If a registrar is
in compliance with its obligations under the RAA, it is advising its
registrants "who is collecting the information, why the
information is being collected, and how it is going to be used." I
have posted the RAA citations previously to this list.
"The global, public accessibility of WHOIS data
contradict[s] FTC's advice" -- I think this would come as news to
the FTC, which has strongly supported public access to Whois and which
submitted a response to our Task Force's survey to that effect.
If this is intended as a statement of the FTC's
position or approach to Whois then I believe we should have the FTC review
it. If it is intended as the interpretation by one Task Force member
of how FTC positions on other aspects of privacy ought to be applied to
Whois --i.e., as a critique of the FTC's actual Whois position -
then that is certainly another story, but I am not sure why a critique of
alleged inconsistency by the FTC belongs in the issues report of this Task
Force.
I am also concerned about the suggestion that "the
enforcement of the accuracy of Whois data" is an innovative or novel
suggestion of this Task Force. These obligations regarding accuracy
have been on the books for years and have been "enforced" a number of
times, whether in the sense of registrants losing their registrations for
willful submission of false data or in terms of ICANN action to enforce
the obligation of registrars to respond to complaints of false Whois
data.
Steve Metalitz
-----Original
Message-----
From:
Ruchika Agrawal [mailto:agrawal@epic.org]
Sent: Friday, March 07, 2003 2:01
PM
To: Cade,Marilyn S -
LGCRP; NC-WHOIS (E-mail)
Subject: [nc-whois] Contribution Of
Globally, Publicly Accessible WHOIS Information To Identity Theft And
Other Fraud
Dear All:
Here are the
paragraphs on the contribution of globally, publicly accessible WHOIS
information to identity theft and other fraud:
The U.S.
Federal Trade Commission (FTC) plays a critical role both in the
investigation of consumer fraud and in the protection of consumers from
fraud. According to the FTC's website, "The FTC works for the
consumer to prevent fraudulent, deceptive and unfair business practices in
the marketplace and to provide information to help consumers spot, stop
and avoid them." [See, for example, http://www.ftc.gov/bcp/conline/pubs/online/dontharvest.htm]
In this vein,
the FTC advises consumers not to disclose personal information, and if
consumers choose to disclose personal information, they should know who is
collecting the information, why the information is being collected, and
how it is going to be used. Not only does the global, public
accessibility of WHOIS data contradict FTC's advice, but the consumer, as
a domain name registrant, is stripped of these abilities, as the
registrant has no way of knowing who collected his/her WHOIS data, why the
information was collected, and how the collector intends to use the
information. Further yet, with the enforcement of the accuracy
of WHOIS data, as is recommended by the WHOIS Task Force, consumers will
not even have a choice on whether to disclose their personal
information. The alternative to relinquish a domain name is not
giving consumers a genuine choice, and instead infringes on Internet free
speech.
The global,
public accessibility of WHOIS data imposes risks on domain name
registrants, and may contribute to identify theft as well as other
fraud. The FTC's guidelines in their effort to safeguard consumer
privacy are applicable to the protection of domain name registrants; these
safeguards should be appropriately enforced.
Regards,
Ruchika