- ICANN Swamped with User Comments Against Personal Data in WHOIS Directory: Internet users have backed a campaign to prevent ICANN's inclusion of domain owners' personal information in the publicly searchable WHOIS directory. Users concerned about privacy are encouraged to sign the online petition and email comments directly to ICANN before July 7, 2015. ICANN has already received nearly 8000 emails protesting the removal of WHOIS privacy protections. ICANN stated that no changes will be made until all public comments are reviewed. EPIC has taken a strong stance on WHOIS privacy, urging Congress to prevent registrars from selling user information to third parties, serving on the WHOIS Privacy Steering Committee, and filing a legal brief supporting the rights of domain name holders not to publish their personal information on the Internet. (Jun. 26, 2015)
- GoDaddy Pulls out of China over Privacy Risks to Users: GoDaddy, the world’s largest internet domain name registrar, will no longer register domain names in China, due to new government rules for monitoring Internet use. China now requires every domain name registrant to provide photographs, business information, signed registration forms, and business registration numbers to the China Internet Network Information Center, a quasi-government agency. GoDaddy General Counsel Christine N. Jones stated, “The intent of the procedures appeared, to us, to be based on a desire by the Chinese authorities to exercise increased control over the subject matter of domain name registrations by Chinese nationals.” EPIC supports privacy for web site registrants and has worked with GoDaddy in the past to urge the US National Telecommunications and Information Administration to safeguard the right of Internet users to maintain private web site registrations. For more information on EPIC and domain name privacy, see EPIC: WHOIS. (Mar. 26, 2010)
- Rod Beckstrom to Head ICANN : The Internet Corporation for Assigned Names and Numbers appointed Rod Beckstrom as its new CEO and president. ICANN manages the administration of the internet including assignment of domain names, IP addresses, preserving operational stability, and developing policies. Beckstrom is an author, entrepreneur, non-profit board member, and expert in decentralized organizations. He resigned as the Director of the National Cybersecurity Center in March 2009 warning of the increasing role of the National Security Agency in domestic security. See EPIC DNSSEC, EPIC WHOIS and The Public Voice. (Jun. 29, 2009)
- GNSO Council invites Recommendations for Future Studies on WHOIS At the October 31, 2007 meeting in Los Angeles, the GNSO Council voted to conduct several studies of the WHOIS system, concluding that a comprehensive, objective and quantifiable understanding of key factual issues regarding the gTLD WHOIS system will benefit future GNSO policy development efforts. Before defining the details of these studies, the Council is soliciting suggestions from the community for specific topics of study on WHOIS that community stakeholders recommend be conducted. Public comments are invited until February 15, 2008 and can be submitted by using this online form. (Jan. 14, 2008)
- New Procedure for Handling WHOIS Conflicts with Privacy Law Proposed ICANN has posted a notice of implementation of its revised Procedure for Handling WHOIS Conflicts with Privacy Law. The procedure will be posted for 30 days, and is planned for implementation in January 2008. The procedure describes how ICANN will respond to a situation where a registrar or registry indicates that it is legally prevented by local or national privacy laws or regulations from complying with the provisions of its ICANN contract regarding the collection, display and distribution of personal data in the WHOIS database. EPIC has pointed out in comments and publications how current WHOIS policies conflict with national privacy laws. (Dec. 19, 2007)
- EPIC Urges Privacy-Friendly Resolution of WHOIS Policy In a letter to the ICANN Board, EPIC endorsed the WHOIS Working Group's efforts to reach resolution on a seven-year attempt to reform WHOIS policy. EPIC stated that the Operational Point of Contact (OPoC) proposal, while not ideal from a privacy perspective, appears workable and would address the main concerns of the various stakeholders. EPIC suggested that if the proposal does not move forward, then the Board should sunset the WHOIS database. Thirty other groups and individuals endorsed EPIC's letter to the ICANN Board, including members of European Digital Rights (EDRI), Computer Professionals for Social Responsibility (CPSR), IP Justice, Digital Rights Ireland, Electronic Frontier Finland (EFFI), Domain Direct, Jamaica Sustainable Development Network, Open Institute Cambodia, Electronic Frontiers Australia (EFA), the Australian Domain Name Administrator (AUDA), ICANN's Non-Commercial Users Constituency (NCUC), and the EPIC Advisory Board. (Oct. 30, 2007)
