Hi Mikhail, I forward your support to Kathy. Thx! Nicolas -------- Forwarded Message -------- Subject: Re: Signatures sought: Timely Comments on Whois Accuracy Pilot Study Report Date: Fri, 13 Mar 2015 19:47:55 +0000 From: Mikhail M. Komarov <[log in to unmask]> To: Nicolas Adam <[log in to unmask]> Please count on me With best wishes, Mikhail Komarov National Research University Higher School of Econimics Moscow,Russia Sent from iPhone 13 ìàðòà 2015 ã., â 21:50, Nicolas Adam <[log in to unmask] <mailto:[log in to unmask]>> íàïèñàë(à): > Please add my name also. Good work. > > Nicolas Adam > > On 13/03/2015 2:11 PM, Kathy Kleiman wrote: >> >> >> Dear All, >> >> Attached please find an important set of comments. They are to the >> Whois Accuracy Pilot Study Report – by a group of researchers at the >> University of Chicago called NORC. Buried in this report turns out to >> be a many issues important to us in the Whois domain name >> registration databases – including the question of postal addresses >> (should we be validating and publishing the physical addresses of >> political dissident groups, religious minorities, girls’ schools in >> areas where many do not like girls education?Is there a danger to be >> evaluated *before* we undertake this new policy?) >> >> Identity Validation is a very open question as well, yet NORC seems >> ready to start work in this area. I have written a set of questions >> that say STOP – and let’s consider the policy implications of these >> acts before we develop plans to put them into effect. The comments >> are below (with a full copy attached). >> >> *They are due tonight!If you can sign on, please do. Please let me >> know your name and/or organization and/or country.* >> >> ** >> >> Great tx to Stephanie Perrin for editing! Here are some thoughts of >> members on our Policy Committee: >> >> -Kathy’s drafted, what I believe to be, an excellent comment in >> response. – Amr Elsadr >> >> -Great job Kathy!! I support this document. -- Stephanie Perrin >> >> -Feel free to add my name as endorsing the document – Ed Morris >> >> Best and tx!! >> Kathy (Kleiman) >> >> * >> WHOIS Accuracy Pilot Study Report* >> >> Burying Extremely Divisive Policy Questions in a Technical >> Implementation Report Written by an ICANN Contractor is Improper and, >> in this Case, Dangerous >> >> >> These are comments written in response to the WHOIS Accuracy Pilot >> Study Report. Buried in this Report – which purports to be an >> implementation report of an ICANN Contractor (NORC/University of >> Chicago) -- are some of the most controversial and unsettled issues >> in ICANN policy discussions and history. These issues are the subject >> of deep and bitter divides over many years of ICANN work, the subject >> of interest across the world, and the focus of a series of explosive >> comments in Singaporewhen the ICANN Community began to realize what >> was happening. >> >> >> It is inappropriate in the extreme, for ICANN policy issues to be >> buried in a ICANN Contractor’s implementation report, and even >> further, deep in its Appendix B,/Next Steps for the Development of >> the WHOIS Accuracy Report System (ARS). /This follows pages of study >> “methods and approach” language and sample design which are obscure >> even to those who follow Whois policy issues on a regular basis.We >> submit that after the many years of heated controversy over this >> topic, it is disingenuous at the very least to allow this to happen >> policy debate to continue its development in this manner. >> >> We are deeply concerned that ICANN Staff has not flagged this Report, >> or this Comment Proceeding, for what it appears to be – a process to >> seek permission from the ICANN Community for the: >> >> a)*wholesale checking of the physical addresses of online speakers >> across the world (whether using domain names for political speech, >> personal speech, or religious, ethnic or sexual minority >> expression)*thus creating an unprecedented inextricable link between >> a speaker and her physical location, and >> >> b)*the**radical new concept of Identity Validation for each and every >> domain name Registrant to the ICANN Community, *a concept with >> inconceivable implications for political, ethnic and religious >> minorities worldwide, as well as entrepreneurs, emerging >> organizations and those operating today without identities who seek >> to create them. >> >> We respectfully add the issues below to this debate. >> >> *I.