[nc-whois] Critical Relationship Between Accuracy and Privacy That the WHOIS Task Force Continues To Overlook and My Contribution to the WHOIS Privacy Issues Report
Dear Co-Members of the WHOIS Task Force: Based on some of your comments during our teleconference call this week, email postings, and GNSO teleconference meeting today, I want to emphasize a very important point that some members of the Task Force continue to overlook. Enforcement of accuracy of WHOIS data has serious implications on privacy. Some domain name registrants have legitimate reasons for providing inaccurate WHOIS information -- for example, to protect their privacy and protect their personally identifiable information from being globally, publicly accessible -- and especially when there are no privacy safeguards in place. A number of studies demonstrate that when no privacy safeguards are in place, individuals often engage in privacy "self-defense." When polled on the issue, individuals regularly claim that they have withheld personal information and have given false information. See:
As per Ram’s email and the gTLD constituency’s views on accuracy and privacy, I quote:
Bruce -- can you please confirm my interpretation of the GNSO’s vote on the WHOIS Task Force’s Final Report? Sincerely, Ruchika Agrawal WHOIS Task Force Member Non-Commercial Constituency ---------------------------------- I. Consensus Policies 1. Consensus Policies: Accuracy of WHOIS Data. These two policies match the alternative wording proposed in the Implementation Committee's report, sections 1 and 2, which was accepted by the WHOIS Task Force. Further comments and additions are marked by underlining. A. At least annually, a registrar must present to the Registrant the current WHOIS information, and remind the registrant that provision of false WHOIS information can be grounds for cancellation of their domain name registration. Registrants must review their WHOIS data, and make any corrections. B. When registrations are deleted on the basis of submission of false contact data or non-response to registrar inquiries, the redemption grace period -- once implemented -- should be applied. However, the redeemed domain name should be placed in registrar hold status until the registrant has provided updated WHOIS information to the registrar-of-record. The Task Force observes that the purpose of this policy is to make sure that the redemption process cannot be used as a tool to bypass registrar's contact correction process. 2. Consensus Policies: Bulk Access to WHOIS Data. There are no substantial changes to to the policies contained in section 3.2 of the Policy Report. However, the extensive discussion presented in that report has been removed in this document. Additionally, some technical changes proposed by ICANN's General Counsel have been incorporated. A. Use of bulk access WHOIS data for marketing should not be permitted. The Task Force therefore recommends that the obligations contained in the relevant provisions of the RAA be modified to eliminate the use of bulk access WHOIS data for marketing purposes. The obligation currently expressed in section 3.3.6.3 of the RAA could, for instance, be changed to read as follows (changed language underlined): "Registrar's access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts." The bulk-access provision contained in 3.3.6.6 of the RAA would then become inapplicable. B. Section 3.3.6.5 of the Registrar Accreditation Agreement currently describes an optional clause of registrars' bulk access agreements, which disallows further resale or redistribution of bulk WHOIS data by data users. The use of this clause shall be made mandatory.
|