[comments-whois] Real lives at risk; personal privacy needs immediate attention
I write these comments as an individual, small business owner, and political speaker. Clearly the Task Force has worked hard to define the issues, and to show where more work has been called for by participants and needs to be done. Thus, it comes as a surprise, with all the open questions that the Task Force identifies, that you call for moving forward with "accuracy" of registrant data. In these comments I address: - the open issue of personal privacy - the need for personal privacy to be more clearly presented and protected in the next version of this report. - the need for express recognition that some inaccuracies in the WHOIS data protect privacy without limiting access to the domain name registrants for legitimate purposes. - the Task Force should recommend a much more limited initial testbed for WHOIS. I. The Open Issue of Personal Privacy While the concern for individual privacy is tabled as an issue for further discussion, the Task Force urges ICANN to go forward with a set of new, uniform provisions for enforcement of accuracy in the WHOIS database. It is incumbent on this Task Force to use its report to more explicitly discuss the deep concerns political speakers and individuals face when their full data, including address and telephone are published to the world in the instantaneous availability of the WHOIS database. The discomfort of hitting delete to erase an unsolicited email does not rise to the same level as the discomfort of having an important political/human rights message to share and having to disclose the location of your children when registering the necessary domain name. The Task Force has heard from Andrews and Davidson, among others, about the need to treat different registrants differently. It has heard from Younger and Chheda, among others, about the need to allow individuals to post limited information to the WHOIS database (with the rest being held by the registrar). After my presentation to the Task Force in Shanghai, about the need for protection of the personal privacy of individuals and political speakers, I was surrounded by people who agreed. Many sponsored by the Markle Foundation, they represented human rights groups and media which covers human rights activity. They talked of the dangers that political speakers and human rights activists face every day for activity under their domain names. They told me of: - a site to post the pictures of government torture victims so that their families could identify their faces and claim their bodies; - a site which published detailed accounts of the activities of a corrupt national government, and was a major source of information to the country's residents, unable to receive information from the state-controlled media. - I added the concern of individuals who use their domain names and websites to post information about their noncommercial activities, from sewing to parenting to touring, and fear making public their domestic information to ex-spouses, stalkers, and disgruntled fellow employees. We are talking about real issues of personal privacy, real dangers, and real lives. II. Personal privacy must be more clearly presented and protected in the next Task Force Report. It is not enough to say (or think) that people who need personal privacy can solve it by registering their domain name through another party. There are basic reasons. First and foremost, many who engage in the political and human rights Internet work do not choose to share their danger with others. They are driven by their own convictions to take on dangerous lives and work, but they do not want to endanger others. The domain name needs to be under their name. Second, the time exigencies of UDRP challenges (and perhaps the whois accuracy challenges to come) mean that many domain name registrants want to be able receive and address challenges as quickly as possible not through surrogates. Days count. But I am not saying anything the Task Force has not heard before more passionately and persuasively presented than I can. Accordingly, it is incumbent on the Task Force to address the issue head on. The Task Force should recommend that ICANN move more carefully through the thicket of personal privacy -- and recommend that ICANN mandate personal privacy protection at the same time as mandating accuracy of WHOIS data for individuals and political speakers. III. Inaccuracy in WHOIS data today serves privacy purposes without limiting access to the domain name registrant for legitimate purposes. The unrestricted openness of the WHOIS database drives the need for inaccurate WHOIS information. Everyone works hard to enter contact information which is accurate such as email address to receive notice of any UDRP challenges, renewal notices, and other registry and registrar information. But that does not mean that every small piece of data in the WHOIS registration needs to be accurate. Unlisted phone numbers should be able to remain private without fear of jeopardizing a well-known human rights website. To do otherwise contradicts common sense and the highest of human values. IV. The Task Force should recommend a much more limited initial Testbed for WHOIS. In every other area of ICANN work, we have been urged to go slow and move carefully. The WHOIS database accuracy project should be no exception. The Task Force would be completely within its rights and mandate to urge that a testbed and test period be adopted for WHOIS accuracy requirements: - Advise ICANN to work on the clearly commercial gTLD first, and then consider the special issues that apply to individuals and political organizations in other gTLDs later. Comments of Kathryn A. Kleiman December 8, 2002 |