> between methodology and sample sizes in the Contractor’s report --
>> will result in the dangerous, harmful, even life-threatening exposure
>> of those using their domain names for nothing more than communicating
>> their ideas, concerns, political hopes, and religious meetings via
>> private streams of domain name communications, such as on listservs
>> and email addresses, and more public resources including websites and
>> blogs.
>>
>>
>> No policy we know has ever directed ICANN Staff to instruct a
>> Contractor to engage in massive Postal Address Validation – and no
>> policy development process we know has studied, weighed, debated or
>> valued the enormous impact to speech and expression of going back
>> over 25+ years of domain names registrations to suddenly “correct”
>> the postal address and thereby expose battered women’s shelters,
>> women’s schools in Pakistan, pro-democracy groups, family planning
>> groups and LBGQT locations worldwide.
>>
>>
>> If this is the policy we in ICANN choose to adopt in the future (as
>> we certainly have NOT adopted it already), then it will require
>> enormous amounts of preparation, notice and warning to gTLD domain name
>> registrants on a global scale. Absent that, we know (without doubt or
>> hyperbole) that ICANN will have blood on its hands.
>>
>> Overall, ICANN’s Contractor NORC seems to have jumped into
>> policy-making, not mere implementation.
>>
>> *
>> II. ****Identity Validation – Really? *
>>
>>
>> Buried deep in Appendix B, of the Contractor’s Report, behind
>> “syntactic accuracy” and “operational accuracy” is the explosive
>> issue of “exploring accuracy from an identity perspective” (page 45).
>>
>> At no time has ICANN ever held a Policy Development Processes on
>> Identity Validation. Accordingly, where does this guidance from ICANN
>> to its Contractor to explore identity validation implementation come
>> from?For those who attended the public Whois meeting in LA, this
>> issue certainly was not flagged in the discussion; for those who
>> attended the public meeting in Singapore, this issue was introduced
>> and IMMEDIATELY FLAGGED as intensely controversial and divisive.
>>
>>
>> Identity validation of those engaged in freedom of expression,
>> publishing and political discussion is a deeply controversial
>> prospect – and one with heartfelt objection and opposition grounded
>> in history and law. The United States, for example, sought to be free
>> of Englandin part because of the mandatory licensing of its printing
>> presses – and the arrest of all who published objections to actions
>> of the English crown. Pamphlets issued without names and addresses
>> are not just a cultural right in the US, but a constitutional
>> one./McIntyre vs. //Ohio//Elections Commission, 514 //U.S.//334 (US
>> Supreme Court, 1995). /
>>
>>
>> A.The GAC asked for a weighing of the risks and benefits
>>
>> We note that the GAC has not issued policy in this area. According to
>> the “Brief Overview” provided by ICANN as introduction to this
>> Contractor Report and this public comment period, the GAC “asked for
>> an assessment of the feasibility, costs and benefits of conducting
>> identity validation as part of the development of the ARS.”
>>
>>
>> Nowhere in this report do we see any assessment of the costs, delays,
>> risks and harms that might be incurred by gTLD Registrants,
>> Registrars and Registries worldwide if identity validation were
>> adopted. Nowhere do we even see an analysis of how identity
>> validation takes places, what happens when a minority seeks to
>> register, or when a speaker must disclose and show her identification
>> as the cost of signing up for a domain name highlighting family
>> planning, women rights, or women’s education in parts of the world
>> not as conducive to these fundamental rights and basic principles.
>> Must she go through her father for this too?
>>
>>
>> B.ICANN has promised a policy making process.
>>
>> In his response to the GAC on this issue, Dr. Crocker noted concerns:
>>
>> The costs of operating the Accuracy Reporting System are largely
>> dependent
>>
>> upon the number of WHOIS records to be examined, as well as the level of
>>
>> validation (syntactic, operational, or identity). For example, the
>> initial
>>
>> responses to the ICANN RFP reveal that identity validation services
>> are both
>>
>> costly and difficult to administer on a global basis. */There may
>> also be data/*
>>
>> */protection and privacy issues of concern to the community when
>> conducting/*
>>
>> */extensive identity validation on WHOIS records./*Hence, the costs of
>>
>> completing the development of Phase 3 will be determined based on
>>
>> engagement with the community to identify the appropriate level of
>> identity
>>
>> validation for ICANN to conduct, as well as the costs associated with
>>
>> performing identity validation on a global scale.
>> (https://www.icann.org/en/system/files/correspondence/crocker-to-dryden-02sep14-en.pdf,
>> emphasis added.)
>>
>>
>> As always, policy development must proceed implementation. We call on
>> ICANN to take this discussion out of the recesses of a Contractor
>> report, and into the light of the policy development process.
>>
>> *
>> III**. Wide Outreach Needed*
>>
>> One thing the Whois Review Team did note in its Final Review is the
>> need for clear and concerted outreach on issues that impact the
>> Whois: “We found great interest in the WHOIS policy among a number of
>> groups that do not traditionally participate in ICANN’s more
>> technical proceedings. They include the law enforcement community,
>> Data Protection Commissioners, and the privacy community more
>> generally.”The Whois Review Team’s recommendation specifically call
>> for active and concerted outreach to these communities of its issue:
>>
>> */Recommendation 3 - Outreach /*
>>
>> ICANN should ensure that WHOIS policy issues are accompanied by
>> cross-community outreach, including outreach to the communities
>> outside of ICANN with a specific interest in the issues, and an
>> ongoing program for consumer awareness.
>>
>>
>> That has clearly not happened here – when so much of substance is
>> buried so deeply in the back of a report. When will ICANN be
>> undertaking clear, robust global Outreach on these important freedom
>> of expression and privacy issues and implications?
>>
>> *
>> IV.**Finally, let’s Add Policy Staff and Freedom of Expression and
>> Data Protection Expertise*
>>
>> We ask that an ICANN Staff deeply steeped in data protection and
>> freedom of expression laws and rights be brought on to work on the
>> development of these address and identity issues. We understand that
>> ICANN feels previous backgrounds of its staffers do not limit their
>> activities, but the perception and reality of this issue would be
>> considered much more balanced if the ICANN Staffers of the project
>> hailed from an array of backgrounds and had represented multiple
>> sides of this issue in their prior lives.
>>
>> *
>> V.**Conclusion*
>>
>> We can’t bury wholesale physical address checking and the new concept
>> of identity validation in the back of a Contractor Report. These are
>> NOT policies examined or endorsed by the whole of the ICANN or even
>> the GNSO communities, nor policies evaluated yet by the whole of the
>> ICANN Community. The risks and benefits must be assessed before the
>> implementation is planned.
>>
>>
>> Signed,
>>
>>
>> MEMBERS OF THE NONCOMMERCIALS STAKEHOLDERS GROUP
>> [name, and/or organization, and/or country]
>>
>
|