RE: [nc-whois] Contribution Of Globally, Publicly Accessible WHOIS Information To Identity Theft And Other Fraud
If a registrar is in compliance with its obligations under the RAA, it is advising its registrants "who is collecting the information, why the information is being collected, and how it is going to be used." I have posted the RAA citations previously to this list.
"The global, public accessibility of WHOIS data contradict[s] FTC's advice" -- I think this would come as news to the FTC, which has strongly supported public access to Whois and which submitted a response to our Task Force's survey to that effect.
If this is intended as a statement of the FTC's position or approach to Whois then I believe we should have the FTC review it. If it is intended as the interpretation by one Task Force member of how FTC positions on other aspects of privacy ought to be applied to Whois --i.e., as a critique of the FTC's actual Whois position - then that is certainly another story, but I am not sure why a critique of alleged inconsistency by the FTC belongs in the issues report of this Task Force.
I am also concerned about the suggestion that "the enforcement of the accuracy of Whois data" is an innovative or novel suggestion of this Task Force. These obligations regarding accuracy have been on the books for years and have been "enforced" a number of times, whether in the sense of registrants losing their registrations for willful submission of false data or in terms of ICANN action to enforce the obligation of registrars to respond to complaints of false Whois data.
Steve Metalitz
-----Original Message-----
Dear All: The
U.S. Federal Trade Commission (FTC) plays a critical role both in the
investigation of consumer fraud and in the protection of consumers from
fraud. According to the FTC's website, "The FTC works for the
consumer to prevent fraudulent, deceptive and unfair business practices in the
marketplace and to provide information to help consumers spot, stop and avoid
them." [See, for example, http://www.ftc.gov/bcp/conline/pubs/online/dontharvest.htm] In
this vein, the FTC advises consumers not to disclose personal information, and
if consumers choose to disclose personal information, they should know who is
collecting the information, why the information is being collected, and how it
is going to be used. Not only does the global, public accessibility
of WHOIS data contradict FTC's advice, but the consumer, as a domain name
registrant, is stripped of these abilities, as the registrant has no way of
knowing who collected his/her WHOIS data, why the information was collected,
and how the collector intends to use the information. Further yet,
with the enforcement of the accuracy of WHOIS data, as is recommended by the
WHOIS Task Force, consumers will not even have a choice on whether to disclose
their personal information. The alternative to relinquish a domain name
is not giving consumers a genuine choice, and instead infringes on Internet
free speech. The global, public accessibility of WHOIS data imposes risks on domain name registrants, and may contribute to identify theft as well as other fraud. The FTC's guidelines in their effort to safeguard consumer privacy are applicable to the protection of domain name registrants; these safeguards should be appropriately enforced. Regards, |