Wonderful! Thank you very much, Wendy, for taking the lead on this comment. All best, Robin On Jul 20, 2011, at 11:44 AM, Wendy Seltzer wrote: > I propose these as NCUC comments to the WHOIS Review Team > <http://www.icann.org/en/public-comment/whoisrt-discussion-paper-09jun11-en.htm> > The comment deadline is July 23 -- Saturday. Thanks to Milton, Avri, > Brenden, and Konstantinos for input. > > If there is interest in sending these as NCSG, I would be happy to > update the references. I'll submit Friday. > > --Wendy > > NCUC is pleased to share these comments on the WHOIS Review Team's > discussion paper. The NCUC includes among its constituents many > individual and non-profit domain name registrants and Internet users, > academic researchers, and privacy and consumer advocates who share > concerns about the lack of adequate privacy protections in WHOIS. We > believe ICANN can offer better options for registrants and the > Internet-using public, consistent with its commitments. > >> 4. How can ICANN balance the privacy concerns of some registrants >> with its commitment to having accurate and complete WHOIS data >> publicly accessible without restriction? > and >> 10. How can ICANN improve the accuracy of WHOIS data? > > Privacy and accuracy go hand-in-hand. Rather than putting sensitive > information into public records, some registrants use "inaccurate" data > as a means of protecting their privacy. If registrants have other > channels to keep this information private, they may be more willing to > share accurate data with their registrar. > > The problem for many registrants is indiscriminate public access to the > data. The lack of any restriction means that there is an unlimited > potential for bad actors to access and use the data, as well as > legitimate users and uses of these data. > > At the very least, WHOIS access must give natural persons greater > latitude to withhold or restrict access to their data. That position, > which is consistent with European data protection law, has even been > advanced by the U.S. Federal Trade Commission and F.B.I. > > > ICANN stakeholders devoted a great deal of time and energy to this > question in GNSO Council-chartered WHOIS Task Forces. At the end of the > Task Force discussion in 2006, the group proposed that WHOIS be modified > to include an Operational Point of Contact (OPOC): > <http://gnso.icann.org/issues/whois-privacy/prelim-tf-rpt-22nov06.htm> > > Under the OPOC proposal, "accredited registrars [would] publish three > types of data: > 1) Registered Name Holder > 2) Country and state/province of the registered nameholder > 3) Contact information of the OPoC, including name, address, telephone > number, email." > > Registrants with privacy concerns could name agents to serve as > OPoC,thereby keeping their personal address information out of the > public records. > > NCUC recommends reviewing the documents the WHOIS Task Force produced > relating to the OPOC proposal, including the final task-force report on > the purpose of WHOIS: > <http://gnso.icann.org/issues/whois-privacy/tf-report-15mar06.htm>, Ross > Rader's slides from a presentation on the subject, > <http://gnso.icann.org/correspondence/rader-gnso-sp-04dec06.pdf> and the > report on OPoC > <http://gnso.icann.org/issues/whois-privacy/prelim-tf-rpt-22nov06.htm> > The GNSO in October 2007 accepted the WHOIS task-force report and > concluded the PDP. > <http://gnso.icann.org/meetings/minutes-gnso-31oct07.html> > >> 5. How should ICANN address concerns about the use of privacy/proxy > services and their impact on the accuracy and availability of the WHOIS > data? > > ICANN should recognize that privacy and proxy services fill a market > need; the use of these services indicates that privacy is a real > interest of many domain registrants. Concerns about the use of these > services is unwarranted. > > >> 12. Are there barriers, cost or otherwise, to compliance with WHOIS policy? > > Even with the provisions for resolving conflicts with national law, > WHOIS poses problems for registrars in countries with differing data > protection regimes. Registrars do not want to wait for an enforcement > action before resolving conflicts, and many data protection authorities > and courts will not give rulings or opinions without a live case or > controversy. ICANN's response, that there's no problem, does not suit a > multi-jurisdictional Internet. > >> 14. Are there any other relevant issues that the review team should >> be aware of? Please provide details. > > Consider allowing registrants greater choice: a registrant can get a > domain with no WHOIS information at all, at the registrant's peril if > the domain is challenged and he/she is unable to respond. This is > already the de facto circumstance for domains registered with false > information, so why not make it an official option? > > Proposals for verification (pre- or post-registration) of name and > address information are completely unworkable for standard gTLDs, > although they might be proposed by registries looking to differentiate. > There is no standard address format, or even any standard of physical > addressing that holds across the wide range of geographies and cultures > ICANN and registrars serve. > > Inaccurate WHOIS data should not be used as conclusive evidence of bad > faith, especially in the context of ICANN's policies such as the UDRP. > Although within the UDRP, the need to identify a registrant is vital, > WHOIS details should not be used to make outright determinations > concerning abusive registrations of domain names. > > > > -- > Wendy Seltzer -- [log in to unmask] +1 914-374-0613 > Fellow, Princeton Center for Information Technology Policy > Fellow, Berkman Center for Internet & Society at Harvard University > http://cyber.law.harvard.edu/seltzer.html > https://www.chillingeffects.org/ > https://www.torproject.org/ > http://www.freedom-to-tinker.com/ > IP JUSTICE Robin Gross, Executive Director 1192 Haight Street, San Francisco, CA 94117 USA p: +1-415-553-6261 f: +1-415-462-6451 w: http://www.ipjustice.org e: [log in to unmask]