All, The Council of Europe has also responded to NCUC's privacy letter (attached) and stated that it shares our concerns about ICANN's compliance with privacy rights. Best, Robin Begin forwarded message: > From: KWASNY Sophie <[log in to unmask]> > Date: October 11, 2012 5:42:39 AM PDT > To: "[log in to unmask]" <[log in to unmask]> > Cc: THACI Elvana <[log in to unmask]> > Subject: RE: Urgent Request from Non-Commercial Users Constituency > for Council of Europe to review ICANN contract for privacy compliance > Dear Mr Gross, > > Please find attached a letter of the Chair of the Consultative > Committee of Convention 108 for your attention. > > Should you need any complementary information, please do not > hesitate to contact me. > > Best regards, > Sophie Kwasny > Data Protection Unit > Human Rights and Rule of Law (DG I) > CONSEIL DE L'EUROPE - COUNCIL OF EUROPE > tel : + 33(0) 3 90 21 43 39 > > www.coe.int/dataprotection > > From: Robin Gross [mailto:[log in to unmask]] > Sent: Sunday 22 July 2012 22:20 > To: THACI Elvana > Cc: David Cake ([log in to unmask]) ([log in to unmask]); > Wolfgang Kleinwächter > Subject: Urgent Request from Non-Commercial Users Constituency for > Council of Europe to review ICANN contract for privacy compliance > > Dear Thaci Elvana: > > I am writing to you as a matter of urgency concerning online > privacy. I represent the Non-Commercial Users Constituency of ICANN > and have concerns regarding ICANN’s the current consultation > relating to contracts with Registrars. A short letter from your > office would help greatly to balance the negotiation discussion. I > ask you to send correspondence to the ICANN Board Chair and CEO. > > As you will be aware, the international management of Internet > naming and addressing is conducted by ICANN, the Internet > Corporation for Assigned Names and Numbers. As part of ICANN’s > work, contractual arrangements are entered into with private > corporations to offer particular Internet domain names to the > public. These private corporations (“Registrars”) in turn > undertake to manage the personal details of their customers > (“Registrants”) in accordance with the requirements of their > contract with ICANN. > > Registrars collect and hold personal information about registrants > and have obligations to uphold privacy-related principles for the > collection, use, storage and disposal of this registration data. It > is my belief that ICANN requirements within the contracts with > Registrars must uphold and not violate international human rights > standards on privacy, in particular collection, access to, and use > of such data. Incursions on privacy are permissible, only when > restricted to exceptional circumstances, such as access by law > enforcement bodies pursuant to a judicial process and in any event > subject to rules relating to access to data across national borders. > > The aggregated database of registrants’ contact information is > called the WHOIS database, and is currently required to be > published to unauthenticated requesters. In my view, information > within this database must only be collected for the purpose for > which is needed, and sensitive information must be made available > only to those with demonstrated need. There is no clearly > established need for the collection of, for instance, telephone > numbers for the purposes of registering a domain name, although > Registrars and others may find this convenient. A blanket > requirement to provide telephone numbers would, therefore, seem to > be an unreasonable intrusion into the privacy rights of > registrants. Similarly, physical addresses and secondary identity > verification documents are not required for the operation of the > domain name system, and in my view should not be permitted or > required in the contracts ICANN has with Registrars. > > I am sure you will understand that with the creation of a data-rich > database, concerns regarding the proper and secure storage and > compliant arrangements for the disposal of registration data when > it is no longer required become more important and potentially > privacy-intrusive. In my view, the current requirements in the new > draft contracts with Registrars are likely to infringe national > privacy laws and have impact on citizens within your jurisdiction. > > For example, WHOIS contact details need only be an email address of > a technical officer who is empowered by the registrant to fix > technical issues with a domain name address or pass on > communications. There is no technical need for identity > verification, let alone regular or annual verification, beyond the > existing requirements. In many jurisdictions where freedom of > expression is tenuous, the greater the degree of anonymity or > pseudonymity, the greater the freedom of expression. This is even > more acute when the database is stored in a foreign country and > subject to different national laws regarding privacy and access by > public officials to private databases. It is important, therefore, > to ensure that national laws relating to privacy are respected. > > The Article 29 Working Party has previously considered WHOIS, and > raised concerns as far back as 2003, saying that “it is necessary > to look for less intrusive methods that would still serve the > purpose of the Whois directories without having all data directly > available on-line to everybody.” http://ec.europa.eu/justice/ > policies/privacy/docs/wpdocs/2003/wp76_en.pdf Unfortunately, > ICANN’s draft contract goes in the opposite direction, > exacerbating the privacy harms. > > The draft contracts are open for comment – see http:// > www.icann.org/en/news/announcements/announcement-7-04jun12-en.htm - > and I would request your organisation review and consider the > privacy impacts of these new contracts – in particular the summary > of the negotiating team’s responses to law enforcement > submissions. On behalf of the Non-Commercial User Constituency, I > recommend that your organisation respond to the ICANN consultative > process to ensure that privacy considerations and respect for > national privacy laws remains a strong feature of ICANN’s > contractual arrangements. Your comments would be very helpful in > giving balanced background to the negotiations. > > I recommend that you send comments directly to Dr. Steve Crocker, > Chair of the ICANN Board, and Akram Atallah, interim CEO, via email > to the Director of Board Support, [log in to unmask] > Comments by the end of July would be most helpful, but any > information you can add would be welcome. > > Please feel free to contact me [log in to unmask] if the NCUC > can provide further information or background. > > Very truly yours, > > David Cake, Chair, Non-Commercial Users Constituency > > Robin Gross, Chair, Non-Commercial Stakeholders Group > > More info on ICANN RAA contract negotiations: > https://community.icann.org/display/RAA/Negotiations+Between > +ICANN+and+Registrars+to+Amend+the+Registrar+Accreditation+Agreement > _______________________________________________ > Robin D. Gross, IP Justice Executive Director > Web: www.ipjustice.org > Email: [log in to unmask] > Phone: +1 415.553.6261 >  IP JUSTICE Robin Gross, Executive Director 1192 Haight Street, San Francisco, CA 94117 USA p: +1-415-553-6261 f: +1-415-462-6451 w: http://www.ipjustice.org e: [log in to unmask]