- Public Comment Period For Working Group Report The GNSO Council approved a resolution for public comment on the report with the intention to lead to a vote on the WHOIS issue on October 31, 2007 during the Los Angeles ICANN meeting. ICANN will be soliciting public comments from Sept. 14, 2007 to October 30, 2007 on the most recent GNSO WHOIS Task Force and Working Group Reports (pdf), recommendations and related Staff Overview of Recent GNSO Whois Activity (pdf) and Staff Implementation Notes on the WHOIS Working Group Report. (Sept. 6, 2007)
- ICANN Working Group Submits Report The ICANN GNSO Council's Working Group Report (pdf) examines the implementation issues raised with respect to the Operational Point of Contact (OPoC) proposal. Specifically, the Report examines the roles and responsibilities of the OPoC; how legitimate users could access unpublished WHOIS data; and whether publication should be based on the type of registrant (i.e. legal vs. natural person) or on the use of the domain name (i.e. commercial vs. non-commercial). The Working Group reached agreement on some, but not all, implementation issues. (Aug. 20, 2007)
- ICANN Working Group Writes Charter The ICANN GNSO Council's newly-created WHOIS Working Group has issued a Charter (pdf). The document sets out the Working Group's objectives, work plan and methods, timeline, information on participation and decision-making and basic background information regarding ICANN and WHOIS. The group will examine the implementation issues raised with respect to the policy recommendations contained in the Final Task Force Report of the WHOIS Task Force until July 30. (Apr. 16, 2007)
- ICANN Committee Creates New Working Group The ICANN GNSO Council considered the WHOIS Task Force's Final Report on WHOIS services at the ICANN meetings in Lisbon this month. Because the proposal endorsed in the Final Report leaves many implementation details unanswered, the Council decided to establish a new working group to examine implementation issues. The group will focus on the endorsed OPoC approach (which removes registrants' mailing addresses, phone and fax numbers and email addresses from the publicly available WHOIS database), and will only return to the alternative proposal mentioned in the Final Report if it cannot sort out the implementation details. (Mar. 31, 2007)
- ICANN Committee Endorses Privacy Safeguards for WHOIS Data The ICANN WHOIS task force has issued its Final Report on WHOIS Services. The task force endorsed a proposal that would remove registrants' mailing addresses, phone and fax numbers and email addresses from the publicly available WHOIS database. EPIC submitted comments to ICANN supporting this proposal to limit access to registrants' information. For more information, see EPIC's WHOIS page. (Mar. 12, 2007)
- EPIC Supports Privacy for WHOIS Data EPIC has submitted comments to ICANN regarding its Preliminary Task Force Report on WHOIS Services. The report considers two different approaches to limitations on the public availability of WHOIS data. EPIC urged ICANN to remove all registrants' data from the WHOIS database, in order to safeguard against threats from spammers, phishers, and stalkers, as well as to protect individuals' freedom of expression. EPIC's comments are available here. (Jan. 12, 2007)
- Governments, Public Interest Groups Support WHOIS Privacy ICANN has posted the written statements of several government and private entities supporting privacy in the WHOIS database. Various government officials contributed to the record supporting a narrower formulation of the database's purpose, including the Privacy Commissioner of Canada, the Chair of the European Union Working Party on Data Protection, and the President of the Belgian Data Protection Commission. Private organizations, including the Association for Computing Machinery and the Canadian Internet Policy and Public Interest Clinic, also supported this formulation, which would pave the way for implementing better WHOIS privacy in the future. EPIC's comments on the proceedings are available here. (Jul. 28)
- In Congress, EPIC Urges Privacy Safeguards for WHOIS Data EPIC Executive Director Marc Rotenberg testified before the House Finance Committee in support of new privacy safeguards for WHOIS, the directory of Internet domain owners. Currently anyone with an Internet connection, including spammers, phishers, and stalkers, can access information in the WHOIS database. Citing the growing risk of identity theft, EPIC supported an ICANN proposal to limit public access to personal information. (Jul. 18)
