If a registrar is
in compliance with its obligations under the RAA, it is advising its
registrants "who is collecting the information, why the
information is being collected, and how it is going to be used." I
have posted the RAA citations previously to this list.
"The global, public accessibility of WHOIS data
contradict[s] FTC's advice" -- I think this would come as news to the
FTC, which has strongly supported public access to Whois and which submitted
a response to our Task Force's survey to that effect.
If this is intended as a statement of the FTC's
position or approach to Whois then I believe we should have the FTC review
it. If it is intended as the interpretation by one Task Force member
of how FTC positions on other aspects of privacy ought to be applied to
Whois --i.e., as a critique of the FTC's actual Whois position - then
that is certainly another story, but I am not sure why a critique of alleged
inconsistency by the FTC belongs in the issues report of this Task
Force.
I am also concerned about the suggestion that "the
enforcement of the accuracy of Whois data" is an innovative or novel
suggestion of this Task Force. These obligations regarding accuracy
have been on the books for years and have been "enforced" a number of times,
whether in the sense of registrants losing their registrations for willful
submission of false data or in terms of ICANN action to enforce the
obligation of registrars to respond to complaints of false Whois data.
Steve Metalitz
-----Original
Message-----
From: Ruchika
Agrawal [mailto:agrawal@epic.org]
Sent: Friday, March 07, 2003 2:01
PM
To: Cade,Marilyn S -
LGCRP; NC-WHOIS (E-mail)
Subject: [nc-whois] Contribution Of
Globally, Publicly Accessible WHOIS Information To Identity Theft And Other
Fraud
Dear All:
Here are the
paragraphs on the contribution of globally, publicly accessible WHOIS
information to identity theft and other fraud:
The U.S. Federal
Trade Commission (FTC) plays a critical role both in the investigation of
consumer fraud and in the protection of consumers from fraud.
According to the FTC's website, "The FTC works for the consumer to prevent
fraudulent, deceptive and unfair business practices in the marketplace and
to provide information to help consumers spot, stop and avoid them." [See,
for example, http://www.ftc.gov/bcp/conline/pubs/online/dontharvest.htm]
In this vein,
the FTC advises consumers not to disclose personal information, and if
consumers choose to disclose personal information, they should know who is
collecting the information, why the information is being collected, and how
it is going to be used. Not only does the global, public
accessibility of WHOIS data contradict FTC's advice, but the consumer, as a
domain name registrant, is stripped of these abilities, as the registrant
has no way of knowing who collected his/her WHOIS data, why the information
was collected, and how the collector intends to use the
information. Further yet, with the enforcement of the accuracy
of WHOIS data, as is recommended by the WHOIS Task Force, consumers will not
even have a choice on whether to disclose their personal information.
The alternative to relinquish a domain name is not giving consumers a
genuine choice, and instead infringes on Internet free
speech.
The global,
public accessibility of WHOIS data imposes risks on domain name registrants,
and may contribute to identify theft as well as other fraud. The FTC's
guidelines in their effort to safeguard consumer privacy are applicable to
the protection of domain name registrants; these safeguards should be
appropriately enforced.
Regards,
Ruchika