Mine as well
David
At 04:14 PM 3/13/2015, Walid AL-SAQAF wrote:
>Pleased to add my name Kathy.
>
>Sincerely,
>
>Walid
>On Mar 13, 2015 7:13 PM, "Kathy Kleiman"
><<mailto:[log in to unmask]>[log in to unmask]> wrote:
>Dear All,
>Attached please find an important set of
>comments. They are to the Whois Accuracy Pilot
>Study Report by a group oof researchers at the
>University of Chicago called NORC. Buried in
>this report turns out to be a many issues
>important to us in the Whois domain name
>registration databases including the quesstion
>of postal addresses (should we be validating and
>publishing the physical addresses of political
>dissident groups, religious minorities, girls’
>schools in areas where many do not like girls
>education? Is there a danger to be evaluated
>*before* we undertake this new policy?)
>
>Identity Validation is a very open question as
>well, yet NORC seems ready to start work in this
>area. I have written a set of questions that say
>STOP and let’s consider the policy
>iimplications of these acts before we develop
>plans to put them into effect. The comments are
>below (with a full copy attached).
>
>They are due tonight! If you can sign on,
>please do. Please let me know your name and/or organization and/or country.
>
>Great tx to Stephanie Perrin for editing! Here
>are some thoughts of members on our Policy Committee:
>- Kathy’s drafted, what I
>believe to be, an excellent comment in response. Amr Elsadr
>- Great job Kathy!! I support
>this document. -- Stephanie Perrin
>- Feel free to add my name as
>endorsing the document Ed Morris
>
>Best and tx!!
>Kathy (Kleiman)
>
>WHOIS Accuracy Pilot Study Report
>Burying Extremely Divisive Policy Questions in a
>Technical Implementation Report Written by an
>ICANN Contractor is Improper and, in this Case, Dangerous
>These are comments written in response to the
>WHOIS Accuracy Pilot Study Report. Buried in
>this Report which purports to be an
>implementation report of an ICANN Contractor
>(NORC/University of Chicago) -- are some of the
>most controversial and unsettled issues in ICANN
>policy discussions and history. These issues are
>the subject of deep and bitter divides over many
>years of ICANN work, the subject of interest
>across the world, and the focus of a series of
>explosive comments in Singapore when the ICANN
>Community began to realize what was happening.
>
>It is inappropriate in the extreme, for ICANN
>policy issues to be buried in a ICANN
>Contractor’s implementation report, and even
>further, deep in its Appendix B, Next Steps for
>the Development of the WHOIS Accuracy Report
>System (ARS). This follows pages of study
>“methods and approach” language and sample
>design which are obscure even to those who
>follow Whois policy issues on a regular
>basis. We submit that after the many years of
>heated controversy over this topic, it is
>disingenuous at the very least to allow this to
>happen policy debate to continue its development in this manner.
>We are deeply concerned that ICANN Staff has not
>flagged this Report, or this Comment Proceeding,
>for what it appears to be a process to seek
>permission from the ICANN Community for the:
>
>a) wholesale checking of the physical
>addresses of online speakers across the world
>(whether using domain names for political
>speech, personal speech, or religious, ethnic or
>sexual minority expression) thus creating an
>unprecedented inextricable link between a
>speaker and her physical location, and
>
>b) the radical new concept of Identity
>Validation for each and every domain name
>Registrant to the ICANN Community, a concept
>with inconceivable implications for political,
>ethnic and religious minorities worldwide, as
>well as entrepreneurs, emerging organizations
>and those operating today without identities who seek to create them.
>
>We respectfully add the issues below to this debate.
>
>I. ICANN has never been given a
>mandate for Address Checking on a Massive Scale
>Although the Contractor’s Report seems to
>suggest that the ICANN Community has approved
>the massive checking of postal addresses in the
>existing gTLD Whois databases, that is not the case.
>
>A. The Whois Review Team Final Report
>set the standard of “contactability” --
>reaching the domain name registrant with
>questions and concerns not absolute accuracy of alll data in the whois
>The Current NORC Study (2014) and its
>accompanying ICANN Staff Summary accompanying
>this NORC’s Pilot Report misrepresent the
>WHOIS Policy Review Team Final Report and its
>Recommendations. The goal of the Whois Review
>Team was “Contactibility” and
>“Reachability” of the Registrant. To this
>end WHOIS Policy Review Team Final Report looked
>“holistically” at the Whois record and did
>not seek the accuracy of each and every element
>of a Registrant’s Whois record.
