Fwd: FYI: Whois Funnel Request: Telnic application to change its Whois service obligations
Dear Colleagues: As requested I provide you with the below. Begin forwarded message:
From: "Maria Farrell" <maria.farrell@icann.org> Date: 11 May 2007 16:17:54 BDT To: <nick.ashton-hart@icann.org> Subject: FW: FYI: Whois Funnel Request: Telnic application to change its Whois service obligations
Dear members of the At Large Advisory Committee,
Please see below a notice I sent to the GNSO Council regarding Whois that may be of interest to members of this committee .
All the best, Maria
From: Maria Farrell [mailto:maria.farrell@icann.org] Sent: Friday, May 11, 2007 5:06 PM To: 'Council GNSO' Subject: FYI: Whois Funnel Request: Telnic application to change its Whois service obligations
Dear Council members,
Please be advised that ICANN has received an application for evaluation of new registry services regarding Whois from Telnic, the operator of the .tel registry which is expected to launch later in 2007.
On 27 April, 2007, ICANN Services staff received an application from Telnic who requested an alteration to its contract in order to comply with the UK Data Protection Act (1998), an implementation of the EU Data Protection Directive (95/46/EC). Telnic has not provided notification of an investigation, litigation, regulatory proceeding or other compliance action that might affect its compliance with its agreement with ICANN regarding the collection, display or distribution of personally identifiable data via Whois. It has carried out informal consultations with stakeholders and the UK Information Commissioner.
This evaluation process is completely separate from the Draft ICANN Procedure for Handling Whois Conflicts with Privacy Law (http:// gnso.icann.org/issues/whois-privacy/ whois_national_laws_procedure.htm) The draft Procedure was developed by the GNSO Council in November 2005 and adopted by the ICANN Board in May 2006. The ICANN staff developed an implementation draft of the procedure and invited public comments (December 2006 – January 2007) on it. The procedure will be finalised pending any input from the Government Advisory Committee.
The Telnic request is at step 2.4, ‘Preliminary Determination’, of the Registry Services Request process. (Process diagram here: http://www.icann.org/registries/rsep/workflow.html, process policy here; http://www.icann.org/registries/rsep/rsep.html) The process has not identified significant security or stability issues or competition issues that might bar the implementation of the new registry service.
The next step is that the service request will be posted for public comments and sent to the ICANN Board for a decision on implementation.
Registry Services Evaluation Process: http://www.icann.org/ registries/rsep/ Telnic Cover letter: http://www.icann.org/correspondence/price-to- pritz-25apr07.pdf Telnic Registry Request Service: http://www.icann.org/registries/ rsep/telnic-whois-proposal-27apr07.pdf
Best regards, Maria Farrell
With regard to the below email from the GNSO Does the AtLarge community have any input to provide on this application? Thanks Jacqueline Dear Council members, Please be advised that ICANN has received an application for evaluation of new registry services regarding Whois from Telnic, the operator of the .tel registry which is expected to launch later in 2007. On 27 April, 2007, ICANN Services staff received an application from Telnic who requested an alteration to its contract in order to comply with the UK Data Protection Act (1998), an implementation of the EU Data Protection Directive (95/46/EC). Telnic has not provided notification of an investigation, litigation, regulatory proceeding or other compliance action that might affect its compliance with its agreement with ICANN regarding the collection, display or distribution of personally identifiable data via Whois. It has carried out informal consultations with stakeholders and the UK Information Commissioner. This evaluation process is completely separate from the Draft ICANN Procedure for Handling Whois Conflicts with Privacy Law (HYPERLINK "http://gnso.icann.org/issues/whois-privacy/whois_national_laws_procedure.ht m"http://gnso.icann.org/issues/whois-privacy/whois_national_laws_procedure.h tm) The draft Procedure was developed by the GNSO Council in November 2005 and adopted by the ICANN Board in May 2006. The ICANN staff developed an implementation draft of the procedure and invited public comments (December 2006 – January 2007) on it. The procedure will be finalised pending any input from the Government Advisory Committee. The Telnic request is at step 2.4, ‘Preliminary Determination’, of the Registry Services Request process. (Process diagram here: HYPERLINK "http://www.icann.org/registries/rsep/workflow.html"http://www.icann.org/reg istries/rsep/workflow.html, process policy here; HYPERLINK "http://www.icann.org/registries/rsep/rsep.html"http://www.icann.org/registr ies/rsep/rsep.html) The process has not identified significant security or stability issues or competition issues that might bar the implementation of the new registry service. The next step is that the service request will be posted for public comments and sent to the ICANN Board for a decision on implementation. Registry Services Evaluation Process: HYPERLINK "http://www.icann.org/registries/rsep/"http://www.icann.org/registries/rsep/ Telnic Cover letter: HYPERLINK "http://www.icann.org/correspondence/price-to-pritz-25apr07.pdf"http://www.i cann.org/correspondence/price-to-pritz-25apr07.pdf Telnic Registry Request Service: HYPERLINK "http://www.icann.org/registries/rsep/telnic-whois-proposal-27apr07.pdf"http ://www.icann.org/registries/rsep/telnic-whois-proposal-27apr07.pdf Best regards, Maria Farrell No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.7.1/807 - Release Date: 5/16/2007 6:05 PM
Jacqueline A. Morris ha scritto:
With regard to the below email from the GNSO
Does the AtLarge community have any input to provide on this application?
