<<< Date Index >>>     <<< Thread Index >>>

[ga] ALAC statement on WHOIS Privacy



ALAC Calls for Progress on WHOIS Privacy

October 29, 2003

In February 2003, the Interim At-Large Advisory Committee issued a formal
statement on the issues of WHOIS accuracy and bulk access. At the time, we
remarked on the privacy concerns raised by the policy mandating that domain
name registrants submit accurate and truthful identifying information while
giving them no opportunity to protect that information from disclosure or
public display.

Accuracy was only half the equation, with privacy protections the necessary
complement.

Although we did not then seek to delay enforcement of accuracy requirements,
we recommended that work be commenced swiftly to give registrants more and
better privacy options. We concluded that:

    The Task Force's recommendations to systematically enforce the accuracy
of WHOIS data shift the existing balance between the interests of data users
and data subjects in favor of data users. In an environment where
registrants have perceived "inaccurate" data to be one of the most practical
methods for protecting their privacy, this shift of balance is reason for
concern. It will inevitably increase the need for privacy protection
mechanisms to be built into the contractual framework. 

Unfortunately, there has been no progress since February. Indeed, on the
privacy front, there has been regress. Domain name registrants are forbidden
from using pseudonyms or fuzzy, "inaccurate" data in order to protect their
privacy, and risk losing their domain name due to "improved" accuracy
enforcement. Yet there are no new safeguards or mechanisms by which they can
shield their identifying details from disclosure. As many feared at the time
the GNSO mandated stricter enforcement of "accuracy" on registrants and
registrars, domain name registrants (including members of the at-large
public) lose out.

The small businessperson working from a home office must list that home
address and telephone number, as must the weblogger who wishes to publish at
her own domain name. The political dissident who wants to criticize his
country's political regime is told to disclose his identity or find a
trustworthy friend who is willing to do so instead. Domain names are
indisputably a tool of online expression, on an Internet in which
individuals can speak alongside corporations and governments, yet many
individuals are chilled by the prospect of signing a "speakers' registry"
before they can participate fully.

Proxy or escrow services, proposed by many as a privacy solution, have not
developed to fill the gap. They do not work in practice, giving up the names
of their clients on a mere request; and even in theory they are a poor
second-best for registrants seeking full control of their identities. The
public deserves better.

It is time for ICANN to move forward on privacy.

One simple solution, requiring no new infrastructure, would be to make all
data fields in WHOIS optional, allowing domain name registrants themselves
to make the choice between contactability and privacy. A more complete
solution would also permit registrants to give accurate information to their
registrars without putting that into the generally-accessible WHOIS (the
online equivalent of an unlisted telephone number).

ICANN owes it to the Internet-using public to complete the equation begun
early this year. It should remedy the imbalance between data users and data
subjects by allowing registrants to limit data collection and disclosure in
domain name registration and WHOIS, and should do so without delay. 
-- 
vb.               [Vittorio Bertola - v.bertola [a] bertola.eu.org]<------
http://bertola.eu.org/  <- Vecchio sito, nuovo toblòg...