Me too! Kathy, please add my name! As a mother and individual creator, I do not want to connect my home address to anything visible! I should not have to put down a neutral work physical address to my content...
Gigi Johnson
UCLA and Maremel Institute
United States
Hi Mikhail,
I forward your support to Kathy.
Thx!
Nicolas
-------- Forwarded Message --------
Subject: Re: Signatures sought: Timely Comments on Whois Accuracy Pilot Study Report Date: Fri, 13 Mar 2015 19:47:55 +0000 From: Mikhail M. Komarov <mkomarov@hse.ru> To: Nicolas Adam <nickolas.adam@GMAIL.COM>
Please count on me
With best wishes,Mikhail KomarovNational Research University Higher School of Econimics
Moscow,Russia
Sent from iPhonePlease add my name also. Good work.
Nicolas Adam
On 13/03/2015 2:11 PM, Kathy Kleiman wrote:
Dear All,
Attached please find an important set of comments. They are to the Whois Accuracy Pilot Study Report – by a group of researchers at the University of Chicago called NORC. Buried in this report turns out to be a many issues important to us in the Whois domain name registration databases – including the question of postal addresses (should we be validating and publishing the physical addresses of political dissident groups, religious minorities, girls’ schools in areas where many do not like girls education? Is there a danger to be evaluated *before* we undertake this new policy?)
Identity Validation is a very open question as well, yet NORC seems ready to start work in this area. I have written a set of questions that say STOP – and let’s consider the policy implications of these acts before we develop plans to put them into effect. The comments are below (with a full copy attached).
They are due tonight! If you can sign on, please do. Please let me know your name and/or organization and/or country.
Great tx to Stephanie Perrin for editing! Here are some thoughts of members on our Policy Committee:
- Kathy’s drafted, what I believe to be, an excellent comment in response. – Amr Elsadr
- Great job Kathy!! I support this document. -- Stephanie Perrin
- Feel free to add my name as endorsing the document – Ed Morris
Best and tx!!
Kathy (Kleiman)
WHOIS Accuracy Pilot Study ReportBurying Extremely Divisive Policy Questions in a Technical Implementation Report Written by an ICANN Contractor is Improper and, in this Case, Dangerous
These are comments written in response to the WHOIS Accuracy Pilot Study Report. Buried in this Report – which purports to be an implementation report of an ICANN Contractor (NORC/University of Chicago) -- are some of the most controversial and unsettled issues in ICANN policy discussions and history. These issues are the subject of deep and bitter divides over many years of ICANN work, the subject of interest across the world, and the focus of a series of explosive comments in Singapore when the ICANN Community began to realize what was happening.
It is inappropriate in the extreme, for ICANN policy issues to be buried in a ICANN Contractor’s implementation report, and even further, deep in its Appendix B, Next Steps for the Development of the WHOIS Accuracy Report System (ARS). This follows pages of study “methods and approach” language and sample design which are obscure even to those who follow Whois policy issues on a regular basis. We submit that after the many years of heated controversy over this topic, it is disingenuous at the very least to allow this to happen policy debate to continue its development in this manner.
We are deeply concerned that ICANN Staff has not flagged this Report, or this Comment Proceeding, for what it appears to be – a process to seek permission from the ICANN Community for the:
a) wholesale checking of the physical addresses of online speakers across the world (whether using domain names for political speech, personal speech, or religious, ethnic or sexual minority expression) thus creating an unprecedented inextricable link between a speaker and her physical location, and
b) the radical new concept of Identity Validation for each and every domain name Registrant to the ICANN Community, a concept with inconceivable implications for political, ethnic and religious minorities worldwide, as well as entrepreneurs, emerging organizations and those operating today without identities who seek to create them.
We respectfully add the issues below to this debate.
I. ICANN has never been given a mandate for Address Checking on a Massive Scale
Although the Contractor’s Report seems to suggest that the ICANN Community has approved the massive checking of postal addresses in the existing gTLD Whois databases, that is not the case.
A. The Whois Review Team Final Report set the standard of “contactability” -- reaching the domain name registrant with questions and concerns – not absolute accuracy of all data in the whoisThe Current NORC Study (2014) and its accompanying ICANN Staff Summary accompanying this NORC’s Pilot Report misrepresent the WHOIS Policy Review Team Final Report and its Recommendations. The goal of the Whois Review Team was “Contactibility” and “Reachability” of the Registrant. To this end WHOIS Policy Review Team Final Report looked “holistically” at the Whois record and did not seek the accuracy of each and every element of a Registrant’s Whois record.
Specifically, the NORC Report of 2009/2010 (an earlier report called the NORC Data Accuracy Study) created five categories for ranking the data quality of a Whois record: Full Failure (overwhelmingly inaccurate); Substantial Failure (most data inaccurate); Limited Failure (data to some degree present and considered useful); Minimal Failure (may benefit from additional information, but data provided is accurate) and No Failure (data complete and accurate).