**ICANN has never been given a mandate for Address Checking on a >> Massive Scale* >> >> Although the Contractor’s Report seems to suggest that the ICANN >> Community has approved the massive checking of postal addresses in >> the existing gTLD Whois databases, that is not the case. >> >> >> A.The Whois Review Team Final Report set the standard of >> “contactability” -- reaching the domain name registrant with >> questions and concerns – not absolute accuracy of all data in the whois >> >> The Current NORC Study (2014) and its accompanying ICANN Staff >> Summary accompanying this NORC’s Pilot Report misrepresent the WHOIS >> Policy Review Team Final Report and its Recommendations. The goal of >> the Whois Review Team was “Contactibility” and “Reachability” of the >> Registrant. To this end WHOIS Policy Review Team Final Report looked >> “holistically” at the Whois record and did not seek the accuracy of >> each and every element of a Registrant’s Whois record. >> >> >> Specifically, the NORC Report of 2009/2010 (an earlier report called >> the NORC Data Accuracy Study) created five categories for ranking the >> data quality of a Whois record: *Full Failure* (overwhelmingly >> inaccurate); *Substantial Failure* (most data inaccurate); *Limited >> Failure* (data to some degree present and considered useful); >> *Minimal Failure* (may benefit from additional information, but data >> provided is accurate) and *No Failure *(data complete and accurate). >> >> */ >> The Whois Review Team called for ICANN to significantly reduce the >> number of “Full Failure” and “Substantial Failure” Whois Records --- >> Avoidance of “No Failure” was not a goal at all./*As shared many >> times in meetings of the Whois Review Team and members of the ICANN >> Community, including the GAC, what the WHOIS Review Team recommended >> was that Whois information be sufficiently available and accurate for >> the Registrant to be reached –for legitimate technical, >> administrative and other questions: [Recommendation] “*6. ICANN >> shouldtakeappropriatemeasurestoreduce thenumberofWHOIS >> registrationsthatfallintotheaccuracygroupsSubstantial Failureand Full >> Failure(asdefinedbytheNORCDataAccuracyStudy,2009/10)by50%within12months >> andby50%againoverthefollowing12months.*” >> >> >> Thus, for the Whois Review Team, “No Failure” (full accuracy of all >> fields) was */not the goal/*;“contactability” and “reachability” of >> Registrants was. >> >> >> B. 2013 Registrar Accreditation Agreement >> >> >> The WHOIS Review Team Final Report noted that efforts were already >> underway to improve accuracy and contactibility of Registrants in the >> then-pending “direct negotiations with Registrars on revisions to the >> RAA.” These negotiations resulted in the 2013 RAA which furthered the >> goal of reaching Registrants through verified phone numbers and email >> addresses: >> >> 1.f : “Verify: >> >> i.the email address of the Registered Name Holder (and, if different, >> the Account Holder) by sending an email requiring an affirmative >> response through a tool-based authentication method such as providing >> a unique code that must be returned in a manner designated by the >> Registrar, or >> >> ii.the telephone number of the Registered Name Holder (and, if >> different, the Account Holder) by either (A) calling or sending an >> SMS to the Registered Name Holder's telephone number providing a >> unique code that must be returned in a manner designated by the >> Registrar, or (B) calling the Registered Name Holder's telephone >> number and requiring the Registered Name Holder to provide a unique >> code that was sent to the Registered Name Holder via web, email or >> postal mail. >> >> As with the Final Report of the Whois Review Team, the goal of the >> 2013 RAA was “contactability” and “reachability” of the domain name >> Registrant for technical or administrative questions by third parties. >> >> C.Where Did the “No Failure” Standard Come From for NORC – the >> Validation and Verification of Each and Every Whois Element Without >> Policy Processes or Assessments of the Risks and Harms? >> >> Consistent with the Whois Review Team Final Report and the 2013 RAA, >> we can understand the NORC methodology and approach to checking email >> addresses and telephone numbers – but postal address validation?Where >> is the underlying GNSO Policy driving this direction to NORC from >> ICANN Staff? >> >> */Where is the assessment of the risks and benefits of updating the >> physical addresses of hundreds of millions of political, personal, >> religious, ethnic and sexual speakers – including dissidents, >> minorities and those discriminated against by the laws and customs of >> various regions?