>
>Specifically, the NORC Report of 2009/2010 (an
>earlier report called the NORC Data Accuracy
>Study) created five categories for ranking the
>data quality of a Whois record: Full Failure
>(overwhelmingly inaccurate); Substantial Failure
>(most data inaccurate); Limited Failure (data to
>some degree present and considered useful);
>Minimal Failure (may benefit from additional
>information, but data provided is accurate) and
>No Failure (data complete and accurate).
>
>The Whois Review Team called for ICANN to
>significantly reduce the number of “Full
>Failure” and “Substantial Failure” Whois
>Records --- Avoidance of “No Failure” was
>not a goal at all. As shared many times in
>meetings of the Whois Review Team and members of
>the ICANN Community, including the GAC, what the
>WHOIS Review Team recommended was that Whois
>information be sufficiently available and
>accurate for the Registrant to be reached for
>legitimate technical, administrative and other
>questions: [Recommendation] “6. ICANN should
>take appropriate measures to reduce the number
>of WHOIS registrations that fall into the
>accuracy groups Substantial Failure and Full
>Failure (as defined by the NORC Data Accuracy
>Study, 2009/10) by 50% within 12 months and by
>50% again over the following 12 months.”
>
>Thus, for the Whois Review Team, “No
>Failure” (full accuracy of all fields) was not
>the goal; “contactability” and “reachability” of Registrants was.
> B. 2013 Registrar Accreditation Agreement
>
>The WHOIS Review Team Final Report noted that
>efforts were already underway to improve
>accuracy and contactibility of Registrants in
>the then-pending “direct negotiations with
>Registrars on revisions to the RAA.” These
>negotiations resulted in the 2013 RAA which
>furthered the goal of reaching Registrants
>through verified phone numbers and email addresses:
> 1.f : “Verify:
>
>
> i. the email address of the
>Registered Name Holder (and, if different, the
>Account Holder) by sending an email requiring an
>affirmative response through a tool-based
>authentication method such as providing a unique
>code that must be returned in a manner designated by the Registrar, or
>
> ii.
> the telephone number of the Registered
>Name Holder (and, if different, the Account
>Holder) by either (A) calling or sending an SMS
>to the Registered Name Holder's telephone number
>providing a unique code that must be returned in
>a manner designated by the Registrar, or (B)
>calling the Registered Name Holder's telephone
>number and requiring the Registered Name Holder
>to provide a unique code that was sent to the
>Registered Name Holder via web, email or postal mail.
>As with the Final Report of the Whois Review
>Team, the goal of the 2013 RAA was
>“contactability” and “reachability” of
>the domain name Registrant for technical or
>administrative questions by third parties.
>C. Where Did the “No Failure”
>Standard Come From for NORC the Validaation
>and Verification of Each and Every Whois Element
>Without Policy Processes or Assessments of the Risks and Harms?
>Consistent with the Whois Review Team Final
>Report and the 2013 RAA, we can understand the
>NORC methodology and approach to checking email
>addresses and telephone numbers but postal
>address validation? Where is the underlying
>GNSO Policy driving this direction to NORC from ICANN Staff?
>Where is the assessment of the risks and
>benefits of updating the physical addresses of
>hundreds of millions of political, personal,
>religious, ethnic and sexual speakers
>including dissidents, minorities and those
>discriminated against by the laws and customs of
>various regions? Where is NORC evaluating the
>wholesale and massive verification of postal
>address in the existing gTLD WHOIS databases
>without such an assessment? How did ICANN Staff come to direct it?
>
>The NORC Contractor seems to have jumped from
>the logical checking email and phone to
>checking physical addresses. But this leap
>from an open and undecided policy question to a
>mere implementation issue should be disturbing
>to everyone in the ICANN Community. What we know
>from history and the most tragic of recent
>events is that speech and physical location are a dangerous combination.
