Hi all, I didn't see any individuals or orgs from libtech comment to ICANN on the recent report to reform WHOIS. I wanted to put this on your collective radar if it's of interest to you.
TL;DR: ICANN is working on reforming WHOIS, and their Experts' Working Group has come up with a pretty bad proposal, in our opinion. It would centralize validated registrant data and streamline "legitimate" access to this data. It would do things that appear almost entirely motivated by law enforcement and intellectual property interests, without much consideration of the interests of individual and non-commercial registrants. I'm including our blog post below... and a link to the 6-page comment that is our critique of their proposal. This was joint work with a marvelous CDT intern, a super-technical law student at Berkeley, Joe Mornin. He's behind http://latexforlawyers.org/ and many good things to come. ---- PDF of full comments: https://www.cdt.org/files/pdfs/20130812_whois_comments-cdt.pdf Blog post... (links in original) https://www.cdt.org/blogs/joseph-lorenzo-hall/1308icann-must-do-better-job-privacy-and-whois ICANN Must Do a Better Job with Privacy and WHOIS by Joseph Lorenzo Hall August 13, 2013 In June, an Expert Working Group (EWG) with ICANN – the entity that controls the allocation of domain names and IP addresses on the Internet – released a report that proposed extensive changes to the WHOIS system. WHOIS allows anyone to look up details on who owns a domain name (e.g., the cdt.org WHOIS entry). The EWG asked for public input in response to their report and yesterday CDT submitted comments critical of the draft report, specifically focusing on serious privacy concerns. WHOIS, which was developed way back in 1982, initially served as a mechanism to identify who operated certain servers to make it easier to get contact information of these operators in case something technical went awry. These days, with many, many millions of domain names in operation and many more on the horizon, WHOIS is showing its age in a number of respects. For example, for personal domain registrants – e.g., josephall.org – WHOIS essentially reports sensitive contact information, notably email addresses, postal addresses, and phone numbers. It’s widely known that WHOIS data is highly inaccurate; many individual domain name registrants provide inaccurate data to avoid having their personal information broadcast to the world (to be fair, spammers and scammers also provide inaccurate data to avoid scrutiny). Many others – like me! – use proxy services that mask personal information but that still allow email and postal mail to eventually be routed to them through the proxy provider. The EWG was chartered to provide possible solutions for a revamped WHOIS that would better address privacy, security, and accessibility of WHOIS data. The draft report proposed a centralized, validated WHOIS system with a gated access model where registrant data would be made freely available. In our comments we raised a number of concerns about this approach and offered recommendations, including: The current WHOIS system raises privacy and free expression concerns by requiring registrants to disclose sensitive information. The EWG report does a good job of outlining use cases for access to currently available registrant data, but we think it should also reexaminine what data must be available today, in light of the vastly more complex modern Internet environment. The proposed privacy scheme and validation of registrants is unnecessary and unworkable. Instead, ICANN should protect registrants’ privacy by default. We believe that individual registrants (noncommercial entities) should not have any information disclosed by default other than what is needed for the proper technical functioning of the domain name system. A centralized system is unnecessary and unstable. The gatekeeper under the new proposal would be a poor substitute for existing legal processes because the WHOIS database operator would likely lack the capacity to identify and/or reject illegitimate or overly broad requests. ICANN is unique and must act in an extra-jurisdictional capacity, so it is difficult to see how this new WHOIS would deal with, for example, a Chinese law enforcement request targeting a citizen of another country. Additionally, the EWG focused on a single model for a new registrant database, rather than a suite of possible models for the public and stakeholders to consider. This greatly limits the conversation that can be had around possible enhancements to WHOIS. We encourage ICANN to consider multiple solutions to this complicated problem and believe the EWG should be explicitly re-tasked with recommending a number of additional models in light of feedback they receive, not just the one current flawed proposal. -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
