Return-path: Envelope-to: robin@ipjustice.org Delivery-date: Thu, 18 Aug 2005 06:18:26 -0700 Received: from [127.0.0.1] (helo=pascal.ctyme.com) by darwin.ctyme.com with esmtp (Exim 4.52) id 1E5kHq-0001Eu-C6 for robin@ipjustice.org; Thu, 18 Aug 2005 06:18:26 -0700 Received: from mail by pascal.ctyme.com with ctyme-spam-scanned (Exim 4.52) id 1E5kHl-000392-W1 for robin@ipjustice.org; Thu, 18 Aug 2005 06:18:26 -0700 Received: from imo-d03.mx.aol.com ([205.188.157.35]) by pascal.ctyme.com with esmtp (Exim 4.52) id 1E5kHl-00038k-F6 for robin@ipjustice.org; Thu, 18 Aug 2005 06:18:21 -0700 Received: from KathrynKL@aol.com by imo-d03.mx.aol.com (mail_out_v38_r4.1.) id k.194.4528164d (48600); Thu, 18 Aug 2005 09:18:14 -0400 (EDT) From: KathrynKL@aol.com Message-ID: <194.4528164d.3035e496@aol.com> Date: Thu, 18 Aug 2005 09:18:14 EDT Subject: Statement from Electronic Privacy Information Center To: robin@ipjustice.org, ross@tucows.com, bruce.tonkin@melbourneit.com.au, Jordyn@confusion.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="part1_194.4528164d.3035e496_boundary" X-Mailer: 8.0 for Windows sub 6033 X-Spamprobe: ham-very ** 0.0023098 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on pascal.ctyme.com X-Spam-Level: X-Spam-Status: No, score=-11.7 required=5.0 tests=BAYES_00,HAS_NO_URI, HTML_10_20,HTML_MESSAGE,MIME_QP_LONG_LINE,NO_REAL_NAME,SPF_HELO_PASS, SP_HAM_VERY,WHITE_ACRONYMS autolearn=ham version=3.0.4 X-Spam-filter-host: pascal.ctyme.com - http://www.junkemailfilter.com --part1_194.4528164d.3035e496_boundary Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Could you kindly forward the following to Council? ----------------------------------------------------------------------------= -- ------------------------------------------- Marc Rotenberg, Director of the Electronic Privacy Information Center just=20 issued the following written statement of the waiever concerns in the WHOIS= =20 "Notification and Consent" item. Thank for the opportunity to address Council at this meeting. I hope this=20 statement will assist in the work ahead. Regards, Kathy Kleiman, NCUC WHOIS= TF=20 Member: ----------------------------------------------------------------------------= -- ------------------------ To the ICANN GNSO Council, I have been asked to provide an opinion regarding the=A0 proposal to adopt a WHOIS "privacy" policy that simply requires the registrars to provide information about the purpose of=A0 the WHOIS service, third-party bulk access, and the categories of information for the registered name holder that will be made available to the public. The current proposal does not advise registrants of any legal rights they may have. It does not provide a redress mechanism if their personal information is misused. It lacks transparency as to the disclosure of their data. And it fails to provide basic contact information for the person responsible for the data. >From the perspective of privacy protection, the current proposal is more likely to undermine Internet privacy than it is to protect it. In this context, notice operates as a disclaimer, i.e. it provides a "take it or leave it" proposition to the registrant. There are not even=A0 obligations established=A0 to=A0safeguard the data that is collected. The only theoretical basis for a notice-based privacy regime is where there are market-based alternatives that would allow an individual to select from among competing policies=A0But since the ICANN seeks to establish a policy that will cover all registrars, there is no market-based alternative.=A0 I would urge you to establish a privacy policy for WHOIS data based on Fair Information Practices. Simply stated, this approach would establish responsibilities for those entities that collect and use personal information and rights for those who are asked to provide personal information. This is the basis of privacy laws all around the world. Significantly, this is also the approach taken in policy frameworks that seek to facilitate the flow of personal information across national borders. This includes, for example, the OECD Privacy Guidelines of 1981 and the recently adopted APEC Privacy Framework. Thank you for your consideration of these views. Sincerely, Marc Rotenberg EPIC REFERENCES APEC Privacy Framework (2004) OECD Privacy Guidelines (1981) M. Rotenberg, "The Privacy Law Sourcebook: United States Law,=A0 International=A0Law, and Recent Developments" (EPIC 2003) M. Rotenberg, "Fair Information Practices and the Architecture of Privacy (What Larry Doesn't Get)" 2001 Stanford Technology Law Review 1. D. Solove, M. Rotenberg, "Information Privacy Law" (Aspen 2003) --part1_194.4528164d.3035e496_boundary Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Could you kindly forward the follow= ing to Council?
----------------------------------------------------------------------------= ---------------------------------------------
Marc Rotenberg, Director of the Electronic Privacy Information Center just i= ssued the following written statement of the waiever concerns in the  W= HOIS "Notification and Consent" item.

Thank for the opportunity to address Council at this meeting.  I hope t= his statement will assist in the work ahead.  Regards, Kathy Kleiman, N= CUC WHOIS TF Member:
----------------------------------------------------------------------------= --------------------------

To the ICANN GNSO Council,

I have been asked to provide an opinion regarding the=A0
proposal to adopt a WHOIS "privacy" policy that simply
requires the registrars to provide information about the
purpose of=A0 the WHOIS service, third-party bulk access,
and the categories of information for the registered
name holder that will be made available to the public. The
current proposal does not advise registrants of any legal
rights they may have. It does not provide a redress mechanism
if their personal information is misused. It lacks transparency
as to the disclosure of their data. And it fails to provide basic
contact information for the person responsible for the data.


>From the perspective of privacy protection, the current
proposal is more likely to undermine Internet privacy than
it is to protect it. In this context, notice operates as a
disclaimer, i.e. it provides a "take it or leave it" proposition
to the registrant. There are not even=A0 obligations established=A0
to=A0safeguard the data that is collected.


The only theoretical basis for a notice-based privacy regime
is where there are market-based alternatives that would
allow an individual to select from among competing
policies=A0But since the ICANN seeks to establish a policy
that will cover all registrars, there is no market-based
alternative.=A0


I would urge you to establish a privacy policy for WHOIS data
based on Fair Information Practices. Simply stated, this
approach would establish responsibilities for those entities
that collect and use personal information and rights for
those who are asked to provide personal information.
This is the basis of privacy laws all around the world.
Significantly, this is also the approach taken in policy
frameworks that seek to facilitate the flow of personal
information across national borders. This includes, for
example, the OECD Privacy Guidelines of 1981 and the
recently adopted APEC Privacy Framework.


Thank you for your consideration of these views.


Sincerely,


Marc Rotenberg
EPIC




REFERENCES


APEC Privacy Framework (2004)


OECD Privacy Guidelines (1981)


M. Rotenberg, "The Privacy Law Sourcebook: United States Law,=A0
International=A0Law, and Recent Developments" (EPIC 2003)


M. Rotenberg, "Fair Information Practices and the Architecture
of Privacy (What Larry Doesn't Get)" 2001 Stanford Technology
Law Review 1.


D. Solove, M. Rotenberg, "Information Privacy Law" (Aspen 2003)


 --part1_194.4528164d.3035e496_boundary--