This is great. Thank you very much. Let's submit it, Robin On Mar 15, 2012, at 6:31 PM, Wendy Seltzer <[log in to unmask]> wrote: > Thanks very much to Maria and Joy for contributions to this, proposed > comments for the WHOIS RT. Comments are due March 18, but I'd like to > send them before leaving tomorrow, if possible. > <http://www.icann.org/en/news/announcements/announcement-05dec11-en.htm> > > We would like to commend the general readability of the report. WHOIS > has become a very complex issue, and presenting it so clearly and > accessibly facilitates participation in both this consultation process > and participation more generally. We particularly appreciate the hard > work of collecting the WHOIS policies from the various places where > they reside. > > High-level recommendations: > > The report should explicitly recommend that WHOIS policy recognize > that registrants, both individual and organizations, commercial and > non-commercial, have a legitimate interest in, *and in many jurisdictions > the legal right to, the privacy of their personal data*. > > In the normative discussion, privacy should be given equivalent emphasis > to accuracy. *It would be instructive in this regard to reference the > OECD privacy guidelines, agreed to by all OECD member countries with input > from business and civil society. Data accuracy (or 'quality') is considered > by OECD members to be of equal importance to purpose specification, use > limitation and security safeguards, none of which factors are supported by > Whois as it currently operates. (OECD Guideline reference: > http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html > ) * > > It is as important that registrants have privacy as that > their data be accurately recorded. At the moment, the report appears, > from its emphasis on access and accuracy, to discount those privacy > concerns *that are accepted by all OECD member states and participating > business and civil society actors as having equal importance.* > > > Section F. Findings > > The brief ‘tour de table’ provides useful background reading, but > *should* include > reference to the fact that ICANN’s Whois policies are > incompatible with the OECD privacy guidelines and also applicable national > laws in many countries, including > member states of the European Union.*The European Union's Article 29 > Working Party of national data protection officers provided specific input > to ICANN's 2003 Montreal meeting regarding the many ways gTLD Whois > breaches EU law. These included the lack of definition of a purpose of > Whois, lack of use limitation, misuse of Whois data by third parties and > the disproportionality of the publication of personal data. The Article 29 > Working Party concluded that "there is no legal ground justifying the > mandatory publication of personal data referring to this person. (the > registrant)". * > > *(Article 29 WP reference: Opinion 2/2003 on the application of the data > protection principles* > > *to the Whois directories * > http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf) > > *It is very concerning that the findings of the Whois Review Team do not > consider the glaring fact of the illegality of gTLD Whois requirements in > many jurisdictions, and the incompatibility of Whois as it currently stands > with the only internationally accepted guidelines on data privacy. * > > > Section G. Recommendations > > 1. Single Whois Policy - "The Board should oversee the creation of a > single Whois policy document." > > We welcome the call for a single Whois policy that sets out the > requirements, globally and facilitates registrants who wish to consult > those requirements. Whois ‘policy’ is currently inferred from registry > and registrar contracts.* A single Whois policy should be compatible with > the internationally accepted OECD privacy guidelines, in respect of a > statement of purpose for the use of data, use limitation, data accuracy and > appropriate security safeguards for personal data.* However, gTLD policy > development is the > responsibility of the GNSO, not the Board (until the final stages), > and needs to be developed through the bottom up process, with the > cooperation of the multiple stakeholders affected. > > 3 - "Make Whois a Strategic Priority" > > Change "Strategic Priority" to "Strategic Consideration." As the > review team was focused only on WHOIS, it was in no position to > analyze the tradeoffs involved in setting global priorities. Many > items on ICANN's policy agenda *may be considered* more worthy of the > community's > limited time and attention. *The appropriate process for the community to > prioritize issues such as Whois is via the Strategic Plan.* No evidence > is offered in this report to support prioritizing > WHOIS o*ver other issues of importance to the community as a whole.* > > 5 - Data Accuracy - As many law enforcement comments in the report > suggest, contactability is more important than "accuracy." Separation > of the contact details from the public display could enhance the > accuracy of the contact details available to appropriately qualified > requesters. > > 10-16. "Data Access: Privacy and Proxy Services." > > The recommendations should explicitly acknowledge the importance of > privacy and proxy services in providing options to legitimate Internet > users to preserve their privacy. National laws in the United States, > for example, recognize privacy interests not only for individuals, but > for associations. The report further documents the legitimate > interests of even commercial Internet users in private domain name > registrations. > * In relation to the references to national legislation: it is > important to note that this reference may be problematic if national > legislation violates international human rights standards, for