All, I typically lurk on this list but feel compelled to contribute on this particular issue. I am reminded of a time in the AUSFTA negotiations (in 2003-04, well before the AoC) where I was one of two Australian bureaucrats facing a room full of negotiators, including a number of people in suits from unidentified law enforcement agencies. Our simple Article in Chapter 17 <http://dfat.gov.au/about-us/publications/trade-investment/australia-unite d-states-free-trade-agreement/Pages/chapter-seventeen-intellectual-propert y-rights.aspx> regarding "Domain Names on the Internet" became a significant point of contention, over a draft reference to "completeness" of, and "unrestricted access" to information. Thankfully, we eventually concluded with a (now familiar to many) commitment that: Each Party shall require that the management of its ccTLD provide online public access to a reliable and accurate database of contact information for domain-name registrants. Counterparts from Peru, Singapore, Chile and elsewhere arrived at similar bilateral agreements (with Chile including an explicit reference to local laws regarding the protection of personal data) These limitations on ccTLD-level WHOIS have evolved further in the TPP, as anyone can find online in leaked versions of the draft Agreement. ICANN itself (predominantly within the GNSO) has been addressing conflicts between ICANN contractual requirements and national privacy laws in the gTLD environment since the turn of the millennium. In short, the (intentionally provocative) question I have is: during this time of review and future-gazing, is it appropriate to religiously advocate dated policy / contract frameworks that already contradict national privacy legislation in many jurisdictions and numerous bi-lateral and (potentially) multi-lateral agreements that the USG is itself a party to? Regards, Paul From: accountability-cross-community-bounces@icann.org [mailto:accountability-cross-community-bounces@icann.org] On Behalf Of Stephanie Perrin Sent: Wednesday, 2 September 2015 12:35 PM To: accountability-cross-community@icann.org Subject: Re: [CCWG-ACCT] Proposed WHOIS language May I draw to everyone's attention the fact that there are now 101 national privacy laws in the world. (Greenleaf, 2014). All input received from the assembled data commissioners in charge of overseeing compliance with those laws has indicated that they contradict the next sentence: Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information. This advice, elaborating how the various components of that sentence are not in compliance with data protection rights has been sent to ICANN in various ways since 2000 (I am rounding off there, there were certainly earlier indications of problems provided from the inception of ICANN). Does it not seem that it is time to review the wisdom of a policy that disregards privacy rights? Kind regards, Stephanie Perrin On 2015-09-01 21:31, Steve DelBianco wrote: Thanks, Bruce. For comparison purposes, I pasted the CCWG's proposed language below your text. From: <accountability-cross-community-bounces@icann.org <mailto:accountability-cross-community-bounces@icann.org> > on behalf of Bruce Tonkin Date: Tuesday, September 1, 2015 at 9:24 PM To: "accountability-cross-community@icann.org <mailto:accountability-cross-community@icann.org> " Subject: [CCWG-ACCT] Proposed WHOIS language Below is some suggested language regarding WHOIS reviews for consideration by the CCWG when considering what to incorporate into the bylaws regarding the AoC reviews. Note the Board has no plans to cancel the current AoC - so the language in the AoC - still stands until the community and NTIA wish to change it. This language however tries to contemplate an environment where we are introducing a new gTLD Directory Service as a result of policy development within the GNSO, as well as most likely continuing to run the existing WHOIS service for some time. Regards, Bruce Tonkin ICANN commits to enforcing its policy relating to the current WHOIS and any future gTLD Directory Service, subject to applicable laws, and working with the community to explore structural changes to improve accuracy and access to gTLD registration data, as well as consider safeguards for protecting data. This Review includes a commitment that becomes part of ICANN Bylaws, regarding enforcement of the current WHOIS and any future gTLD Directory Service policy requirements. The Board shall cause a periodic Review to assess the extent to which WHOIS/Directory Services policy is effective and its implementation meets the legitimate needs of law enforcement, promotes consumer trust, and safeguards data. The Review Team shall assess the extent to which prior Review recommendations have been completed, and the extent to which implementation has had the intended effect. This periodic Review shall be convened no less frequently than every five years, measured from the date the Board took action on previous review recommendations. _______________________________________________
From CCWG 2nd draft proposal, page 81:
ICANN commits to enforcing its existing policy relating to WHOIS/Directory Services, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information. The Board shall cause a periodic Review to assess the extent to which WHOIS/Directory Services policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust. This Review will consider the OECD guidelines regarding privacy, as defined by the OECD in 1980 and amended in 2013. The Review Team shall assess the extent to which prior Review recommendations have been implemented. This periodic Review shall be convened no less frequently than every five years, measured from the date the previous Review was convened. _______________________________________________ Accountability-Cross-Community mailing list Accountability-Cross-Community@icann.org <mailto:Accountability-Cross-Community@icann.org> https://mm.icann.org/mailman/listinfo/accountability-cross-community