- ICANN Chooses Privacy for Whois The Internet Corporation for Assigned Names and Numbers (ICANN), the body that controls the assignment of domain names to Internet addresses, has voted to adopt a policy protecting the privacy of domain holders' personal information. ICANN stated that Whois, a public database containing the contact information of domain name holders, should be used only for its original purpose: to resolve issues related to the configuration of the records associated with the domain name. The ruling means that Whois data will not be expanded for other purposes, such as law enforcement and copyright investigations . EPIC advocated this position in its comments to ICANN in February. More information at EPIC's Identity Theft page. (Apr. 13)
- EPIC Supports Privacy for WHOIS Records In comments to the ICANN on the "Preliminary Task Force Report on the Purpose of Whois", EPIC has urged the adoption of a policy that would make Whois data (the listing of those who register Internet domains) only available to "provide information . . . related to the configuration of the records associated with the domain name within a DNS nameserver." EPIC cited the original purpose of Whois and the growing risk of identity theft. EPIC specifically opposed a proposal that would make Whois data available for broader purposes, such as law enforcement and copyright investigations. More information at EPIC's Identity Theft page.( Feb. 13)
- Public Comment Sought on ICANN WHOIS Proposal. The ICANN is requesting public comments on a new WHOIS policy. Under ICANN's current contracts with the registries and registrars, the WHOIS domain name contact information, which includes names, addresses, telephone numbers and e-mail addresses, must be public. But under many local and national laws the information is private. The Task Force now recommends that registrars who change their WHOIS practices to abide by applicable laws and governmental regulations can still operate as accredited registrars. EPIC and the Non Commercial Users Constituency support this change but also urge a comprehensive review of WHOIS policies to ensure that the personal data of all Internet users is protected. Comments are due October 2. (September 21, 2005)
- EPIC Supports WHOIS Privacy Campaign. EPIC has joined with Go Daddy and others to urge a federal agency to restore the right of Internet users to maintain private web site registrations. In February, the National Telecommunication and Information Administration disallowed private registrations for .US domain names, without a hearing, rulemaking, or public debate. The action undercuts online privacy, puts individuals at risk, and threatens Constitutional values. Take Action: Go to The Danger of No Privacy and sign the petition to restore online privacy. (March 31, 2005)
- US Department of Commerce Acts to Enforce Accuracy and Reduce Privacy on the WHOIS Database. The US Department of Commerce National Telecommunications and Information Administration (NTIA) has directed Neustar, the company that runs .us, to prohibit anonymous or proxy domain registrations. This direction by the NTIA is intended to create complete and accurate data in the WHOIS database. What this does, however, is ensure that registrants' data including such personal information as address and phone number will be made publicly and anonymously accessible to anyone online including spammers and marketers. (February 11, 2005)
- Convicted Prolific Spammer Used WHOIS Database. The UK's most prolific spammer has been convicted, jailed, and was just fined 81,000 Pounds. Charged on November 30, 2004, Peter Francis Macrae has been linked to various internet based scams including blackmail, transfer of criminal property and running a business for fraudulent purposes. Macrae was on a list of about 200 people (ROSKO) said to be responsible for the majority of spam. It is reported that Macrae used the WHOIS database to send out fraudulent domain name renewal notices. (February 11, 2005)
- ICANN Extends Comment Period. ICANN has extended the public comment period to July 5th, 2004 for each of the Preliminary Reports of the three WHOIS task forces. For help in submitting comments, the Public Voice WHOIS Web Page lists the Reports, the addresses for comment submission, and the position of the Non-Commercial Users Constituency for each Task Force. (June 17, 2004)
