If a registrar
is in compliance with its obligations under the RAA, it is advising its
registrants "who is collecting the information, why the
information is being collected, and how it is going to be used." I
have posted the RAA citations previously to this list.
"The global, public accessibility of WHOIS data
contradict[s] FTC's advice" -- I think this would come as news to
the FTC, which has strongly supported public access to Whois and which
submitted a response to our Task Force's survey to that effect.
If this is intended as a statement of the FTC's
position or approach to Whois then I believe we should have the FTC
review it. If it is intended as the interpretation by one Task
Force member of how FTC positions on other aspects of privacy ought to
be applied to Whois --i.e., as a critique of the FTC's actual
Whois position - then that is certainly another story, but I am not sure
why a critique of alleged inconsistency by the FTC belongs in the issues
report of this Task Force.
I am also concerned about the suggestion that
"the enforcement of the accuracy of Whois data" is an innovative or
novel suggestion of this Task Force. These obligations regarding
accuracy have been on the books for years and have been "enforced" a
number of times, whether in the sense of registrants losing their
registrations for willful submission of false data or in terms of ICANN
action to enforce the obligation of registrars to respond to complaints
of false Whois data.
Steve Metalitz
-----Original
Message-----
From:
Ruchika Agrawal [mailto:agrawal@epic.org]
Sent: Friday, March 07, 2003 2:01
PM
To: Cade,Marilyn S -
LGCRP; NC-WHOIS (E-mail)
Subject: [nc-whois] Contribution Of
Globally, Publicly Accessible WHOIS Information To Identity Theft And
Other Fraud
Dear
All:
Here are the paragraphs on the contribution of globally,
publicly accessible WHOIS information to identity theft and other
fraud:
The U.S.
Federal Trade Commission (FTC) plays a critical role both in the
investigation of consumer fraud and in the protection of consumers from
fraud. According to the FTC's website, "The FTC works for the
consumer to prevent fraudulent, deceptive and unfair business practices
in the marketplace and to provide information to help consumers spot,
stop and avoid them." [See, for example, http://www.ftc.gov/bcp/conline/pubs/online/dontharvest.htm]
In this
vein, the FTC advises consumers not to disclose personal information,
and if consumers choose to disclose personal information, they should
know who is collecting the information, why the information is being
collected, and how it is going to be used. Not only does the
global, public accessibility of WHOIS data contradict FTC's advice, but
the consumer, as a domain name registrant, is stripped of these
abilities, as the registrant has no way of knowing who collected his/her
WHOIS data, why the information was collected, and how the collector
intends to use the information. Further yet, with the
enforcement of the accuracy of WHOIS data, as is recommended by the
WHOIS Task Force, consumers will not even have a choice on whether to
disclose their personal information. The alternative to relinquish
a domain name is not giving consumers a genuine choice, and instead
infringes on Internet free speech.
The global,
public accessibility of WHOIS data imposes risks on domain name
registrants, and may contribute to identify theft as well as other
fraud. The FTC's guidelines in their effort to safeguard consumer
privacy are applicable to the protection of domain name registrants;
these safeguards should be appropriately enforced.
Regards,
Ruchika