Yes - strongly in favour :-) -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> finally with a new website at http://bertola.eu/ <--------
Does the AtLarge community have any input to provide on this application? Yes - strongly in favour :-)
Like most of the other WHOIS anonymization, it's a huge tilt against the interests of the vast majority of at-large users who use domains but don't register them, in favor of cheats and crooks who register domains for various anti-social purporses. In this case, since .TEL is dealing with national law in the country where they operate, there's not much wiggle room, but I'll have a more detailed comment once I have a chance to read it all the way through. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
John L ha scritto:
Does the AtLarge community have any input to provide on this application? Yes - strongly in favour :-)
Like most of the other WHOIS anonymization, it's a huge tilt against the interests of the vast majority of at-large users who use domains but don't register them, in favor of cheats and crooks who register domains for various anti-social purporses.
In this case, since .TEL is dealing with national law in the country where they operate, there's not much wiggle room, but I'll have a more detailed comment once I have a chance to read it all the way through.
Ok - let me detail. As you know I really tend for more privacy, but not because I disagree with law enforcement needs in the broad sense, including antispam/antiphishing etc. However, I can tell you that the EU law does work, in the sense that even if your data aren't published, police can get to know who you are with a phone call (or with dedicated accounts set up at the registry). There clearly is a networking problem, in that you have to build a global network of law enforcement agencies that trust each other, and in turn they have to provide access to private supporting parties when necessary, but keeping all data public is not the solution to that, both because even if you get to know who the registrant is, then you still need prompt international cooperation to intervene; and because data are actually more likely to be accurate once they're not exposed to the average spambot. This said, I think that eventually allowing a registry to comply with their own national law is an unavoidable step towards not making ICANN look like a bunch of Americans willing to "export online law enforcement", which is becoming increasingly difficult to justify at the international level. -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> finally with a new website at http://bertola.eu/ <--------
As you know I really tend for more privacy, but not because I disagree with law enforcement needs in the broad sense, including antispam/antiphishing etc. However, I can tell you that the EU law does work, in the sense that even if your data aren't published, police can get to know who you are with a phone call
Gee, here we go again. There are lots of people other than the police who make legitimate use of WHOIS data. Much of the time they're working with the police, who do not have the staff or expertise to do investigations on their own. Really, I am as enthusiastic about personal privacy as anyone, but it's largely irrelevant to WHOIS because in most domains, the vast majority of registrations are by businesses and organizations, not by individuals. It would make far more sense to have an exception process along the lines of the current proxy WHOIS for the small minority of individual registrants than to do wholesale hiding of information about businesses. It is of course true that registries and registrars have to comply with their national laws, but it is my impression that advocates of anonymous registrations are misrepresenting what's actually in WHOIS. R's, John
John L ha scritto:
Really, I am as enthusiastic about personal privacy as anyone, but it's largely irrelevant to WHOIS because in most domains, the vast majority of registrations are by businesses and organizations, not by individuals. It would make far more sense to have an exception process along the lines of the current proxy WHOIS for the small minority of individual registrants than to do wholesale hiding of information about businesses.
Of course - the EU privacy law only applies to natural persons. It does not apply to legal persons.
It is of course true that registries and registrars have to comply with their national laws, but it is my impression that advocates of anonymous registrations are misrepresenting what's actually in WHOIS.
The EU law is not about anonymous registrations, nor OPOC or any other proposal currently under consideration would allow anonymous registrations (well, not more anonymous than they already can be). It would just restrict access to personal information to public authorities, which are accountable to the general public. If these authorities want to forward this information to private parties that help them, under their own responsibility, they can of course do so. The only thing that would be prevented is unaccountable and untraceable access to this information. -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> finally with a new website at http://bertola.eu/ <--------
The EU law is not about anonymous registrations, nor OPOC or any other proposal currently under consideration would allow anonymous registrations (well, not more anonymous than they already can be). It would just restrict access to personal information to public authorities, which are accountable to the general public.
That agrees with my understanding. With that in mind, why is anyone in favor of OPOC for the majority of WHOIS data that is not for natural persons? What basis is there for restricting access to info about businesses and organizations? Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
John L ha scritto:
That agrees with my understanding.
With that in mind, why is anyone in favor of OPOC for the majority of WHOIS data that is not for natural persons? What basis is there for restricting access to info about businesses and organizations?
Legally, at least in the EU, there is none; actually, there often are laws that force the disclosure of information about entities doing business, offline or online (for example, in Italy there is a law that requires websites of businesses to state their VAT number on the home page; it is somewhat weird and bureaucratical, but in theory it allows you to check whether they are who they say they are, and also fiscal authorities to visit ecommerce websites and understand whether they actually pay due taxes). Personally, I think that I would not do business online with a company - or even an individual - that does not state publicly who they are. -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> finally with a new website at http://bertola.eu/ <--------
Vittorio Bertola wrote: for example, in Italy there is a law that
requires websites of businesses to state their VAT number on the home page; it is somewhat weird and bureaucratical, but in theory it allows you to check whether they are who they say they are, and also fiscal authorities to visit ecommerce websites and understand whether they actually pay due taxes).
That's an EU directive which is applicable in ALL EU states. Not just Italy. -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------ Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
participants (5)
-
Jacqueline A. Morris -
John L -
Michele Neylon :: Blacknight -
Nick Ashton-Hart -
Vittorio Bertola