The Whois Review Team called for ICANN to significantly reduce the number of “Full Failure” and “Substantial Failure” Whois Records --- Avoidance of “No Failure” was not a goal at all. As shared many times in meetings of the Whois Review Team and members of the ICANN Community, including the GAC, what the WHOIS Review Team recommended was that Whois information be sufficiently available and accurate for the Registrant to be reached –for legitimate technical, administrative and other questions: [Recommendation] “6. ICANN should take appropriate measures to reduce the number of WHOIS registrations that fall into the accuracy groups Substantial Failure and Full Failure (as defined by the NORC Data Accuracy Study, 2009/10) by 50% within 12 months and by 50% again over the following 12 months.”
Thus, for the Whois Review Team, “No Failure” (full accuracy of all fields) was not the goal; “contactability” and “reachability” of Registrants was.
B. 2013 Registrar Accreditation Agreement
The WHOIS Review Team Final Report noted that efforts were already underway to improve accuracy and contactibility of Registrants in the then-pending “direct negotiations with Registrars on revisions to the RAA.” These negotiations resulted in the 2013 RAA which furthered the goal of reaching Registrants through verified phone numbers and email addresses:1.f : “Verify:
i. the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, or
ii. the telephone number of the Registered Name Holder (and, if different, the Account Holder) by either (A) calling or sending an SMS to the Registered Name Holder's telephone number providing a unique code that must be returned in a manner designated by the Registrar, or (B) calling the Registered Name Holder's telephone number and requiring the Registered Name Holder to provide a unique code that was sent to the Registered Name Holder via web, email or postal mail.
As with the Final Report of the Whois Review Team, the goal of the 2013 RAA was “contactability” and “reachability” of the domain name Registrant for technical or administrative questions by third parties.
C. Where Did the “No Failure” Standard Come From for NORC – the Validation and Verification of Each and Every Whois Element Without Policy Processes or Assessments of the Risks and Harms?
Consistent with the Whois Review Team Final Report and the 2013 RAA, we can understand the NORC methodology and approach to checking email addresses and telephone numbers – but postal address validation? Where is the underlying GNSO Policy driving this direction to NORC from ICANN Staff?
Where is the assessment of the risks and benefits of updating the physical addresses of hundreds of millions of political, personal, religious, ethnic and sexual speakers – including dissidents, minorities and those discriminated against by the laws and customs of various regions? Where is NORC evaluating the wholesale and massive verification of postal address in the existing gTLD WHOIS databases without such an assessment? How did ICANN Staff come to direct it?
The NORC Contractor seems to have jumped from the logical – checking email and phone – to checking physical addresses. But this leap from an open and undecided policy question to a mere implementation issue should be disturbing to everyone in the ICANN Community. What we know from history and the most tragic of recent events is that speech and physical location are a dangerous combination.
When individuals armed with automatic rifles wish to express their disagreement with the legal speech of a satirical magazine, they find the location in Paris and kill writers, publishers and cartoonists. When they want to express contempt for those practicing another religion, they bring their guns to kosher grocery stores in Paris and synagogues in Copenhagen. Tracking down and beheading Christian minorities is a horror of daily life in some parts of the world.
The UN Declaration of Human Rights, adopted in 1948, states:
- Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
It does not say that everyone must put their address on that speech. Where, as here, the Internet has become the major path of communication for that speech, the requirement of a physical address for every speaker may well violate the requirement of the right to speak and the protection for that expression.
Further, the validation of postal addresses represents a major change of policy – one not mandated or requested by the Whois Review Team, the 2013 RAA or by any Policy-Development Team we know of.Who has evaluated the impact and dangers of wholesale adoption of postal address validation of the long-existing gTLD Whois databases– especially in a world that has changed dramatically in the last few years – where entire governments have risen and fallen, where formerly free countries and regions are enslaved by terrorist organizations and a new set of dictators? While proxy/privacy registrations are available, they are a costly luxury for many and completely unknown to others.
The mandatory validation of the massive number of postal addresses in the gTLD Whois database – as appears to be the policy proposal buried between methodology and sample sizes in the Contractor’s report -- will result in the dangerous, harmful, even life-threatening exposure of those using their domain names for nothing more than communicating their ideas, concerns, political hopes, and religious meetings via private streams of domain name communications, such as on listservs and email addresses, and more public resources including websites and blogs.
No policy we know has ever directed ICANN Staff to instruct a Contractor to engage in massive Postal Address Validation – and no policy development process we know has studied, weighed, debated or valued the enormous impact to speech and expression of going back over 25+ years of domain names registrations to suddenly “correct” the postal address and thereby expose battered women’s shelters, women’s schools in Pakistan, pro-democracy groups, family planning groups and LBGQT locations worldwide.
