DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

[comments-whois] Real lives at risk; personal privacy needs immediate attention

I write these comments as an individual, small business owner, and political
speaker.  Clearly the Task Force has worked hard to define the issues, and to show where more work has been called for by participants and needs to be done.  Thus, it
comes as a surprise, with all the open questions that the Task Force
identifies, that you call for moving forward with "accuracy" of registrant

In these comments I address:
- the open issue of personal privacy
- the need for personal privacy to be more clearly presented and protected
 in the next version of this report.
- the need for express recognition that some inaccuracies in the WHOIS
 data protect privacy without limiting access to the domain name
 registrants for legitimate purposes.
- the Task Force should recommend a much more limited initial testbed for

I.   The Open Issue of Personal Privacy
While the concern for individual privacy is tabled as an issue for further
discussion, the Task Force urges ICANN to go forward with a set of new,
uniform provisions for enforcement of accuracy in the WHOIS database.

It is incumbent on this Task Force to use its report to more explicitly
discuss the deep concerns political speakers and individuals face when their
full data, including address and telephone are published to the world in the
instantaneous availability of the WHOIS database. The discomfort of
hitting delete to erase an unsolicited email does not rise to the same level as
the discomfort of having an important political/human rights message to
share and having to disclose the location of your children when registering
the necessary domain name.

The Task Force has heard from Andrews and Davidson, among others,
about the need to treat different registrants differently.  It has heard from
Younger and Chheda, among others, about the need to allow individuals to
post limited information to the WHOIS database (with the rest being held
by the registrar).

After my presentation to the Task Force in Shanghai, about the need for
protection of the personal privacy of individuals and political speakers, I
was surrounded by people who agreed.  Many sponsored by the Markle
Foundation, they represented human rights groups and media which covers
human rights activity.  They talked of the dangers that political speakers
and human rights activists face every day for activity under their domain
names.  They told me of:
         -         a site to post the pictures of government torture victims so
         that their families could identify their faces and claim their
         -          a site which published detailed accounts of the activities of a
         corrupt national government, and was a major source of
         information to the country's residents, unable to receive
         information from the state-controlled media.
         -          I added the concern of individuals who use their domain
         names and websites to post information about their
         noncommercial activities, from sewing to parenting to
         touring, and fear making public their domestic information
         to ex-spouses, stalkers, and disgruntled fellow employees.  
We are talking about real issues of personal privacy, real dangers, and real

         II.       Personal privacy must be more clearly presented and protected in
         the next Task Force Report.

It is not enough to say (or think) that people who need personal privacy can
solve it by registering their domain name through another party.  There are
basic reasons.  First and foremost, many who engage in the political and
human rights Internet work do not choose to share their danger with others.
They are driven by their own convictions to take on dangerous lives and
work, but they do not want to endanger others.  The domain name needs to
be under their name.

Second, the time exigencies of UDRP challenges (and perhaps the whois
accuracy challenges to come) mean that many domain name registrants
want to be able receive and address challenges as quickly as possible   not
through surrogates.  Days count.

But I am not saying anything the Task Force has not heard before   more
passionately and persuasively presented than I can.  Accordingly, it is
incumbent on the Task Force to address the issue head on.  The Task Force
should recommend that ICANN move more carefully through the thicket of
personal privacy -- and recommend that ICANN mandate personal privacy
protection at the same time as mandating accuracy of WHOIS data for
individuals and political speakers.

         III.      Inaccuracy in WHOIS data today serves privacy purposes without
         limiting access to the domain name registrant for legitimate

The unrestricted openness of the WHOIS database drives the need for
inaccurate WHOIS information.  Everyone works hard to enter contact
information which is accurate   such as email address to receive notice of
any UDRP challenges, renewal notices, and other registry and registrar

But that does not mean that every small piece of data in the WHOIS
registration needs to be accurate.  Unlisted phone numbers should be able
to remain private   without fear of jeopardizing a well-known human rights
website.  To do otherwise contradicts common sense and the highest of
human values.

    IV.  The Task Force should recommend a much more limited initial
    Testbed for WHOIS.

In every other area of ICANN work, we have been urged to go slow and
move carefully.  The WHOIS database accuracy project should be no
exception.  The Task Force would be completely within its rights and
mandate to urge that a testbed and test period be adopted for WHOIS
accuracy requirements:

         -          Advise ICANN to work on the clearly commercial gTLD
         first, and then consider the special issues that apply to
         individuals and political organizations in other gTLDs later.

Comments of Kathryn A. Kleiman
December 8, 2002

<<< Chronological Index >>>    <<< Thread Index >>>