- ICANN Seeks Public Comments on WHOIS Task Forces' Preliminary Reports. The three task forces established by the Internet Corporation for Assigned Names and Numbers (ICANN) to develop policy on the WHOIS database have just released their Preliminary Reports to the public. ICANN requests public comments during the period of May 28 - June 17, 2004 on the Preliminary Reports of each of the three task forces which focus on access, data, and accuracy. For more information, the Public Voice WHOIS Comment Web Page lists the Reports, the addresses for comment submission, and the position of the Non-Commercial Users Constituency for each Task Force. (June 1, 2004)
- WHOIS Discussion Gets a Rare Dose of Privacy Law. In Rome, the Non-Commercial Users Constituency organized a joint meeting with the Registrars constituency with special guest George Papapavlou of the European Commission. Papapavlou explained a legal approach to the WHOIS issue, based on EU data protection laws. Thomas Roessler's notes from this meeting are posted on his web site, "No Such Weblog." (March 8, 2004)
- WHOIS Discussion Gets a Dose of Privacy Law -Again. The Non-Commercial Users Constituency also invited the Secretary General of the Italian Data Protection Authority, Giovanni Buttarelli to speak. Buttarelli criticized ICANN's WHOIS policy development process noting that data Protection authorities have not been sufficiently involved in Whois discussions. Buttarelli drafted the recent Italian data protection law and was a member of the European Union's Article 29 Data Protection Working Party that drafted the 13 June 2003 opinion on the application of data protection principles to the Whois directories. (March 8, 2004)
- ICANN's WHOIS Task Forces Review Progress at Rome Meeting. The three taskforces established by the Generic Names Supporting Organization (GNSO) Council to examine WHOIS issues met for almost a full day in Rome. Each task force gave their interim report and solicited public comment. The public comment period highlighted the difficulty the task forces face due to their required separation from one another - for example, the Access group cannot discuss what elements are included and the Data Elements group cannot discuss the degree of access to the data. The discussions of the other task forces are considered "out of scope." Also out of scope for the task force examining Accuracy requirements is the issue of privacy of personal data. While pleasing to the Intellectual Property lawyers, this was a point of concern for many audience members, particularly the non-commercial and individual users. (March 8, 2004)
- New Legislation Proposed to Criminalize Inaccurate Domain Registrations. Despite the lack of privacy protections for the information required in domain name registration, certain members of the US Congress are calling for criminal penalties for intentional inaccuracies. Many people provide inaccurate data as a way to protect their information from spammers and criminals. This legislation would criminalize them for protecting themselves. For the full story, read the wired.com article, "False Domain Info May Mean Jail" by Ryan Singel or the Washington Post story, "Congress Eyes Internet Fraud Crackdown" by Dave McGuire.(February 20, 2004)
- ICANN GNSO Council Defines Privacy as "Out of Scope" for WHOIS Task Force. The Intellectual Property Constituency of ICANN has suceeded in defining privacy as out of scope for Task Force 3, the accuracy task force. Read the text of the Description of Work for the accuracy Task Force. (October 30, 2003)
- ICANN Considers WHOIS at Carthage Meeting. The third round of ICANN meetings in 2003 were held in October in Carthage, Tunisia. The meetings included a workshop on October 29 to discuss Whois and related privacy issues. In addition, the Generic Names Supporting Organization (GNSO) Council discussed and approved the establishment of three new taskforces to examine WHOIS issues. The three taskforces will run simultaneously and look at access, data elements included and data accuracy. (October 30, 2003)
- Worldwide Coalition of NGO's Write to ICANN President. More than 50 consumer and civil liberties organizations from around the world have written to the President of the Internet Corporation for Assigned Names and Numbers (ICANN) urging civil liberty and privacy protections. ICANN met last week in Carthage, Tunisia and discussed WHOIS, a database that could have a significant impact on privacy, civil liberties, and freedom of expression for Internet users. The WHOIS database broadly exposes domain registrants' personal data to a global audience, including criminals and spammers. Civil society groups from over 20 countries have sent this letter urging ICANN to limit the use and scope of the WHOIS database to its original purpose, which is the resolution of technical network issues, and to establish strong privacy protections based on internationally accepted privacy standards. Spanish and French versions of the WHOIS letter are also available online. (October 26, 2003)
