> Thanks very much to Maria and Joy for
contributions to this, proposed
> comments for the WHOIS RT. Comments are due March
18, but I'd like to
> send them before leaving tomorrow, if possible.
> <
http://www.icann.org/en/news/announcements/announcement-05dec11-en.htm>
>
> We would like to commend the general readability of
the report. WHOIS
> has become a very complex issue, and presenting it
so clearly and
> accessibly facilitates participation in both this
consultation process
> and participation more generally. We particularly
appreciate the hard
> work of collecting the WHOIS policies from the
various places where
> they reside.
>
> High-level recommendations:
>
> The report should explicitly recommend that WHOIS
policy recognize
> that registrants, both individual and
organizations, commercial and
> non-commercial, have a legitimate interest in, *and
in many jurisdictions
> the legal right to, the privacy of their personal
data*.
>
> In the normative discussion, privacy should be
given equivalent emphasis
> to accuracy. *It would be instructive in this
regard to reference the
> OECD privacy guidelines, agreed to by all OECD
member countries with input
> from business and civil society. Data accuracy (or
'quality') is considered
> by OECD members to be of equal importance to
purpose specification, use
> limitation and security safeguards, none of which
factors are supported by
> Whois as it currently operates. (OECD Guideline
reference:
>
http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
> ) *
>
> It is as important that registrants have privacy as
that
> their data be accurately recorded. At the moment,
the report appears,
> from its emphasis on access and accuracy, to
discount those privacy
> concerns *that are accepted by all OECD member
states and participating
> business and civil society actors as having equal
importance.*
>
>
> Section F. Findings
>
> The brief ‘tour de table’ provides useful
background reading, but
> *should* include
> reference to the fact that ICANN’s Whois policies
are
> incompatible with the OECD privacy guidelines and
also applicable national
> laws in many countries, including
> member states of the European Union.*The European
Union's Article 29
> Working Party of national data protection officers
provided specific input
> to ICANN's 2003 Montreal meeting regarding the many
ways gTLD Whois
> breaches EU law. These included the lack of
definition of a purpose of
> Whois, lack of use limitation, misuse of Whois data
by third parties and
> the disproportionality of the publication of
personal data. The Article 29
> Working Party concluded that "there is no legal
ground justifying the
> mandatory publication of personal data referring to
this person. (the
> registrant)". *
>
> *(Article 29 WP reference: Opinion 2/2003 on the
application of the data
> protection principles*
>
> *to the Whois directories *
>
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf)
>
> *It is very concerning that the findings of the
Whois Review Team do not
> consider the glaring fact of the illegality of gTLD
Whois requirements in
> many jurisdictions, and the incompatibility of
Whois as it currently stands
> with the only internationally accepted guidelines
on data privacy. *
>
>
> Section G. Recommendations
>
> 1. Single Whois Policy - "The Board should oversee
the creation of a
> single Whois policy document."
>
> We welcome the call for a single Whois policy that
sets out the
> requirements, globally and facilitates registrants
who wish to consult
> those requirements. Whois ‘policy’ is currently
inferred from registry
> and registrar contracts.* A single Whois policy
should be compatible with
> the internationally accepted OECD privacy
guidelines, in respect of a
> statement of purpose for the use of data, use
limitation, data accuracy and
> appropriate security safeguards for personal data.*
However, gTLD policy
> development is the
> responsibility of the GNSO, not the Board (until
the final stages),
> and needs to be developed through the bottom up
process, with the
> cooperation of the multiple stakeholders affected.
>
> 3 - "Make Whois a Strategic Priority"
>
> Change "Strategic Priority" to "Strategic
Consideration." As the
> review team was focused only on WHOIS, it was in no
position to
> analyze the tradeoffs involved in setting global
priorities. Many
> items on ICANN's policy agenda *may be considered*
more worthy of the
> community's
> limited time and attention. *The appropriate
process for the community to
> prioritize issues such as Whois is via the
Strategic Plan.* No evidence
> is offered in this report to support prioritizing
> WHOIS o*ver other issues of importance to the
community as a whole.*
>
> 5 - Data Accuracy - As many law enforcement
comments in the report
> suggest, contactability is more important than
"accuracy." Separation
> of the contact details from the public display
could enhance the
> accuracy of the contact details available to
appropriately qualified
> requesters.
>
> 10-16. "Data Access: Privacy and Proxy Services."
>
> The recommendations should explicitly acknowledge
the importance of
> privacy and proxy services in providing options to
legitimate Internet
> users to preserve their privacy. National laws in
the United States,
> for example, recognize privacy interests not only
for individuals, but
> for associations. The report further documents the
legitimate
> interests of even commercial Internet users in
private domain name
> registrations.
> * In relation to the references to national
legislation: it is
> important to note that this reference may be
problematic if national
> legislation violates international human rights
standards, for example,
> relating to freedom of expression (see the citation
of this report below).
