If a registrar is in
compliance with its obligations under the RAA, it is advising its registrants
"who is collecting the information, why the information is being
collected, and how it is going to be used." I have posted the RAA
citations previously to this list.
"The global, public accessibility of WHOIS data
contradict[s] FTC's advice" -- I think this would come as news to the
FTC, which has strongly supported public access to Whois and which submitted a
response to our Task Force's survey to that effect.
If this is intended as a statement of the FTC's
position or approach to Whois then I believe we should have the FTC review
it. If it is intended as the interpretation by one Task Force member of
how FTC positions on other aspects of privacy ought to be applied to Whois
--i.e., as a critique of the FTC's actual Whois position - then that is
certainly another story, but I am not sure why a critique of alleged
inconsistency by the FTC belongs in the issues report of this Task
Force.
I am also concerned about the suggestion that "the
enforcement of the accuracy of Whois data" is an innovative or novel
suggestion of this Task Force. These obligations regarding accuracy have
been on the books for years and have been "enforced" a number of times,
whether in the sense of registrants losing their registrations for willful
submission of false data or in terms of ICANN action to enforce the obligation
of registrars to respond to complaints of false Whois data.
Steve Metalitz
-----Original
Message-----
From: Ruchika
Agrawal [mailto:agrawal@epic.org]
Sent: Friday, March 07, 2003 2:01
PM
To: Cade,Marilyn S -
LGCRP; NC-WHOIS (E-mail)
Subject: [nc-whois] Contribution Of
Globally, Publicly Accessible WHOIS Information To Identity Theft And Other
Fraud
Dear All:
Here are the paragraphs
on the contribution of globally, publicly accessible WHOIS information to
identity theft and other fraud:
The U.S. Federal
Trade Commission (FTC) plays a critical role both in the investigation of
consumer fraud and in the protection of consumers from fraud. According
to the FTC's website, "The FTC works for the consumer to prevent fraudulent,
deceptive and unfair business practices in the marketplace and to provide
information to help consumers spot, stop and avoid them." [See, for example,
http://www.ftc.gov/bcp/conline/pubs/online/dontharvest.htm]
In this vein, the
FTC advises consumers not to disclose personal information, and if consumers
choose to disclose personal information, they should know who is collecting
the information, why the information is being collected, and how it is going
to be used. Not only does the global, public accessibility of
WHOIS data contradict FTC's advice, but the consumer, as a domain name
registrant, is stripped of these abilities, as the registrant has no way of
knowing who collected his/her WHOIS data, why the information was collected,
and how the collector intends to use the information. Further yet,
with the enforcement of the accuracy of WHOIS data, as is recommended by the
WHOIS Task Force, consumers will not even have a choice on whether to disclose
their personal information. The alternative to relinquish a domain name
is not giving consumers a genuine choice, and instead infringes on Internet
free speech.
The global, public
accessibility of WHOIS data imposes risks on domain name registrants, and may
contribute to identify theft as well as other fraud. The FTC's
guidelines in their effort to safeguard consumer privacy are applicable to the
protection of domain name registrants; these safeguards should be
appropriately enforced.
Regards,
Ruchika