- ICANN Considers WHOIS in Montreal Meeting. The Internet Corporation for Assigned Names and Numbers (ICANN) recently met in Montreal and discussed WHOIS issues. During the public participation session, EPIC pointed out that there are various types of registrants, and that sensible policies governing WHOIS should consider non-commercial and individual Internet speakers. The President of ICANN closed the workshop with recommending that ICANN groups and constituencies work together to prioritize WHOIS issues and develop a work program. EPIC is serving on the WHOIS Privacy Steering Committee that will work to devise such a program. (July 1, 2003)
- European Data Protection and Privacy Experts Evaluate WHOIS. The Article 29 Data Protection Working Party from the European Commission, which is the independent European Union Advisory Body on Data Protection and Privacy, recently submitted comments on WHOIS. The experts commented, "The Working Party encourages ICANN and the Whois community to look at privacy enhancing ways to run the Whois directories in a way that serves its original purpose whilst protecting the rights of individuals. It should in any case be possible for individuals to register domain names without their personal details appearing on a publicly available register." (June 13, 2003)
- ICANN Prepares Privacy Issues Report. ICANN's Acting Staff Manager on WHOIS privacy issues prepared an issues report, using as input EPIC's Privacy Issues Report and a document prepared by a member of the business constituency (former co-chair of the now defunct WHOIS Task Force). The Staff Manager's report may be used as a basis for future policy work on WHOIS. (May 13, 2002)
The WHOIS database, originally intended to allow network administrators to find and fix problems with minimal hassle to maintain the stability of the Internet, now exposes domain name registrants' personally identifiable information to spammers, stalkers, criminal investigators, and copyright enforcers. Whether WHOIS policies and practices should facilitate this exposure is a topic that deserves careful consideration. Please note: Our discussion of WHOIS mainly focuses on the .com/.org/.net top-level domains.
The following three points are critical to understand the issues surrounding WHOIS:
- WHOIS data consists of domain name registrants' contact information (including registrant's mailing address, email address, telephone number, and fax number); administrative contact information (including mailing address, email address, telephone number, and fax number); technical contact information (including mailing address, email address, telephone number, and fax number); domain name; domain servers; and other information.
- WHOIS data is globally, publicly accessible. Anyone with Internet access, including stalkers, corrupt governments who dislike international exposure, spammers, intellectual property lawyers, law enforcement, consumers, individuals, etc., has access to WHOIS data. The important point to realize here is that WHOIS data lends itself to both good faith and bad faith uses, and that investigating fraud is only one of many uses of WHOIS data.
- Domain name registrants in the .com/.org/.net top-level domains consist of businesses; individuals; media organizations; non-profit groups; public interest organizations; political organization; religious organizations; support groups; and so on (e.g. EPIC is a domain name registrant for "epic.org"). Domain name registrants share their services, ideas, views, activities, and more by way of websites, email, newsgroups, and other Internet media. While some domain name registrants use the Internet to conduct fraud, other domain name registrants have legitimate reasons to protect their identities (and so their privacy and personal information) or to register domain names anonymously. For example, different political, artistic and religious groups around the world rely on the Internet to provide information and express views while avoiding persecution - and concealing their identity is crucial in this respect.
The President of ICANN recommended that ICANN groups and constituencies work together to prioritize WHOIS issues and develop a work program. EPIC served on the WHOIS Privacy Steering Committee working to devise such a program. Several constituencies have representation on the WHOIS Task Forces:
- Commercial and Business Users constituency
- Generic Top Level Domain Registries constituency
- Intellectual Property Interests constituency
- Internet Service and Connectivity Providers constituency
- Non-Commercial Users constituency
- Registrars constituency
EPIC is currently representing the Non-Commercial Users Constituency serving on the newly created Accuracy Task Force, Task Force 3.
