Personal Privacy and Anonymous Speech at Risk in WHOIS proposals
Date: Thursday January 09 2003, @04:30AM
Topic: Privacy

Kathryn Kleiman writes "In one of those mysterious deadlines of ICANN, the DNSO Whois Task Force has extended the deadline to comment on the Whois report. Back at the original deadline December, I submitted the comments (as an individual) below. They are based on my shock in Shanghai that the Task Force considers the thrust of "privacy" concerns in Whois to be "spam." While spam is important, I think there are much more fundamental privacy issues involved in WHOIS -- such as personal privacy and human rights anonymity. These were left out the of the Task Force's report.

If you agree, feel free to make a one or two line posting agreeing with my comments to comments-whois@dnso.org or (even better, if you have time) write your own. You can read other comments posted and the Task Force Report. Deadline is now Jan. 9.

---- Comments -----

To: comments-whois@dnso.org

Subject: [comments-whois] Real lives at risk; personal privacy needs immediate attention

From: KathrynKL@aol.com
Date: Mon, 9 Dec 2002 00:47:12 EST
Sender: owner-comments-whois@dnso.org

I write these comments as an individual, small business owner, and political speaker. Clearly the Task Force has worked hard to define the issues, and to show where more work has been called for by participants and needs to be done. Thus, it comes as a surprise, with all the open questions that the Task Force identifies, that you call for moving forward with "accuracy" of registrant data.

In these comments I address:

  • the open issue of personal privacy
  • the need for personal privacy to be more clearly presented and protected in the next version of this report.
  • the need for express recognition that some inaccuracies in the WHOIS data protect privacy without limiting access to the domain name registrants for legitimate purposes.
  • the Task Force should recommend a much more limited initial testbed for WHOIS.

I. The Open Issue of Personal Privacy

While the concern for individual privacy is tabled as an issue for further discussion, the Task Force urges ICANN to go forward with a set of new, uniform provisions for enforcement of accuracy in the WHOIS database.

It is incumbent on this Task Force to use its report to more explicitly discuss the deep concerns political speakers and individuals face when their full data, including address and telephone are published to the world in the instantaneous availability of the WHOIS database. The discomfort of hitting delete to erase an unsolicited email does not rise to the same level as the discomfort of having an important political/human rights message to share and having to disclose the location of your children when registering the necessary domain name.

The Task Force has heard from Andrews and Davidson, among others, about the need to treat different registrants differently. It has heard from Younger and Chheda, among others, about the need to allow individuals to post limited information to the WHOIS database (with the rest being held by the registrar).

After my presentation to the Task Force in Shanghai, about the need for protection of the personal privacy of individuals and political speakers, I was surrounded by people who agreed. Many sponsored by the Markle Foundation, they represented human rights groups and media which covers human rights activity. They talked of the dangers that political speakers and human rights activists face every day for activity under their domain names. They told me of:

  • a site to post the pictures of government torture victims so that their families could identify their faces and claim their bodies;
  • a site which published detailed accounts of the activities of a corrupt national government, and was a major source of information to the country's residents, unable to receive from the state-controlled media.
  • I added the concern of individuals who use their domain names and websites to post information about their noncommercial activities, from sewing to parenting to touring, and fear making public their domestic information to ex-spouses, stalkers, and disgruntled fellow employees.

We are talking about real issues of personal privacy, real dangers, and real lives.

II. Personal privacy must be more clearly presented and protected in the next Task Force Report.

It is not enough to say (or think) that people who need personal privacy can solve it by registering their domain name through another party. There are basic reasons. First and foremost, many who engage in the political and human rights Internet work do not choose to share their danger with others.

They are driven by their own convictions to take on dangerous lives and work, but they do not want to endanger others. The domain name needs to be under their name.

Second, the time exigencies of UDRP challenges (and perhaps the whois accuracy challenges to come) mean that many domain name registrants want to be able receive and address challenges as quickly as possible not through surrogates. Days count.

But I am not saying anything the Task Force has not heard before more passionately and persuasively presented than I can. Accordingly, it is incumbent on the Task Force to address the issue head on. The Task Force should recommend that ICANN move more carefully through the thicket of personal privacy -- and recommend that ICANN mandate personal privacy protection at the same time as mandating accuracy of WHOIS data for individuals and political speakers.