/*Where is NORC evaluating the wholesale and massive >> verification of postal address in the existing gTLD WHOIS databases >> without such an assessment?How did ICANN Staff come to direct it? >> >> >> The NORC Contractor seems to have jumped from the logical – checking >> email and phone – to checking physical addresses. But this leap from >> an open and undecided policy question to a mere implementation issue >> should be disturbing to everyone in the ICANN Community. What we know >> from history and the most tragic of recent events is that speech and >> physical location are a dangerous combination. >> >> >> When individuals armed with automatic rifles wish to express their >> disagreement with the legal speech of a satirical magazine, they find >> the location in Parisand kill writers, publishers and cartoonists. >> When they want to express contempt for those practicing another >> religion, they bring their guns to kosher grocery stores in Parisand >> synagogues in Copenhagen. Tracking down and beheading Christian >> minorities is a horror of daily life in some parts of the world. >> >> >> The UN Declaration of Human Rights, adopted in 1948, states: >> >> * Everyone has the right to freedom of opinion and expression; this >> right includes freedom to hold opinions without interference and >> to seek, receive and impart information and ideas through any >> media and regardless of frontiers. >> >> >> It does not say that everyone must put their address on that speech. >> Where, as here, the Internet has become the major path of >> communication for that speech, the requirement of a physical address >> for every speaker may well violate the requirement of the right to >> speak and the protection for that expression. >> >> >> Further, the validation of postal addresses represents a major change >> of policy – one not mandated or requested by the Whois Review Team, >> the 2013 RAA or by any Policy-Development Team we know of. >> >> Who has evaluated the impact and dangers of wholesale adoption of >> postal address validation of the long-existing gTLD Whois databases– >> especially in a world that has changed dramatically in the last few >> years – where entire governments have risen and fallen, where >> formerly free countries and regions are enslaved by terrorist >> organizations and a new set of dictators? While proxy/privacy >> registrations are available, */they are a costly luxury for many and >> completely unknown to others/*. >> >> >> The mandatory validation of the massive number of postal addresses in >> the gTLD Whois database – as appears to be the policy proposal buried >> between methodology and sample sizes in the Contractor’s report -- >> will result in the dangerous, harmful, even life-threatening exposure >> of those using their domain names for nothing more than communicating >> their ideas, concerns, political hopes, and religious meetings via >> private streams of domain name communications, such as on listservs >> and email addresses, and more public resources including websites and >> blogs. >> >> >> No policy we know has ever directed ICANN Staff to instruct a >> Contractor to engage in massive Postal Address Validation – and no >> policy development process we know has studied, weighed, debated or >> valued the enormous impact to speech and expression of going back >> over 25+ years of domain names registrations to suddenly “correct” >> the postal address and thereby expose battered women’s shelters, >> women’s schools in Pakistan, pro-democracy groups, family planning >> groups and LBGQT locations worldwide. >> >> >> If this is the policy we in ICANN choose to adopt in the future (as >> we certainly have NOT adopted it already), then it will require >> enormous amounts of preparation, notice and warning to gTLD domain name >> registrants on a global scale. Absent that, we know (without doubt or >> hyperbole) that ICANN will have blood on its hands. >> >> Overall, ICANN’s Contractor NORC seems to have jumped into >> policy-making, not mere implementation. >> >> * >> II. ****Identity Validation – Really? * >> >> >> Buried deep in Appendix B, of the Contractor’s Report, behind >> “syntactic accuracy” and “operational accuracy” is the explosive >> issue of “exploring accuracy from an identity perspective” (page 45). >> >> At no time has ICANN ever held a Policy Development Processes on >> Identity Validation. Accordingly, where does this guidance from ICANN >> to its Contractor to explore identity validation implementation come >> from?For those who attended the public Whois meeting in LA, this >> issue certainly was not flagged in the discussion; for those who >> attended the public meeting in Singapore, this issue was introduced >> and IMMEDIATELY FLAGGED as intensely controversial and divisive. >> >> >> Identity validation of those engaged in freedom of expression, >> publishing and political discussion is a deeply controversial >> prospect – and one with heartfelt objection and opposition grounded >> in history and law. The United States, for example, sought to be free >> of Englandin part because of the mandatory licensing of its printing >> presses – and the arrest of all who published objections to actions >> of the English crown. Pamphlets issued without names and addresses >> are not just a cultural right in the US, but a constitutional >> one./McIntyre vs. //Ohio//Elections Commission, 514 //U.S.