EPIC was previously a representative from the Non-Commercial Users constituency serving on the prior WHOIS Task Force. The now defunct WHOIS Task Force was created by ICANN's Domain Name Supporting Organization's Names Council (now the Generic Names Supporting Organization Council) in February 2001 to give advice on WHOIS Policy and to review whether any changes to ICANN's WHOIS policy for the .com/.net/.org domains as set out under the Registrar Accreditation Agreement (RAA) should be made.
The OECD Recommendations Concerning and Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (hereinafter "OECD Privacy Guidelines") offer a sound framework for sensible WHOIS policies on privacy and data protection.
The OECD Privacy Guidelines offer important international consensus on and guidelines for privacy protection and establish eight principles for data protection that are widely used as the benchmark for assessing privacy policies and legislation. These principles are Collection Limitation; Data Quality; Purpose Specification; Use Limitation; Security Safeguards; Openness; Individual Participation; and Accountability.
Representatives from North America, Europe, and Asia drafted the original OECD Privacy Guidelines. Countries around the world, with varying cultures and systems of governance, have adopted roughly similar approaches to privacy protection with respect to the OECD Privacy Guidelines. Thus, the OECD Privacy Guidelines reflect a broad consensus about how to safeguard the control and use of personal information in a world, and especially on the Internet, where data can flow freely across national borders.
Therefore, the OECD Privacy Guidelines provide a well thought-out solution to challenging questions about international consensus on privacy and data protection that directly implicate WHOIS policies and practices. A new task force should be formed to evaluate WHOIS policies and practices with respect to the OECD Privacy Guidelines. See the Privacy Issues Report (pdf), prepared by EPIC, for a more detailed discussion.
Current WHOIS policies require accurate WHOIS information without having established appropriate privacy and data protection safeguards. It is important to understand that enforcement of accuracy of WHOIS data has serious implications on privacy. Some domain name registrants have legitimate reasons for providing inaccurate WHOIS information -- for example, to protect their privacy and protect their personally identifiable information from being globally, publicly accessible -- and especially when there are no privacy safeguards in place. A number of studies demonstrate that when no privacy safeguards are in place, individuals often engage in privacy "self-defense." When polled on the issue, individuals regularly claim that they have withheld personal information and have given false information. See:
- Privacy, Costs, and Consumers Privacy, Consumers, and Costs: How the Lack of Privacy Costs Consumers and Why Business Studies of Privacy Costs are Biased and Incomplete, Robert Gellman, March 26, 2002;
- Trust and Privacy Online: Why Americans Want to Rewrite the Rules, Pew Internet & American Life Project, August 20, 2000; and
- Graphic, Visualization, & Usability Center 7th WWW User Survey, April 1997.
On February 6, 2003, the Whois Task Force of the Generic Names Supporting Organization posted its Final Report on Whois Accuracy and Bulk Access for comments and for consideration by the Generic Names Supporting Organization Council. The report includes four consensus-less policies along with other recommendations.
Because there was much heated discussion about the problems with the WHOIS Task Force's recommendation to enforce accuracy while privacy issues largely remain unresolved, the Generic Names Supporting Organization Council voted in favor of only and only the Task Force's four consensus-less policies.Even still, notable comments that raise serious issues with the WHOIS Task Force's final report, including the consensus-less policies relating to accuracy in particular, and remain unresolved include:
- The European Commission's comments (pdf) include:
- The survey undertaken by the Task Force to determine areas of concentration is not a scientific study and that its result are not representative of all users.
- The WHOIS Task Force's report overlooks existing legal frameworks' legal requirements and obligations.
- The report fails to consider the data protection viewpoint which requires resolving the legitimate purposes for the WHOIS database.
- The report does not resolve the implications of the European Data Protection Directive on WHOIS policies and practices.
- The report's bulk access recommendations specifying an opt-out model still does not sufficienctly comply with European legal frameworks.
- The European Commission does not support the WHOIS Task Force's proposals concerning uniformity and more searchable WHOIS facilities.
- The Public Interest Registry's, which manages the .ORG registry, comments include:
- Compelling the disclosure of personally identifiable information of domain registrants poses dangers to freedom of expression and privacy on the Internet. Enforcement of accurate WHOIS data places a burden on the ability of individuals to maintain their anonymity and thus their fullest ability to exercise free speech online. Anonymizing proxy servers are not an adequate alternative.