>
>When individuals armed with automatic rifles
>wish to express their disagreement with the
>legal speech of a satirical magazine, they find
>the location in Paris and kill writers,
>publishers and cartoonists. When they want to
>express contempt for those practicing another
>religion, they bring their guns to kosher
>grocery stores in Paris and synagogues in
>Copenhagen. Tracking down and beheading
>Christian minorities is a horror of daily life in some parts of the world.
>
>The UN Declaration of Human Rights, adopted in 1948, states:
>Everyone has the right to freedom of opinion and
>expression; this right includes freedom to hold
>opinions without interference and to seek,
>receive and impart information and ideas through
>any media and regardless of frontiers.
>It does not say that everyone must put their
>address on that speech. Where, as here, the
>Internet has become the major path of
>communication for that speech, the requirement
>of a physical address for every speaker may well
>violate the requirement of the right to speak
>and the protection for that expression.
>
>Further, the validation of postal addresses
>represents a major change of policy one not
>mandated or requested byy the Whois Review Team,
>the 2013 RAA or by any Policy-Development Team we know of.
>Who has evaluated the impact and dangers of
>wholesale adoption of postal address validation
>of the long-existing gTLD Whois databases
>especially in a world that has changed
>dramatically in the last few years where
>entire governments have risen and fallen, where
>formerly free countries and regions are enslaved
>by terrorist organizations and a new set of
>dictators? While proxy/privacy registrations are
>available, they are a costly luxury for many and completely unknown to others.
>
>The mandatory validation of the massive number
>of postal addresses in the gTLD Whois database
>as appears to be tthe policy proposal buried
>between methodology and sample sizes in the
>Contractor’s report -- will result in the
>dangerous, harmful, even life-threatening
>exposure of those using their domain names for
>nothing more than communicating their ideas,
>concerns, political hopes, and religious
>meetings via private streams of domain name
>communications, such as on listservs and email
>addresses, and more public resources including websites and blogs.
>
>No policy we know has ever directed ICANN Staff
>to instruct a Contractor to engage in massive
>Postal Address Validation – and no policy
>development process we know has studied,
>weighed, debated or valued the enormous impact
>to speech and expression of going back over 25+
>years of domain names registrations to suddenly
>“correct” the postal address and thereby
>expose battered women’s shelters, women’s
>schools in Pakistan, pro-democracy groups,
>family planning groups and LBGQT locations worldwide.
>
>If this is the policy we in ICANN choose to
>adopt in the future (as we certainly have NOT
>adopted it already), then it will require
>enormous amounts of preparation, notice and warning to gTLD domain name
>registrants on a global scale. Absent that, we
>know (without doubt or hyperbole) that ICANN will have blood on its hands.
>Overall, ICANN’s Contractor NORC seems to have
>jumped into policy-making, not mere implementation.
>
>II. Identity Validation Really?
>
>Buried deep in Appendix B, of the Contractor’s
>Report, behind “syntactic accuracy” and
>“operational accuracy” is the explosive
>issue of “exploring accuracy from an identity perspective” (page 45).
>At no time has ICANN ever held a Policy
>Development Processes on Identity Validation.
>Accordingly, where does this guidance from ICANN
>to its Contractor to explore identity validation
>implementation come from? For those who
>attended the public Whois meeting in LA, this
>issue certainly was not flagged in the
>discussion; for those who attended the public
>meeting in Singapore, this issue was introduced
>and IMMEDIATELY FLAGGED as intensely controversial and divisive.
>
>Identity validation of those engaged in freedom
>of expression, publishing and political
>discussion is a deeply controversial prospect
>and one wwith heartfelt objection and opposition
>grounded in history and law. The United
>States, for example, sought to be free of
>England in part because of the mandatory
>licensing of its printing presses and the
>arrest of alll who published objections to
>actions of the English crown. Pamphlets issued
>without names and addresses are not just a
>cultural right in the US, but a constitutional
>one. McIntyre vs. Ohio Elections Commission,
>514 U.S. 334 (US Supreme Court, 1995).
