Thank you Ephraim. I am going to turn this into a blog. If the policy committee and NCSG decides to turn it into a letter getting broader feedback from the membership and send it to the board that would be great. Policy Committee can you please have a look at this? Farzaneh On Sun, Dec 17, 2023 at 11:17 AM Ephraim Percy Kenyanito < [log in to unmask]> wrote: > Awesome stuff Farzaneh! > > > -- > > Best Regards, > Ephraim Percy Kenyanito > Public Policy Specialist/ Regulatory Affairs Specialist/ Project Manager- > International Trade, Technology, Media & Telecommunications Laws > Website: https://ekenyanito.com/ > Twitter: @ekenyanito <https://twitter.com/ekenyanito> > PGP Fingerprint: B0FA394AF73DEB7AA1FDC7360CFED26DE6BA8DC1 > > > On Sun, 17 Dec 2023 at 02:46, farzaneh badii <[log in to unmask]> > wrote: > >> Hi NCSG >> >> I have started doing HRIA on GAC Communiques. I started with a Communique >> in Cancun. >> >> If NCSG and NCSG Policy Committee wants to, they can send this (with >> amendments and comments) as a letter to the Board. I am hopefully going to >> periodically do that and the next one is the GAC communique on urgent >> requests. Link to document to comment on: >> https://docs.google.com/document/d/1kmXgKaob7lIULB_6dXIepeZ7l2e6AzAJcfzAhuBKSEg/edit?usp=sharing >> >> The text: >> >> Governments asking for confidentiality of law enforcement requests for >> access to domain name registrants personal, private data: A human rights >> impact assessment >> >> WHOIS Disclosure System >> >> a. The GAC advises the Board: >> >> i. To direct ICANN org to promptly engage with the PSWG to identify and >> advance >> >> solutions for confidentiality of law enforcement requests so as not to >> preclude >> >> participation by law enforcement requesters when measuring usage of the >> WHOIS >> >> Disclosure System. >> >> Governmental Advisory Committee/ Cancun, Mexico, 2023 >> <https://www.icann.org/en/system/files/correspondence/gac-to-icann-20mar23-en.pdf> >> >> Sources used: Business Social Responsibility Rapid Human Rights >> Assessment: >> https://www.bsr.org/files/BSR-Rapid-HRDD-Political-Armed-Conflict-Tool.pdf >> >> Rapid human rights impact assessment: >> >> The situation: WHOIS is the directory that includes the domain name >> registrants private, personal, sensitive data such as phone numbers, >> physical addresses and email addresses. Domain name owners can set up >> websites around the world. This database was public and accessible for >> years until General Data Protection Regulation came into effect which >> required redaction of data. However, GDPR also had provisions for >> disclosing the private data to third parties with a legitimate purpose. >> GDPR is vague on how such disclosure can take place. >> >> >> Rightsholders: Rightsholders in this situation are domain name >> registrants. >> >> Impacted vulnerable communities: potential impacted communities can be >> minority groups that discuss sensitive issues on their blog that are >> unfairly illegal in their countries. Such as minority religious groups, >> minority political oppositions and others. >> >> What is the severity of the actual or potential human rights impact? >> >> Unfair arrest, potential imprisonment, illegal house raids, cruel >> punishments >> >> What are the potential long-term implications of the situation? >> >> Decrease in use of domain names and public websites for exercising >> fundamental rights >> >> Inaccuracy of the database >> >> Peer companies that are taking action that the company can consult with >> directly? >> >> Regional Internet Registries that have similar WHOIS databases do not >> make the requests confidential, they report on which countries asked for >> the data in their transparency reports (See RIPE NCC) >> https://www.ripe.net/publications/lea-documents >> >> What can ICANN do to avoid, prevent, or mitigate the actual or potential >> human rights impacts? >> >> ICANN should not grant law enforcement agencies the option to seek >> disclosure of data confidentially from the registrars. >> >> >> >> Farzaneh >> >