The
ALAC has deep concerns with the Implementation Advisory
Group’s proposed alternative ‘triggers’ and supports the
“Minority Views’ of Stephanie Perrin and Christopher
Wilkinson.
The
original goal of this policy (concluded by the GNSO in
November 2005) was to develop procedures that could
reconcile mandatory laws on privacy with the requirements on
registries and registrars under contract with ICANN for the
collection, display and distribution of WHOIS personal
information.
Unfortunately,
the Task Force charged with implementing the policy adopted
a ‘solution’ that is virtually unworkable and has never been
used. Under the ‘solution’ the registrar/registry should
notify ICANN within 30 days of situations (an inquiry,
litigation or threat of sanctions) when the
registry/registrar can demonstrate that it cannot comply
with WHOIS obligations due to local or national privacy
laws.
There
are two fundamental reasons why the policy is unworkable.
The first is the bizarre outcome that registrars and
registries must seek ICANN permission to comply with their
applicable local laws. The second obvious flaw is that it
means registrars/registries must wait until there is an
‘inquiry or investigation etc of some sort before the
process can be triggered.
This
Implementation Working Group (IWG) was formed to ‘ consider
the need for changes to how the procedure is invoked and
used’. The difficulty with that approach is that it does
not address the basic flaws in the processes proposed: it
still assumes that ICANN has a role in determining
registry/registrar compliance with applicable local law and
it still believes that solution lies in legal events that
‘trigger’ a resolution process.
The
ISG report proposes an “Alternative Trigger’ (Appendix 1) or
a Written Legal Opinion (Dual Trigger) (Appendix 2). The
Alternative Trigger process is far simpler and preferable.
Indeed, the language suggests that the process might be used
to reconcile ICANN WHOIS requirements with relevant privacy
law more generally, and not on just on a case by case basis.
There
are, however, difficulties with the Alternative Trigger
proposal, as follows.
- It relies on advice
from law firms (whose advice would not bind the relevant
privacy agency), or on agencies themselves (who are most
often reluctant to provide such advice)
- The onus is on
individual registries/registrars to invoke the process.
There are many smaller registries/registrars that would
not have the resources to fund such advice, particularly
if it is needed on a case by case basis
- Because
laws/regulations on the handling of personal information
vary from area to area (whether national or regional),
different registries/registrars will be bound by different
sets of requirements – in order to comply with the same
contractual terms
- It is also not clear
why GAC advice is included in both proposed ‘triggers’.
The expertise of individual GAC members relates to ICANN’s
remit: domain names, IP addresses and protocols.
The
ALAC supports both of the proposals made by Christopher
Wilkinson (Appendix 4) which address the issues raised .
The first is – at the least – a ‘block exemption’ for all
registries/registrars in the relevant jurisdiction. This
would eliminate the ‘case by case’ approach to the issue and
provide certainty for all registries/registrars (whether
large or small) in that area.
A
better approach is his call for a ‘best practice’ policy on
the collection, retention and revealing of WHOIS
information. This would ensure that, regardless of the
jurisdiction of the registrar/registries – and registrants –
all would receive the same privacy protection.
Holly
Raiche
Carlton
Samuels