DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

[comments-whois] WHOIS Task Force Final Report - Dissenting Opinion from A Non-commercial Constituency Representative

Dear Co-Members of the WHOIS Task Force:

As a non-commercial constituency representative on the WHOIS Task Force, I am writing to express my dissenting opinion on the Task Force’s accuracy recommendation.

While I do not oppose accurate data per se, I do oppose the Task Force’s recommendation to enforce accuracy of WHOIS information when the Task Force has failed to adequately address privacy issues.  I also believe the Task Force final report fails to reflect several suggestions made by members to address this specific problem.  For this reason, the report cannot fairly be described as a “consensus” position.

The Task Force failed to recommend appropriate privacy safeguards for domain name registrants with reasonable and legitimate expectations of privacy and the Task Force failed to assess the misuses of WHOIS data.  The very existence of inaccurate data suggests that there are domain name registrants who do care to safeguard their privacy and prevent the misuse of their personally identifiable information.  Furthermore, a number of comments submitted to the WHOIS Task Force’s recommendations report raise privacy and data misuse issues that the WHOIS Task Force has effectively ignored:
·       there must be a provision for individuals to keep their personal phone numbers private (04 Dec 2002, see http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc02/msg00005.html);
·       unlimited public access to WHOIS data poses real risks to individuals (9 Dec 2002 , see http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc02/msg00012.html);
·       the Task Force has failed to properly and fully address community concerns regarding privacy (8 Jan 2003, http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc02/msg00022.html);
·       the availability of personally identifiable information on WHOIS raises major problems with respect to the increasingly serious problem of identity theft (08 Jan 2003, see http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc02/msg00023.html);
·       nothing in the Task Force’s report answers the primary question regarding why personally identifiable information must be published to the public at all (9 Jan 2003, http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc02/msg00025.html);
·       choosing to use the domain name system for either personal or professional use should not be a cause for the abuse your name, address, phone number, fax number and e-mail (9 Jan 2003, http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc02/msg00027.html);
·       and more.

A number of privacy and data misuse issues have been expressed by way of comments to the Task Force’s interim and final reports as early as July 2002.  It is not clear what criteria the WHOIS Task Force is applying to suggest that accuracy of WHOIS data supersedes legitimate privacy interests. 

Moreover, the non-commercial constituency representatives expressed the need to address privacy protection:
·       links to postings discussing privacy issues, legitimate reasons for concealing identity, free speech, etc. for the 2001 Congressional Hearings on WHOIS/Accuracy (1 Jun 2002, http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00368.html);
·       .uk whois database as a case study of WHOIS privacy issues (14 Jun 2002, http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00410.html);
·       the European Commission’s views on the compliance of the .name registration agreement with EU privacy laws, which also has implications on .com/.org/.net WHOIS (4 Sep 2002, http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00507.html);
·       WHOIS privacy issues including consumer protection, expectation of privacy, etc. (30 Sep 2002, http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00553.html);
·       not clear why the WHOIS Task Force is moving forward with accuracy when privacy issues have not been adequately addressed (30 Dec 2002, lunch meeting between myself and WHOIS co-chair Marilyn Cade);
·       not clear why the WHOIS Task Force is talking about uniformity and accuracy without having completely addressed accessibility issues and request for  a plan, or a strategy, and a time line to  resolve accessibility issues (04 Jan 2003, http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00800.html); and
·       appropriate privacy guidelines in the context of the Registrar Accreditation Agreement (7 Jan 2003, GNSO WHOIS Task Force Teleconference).

It is not clear why these points, which are central to the development of a sensible WHOIS policy, are being put off.  Proposing a “privacy issues report” is unresponsive.  Postponing privacy issues while enforcing accuracy also presents the unacceptable risk of privacy issues being dismissed or resolved unsatisfactorily (see http://gnso.icann.org/dnso/dnsocomments/comments-whois/Arc03/msg00004.html and http://gnso.icann.org/dnso/dnsocomments/comments-whois/Arc03/msg00006.html).  Minimally, enforcement of accuracy and insurance of privacy safeguards should be concurrent. 

The WHOIS Task Force is well aware of these issues, but has chosen not to address them. For this reason, I ask that my dissent be incorporated in the Final Report as a Minority Report. 

Ruchika Agrawal
Non-Commercial Constituency
WHOIS Task Force

<<< Chronological Index >>>    <<< Thread Index >>>