ALAC Statement on the Whois Review Team's RFC on Scope of Work and Roadmap, Outreach and Action Plans for Whois Review Exercise - Draft
Public Comment on the Whois Review Team (closes 17 April)
The At-Large Advisory Committee welcomes this WHOIS Review exercise and considers it as timely, especially with the imminent addition of new generic top level domains to the root of the Domain Name System. Current policy commits ICANN to “implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information.” ICANN’s implementation of its WHOIS policy framework is grounded on the obligations of registrars defined and agreed in the Registrar Accreditation Agreement (RAA) and certain enforcement mechanisms centred on processes managed by ICANN’s Office of Contract Compliance. It is no secret that the At-Large is concerned about ICANN’s handling of its obligations to the community for contract compliance in this area. The ALAC’s previous statements in context demonstrate that we remain underwhelmed by ICANN’s enforcement regime; “decidedly inadequate and spotty, at best” would be a concise summary of these views.
In our view, the Review Team must first grapple with and provide answers as to whether the principles espoused by the WHOIS construct in context of the Domain Name System remain relevant here forward. Secondly, to the extent that the WHOIS construct remains relevant, we expect the Team to consider and provide definitive guidance as to whether the mechanisms that implement the objectives to which the WHOIS construct is obliged are and remain fit to purpose.
The contents of the WHOIS data-set, the quality of the content and its accessibility are at the heart of the concerns. And the controversy swirls around the several perspectives or understandings of what is meant by “timely, unrestricted and public access to accurate and complete WHOIS information” which baselines the framework for the existing mechanisms and processes today. Voices in the ICANN community, including members of good standing in the At-Large, are certain that the WHOIS obligations compelled by the RAA and as implemented impinge on a registrant’s right to privacy and is a threat to the free speech rights of all Internet users. Some argue that privacy necessarily means anonymity and reject provision or collection of valid WHOIS data. In similar vein, some are in favour of restricted or mediated access to the WHOIS dataset and advocate a slew of so-called privacy services to remedy the direct positive knowledge of the registrant as well as the unfettered access to registrant data compiled in the WHOIS dataset.
The ALAC is on record for insisting that by virtue of being signatory to the RAA contract, ICANN is obliged to ensure the collection of the full dataset as required, to ensure the validity of the contents and, furthermore, has a duty of care to fully enforce the contract obligations. While the ALAC is sensitive to the claims of privacy and are no less in favour of free speech rights, we are equally concerned that with the Internet being a major conduit of commercial activities worldwide, some come to it with hearts and mind laced and bonded with larceny. And as it is in the counterpart ‘bricks and mortar’ world, dissolute behavior is a natural consequence. Therefore, the baseline ‘know your customer’ – and provider - rule is necessary to combat fraudulent activities and must be a generally-accepted conditionality for all transactions with economic implications on the Internet. It is in this context that the original mandate for WHOIS data serves a very important purpose.
The community is riven with the spectre of contending rights, advocated by diametrically opposed and powerful interests. It is therefore rational that some balance must be struck between these contentions. The ALAC wishes to sign on to this perspective - balance can and must be embraced to solution - and offer these specific endorsements as guidelines to forging a workable one:
We acknowledge the calls for privacy as legitimate and in as much as other rights are not critically poached or eroded, would endorse a zone of privacy for the legitimate causes where privacy would be a positive benefactor. Our endorsement of a zone of privacy does not relieve a zone operator of the responsibility to ‘know the customer’
We endorse the commitment to define consumer trust as well as the analysis of factors that would promote consumer trust in the context of the WHOIS.
We endorse a formal definition of the term “law enforcement”’ and the term "legitimate needs of law enforcement."
We are equally seized with and endorse a formal definition of the term “unrestricted and public access” in the context of WHOIS data set
We endorse a heightened approach to identify and document the conflicting claims of privacy versus the ‘need to know’
We endorse and will not retreat from the requirement for unfettered access to WHOIS data save and except specially designated classes as approved by consensus
We endorse the notion that intentional incorrect information attached to a WHOIS entry must be sanctioned