<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [nc-whois] Critical Relationship Between Accuracy and Privacy That the WHOIS Task Force Continues To Overlook and My Contribution to the WHOIS Privacy Issues Report
Ruchika,
Marilyn as co-chair of the TF has already replied
to
you on behalf of both of us. Nonetheless, I
feel
prompted to add some further comments on
your
submission:
1) I am uncomfortable with the phrase "some members
of the Task
Force continue to overlook". Until very recently,
the Task Force
worked in unison with all, repeat all, members
participating and
contributing freely. The Task Force report
that was discussed
on yesterday's call, is the collective outcome of
the work and
contributions of the various members, as well as
those affected
by the policy recommendations (the Registrars and
Registries)
whose input was sought via the Implementation
Committee. We
worked, collectively, for almost two years, and the
matter of
privacy was not, and is not, overlooked in the
least.
2) I question the declaration that "some domain
name registrants
have legitimate reasons for providing inaccurate
information", since
they are contracting a domain name under the
conditions specified
by the delivering registrant. If these are
unsatisfactory, i.e., the
registrant is unwilling to provide personal data
for the Whois, then
maybe he/she would be better off not contracting a
domain name.
The alternative of submitting false data is not, in
my opinion, an
action that can be justified as being committed for
"legitimate
reasons". No one is forcing the registrant to
obtain a domain
name and risk exposure?
3) During the GNSO Council
teleconference
yesterday, Bruce Tonkin correctly identified the
privacy issue as
being related to " the Display of Whois Data", not
to its accuracy.
As we begin to look at the privacy issues, this
will obviously be
a good starting point in evaluating privacy protection alternatives.
4) Neither I nor any other members of the Whois
Task Force,
as far as I can recall, have ever demanded
guarantees of
any sort in order to participate in, and
contribute to, work
in process. As co-chair I would be willing to
guarantee you
a lot of hard work and dedicated time, since this
issue is
so important to you, but not much
else...
Regards
Tony Harris
----- Original Message -----
Sent: Friday, February 21, 2003 12:44
AM
Subject: [nc-whois] Critical Relationship
Between Accuracy and Privacy That the WHOIS Task Force Continues To Overlook
and My Contribution to the WHOIS Privacy Issues Report
Dear Co-Members of the WHOIS Task Force:
Based on some of your comments during our
teleconference call this week, email postings, and GNSO teleconference meeting
today, I want to emphasize a very important point that some members of the
Task Force continue to overlook.
Enforcement of accuracy of
WHOIS data has serious implications on privacy. Some domain name
registrants have legitimate reasons for providing inaccurate WHOIS information
-- for example, to protect their privacy and protect their personally
identifiable information from being globally, publicly accessible -- and
especially when there are no privacy safeguards in place. A number of
studies demonstrate that when no privacy safeguards are in place, individuals
often engage in privacy "self-defense." When polled on the issue,
individuals regularly claim that they have withheld personal information and
have given false information. See:
- ·
Privacy, Costs, and Consumers Privacy, Consumers,
and Costs: How the Lack of Privacy Costs Consumers and Why Business Studies
of Privacy Costs are Biased and Incomplete, Robert Gellman, March 26, 2002,
http://www.epic.org/reports/dmfprivacy.html;
- ·
Trust and Privacy Online: Why Americans Want to
Rewrite the Rules, Pew Internet & American Life Project, August 20,
2000, http://www.pewinternet.org/reports/toc.asp?Report=19; and
- ·
Graphic, Visualization, & Usability Center 7th
WWW User Survey, April 1997, http://www.gvu.gatech.edu/user_surveys/survey-1997-04/#exec.
Please also see the report I
submitted to the Federal Trade Commission for their panel on "Cooperation
Between the FTC and Domain Registration Authorities." <attached >
Again, while I do not oppose accurate data per se, I do oppose the Task
Force’s recommendation to enforce accuracy of WHOIS information when the Task
Force has failed to adequately address privacy issues. Minimally,
enforcement of accuracy and insurance of privacy safeguards should be
concurrent.
As per Ram’s email and the gTLD
constituency’s views on accuracy and privacy, I quote:
- “My constituency members are saying that they are under considerable
pressure from legal, corporate, community and other bodies to tie
implementation of better accuracy and privacy together, so that enhanced
accuracy standards and mechanisms do not lead to unlawful privacy
methods/practices (for those who operate under the EU Data protection
restrictions, for instance).” http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00932.html
I
am happy to work on the privacy issues report as long as the WHOIS Task Force
can guarantee that enforcement of accuracy and implementation of privacy
safeguards would be concurrent (or that implementation of appropriate privacy
safeguards would precede enforcement of accuracy). This guarantee does
not conflict with the vote taken during the GNSO Council meeting today, as the
GNSO Council specifically and only voted on the WHOIS Task Force’s Final
Report’s consensus policies (see below).
Bruce -- can you please
confirm my interpretation of the GNSO’s vote on the WHOIS Task Force’s Final
Report?
Sincerely, Ruchika Agrawal WHOIS Task Force
Member Non-Commercial
Constituency
---------------------------------- I. Consensus
Policies
1. Consensus Policies: Accuracy of WHOIS Data.
These
two policies match the alternative wording proposed in the Implementation
Committee's report, sections 1 and 2, which was accepted by the WHOIS Task
Force. Further comments and additions are marked by underlining.
A. At
least annually, a registrar must present to the Registrant the current WHOIS
information, and remind the registrant that provision of false WHOIS
information can be grounds for cancellation of their domain name registration.
Registrants must review their WHOIS data, and make any corrections.
B.
When registrations are deleted on the basis of submission of false contact
data or non-response to registrar inquiries, the redemption grace period --
once implemented -- should be applied. However, the redeemed domain name
should be placed in registrar hold status until the registrant has provided
updated WHOIS information to the registrar-of-record.
The Task Force
observes that the purpose of this policy is to make sure that the redemption
process cannot be used as a tool to bypass registrar's contact correction
process.
2. Consensus Policies: Bulk Access to WHOIS Data.
There
are no substantial changes to to the policies contained in section 3.2 of the
Policy Report. However, the extensive discussion presented in that report has
been removed in this document. Additionally, some technical changes proposed
by ICANN's General Counsel have been incorporated.
A. Use of bulk
access WHOIS data for marketing should not be permitted. The Task Force
therefore recommends that the obligations contained in the relevant provisions
of the RAA be modified to eliminate the use of bulk access WHOIS data for
marketing purposes. The obligation currently expressed in section 3.3.6.3 of
the RAA could, for instance, be changed to read as follows (changed language
underlined):
"Registrar's access agreement shall require the third
party to agree not to use the data to allow, enable, or otherwise support any
marketing activities, regardless of the medium used. Such media include but
are not limited to e-mail, telephone, facsimile, postal mail, SMS, and
wireless alerts."
The bulk-access provision contained in 3.3.6.6 of the
RAA would then become inapplicable.
B. Section 3.3.6.5 of the Registrar
Accreditation Agreement currently describes an optional clause of registrars'
bulk access agreements, which disallows further resale or redistribution of
bulk WHOIS data by data users. The use of this clause shall be made
mandatory.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|