>
>A. The GAC asked for a weighing of the risks and benefits
>We note that the GAC has not issued policy in
>this area. According to the “Brief
>Overview” provided by ICANN as introduction to
>this Contractor Report and this public comment
>period, the GAC “asked for an assessment of
>the feasibility, costs and benefits of
>conducting identity validation as part of the development of the ARS.”
>
>Nowhere in this report do we see any assessment
>of the costs, delays, risks and harms that might
>be incurred by gTLD Registrants, Registrars and
>Registries worldwide if identity validation were
>adopted. Nowhere do we even see an analysis of
>how identity validation takes places, what
>happens when a minority seeks to register, or
>when a speaker must disclose and show her
>identification as the cost of signing up for a
>domain name highlighting family planning, women
>rights, or women’s education in parts of the
>world not as conducive to these fundamental
>rights and basic principles. Must she go through her father for this too?
>
>B. ICANN has promised a policy making process.
>In his response to the GAC on this issue, Dr. Crocker noted concerns:
>The costs of operating the Accuracy Reporting System are largely dependent
>upon the number of WHOIS records to be examined, as well as the level of
>validation (syntactic, operational, or identity). For example, the initial
>responses to the ICANN RFP reveal that identity validation services are both
>costly and difficult to administer on a global basis. There may also be data
>protection and privacy issues of concern to the community when conducting
>extensive identity validation on WHOIS records. Hence, the costs of
>completing the development of Phase 3 will be determined based on
>engagement with the community to identify the appropriate level of identity
>validation for ICANN to conduct, as well as the costs associated with
>performing identity validation on a global
>scale.
>(<https://www.icann.org/en/system/files/correspondence/crocker-to-dryden-02sep14-en.pdf>https://www.icann.org/en/system/files/correspondence/crocker-to-dryden-02sep14-en.pdf,
>emphasis added.)
>
>As always, policy development must proceed
>implementation. We call on ICANN to take this
>discussion out of the recesses of a Contractor
>report, and into the light of the policy development process.
>
> III. Wide Outreach Needed
>One thing the Whois Review Team did note in its
>Final Review is the need for clear and concerted
>outreach on issues that impact the Whois: “We
>found great interest in the WHOIS policy among a
>number of groups that do not traditionally
>participate in ICANN’s more technical
>proceedings. They include the law enforcement
>community, Data Protection Commissioners, and
>the privacy community more generally.” The
>Whois Review Team’s recommendation
>specifically call for active and concerted
>outreach to these communities of its issue:
>Recommendation 3 - Outreach
>ICANN should ensure that WHOIS policy issues are
>accompanied by cross-community outreach,
>including outreach to the communities outside of
>ICANN with a specific interest in the issues,
>and an ongoing program for consumer awareness.
>
>That has clearly not happened here when so
>much of substancee is buried so deeply in the
>back of a report. When will ICANN be undertaking
>clear, robust global Outreach on these important
>freedom of expression and privacy issues and implications?
>
>IV. Finally, let’s
>Add Policy Staff and Freedom of Expression and Data Protection Expertise
>We ask that an ICANN Staff deeply steeped in
>data protection and freedom of expression laws
>and rights be brought on to work on the
>development of these address and identity
>issues. We understand that ICANN feels previous
>backgrounds of its staffers do not limit their
>activities, but the perception and reality of
>this issue would be considered much more
>balanced if the ICANN Staffers of the project
>hailed from an array of backgrounds and had
>represented multiple sides of this issue in their prior lives.
>
>V. Conclusion
>We can’t bury wholesale physical address
>checking and the new concept of identity
>validation in the back of a Contractor Report.
>These are NOT policies examined or endorsed by
>the whole of the ICANN or even the GNSO
>communities, nor policies evaluated yet by the
>whole of the ICANN Community. The risks and
>benefits must be assessed before the implementation is planned.
>
>Signed,
>
>MEMBERS OF THE NONCOMMERCIALS STAKEHOLDERS GROUP
>[name, and/or organization, and/or country]
*******************************
David G Post - Senior Fellow, Open Technology Institute/New America Foundation
blog (Volokh Conspiracy) http://www.washingtonpost.com/people/david-post
book (Jefferson's Moose) http://tinyurl.com/c327w2n
music http://tinyurl.com/davidpostmusic
publications etc. http://www.davidpost.com
*******************************
|