> * Freedom of association: proxy registration
services can support the
> rights of human rights defenders to carry out
lawful activity without
> persecution. Threats to registrants include
surveillance of registrants
> through use of information which is accessed via
WHOIS data - continuing to
> expand the nature of information held in WHOIS will
only heighten the
> safety
> concerns of human rights defenders. In addition,
just in time attacks on
> websites of civil society organisations have been
used to disrupt lawful
> activity and democratic participation in a number
of countries: see
> Deibert,
> R., Palfrey, J., Rohozinski, R. & Zittrain, J.
(Eds.) (2011). Access
> Controlled: The Shaping of Power, Rights, and Rule
in Cyberspace. MIT
> Press.
> * Governments whose legislation is in
violation of these rights
> should
> not be able to rely on such laws when requesting
WHOIS data access and
> proxy
> information. It would be unreasonable to require
Registrars to carry out an
> additional analysis. Other options include:
> (1) Provide that LEA WHOIS data requests may be
refused where there are
> reasonable grounds to believe that such requests
may violate *registrants'
> *
> rights of freedom of expression or freedom of
association
> (2) Require LEA to verify that national laws
comply with human rights
> standards
> (3) Require LEA to verify that WHOIS requests
do not violate
> international human rights standards
>
>>
> 17 - Data access - "ICANN should set up a
dedicated, multilingual
> interface website to provide thick Whois data for"
COM and NET, who
> have thin whois. This is subject to existing
policy and policy-making
> by the GNSO. It is inappropriate for the Review
Team to intervene at
> this level of detail into the GNSO policy process,
*and in a way that
> privileges certain substantive outcomes over
others.*
>
>
> Section E. Work of this RT
>
> A factual point. There is only one Chatham House
rule, so the statement
> referring to it should use the singular.
>
> Freedom of Expression References:
>
> As noted by the UN Special Rapporteur on Freedom of
Opinion and Expression
> in his annual report of 2011:
>
> 23. The vast potential and
benefits of the Internet are
> rooted in its unique characteristics, such as its
speed, worldwide reach
> and
> relative anonymity. At the same time, these
distinctive features of the
> Internet that enable individuals to disseminate
information in "real time"
> and to mobilize people has also created fear
amongst Governments and the
> powerful. This has led to increased restrictions on
the Internet through
> the
> use of increasingly sophisticated technologies to
block content, monitor
> and
> identify activists and critics, criminalization of
legitimate expression,
> and adoption of restrictive legislation to justify
such measures. In this
> regard, the Special Rapporteur also emphasizes that
the existing
> international human rights standards, in particular
article 19, paragraph 3
> of the ICCPR, remain pertinent in determining the
types of restrictions
> that
> are in breach of States' obligations to guarantee
the right to freedom of
> expression.
> 24. As set out in article 19,
paragraph 3 of the ICCPR,
> there are certain, exceptional types of expression
which may be
> legitimately
> restricted under international human rights law,
essentially to safeguard
> the rights of others. This issue has been examined
in the previous annual
> report of the Special Rapporteur. However, the
Special Rapporteur deems it
> appropriate to reiterate that any limitation to the
right to freedom of
> expression must pass the following three-part,
cumulative test:
> (1) it must be provided by law, which is clear
and accessible to
> everyone (principles of predictability and
transparency); and
> (2) it must pursue one of the purposes set out
in article 19, paragraph
> 3 of the ICCPR, namely (i) to protect the rights or
reputations of others,
> or (ii) to protect national security or of public
order, or of public
> health
> or morals (principle of legitimacy); and
> (3) it must be proven as necessary and the
least restrictive means
> required to achieve the purported aim (principles
of necessity and
> proportionality).
> Moreover, any legislation
restricting the right to
> freedom of expression must be applied by a body
which is independent of any
> political, commercial, or other unwarranted
influences in a manner that is
> neither arbitrary nor discriminatory, and with
adequate safeguards against
> abuse, including the possibility of challenge and
remedy against its
> abusive
> application.
> And further:
>
> 26 However, in many instances, States
restrict, control, manipulate and
> censor content disseminated via the Internet
without any legal basis, or on
> the basis of broad and ambiguous laws; without
justifying the purpose of
> such actions; and/or in a manner that is clearly
unnecessary and/or
> disproportionate to achieve the intended aim, as
explored in the following
> sections. Such actions are clearly incompatible
with States' obligations
> under international human rights law, and often
create a broader chilling
> effect on the right to freedom of opinion and
expression.
> (full reference: Frank La Rue "Report of the
Special Rapporteur on the
> promotion and protection of the right to freedom of
opinion and expression"
> (26 April 2011, A/HRC/17/27) also available at:
http://scr.bi/z6lZ8N )
>
>
>
>
>
> --
> Wendy Seltzer --
[log in to unmask]
+1 914-374-0613
> Fellow, Yale Law School Information Society Project
> Fellow, Berkman Center for Internet & Society
at Harvard University
>
http://cyber.law.harvard.edu/seltzer.html
>
https://www.chillingeffects.org/
>
https://www.torproject.org/
>
http://www.freedom-to-tinker.com/
>