If this is the policy we in ICANN choose to adopt in the future (as we certainly have NOT adopted it already), then it will require enormous amounts of preparation, notice and warning to gTLD domain name
registrants on a global scale. Absent that, we know (without doubt or hyperbole) that ICANN will have blood on its hands.Overall, ICANN’s Contractor NORC seems to have jumped into policy-making, not mere implementation.
II. Identity Validation – Really?
Buried deep in Appendix B, of the Contractor’s Report, behind “syntactic accuracy” and “operational accuracy” is the explosive issue of “exploring accuracy from an identity perspective” (page 45).At no time has ICANN ever held a Policy Development Processes on Identity Validation. Accordingly, where does this guidance from ICANN to its Contractor to explore identity validation implementation come from? For those who attended the public Whois meeting in LA, this issue certainly was not flagged in the discussion; for those who attended the public meeting in Singapore, this issue was introduced and IMMEDIATELY FLAGGED as intensely controversial and divisive.
Identity validation of those engaged in freedom of expression, publishing and political discussion is a deeply controversial prospect – and one with heartfelt objection and opposition grounded in history and law. The United States, for example, sought to be free of England in part because of the mandatory licensing of its printing presses – and the arrest of all who published objections to actions of the English crown. Pamphlets issued without names and addresses are not just a cultural right in the US, but a constitutional one. McIntyre vs. Ohio Elections Commission, 514 U.S. 334 (US Supreme Court, 1995).
A. The GAC asked for a weighing of the risks and benefitsWe note that the GAC has not issued policy in this area. According to the “Brief Overview” provided by ICANN as introduction to this Contractor Report and this public comment period, the GAC “asked for an assessment of the feasibility, costs and benefits of conducting identity validation as part of the development of the ARS.”
Nowhere in this report do we see any assessment of the costs, delays, risks and harms that might be incurred by gTLD Registrants, Registrars and Registries worldwide if identity validation were adopted. Nowhere do we even see an analysis of how identity validation takes places, what happens when a minority seeks to register, or when a speaker must disclose and show her identification as the cost of signing up for a domain name highlighting family planning, women rights, or women’s education in parts of the world not as conducive to these fundamental rights and basic principles. Must she go through her father for this too?
B. ICANN has promised a policy making process.In his response to the GAC on this issue, Dr. Crocker noted concerns:
The costs of operating the Accuracy Reporting System are largely dependent
upon the number of WHOIS records to be examined, as well as the level of
validation (syntactic, operational, or identity). For example, the initial
responses to the ICANN RFP reveal that identity validation services are both
costly and difficult to administer on a global basis. There may also be data
protection and privacy issues of concern to the community when conducting
extensive identity validation on WHOIS records. Hence, the costs of
completing the development of Phase 3 will be determined based on
engagement with the community to identify the appropriate level of identity
validation for ICANN to conduct, as well as the costs associated with
performing identity validation on a global scale. (https://www.icann.org/en/system/files/correspondence/crocker-to-dryden-02sep14-en.pdf, emphasis added.)
As always, policy development must proceed implementation. We call on ICANN to take this discussion out of the recesses of a Contractor report, and into the light of the policy development process.One thing the Whois Review Team did note in its Final Review is the need for clear and concerted outreach on issues that impact the Whois: “We found great interest in the WHOIS policy among a number of groups that do not traditionally participate in ICANN’s more technical proceedings. They include the law enforcement community, Data Protection Commissioners, and the privacy community more generally.” The Whois Review Team’s recommendation specifically call for active and concerted outreach to these communities of its issue:
III. Wide Outreach NeededRecommendation 3 - Outreach
ICANN should ensure that WHOIS policy issues are accompanied by cross-community outreach, including outreach to the communities outside of ICANN with a specific interest in the issues, and an ongoing program for consumer awareness.
That has clearly not happened here – when so much of substance is buried so deeply in the back of a report. When will ICANN be undertaking clear, robust global Outreach on these important freedom of expression and privacy issues and implications?
IV. Finally, let’s Add Policy Staff and Freedom of Expression and Data Protection ExpertiseWe ask that an ICANN Staff deeply steeped in data protection and freedom of expression laws and rights be brought on to work on the development of these address and identity issues. We understand that ICANN feels previous backgrounds of its staffers do not limit their activities, but the perception and reality of this issue would be considered much more balanced if the ICANN Staffers of the project hailed from an array of backgrounds and had represented multiple sides of this issue in their prior lives.
V. ConclusionWe can’t bury wholesale physical address checking and the new concept of identity validation in the back of a Contractor Report. These are NOT policies examined or endorsed by the whole of the ICANN or even the GNSO communities, nor policies evaluated yet by the whole of the ICANN Community. The risks and benefits must be assessed before the implementation is planned.
Signed,
MEMBERS OF THE NONCOMMERCIALS STAKEHOLDERS GROUP
[name, and/or organization, and/or country]