Re: [alac] Proposed ALAC restatement on WHOIS
Suggested changes inline... Apologies for not sending this earlier.
> In February 2003, the Interim At-Large Advisory Committee issued
> a formal statement on the issues of WHOIS accuracy and bulk
> access,
> <http://alac.icann.org/whois/whois_final_report_accuracy-20feb03.htm>.
> At the time, we remarked on the privacy concerns raised by the
> (then-proposed) policy mandating that domain name registrants
(strike "then-proposed")
> submit accurate and truthful identifying information while giving
> them no opportunity to protect that information from disclosure
> or public display.
> Accuracy was only half the equation, with privacy protections the
> necessary complement. Although we did not then seek to delay
> enforcement of accuracy requirements, we recommended that work be
> commenced swiftly to give registrants more and better privacy
> options.
>
> We concluded that:
> The Task Force's recommendations to systematically enforce the accuracy
> of WHOIS data shift the existing balance between the interests of data
> users and data subjects in favor of data users. In an environment where
> registrants have perceived "inaccurate" data to be one of the most
> practical
> methods for protecting their privacy, this shift of balance is reason
> for
> concern. It will inevitably increase the need for privacy protection
> mechanisms to be built into the contractual framework.
>
Unfortunately, there has been no progress since February.
Domain
> name registrants are forbidden from using pseudonyms or fuzzy,
> "inaccurate" data in order to protect their privacy, yet there
> are no new safeguards or mechanisms by which they can shield
> their identifying details from disclosure. As many
(delete "of us", as it was more widespread.)
> feared at the time
the GNSO recommended stricter enforcement of WHOIS accuracy, domain
name registrants lose out.
> The small businessperson working from a home office must list
> that home address and telephone number, as must the weblogger who
> wishes to publish at her own domain name. The political
> dissident who wants to criticize his country's political regime
> is told to disclose his identity or find a trustworthy friend who
> is willing to do so instead. Domain names are indisputably a
> tool of online expression, on an Internet in which individuals
> can speak alongside corporations and governments, yet many
> individuals are chilled by the prospect of signing a "speakers'
> registry" before they can participate fully. [Compare the U.S.
> Supreme Court decision striking down a town ordinance that made
> individuals register for a permit before canvassing door-to-door.
> (Watchtower v. Village of Stratton, 2002)]
(I'd strike the SCOTUS reference.)
> Proxy or escrow services, proposed by many as a privacy solution,
> have not developed to fill the gap. They do not work in
> practice, giving up the names of their clients on a mere request;
> and even in theory they are a poor second-best for registrants
> seeking full control of their identities. The public deserves
> better.
>
> It is time for ICANN to move forward on privacy. One simple solution,
> requiring no new infrastructure, would be to make all data fields in WHOIS
> optional, allowing domain name registrants themselves to make the choice
> between contactability and privacy. A more complete solution would also
> permit registrants to give accurate information to their registrars without
> putting that into the generally-accessible WHOIS (the online equivalent of
> an unlisted telephone number).
>
> ICANN owes it to the Internet-using public to complete the equation begun
> early this year. It should remedy the imbalance between data users and data
> subjects by allowing registrants to limit data collection and disclosure in
> domain name registration and WHOIS, and should do so without delay.
--
Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
At-Large Advisory Committee: http://alac.info/