<<< Date Index >>>     <<< Thread Index >>>

Re: [alac] Proposed ALAC restatement on WHOIS



On 2003-10-23 08:51:26 -0700, Wendy Seltzer wrote:

> At the time, we remarked on the privacy concerns raised by the
> (then-proposed) policy mandating that domain name registrants
> submit accurate and truthful identifying information while giving
> them no opportunity to protect that information from disclosure
> or public display.  

Well, strictly speaking, the accuracy requirements already were in
the RAA back then, and the task force proposed stricter
*enforcement*.

Greetings from the 300 km/h train to FRA,
-- 
Thomas Roessler  <roessler@xxxxxxxxxxxxxxxxxx>
At-Large Advisory Committee: http://alac.info/






> Accuracy was only half the equation, with privacy protections the
> necessary complement.  Although we did not then seek to delay
> enforcement of accuracy requirements, we recommended that work be
> commenced swiftly to give registrants more and better privacy
> options.
> 
> We concluded that:
>     The Task Force's recommendations to systematically enforce the accuracy
>     of WHOIS data shift the existing balance between the interests of data
>     users and data subjects in favor of data users. In an environment where
>     registrants have perceived "inaccurate" data to be one of the most 
> practical
>     methods for protecting their privacy, this shift of balance is reason 
>     for
>     concern. It will inevitably increase the need for privacy protection
>     mechanisms to be built into the contractual framework.
> 
> Unfortunately, there has been little progress since February.  Indeed, on
> the privacy  front, there has been regress.  Domain name registrants are
> forbidden from using pseudonyms or fuzzy,  "inaccurate" data in order to
> protect their privacy, yet there are no new safeguards or mechanisms by
> which they can shield their identifying details from disclosure.  As many of
> us feared at the time the "accuracy" mandate was imposed on registrants and
> registrars, domain name registrants, including members of the at-large
> public, lose out.
> 
> The small businessperson working from a home office must list that home
> address and telephone number, as must the weblogger who wishes to publish at
> her own domain name.  The political dissident who wants to criticize his
> country's political regime is told to disclose his identity or find a
> trustworthy friend who is willing to do so instead.  Domain names are
> indisputably a tool of online expression, on an Internet in which
> individuals can speak alongside corporations and governments, yet many
> individuals are chilled by the prospect of signing a "speakers' registry"
> before they can participate fully.  [Compare the U.S. Supreme Court decision
> striking down a town ordinance that made individuals register for a permit
> before canvassing door-to-door. (Watchtower v. Village of Stratton, 2002)]
> 
> Proxy or escrow services, proposed by many as a privacy solution, have not
> developed to fill the gap.  They do not work in practice, giving up the
> names of their clients on a mere request; and even in theory they are a poor
> second-best for registrants seeking full control of their identities.  The
> public deserves better.
> 
> It is time for ICANN to move forward on privacy.  One simple solution,
> requiring no new infrastructure, would be to make all data fields in WHOIS
> optional, allowing domain name registrants themselves to make the choice
> between contactability and privacy.  A more complete solution would also
> permit registrants to give accurate information to their registrars without
> putting that into the generally-accessible WHOIS (the online equivalent of
> an unlisted telephone number).
> 
> ICANN owes it to the Internet-using public to complete the equation begun
> early this year.  It should remedy the imbalance between data users and data
> subjects by allowing registrants to limit data collection and disclosure in
> domain name registration and WHOIS, and should do so without delay.
> 
> 
> --
> Wendy Seltzer -- wendy@xxxxxxxxxxx
> Staff Attorney, Electronic Frontier Foundation
> Fellow, Berkman Center for Internet & Society at Harvard Law School
> http://cyber.law.harvard.edu/seltzer.html
> Chilling Effects: http://www.chillingeffects.org/
>