III. Inaccuracy in WHOIS data today serves privacy purposes without limiting access to the domain name registrant for legitimate purposes.

The unrestricted openness of the WHOIS database drives the need for inaccurate WHOIS information. Everyone works hard to enter contact information which is accurate such as email address to receive notice of any UDRP challenges, renewal notices, and other registry and registrar information.

But that does not mean that every small piece of data in the WHOIS registration needs to be accurate. Unlisted phone numbers should be able to remain private without fear of jeopardizing a well-known human rights website. To do otherwise contradicts common sense and the highest of human values.

IV. The Task Force should recommend a much more limited initial Testbed for WHOIS.

In every other area of ICANN work, we have been urged to go slow and move carefully. The WHOIS database accuracy project should be no exception. The Task Force would be completely within its rights and mandate to

  • urge that a testbed and test period be adopted for WHOIS accuracy requirements:
  • Advise ICANN to work on the clearly commercial gTLD first, and then consider the special issues that apply to individuals and political organizations in other gTLDs later.

    Comments of Kathryn A. Kleiman
    December 8, 2002

    This discussion has been archived. No new comments can be posted.
    Personal Privacy and Anonymous Speech at Risk in WHOIS proposals | Log in/Create an Account | Top | 3 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Threshold:
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    She's right
    by Anonymous on Thursday January 09 2003, @10:01AM (#10935)
    Kathryn Klienman is right - the report undermines its validity by failing to address privacy in any light other than spam prevention.

    ICANN has well established means to deep-six reports. ICANN ignored the report of the Membership Advisory Committee (which recommended public elections for board seats) and the ALSC (which recommended public elections for board seats). Those reports had merit, this new report does not. This report deserves no better treatment than its more useful predecessors.
    [ Reply to This | Parent ]
    Agree + my comments
    by vbertola on Friday January 10 2003, @12:46AM (#10940)
    User #3435 Info | http://bertola.eu.org/
    I agree with your comments, which are quite similar to those I sent to the task force on December 30, and that you may read here [dnso.org].

    By the way, the present WHOIS system is clearly illegal in the European Union, which has a serious privacy protection law. I think that it is important that all of us from the registrant and user community try to make us heard and to put ICANN in front of its responsibilities.
    --vb. (Vittorio Bertola)
    [ Reply to This | Parent ]
    Right on and more
    by ldg on Sunday January 26 2003, @12:55PM (#11034)
    User #2935 Info | http://example.com/
    Since I was one of those who was stalked and harrassed because of the whois, the issues are, to me, very important. Many individuals hold domains for sole proprietorships, personal sites and even for just email or servers with no web presence at all. To require public posting of private information does no one any good except, perhaps, process servers and those who would wish to harm the registrant or covet the domain itself.

    My phone number was (and is still) unlisted, although it is now in the full public view because I had to provide it for domain name registration. I have an additional unlisted number, an expense I should not have had to incur. I had to obtain a post office box in order not reveal my personal home address - another expense I should not have found necessary.

    I testified to this at Congress, but found it was summarily dismissed. After all, how could I prove stalking was due to the whois? Since law enforcement was not interested and would not even take a report. I knew the source because of context, but ... oh well. One Senator was more interested in the use of another polictician's name to distract voters than in life threatening results of a public whois. Since when is it more important to assist litigators than to prevent physical harm? Politicians cry about "family values" but trash-can them when it comes to protecting individuals' privacy. They scream about porn and protecting children, but demand we put our families at risk with a public whois database.

    Privacy needs to be in the forefront and people need to be counted as more important than the wishes of a few powerful entities to mine personal data.

    Data can be obtained with good reason, of course, by contacting a registrar. There is no need to publish it for the world-at-a-glance.

    Spam is an outrage and preventing it (just about impossible) is a major issue. However, privacy is a much deeper and more important issue than just spam prevention. The examples cited by Kathryn are right on the money, but are just a few of the reasons to protect individuals.
    [ Reply to This | Parent ]




  • This article comes from ICANNWatch
    http://www.icannwatch.org/

    The URL for this story is:
    http://www.icannwatch.org/article.pl?sid=03/01/09/147232