[comments-whois] Comment on draft
The Nov 30 report unfairly characterizes my comments and failed to answer
even a single one of my questions.
Since apparently my thoughts didn't get through on the first try, I am
appending them again below.
As a general matter, I find the report deficient insofar as it apparently
starts with a presumption, apparently an irrebutable presumption, that
whois data must be published for the convenience of intellectual property
owners no matter how much social damage that may cause through destruction
of personal privacy.
In addition, I agree with the comments of Kathryn A. Kleiman made on
North American Elected Director
ICANN Board of Directors
---------- Forwarded message ----------
Date: Sun, 20 Oct 2002 14:48:55 -0700 (PDT)
From: Karl Auerbach <karl@CaveBear.com>
Subject: Comment on Oct. 14 Interim report
I see nothing in this interim report that answers the primary question why
personally identifiable information must be published to the public at
In other words, the report fails to answer what I believe must be the
first question: Why is "whois" needed, and by whom?
It is my sense that there is little public value in the existance of a
publicly available "whois" database.
There are, of course, small groups who find such a database useful and
perhaps even valuable - groups such as marketeers (spammers) and trademark
people who seek to redress perceived violations of their rights without
resorting to the processes that nations have established for that purpose
(i.e. the legal system.)
However, the report fails to indicate that the needs of those groups is of
sufficient weight to justify what amounts to a wholesale violation of
privacy principles that amounts to nothing less than an anti-privacy tax
on anyone who wishes to become visible on the internet through the
mechanism of acquiring a domain name.
The report fails to consider privacy protection mechanisms such as the
- Requirements that the data subjects (i.e. the people named in whois
records) have free and effective means to maintain the data.
- Requirements that those who examine the records must first identify
themselves, offer proof of that identity, and indicate working means
of contact, in particular a valid e-mail address.
+ To ensure that the contact of the person making the inquiry is
valid, the response to the query should be returned by e-mail
rather than being made online.
+ Special arrangements might be established for those in operational
roles (such as people in ISP network operating centers) to have
pre-arranged access credentials.
- That the time, date, and identity of every inquiry be recorded and
made available to the data subjects.
- Requirements that the registries and registrars make no use of the
information for any purpose except that for which it was gathered, the
maintainence of the registrant's domain name (including the issuance
of billing and status statements.)
- Requirements that registries and registrars take concrete steps ensure
that this data is protected by adequate and appropriate security