Fwd: [ISOC-AU-mems] itNews: 'Europe slams WHOIS data demands'
Hi Everyone An email circulated on the Internet Society of Australia's mailing list - another aspect of the Whois accuracy debate Holly Begin forwarded message:
Europe slams WHOIS data demands Juha Saarinen Oct 2, 2012 4:27 AM (10 hours ago) http://www.itnews.com.au/News/317528,europe-slams-whois-data-demands.aspx
Extensive data retention proposals slammed.
A European watchdog has opposed moved by the Internet Corporation for Assigned Named and Numbers (ICANN) to force domain name registrars to improve accuracy of the WHOIS database.
Jacob Kohnstamm, chairman of the European Union's working party on data protection, told ICANN's chairman and interim CEO in a letter that the proposed changes to the organisation's registrar accreditation agreements would likely run contrary to European citizens' right to privacy.
News blog Domain Incite, which published the EU letter, said the changes included forcing registrars to re-verify domain registrant contact data every year while retaining customer data for two years after registration ends.
The changes have been requested by law enforcement, according to Domain Incite, and is backed up by the Governmental Advisory Committee (GAC) of ICANN. Australia has a supporting delegate in the committee.
The WHOIS database provides public information about website registration details including contact information and registration.
It was originally designed to provide contact points for technical and registration queries but has of late been accessed by law enforcement to track down criminal activity on the Internet.
"The fact that WHOIS data can be used for other beneficial purposes does not in itself legitimise the collection and processing of personal data for those other purposes," Kohnstamm wrote.
The re-verification requirement was "excessive and therefore unlawful", he said.
Due to WHOIS databases having unlimited public accessibility, contact details in them have been harvested on a large scale and abused for spamming, the Working Group said.
Thanks to the abuse, there is a strong incentive for people to provide inaccurate contact details.
ICANN had failed to address the spamming problem, making the proposed solution a "disproportionate infringement of the right to protection of personal data".
A second proposal requiring extensive data retention based on wishes from law enforcement was also deemed unlawful by the Working Group.
Under ICANN's propsal, registrars would be forced to retain not only registrants' personal information for two years after the registration ceases, but also a raft of other data including phone and email addresses not in WHOIS, credit card data and communications identifiers such as Skype handles.
Extensive logging with source Internet Protocol addresses and HTTP headers, as well as dates, times, and time zones of communications and sessions was also suggested.
Acccording to Domain Incite, ICANN could impose the new requirements despite EU objections, giving registrars in the European Union the ability to stay out of the new requirements to comply with local privacy laws.
ICANN negotiations are currently being held on the topic have been underway over WHOIS, whose information is often considered inaccurate, obfuscated or non-existent.
[It doesn't appear that ISOC-AU has previously had a policy on this: http://www.isoc-au.org.au/Submissions/SubmissionsByTopic.php
[APF submitted re privacy and Whois: in 2010: http://www.privacy.org.au/Papers/WhoIs-RCI-101021.pdf http://www.privacy.org.au/Papers/WhoIs-RCI-Anal-1010.pdf in 2001: http://www.privacy.org.au/Papers/AuDA010321.html
-- Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of NSW Visiting Professor in Computer Science Australian National University _______________________________________________ iamems mailing list iamems@lists.isoc-au.org.au http://lists.isoc-au.org.au/cgi-bin/mailman/listinfo/iamems
List-Unsubscribe: <http://lists.isoc-au.org.au/cgi-bin/mailman/listinfo/iamems>, <mailto:iamems-request@lists.isoc-au.org.au?subject=unsubscribe>
Hi Holly, Thanks for the forward. Yes, this is precisely the challenges that will explode if the SSAC advice is not followed. ICANN cannot afford to politically isolate nor provoke European Governments by enforcing Policies that encourage the breach of EU laws or directives and the same can be said for other countries. In order to mitigate the risk(s), the Board would exercise wisdom in ensuring that these conflicts are minimised and handled. A clear logical way to do that is to observe the SSAC's advice on the matter. Otherwise, aside from the BRIC countries, you will also see the European Commission pushing for the Internationalization of ICANN which we can assume the US Government would not want. It would seem that a Registration Data Policy as a precursor to proposing solutions on the matter is an extremely minor tradeoff in the matter and it can be said that it is not a tradeoff but an opportunity. Kind Regards, Sala On Tue, Oct 2, 2012 at 6:21 PM, Holly Raiche <h.raiche@internode.on.net>wrote:
Hi Everyone
An email circulated on the Internet Society of Australia's mailing list - another aspect of the Whois accuracy debate Holly
Begin forwarded message:
Europe slams WHOIS data demands Juha Saarinen Oct 2, 2012 4:27 AM (10 hours ago)
http://www.itnews.com.au/News/317528,europe-slams-whois-data-demands.aspx
Extensive data retention proposals slammed.
