[ga-sys] Territorial approach to privacy issues

[Joanna Lane <jo-uk@rcn.com>]

Joanna Lane wrote:-
>> Yes, I can generalize about an entire country when its based on the laws of
>> that country.

Patrick,
There is no disagreement or personal issue here. Let me clarify the meaning
and purpose of my comments, first with respect to the EU, then other
nations. 

The EU Privacy law was made by a democratically elected government, that
represents the voice of the majority of people in its 15 nations. Therefore,
I think it's a fair statement to make that a consensus position on the
disclosure of personal data is already well known with respect to all
affected persons in one of ICANN's five territories, namely Europe, by
virtue of existing laws of that territory (assuming that ICANN's virtual
Europe corresponds to the physical boundaries of the European Union).

If you can agree with both the above paragraph and with the concept that a
minority of EU citizens would have opposed the EU law, then it follows that
whatever opinions may be expressed by a token number of EU citizens
participating in this forum, these may differ from the actual law in force
in the territory that affects them and to which they are subject.

Equally, in the WHOIS survey currently underway, the result from EU
participants would not necessarily mirror the EU directive, even though this
law determines how the majority of people want their personal data to be
treated. Therefore, we risk EU citizens voting in the public WHOIS survey,
possibly leading us to a result that conveys a contrary view to the one we
have already agreed is the established consensus position for this
particular group of stakeholders.

This is one concern I have about the value of the WHOIS survey as it is set
out. The absence of any record of geographical diversity concerning public
participation is another, that would have allowed data to be assessed
relative to a particular ICANN territory and its national laws.

If we were set aside the WHOIS survey for a moment, and we look at the
territorial approach to outreach, with the intention to incorporate existing
data, this effort requires the DNSO to undertake research only into certain
nations, and having established which other nations have adopted privacy
laws/ regulations similar to those of the EU, and which have not, I would
say that would be a very useful indication of millions of present and future
prospective stakeholders voices that have spoken through their legal systems
and governments with respect to Privacy, as opposed to a few with vested
interests in the outcome that I guess will bother with this survey. Frankly,
its depressing, when there are alternitives to hand.

To disregard the ICANN territories altogether, and to treat all members of
the GA equally, regardless of nationality, allowing a free vote on Privacy
issues in relation to WHOIS data, is the other approach, as embarked upon by
the NC for the current public input through the Survey.

The fundamental problem is that whatever results ensue from this survey, the
DNSO will then be forced to use it as a basis for a comprehensive policy
recommendation, claiming it to be consensus based, citing a minority opinion
that may not be corroborated by other available data. Then where will the
WHOIS Committee be? At the wrong end of more criticism than you can imagine.

The public outreach will have amounted to a relatively minuscule number of
people participating in a modestly publicized survey, compared to the voice
of nations that are affected. While all these millions upon millions of
public voices have already been heard very clearly on many aspects of this
issue, the DNSO would now ignore them, and instead, favor its own survey
results? It's not right.

This particular exercise in public outreach is unique, in that this time,
there is other data readily available that should be taken into account and
it doesn't pass the reasonable person test to ignore it. Consequently, if I
was sitting on the ICANN Board, I would want the territorial approach to the
social aspects of the privacy issue, tasking the NC to fill in the gaps for
data where possible, rather than a tiny sampling of the DNSO, hoping to
reach a representative cross section who are qualified to dictate social
policy for the rest of the world.

Clearly with the territorial approach to social policy making, there would
be no need for the DNSO, WHOIS committee or any working group of the GA, to
go to the time, trouble and expense of entertaining any further outreach or
provide any further documentation with respect to claims of consensus
regarding the EU, but simply to put their efforts into aquiring the details
of applicable laws (and lack thereof) of all other nations worldwide. This
is where the DNSO effort should be going IMO and only when that job is done
can the NC look at the possibility of making policy recommendations on a
global scale with respect to Privacy for impacted individuals.


Next....the US position...

Patrick Greenwell wrote:-
> Your comments did not appear to be related to the laws of the United
> States but rather were related to the attitudes of US citizens towards
> "intrusion into their private lives."

First, a disclaimer. I am not and do not profess to be an expert on the Laws
of the United States, hence you are correct in so far as my comments relate
more to "attitude" than law, although I prefer the term "cultural views."

When referring to the possible consensus opinions of whole nations of
people, it is useful to talk in generalizations, although as it happens, I
was referring to comments by one particular member, whose consumer
relations/ cultural views on privacy issues is not, in my experience,
untypical of the people of the North American Region. He was advocating a
particularly strong version of that position, but I appreciate those may not
be your own views, or Eric Dierker's, who also seems to have taken my
comment in a way it was not meant to come across. My apologies.

It is certainly not my intention to create ill-will by identifying cultural
differences, but please be asssured that there can be no "us" and "them"
that you describe for me, since my immediate family comprises multiple
nationalities including US, British, Australian and Spanish. Different
cultural viewpoints is something I encounter on a daily basis and I would
like to make a generalized comment about that, somewhat oversimplified.

When a US child is taken to the doctor's office, not only do they expect to
see a medical insurance card, they also expect a Social Security number
(SSN), for the child and both parents. This is the way of North America and
from a very young age, US children grow up with this concept as a normal
state of affairs, conditioned to the point that it is not even a
questionable issue. I talk to US friends and family about this and receive
puzzled looks. Not so in many other parts of the world, where it is an
abhorrent idea to be forced to provide an unique and personal identifying
number on a daily basis over a lifetime to all manner of people who ask.

As it is, without an SS number, a US person (here in NY anyway) could not
obtain a driving license, buy a car, open a bank account, obtain a credit
card, obtain medical insurance or even put a roof over their head. In the
UK, all of the above can be executed without any such requirement,  save for
doctor registration and tax authorities that require an NI number, but I
challenge you to find a UK citizen that can recall their number from memory,
it is so rarely used.

The requirement to constantly produce an identifying number is a totally
alien concept to the European (the UK anyway), whose citizens cannot imagine
what the US can possibly be doing with all this collated information about a
person's life, and whose own life carries on perfectly normally without any
such intrusion. Added to which there are few add-ons available to protect
privacy, such as PO Boxes for example, because the need for them is simply
not there at this time.

The exact reverse is true for the US, where the alien concept is that life
would be unbearably chaotic for a responsible member of society without an
SSN and local PO Box facility, where strong demand has made these add-on
services readily available to all. I know this is generalizing, and I am not
meaning to say that anybody here in particular holds these views, including
myself.

The point is that the EU is proactive in privacy protection - they make
privacy laws to protect their citizens, rather than leaving them to fend for
themselves, whereas the US system is reactive in its privacy protection -
they offer services to add on layers of protection - PO Boxes etc.

Some may view this as coddling by the EU. It is not. It is a cultural
difference. There are aspects of society in the US that the UK would
consider coddling. They would be equally wrong.

Neither of the Privacy Protection systems advocated by the respective
governments of the US and the EU strikes me as conducive to achieving a
consensus position in the microcosm that is the DNSO, whether supplemented
by a public survey or not. This is something that takes greater skills of
diplomacy then certainly I can muster. It is the job of governments, not a
private US corporation comprised of special interest groups that do not even
give a vote to a single representative of those that are most profoundly
affected by this issue, the Individual.

Yes, there are technical stability issues to resolve in this debate also,
but there is more at stake here than the internet. This is a social policy
that touches people where they are most sensitive and the impact will be
deeply felt.


Regards,

Joanna



--
This message was passed to you via the ga-sys@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-sys" in the body of the message).
Archives at http://www.dnso.org/archives.html