Re: [alac] Proposed ALAC restatement on WHOIS
On 2003-10-23 08:51:26 -0700, Wendy Seltzer wrote:
> At the time, we remarked on the privacy concerns raised by the
> (then-proposed) policy mandating that domain name registrants
> submit accurate and truthful identifying information while giving
> them no opportunity to protect that information from disclosure
> or public display.
Well, strictly speaking, the accuracy requirements already were in
the RAA back then, and the task force proposed stricter
*enforcement*.
Greetings from the 300 km/h train to FRA,
--
Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
At-Large Advisory Committee: http://alac.info/
> Accuracy was only half the equation, with privacy protections the
> necessary complement. Although we did not then seek to delay
> enforcement of accuracy requirements, we recommended that work be
> commenced swiftly to give registrants more and better privacy
> options.
>
> We concluded that:
> The Task Force's recommendations to systematically enforce the accuracy
> of WHOIS data shift the existing balance between the interests of data
> users and data subjects in favor of data users. In an environment where
> registrants have perceived "inaccurate" data to be one of the most
> practical
> methods for protecting their privacy, this shift of balance is reason
> for
> concern. It will inevitably increase the need for privacy protection
> mechanisms to be built into the contractual framework.
>
> Unfortunately, there has been little progress since February. Indeed, on
> the privacy front, there has been regress. Domain name registrants are
> forbidden from using pseudonyms or fuzzy, "inaccurate" data in order to
> protect their privacy, yet there are no new safeguards or mechanisms by
> which they can shield their identifying details from disclosure. As many of
> us feared at the time the "accuracy" mandate was imposed on registrants and
> registrars, domain name registrants, including members of the at-large
> public, lose out.
>
> The small businessperson working from a home office must list that home
> address and telephone number, as must the weblogger who wishes to publish at
> her own domain name. The political dissident who wants to criticize his
> country's political regime is told to disclose his identity or find a
> trustworthy friend who is willing to do so instead. Domain names are
> indisputably a tool of online expression, on an Internet in which
> individuals can speak alongside corporations and governments, yet many
> individuals are chilled by the prospect of signing a "speakers' registry"
> before they can participate fully. [Compare the U.S. Supreme Court decision
> striking down a town ordinance that made individuals register for a permit
> before canvassing door-to-door. (Watchtower v. Village of Stratton, 2002)]
>
> Proxy or escrow services, proposed by many as a privacy solution, have not
> developed to fill the gap. They do not work in practice, giving up the
> names of their clients on a mere request; and even in theory they are a poor
> second-best for registrants seeking full control of their identities. The
> public deserves better.
>
> It is time for ICANN to move forward on privacy. One simple solution,
> requiring no new infrastructure, would be to make all data fields in WHOIS
> optional, allowing domain name registrants themselves to make the choice
> between contactability and privacy. A more complete solution would also
> permit registrants to give accurate information to their registrars without
> putting that into the generally-accessible WHOIS (the online equivalent of
> an unlisted telephone number).
>
> ICANN owes it to the Internet-using public to complete the equation begun
> early this year. It should remedy the imbalance between data users and data
> subjects by allowing registrants to limit data collection and disclosure in
> domain name registration and WHOIS, and should do so without delay.
>
>
> --
> Wendy Seltzer -- wendy@xxxxxxxxxxx
> Staff Attorney, Electronic Frontier Foundation
> Fellow, Berkman Center for Internet & Society at Harvard Law School
> http://cyber.law.harvard.edu/seltzer.html
> Chilling Effects: http://www.chillingeffects.org/
>