- Anyone with Internet access - including spammers, stalkers, scam artists, identity thieves, and so on - has access to WHOIS data, which puts the registrants at risk and which could contribute to frauds such as identity theft. The domain name registrant has no control over or information about the uses of WHOIS data.
- The WHOIS Task Force's report does not reflect international consensus, which also implicates the international .ORG community.
- The International Working Group on Data Protection in Telecommunications resubmitted their position paper, titled "Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet," in response to the WHOIS Task Force's intermim report (which preceded the final report). The Working Group's comments include:
- The current Registrar Accreditation Agreement does not reflect the goal of the protection of personal data of domain name holders in a sufficient way.
- It is essential that the purposes of the collection and publication of personal data of domain name holders are being specified.
- The amount of data collected and made publicly available in the course of the registration of a domain name should be restricted to what is essential to fulfill the purpose specified. In this respect, the Working Group has reservations against mandatory publication of any data exceeding name, address and email address in cases where the domain name holder is not himself/herself responsible for the technical maintenance of the domain.
- Any additional data - although they might be collected by the registry as necessary with respect to its task - should in such cases either refer to the respective service provider or only be made available with the explicit consent of the data subject.
- Any secondary use incompatible with the original purpose specified should be based on the data subject's informed consent.
- EPIC, on behalf of the Non-Commercial Users' constituency, submitted a dissenting opinion on the WHOIS Task Force's accuracy recommendations, observing that:
- The Task Force failed to recommend appropriate privacy safeguards for domain name registrants with reasonable and legitimate expectations of privacy and the Task Force failed to assess the misuses of WHOIS data.
- The WHOIS Task Force has effectively ignored a number of comments submitted in response to the Task Force's recommendations report that raise privacy and data misuse issues.
- There are domain name registrants who provide inaccurate data to safeguard their privacy and prevent the misuse of their personally identifiable information. Yet, the WHOIS Task Force is moving forward with accuracy when privacy issues have not been adequately addressed.
- Postponing privacy issues while enforcing accuracy also presents the unacceptable risk of privacy issues being dismissed or resolved unsatisfactorily.
- Minimally, enforcement of accuracy and insurance of privacy safeguards should be concurrent.
The ICANN Board voted on the WHOIS Task Force's consensus-less policies during their Rio meeting (23-27 March 2003). ICANN adopted the WHOIS Task Force's policies on accuracy and bulk access of WHOIS data. ICANN also directed its President to appoint a President's Standing Committee on Privacy to monitor the implications of existing and proposed ICANN policies on the handling of personal data.
- Contribution (pdf) of the European Commission to the general discusison of the WHOIS database raised by the Reports produced by the ICANN WHOIS Task Force, January 22, 2003.
- Comments (pdf) of the Public Interest Registry, the not-for-profit corporation that manages the .ORG registry, on the Final Report on Whois Accuracy and Bulk Access of the Whois Task Force of the Generic Names Supporting Organization, February 17, 2003.
- Federal Trade Commission's Public/Private Partnerships to Combat Cross-Border Fraud on Cooperation Between the FTC and Domain Registration Authorities, Statement for the Record of Marc Rotenberg, Executive Director, and Ruchika Agrawal, IPIOP Science Policy Fellow, EPIC, February 19-20, 2003.
- ICANN Rio de Janeiro Meeting Topic: Whois Accuracy and Bulk Access, March 11, 2003.
- ICANN's Registrar Accreditation Agreement (RAA), May 17, 2001.
- International Working Group on Data Protection in Telecommunications, "Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet," May 4-5, 2000,.
- Privacy Issues Report (pdf), prepared by EPIC, March 10, 2003.
- WHOIS Task Force Mail Archives.
- WHOIS Task Force, "Final Report of the GNSO Council's Whois Task Force Accuracy and Bulk Access," February 6, 2003.
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Machines of Loving Grace by John Markoff