A European watchdog has opposed moved by the Internet Corporation for Assigned Named and Numbers (ICANN) to force domain name registrars to improve accuracy of the WHOIS database.
Jacob Kohnstamm, chairman of the European Union's working party on data protection, told ICANN's chairman and interim CEO in a letter that the proposed changes to the organisation's registrar accreditation agreements would likely run contrary to European citizens' right to privacy.
News blog Domain Incite, which published the EU letter, said the changes included forcing registrars to re-verify domain registrant contact data every year while retaining customer data for two years after registration ends.
The changes have been requested by law enforcement, according to Domain Incite, and is backed up by the Governmental Advisory Committee (GAC) of ICANN. Australia has a supporting delegate in the committee.
The WHOIS database provides public information about website registration details including contact information and registration.
It was originally designed to provide contact points for technical and registration queries but has of late been accessed by law enforcement to track down criminal activity on the Internet.
"The fact that WHOIS data can be used for other beneficial purposes does not in itself legitimise the collection and processing of personal data for those other purposes," Kohnstamm wrote.
The re-verification requirement was "excessive and therefore unlawful", he said.
Due to WHOIS databases having unlimited public accessibility, contact details in them have been harvested on a large scale and abused for spamming, the Working Group said.
Thanks to the abuse, there is a strong incentive for people to provide inaccurate contact details.
ICANN had failed to address the spamming problem, making the proposed solution a "disproportionate infringement of the right to protection of personal data".
A second proposal requiring extensive data retention based on wishes from law enforcement was also deemed unlawful by the Working Group.
Under ICANN's propsal, registrars would be forced to retain not only registrants' personal information for two years after the registration ceases, but also a raft of other data including phone and email addresses not in WHOIS, credit card data and communications identifiers such as Skype handles.
Extensive logging with source Internet Protocol addresses and HTTP headers, as well as dates, times, and time zones of communications and sessions was also suggested.
Acccording to Domain Incite, ICANN could impose the new requirements despite EU objections, giving registrars in the European Union the ability to stay out of the new requirements to comply with local privacy laws.
ICANN negotiations are currently being held on the topic have been underway over WHOIS, whose information is often considered inaccurate, obfuscated or non-existent.
[It doesn't appear that ISOC-AU has previously had a policy on this: http://www.isoc-au.org.au/Submissions/SubmissionsByTopic.php
[APF submitted re privacy and Whois: in 2010: http://www.privacy.org.au/Papers/WhoIs-RCI-101021.pdf http://www.privacy.org.au/Papers/WhoIs-RCI-Anal-1010.pdf in 2001: http://www.privacy.org.au/Papers/AuDA010321.html
-- Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of NSW Visiting Professor in Computer Science Australian National University _______________________________________________ iamems mailing list iamems@lists.isoc-au.org.au http://lists.isoc-au.org.au/cgi-bin/mailman/listinfo/iamems
List-Unsubscribe: <
http://lists.isoc-au.org.au/cgi-bin/mailman/listinfo/iamems>,
<mailto:iamems-request@lists.isoc-au.org.au?subject=unsubscribe>
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- Salanieta Tamanikaiwaimaro aka Sala P.O. Box 17862 Suva Fiji Twitter: @SalanietaT Skype:Salanieta.Tamanikaiwaimaro Fiji Cell: +679 998 2851
participants (2)
-
Holly Raiche -
Salanieta T. Tamanikaiwaimaro