//334 (US >> Supreme Court, 1995). / >> >> >> A.The GAC asked for a weighing of the risks and benefits >> >> We note that the GAC has not issued policy in this area. According to >> the “Brief Overview” provided by ICANN as introduction to this >> Contractor Report and this public comment period, the GAC “asked for >> an assessment of the feasibility, costs and benefits of conducting >> identity validation as part of the development of the ARS.” >> >> >> Nowhere in this report do we see any assessment of the costs, delays, >> risks and harms that might be incurred by gTLD Registrants, >> Registrars and Registries worldwide if identity validation were >> adopted. Nowhere do we even see an analysis of how identity >> validation takes places, what happens when a minority seeks to >> register, or when a speaker must disclose and show her identification >> as the cost of signing up for a domain name highlighting family >> planning, women rights, or women’s education in parts of the world >> not as conducive to these fundamental rights and basic principles. >> Must she go through her father for this too? >> >> >> B.ICANN has promised a policy making process. >> >> In his response to the GAC on this issue, Dr. Crocker noted concerns: >> >> The costs of operating the Accuracy Reporting System are largely >> dependent >> >> upon the number of WHOIS records to be examined, as well as the level of >> >> validation (syntactic, operational, or identity). For example, the >> initial >> >> responses to the ICANN RFP reveal that identity validation services >> are both >> >> costly and difficult to administer on a global basis. */There may >> also be data/* >> >> */protection and privacy issues of concern to the community when >> conducting/* >> >> */extensive identity validation on WHOIS records./*Hence, the costs of >> >> completing the development of Phase 3 will be determined based on >> >> engagement with the community to identify the appropriate level of >> identity >> >> validation for ICANN to conduct, as well as the costs associated with >> >> performing identity validation on a global scale. >> (https://www.icann.org/en/system/files/correspondence/crocker-to-dryden-02sep14-en.pdf, >> emphasis added.) >> >> >> As always, policy development must proceed implementation. We call on >> ICANN to take this discussion out of the recesses of a Contractor >> report, and into the light of the policy development process. >> >> * >> III**. Wide Outreach Needed* >> >> One thing the Whois Review Team did note in its Final Review is the >> need for clear and concerted outreach on issues that impact the >> Whois: “We found great interest in the WHOIS policy among a number of >> groups that do not traditionally participate in ICANN’s more >> technical proceedings. They include the law enforcement community, >> Data Protection Commissioners, and the privacy community more >> generally.”The Whois Review Team’s recommendation specifically call >> for active and concerted outreach to these communities of its issue: >> >> */Recommendation 3 - Outreach /* >> >> ICANN should ensure that WHOIS policy issues are accompanied by >> cross-community outreach, including outreach to the communities >> outside of ICANN with a specific interest in the issues, and an >> ongoing program for consumer awareness. >> >> >> That has clearly not happened here – when so much of substance is >> buried so deeply in the back of a report. When will ICANN be >> undertaking clear, robust global Outreach on these important freedom >> of expression and privacy issues and implications? >> >> * >> IV.**Finally, let’s Add Policy Staff and Freedom of Expression and >> Data Protection Expertise* >> >> We ask that an ICANN Staff deeply steeped in data protection and >> freedom of expression laws and rights be brought on to work on the >> development of these address and identity issues. We understand that >> ICANN feels previous backgrounds of its staffers do not limit their >> activities, but the perception and reality of this issue would be >> considered much more balanced if the ICANN Staffers of the project >> hailed from an array of backgrounds and had represented multiple >> sides of this issue in their prior lives. >> >> * >> V.**Conclusion* >> >> We can’t bury wholesale physical address checking and the new concept >> of identity validation in the back of a Contractor Report. These are >> NOT policies examined or endorsed by the whole of the ICANN or even >> the GNSO communities, nor policies evaluated yet by the whole of the >> ICANN Community. The risks and benefits must be assessed before the >> implementation is planned. >> >> >> Signed, >> >> >> MEMBERS OF THE NONCOMMERCIALS STAKEHOLDERS GROUP >> [name, and/or organization, and/or country] >> >