LISTSERV - NCSG-DISCUSS Archives

All,

The Council of Europe has also responded to NCUC's privacy letter  
(attached) and stated that it shares our concerns about ICANN's  
compliance with privacy rights.

Best,
Robin


Begin forwarded message:

> From: KWASNY Sophie <[log in to unmask]>
> Date: October 11, 2012 5:42:39 AM PDT
> To: "[log in to unmask]" <[log in to unmask]>
> Cc: THACI Elvana <[log in to unmask]>
> Subject: RE: Urgent Request from Non-Commercial Users Constituency  
> for Council of Europe to review ICANN contract for privacy compliance
> Dear Mr Gross,
>
> Please find attached a letter of the Chair of the Consultative  
> Committee of Convention 108 for your attention.
>
> Should you need any complementary information, please do not  
> hesitate to contact me.
>
> Best regards,
> Sophie Kwasny
> Data Protection Unit
> Human Rights and Rule of Law (DG I)
> CONSEIL DE L'EUROPE - COUNCIL OF EUROPE
> tel :  + 33(0) 3 90 21 43 39
>
> www.coe.int/dataprotection
>
> From: Robin Gross [mailto:[log in to unmask]]
> Sent: Sunday 22 July 2012 22:20
> To: THACI Elvana
> Cc: David Cake ([log in to unmask]) ([log in to unmask]);  
> Wolfgang Kleinwächter
> Subject: Urgent Request from Non-Commercial Users Constituency for  
> Council of Europe to review ICANN contract for privacy compliance
>
> Dear Thaci Elvana:
>
> I am writing to you as a matter of urgency concerning online  
> privacy. I represent the Non-Commercial Users Constituency of ICANN  
> and have concerns regarding ICANN’s the current consultation  
> relating to contracts with Registrars. A short letter from your  
> office would help greatly to balance the negotiation discussion. I  
> ask you to send correspondence to the ICANN Board Chair and CEO.
>
> As you will be aware, the international management of Internet  
> naming and addressing is conducted by ICANN, the Internet  
> Corporation for Assigned Names and Numbers. As part of ICANN’s  
> work, contractual arrangements are entered into with private  
> corporations to offer particular Internet domain names to the  
> public. These private corporations (“Registrars”) in turn  
> undertake to manage the personal details of their customers  
> (“Registrants”) in accordance with the requirements of their  
> contract with ICANN.
>
> Registrars collect and hold personal information about registrants  
> and have obligations to uphold privacy-related principles for the  
> collection, use, storage and disposal of this registration data. It  
> is my belief that ICANN requirements within the contracts with  
> Registrars must uphold and not violate international human rights  
> standards on privacy, in particular collection, access to, and use  
> of such data. Incursions on privacy are permissible, only when  
> restricted to exceptional circumstances, such as access by law  
> enforcement bodies pursuant to a judicial process and in any event  
> subject to rules relating to access to data across national borders.
>
> The aggregated database of registrants’ contact information is  
> called the WHOIS database, and is currently required to be  
> published to unauthenticated requesters. In my view, information  
> within this database must only be collected for the purpose for  
> which is needed, and sensitive information must be made available  
> only to those with demonstrated need. There is no clearly  
> established need for the collection of, for instance, telephone  
> numbers for the purposes of registering a domain name, although  
> Registrars and others may find this convenient. A blanket  
> requirement to provide telephone numbers would, therefore, seem to  
> be an unreasonable intrusion into the privacy rights of  
> registrants. Similarly, physical addresses and secondary identity  
> verification documents are not required for the operation of the  
> domain name system, and in my view should not be permitted or  
> required in the contracts ICANN has with Registrars.
>
> I am sure you will understand that with the creation of a data-rich  
> database, concerns regarding the proper and secure storage and  
> compliant arrangements for the disposal of registration data when  
> it is no longer required become more important and potentially  
> privacy-intrusive. In my view, the current requirements in the new  
> draft contracts with Registrars are likely to infringe national  
> privacy laws and have impact on citizens within your jurisdiction.
>
> For example, WHOIS contact details need only be an email address of  
> a technical officer who is empowered by the registrant to fix  
> technical issues with a domain name address or pass on  
> communications. There is no technical need for identity  
> verification, let alone regular or annual verification, beyond the  
> existing requirements. In many jurisdictions where freedom of  
> expression is tenuous, the greater the degree of anonymity or  
> pseudonymity, the greater the freedom of expression. This is even  
> more acute when the database is stored in a foreign country and  
> subject to different national laws regarding privacy and access by  
> public officials to private databases. It is important, therefore,  
> to ensure that national laws relating to privacy are respected.
>
> The Article 29 Working Party has previously considered WHOIS, and  
> raised concerns as far back as 2003, saying that “it is necessary  
> to look for less intrusive methods that would still serve the  
> purpose of the Whois directories without having all data directly  
> available on-line to everybody.” http://ec.europa.eu/justice/ 
> policies/privacy/docs/wpdocs/2003/wp76_en.pdf   Unfortunately,  
> ICANN’s draft contract goes in the opposite direction,  
> exacerbating the privacy harms.
>
> The draft contracts are open for comment – see http:// 
> www.icann.org/en/news/announcements/announcement-7-04jun12-en.htm -  
> and I would request your organisation review and consider the  
> privacy impacts of these new contracts – in particular the summary  
> of the negotiating team’s responses to law enforcement  
> submissions. On behalf of the Non-Commercial User Constituency, I  
> recommend that your organisation respond to the ICANN consultative  
> process to ensure that privacy considerations and respect for  
> national privacy laws remains a strong feature of ICANN’s  
> contractual arrangements. Your comments would be very helpful in  
> giving balanced background to the negotiations.
>
> I recommend that you send comments directly to Dr. Steve Crocker,  
> Chair of the ICANN Board, and Akram Atallah, interim CEO, via email  
> to the Director of Board Support, [log in to unmask]  
> Comments by the end of July would be most helpful, but any  
> information you can add would be welcome.
>
> Please feel free to contact me [log in to unmask] if the NCUC  
> can provide further information or background.
>
> Very truly yours,
>
> David Cake, Chair, Non-Commercial Users Constituency
>
> Robin Gross, Chair, Non-Commercial Stakeholders Group
>
> More info on ICANN RAA contract negotiations:
>      https://community.icann.org/display/RAA/Negotiations+Between 
> +ICANN+and+Registrars+to+Amend+the+Registrar+Accreditation+Agreement
> _______________________________________________
> Robin D. Gross, IP Justice Executive Director
> Web: www.ipjustice.org
> Email: [log in to unmask]
> Phone: +1 415.553.6261
>




IP JUSTICE
Robin Gross, Executive Director
1192 Haight Street, San Francisco, CA  94117  USA
p: +1-415-553-6261    f: +1-415-462-6451
w: http://www.ipjustice.org     e: [log in to unmask]