example, > relating to freedom of expression (see the citation of this report below). > * Freedom of association: proxy registration services can support the > rights of human rights defenders to carry out lawful activity without > persecution. Threats to registrants include surveillance of registrants > through use of information which is accessed via WHOIS data - continuing to > expand the nature of information held in WHOIS will only heighten the > safety > concerns of human rights defenders. In addition, just in time attacks on > websites of civil society organisations have been used to disrupt lawful > activity and democratic participation in a number of countries: see > Deibert, > R., Palfrey, J., Rohozinski, R. & Zittrain, J. (Eds.) (2011). Access > Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. MIT > Press. > * Governments whose legislation is in violation of these rights > should > not be able to rely on such laws when requesting WHOIS data access and > proxy > information. It would be unreasonable to require Registrars to carry out an > additional analysis. Other options include: > (1) Provide that LEA WHOIS data requests may be refused where there are > reasonable grounds to believe that such requests may violate *registrants' > * > rights of freedom of expression or freedom of association > (2) Require LEA to verify that national laws comply with human rights > standards > (3) Require LEA to verify that WHOIS requests do not violate > international human rights standards > >> > 17 - Data access - "ICANN should set up a dedicated, multilingual > interface website to provide thick Whois data for" COM and NET, who > have thin whois. This is subject to existing policy and policy-making > by the GNSO. It is inappropriate for the Review Team to intervene at > this level of detail into the GNSO policy process, *and in a way that > privileges certain substantive outcomes over others.* > > > Section E. Work of this RT > > A factual point. There is only one Chatham House rule, so the statement > referring to it should use the singular. > > Freedom of Expression References: > > As noted by the UN Special Rapporteur on Freedom of Opinion and Expression > in his annual report of 2011: > > 23. The vast potential and benefits of the Internet are > rooted in its unique characteristics, such as its speed, worldwide reach > and > relative anonymity. At the same time, these distinctive features of the > Internet that enable individuals to disseminate information in "real time" > and to mobilize people has also created fear amongst Governments and the > powerful. This has led to increased restrictions on the Internet through > the > use of increasingly sophisticated technologies to block content, monitor > and > identify activists and critics, criminalization of legitimate expression, > and adoption of restrictive legislation to justify such measures. In this > regard, the Special Rapporteur also emphasizes that the existing > international human rights standards, in particular article 19, paragraph 3 > of the ICCPR, remain pertinent in determining the types of restrictions > that > are in breach of States' obligations to guarantee the right to freedom of > expression. > 24. As set out in article 19, paragraph 3 of the ICCPR, > there are certain, exceptional types of expression which may be > legitimately > restricted under international human rights law, essentially to safeguard > the rights of others. This issue has been examined in the previous annual > report of the Special Rapporteur. However, the Special Rapporteur deems it > appropriate to reiterate that any limitation to the right to freedom of > expression must pass the following three-part, cumulative test: > (1) it must be provided by law, which is clear and accessible to > everyone (principles of predictability and transparency); and > (2) it must pursue one of the purposes set out in article 19, paragraph > 3 of the ICCPR, namely (i) to protect the rights or reputations of others, > or (ii) to protect national security or of public order, or of public > health > or morals (principle of legitimacy); and > (3) it must be proven as necessary and the least restrictive means > required to achieve the purported aim (principles of necessity and > proportionality). > Moreover, any legislation restricting the right to > freedom of expression must be applied by a body which is independent of any > political, commercial, or other unwarranted influences in a manner that is > neither arbitrary nor discriminatory, and with adequate safeguards against > abuse, including the possibility of challenge and remedy against its > abusive > application. > And further: > > 26 However, in many instances, States restrict, control, manipulate and > censor content disseminated via the Internet without any legal basis, or on > the basis of broad and ambiguous laws; without justifying the purpose of > such actions; and/or in a manner that is clearly unnecessary and/or > disproportionate to achieve the intended aim, as explored in the following > sections. Such actions are clearly incompatible with States' obligations > under international human rights law, and often create a broader chilling > effect on the right to freedom of opinion and expression. > (full reference: Frank La Rue "Report of the Special Rapporteur on the > promotion and protection of the right to freedom of opinion and expression" > (26 April 2011, A/HRC/17/27) also available at: http://scr.bi/z6lZ8N ) > > > > > > -- > Wendy Seltzer -- [log in to unmask] +1 914-374-0613 > Fellow, Yale Law School Information Society Project > Fellow, Berkman Center for Internet & Society at Harvard University > http://cyber.law.harvard.edu/seltzer.html > https://www.chillingeffects.org/ > https://www.torproject.org/ > http://www.freedom-to-tinker.com/ >