<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>All,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>I typically lurk on this list but feel compelled to contribute on this particular issue.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>I am reminded of a time in the AUSFTA negotiations (in 2003-04, well before the AoC) where I was one of two Australian bureaucrats facing a room full of negotiators, including a number of people in suits from unidentified law enforcement agencies.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Our simple Article in <a href="http://dfat.gov.au/about-us/publications/trade-investment/australia-united-states-free-trade-agreement/Pages/chapter-seventeen-intellectual-property-rights.aspx">Chapter 17</a> regarding “Domain Names on the Internet” became a significant point of contention, over a draft reference to “completeness” of, and “unrestricted access” to information. Thankfully, we eventually concluded with a (now familiar to many) commitment that:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal style='text-indent:36.0pt'><i><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Each Party shall require that the management of its ccTLD provide online public access to a reliable and accurate database of contact information for domain-name registrants.<o:p></o:p></span></i></p><p class=MsoNormal style='text-indent:36.0pt'><i><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></i></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Counterparts from Peru, Singapore, Chile and elsewhere arrived at similar bilateral agreements (with Chile including an explicit reference to local laws regarding the protection of personal data)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>These limitations on ccTLD-level WHOIS have evolved further in the TPP, as anyone can find online in leaked versions of the draft Agreement.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>ICANN itself (predominantly within the GNSO) has been addressing conflicts between ICANN contractual requirements and national privacy laws in the gTLD environment since the turn of the millennium. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>In short, the (intentionally provocative) question I have is: during this time of review and future-gazing, is it appropriate to religiously advocate dated policy / contract frameworks that already contradict national privacy legislation in many jurisdictions and numerous bi-lateral and (potentially) multi-lateral agreements that the USG is itself a party to? <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Paul<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'> accountability-cross-community-bounces@icann.org [mailto:accountability-cross-community-bounces@icann.org] <b>On Behalf Of </b>Stephanie Perrin<br><b>Sent:</b> Wednesday, 2 September 2015 12:35 PM<br><b>To:</b> accountability-cross-community@icann.org<br><b>Subject:</b> Re: [CCWG-ACCT] Proposed WHOIS language<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>May I draw to everyone's attention the fact that there are now 101 national privacy laws in the world. (Greenleaf, 2014). All input received from the assembled data commissioners in charge of overseeing compliance with those laws has indicated that they contradict the next sentence: <span style='color:red'>Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information.</span> <o:p></o:p></p><div><p class=MsoNormal><span style='color:#330033'>This advice, elaborating how the various components of that sentence are not in compliance with data protection rights has been sent to ICANN in various ways since 2000 (I am rounding off there, there were certainly earlier indications of problems provided from the inception of ICANN). Does it not seem that it is time to review the wisdom of a policy that disregards privacy rights?<br>Kind regards, <br>Stephanie Perrin</span><o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On 2015-09-01 21:31, Steve DelBianco wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>Thanks, Bruce. For comparison purposes, I pasted the CCWG’s proposed language below your text.</span><o:p></o:p></p></div></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-family:"Calibri",sans-serif'>From: </span></b><span style='font-family:"Calibri",sans-serif'><<a href="mailto:accountability-cross-community-bounces@icann.org">accountability-cross-community-bounces@icann.org</a>> on behalf of Bruce Tonkin<br><b>Date: </b>Tuesday, September 1, 2015 at 9:24 PM<br><b>To: </b>"<a href="mailto:accountability-cross-community@icann.org">accountability-cross-community@icann.org</a>"<br><b>Subject: </b>[CCWG-ACCT] Proposed WHOIS language<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>Below is some suggested language regarding WHOIS reviews for consideration by the CCWG when considering what to incorporate into the bylaws regarding the AoC reviews.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>Note the Board has no plans to cancel the current AoC - so the language in the AoC - still stands until the community and NTIA wish to change it. <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>This language however tries to contemplate an environment where we are introducing a new gTLD Directory Service as a result of policy development within the GNSO, as well as most likely continuing to run the existing WHOIS service for some time.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>Regards,<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>Bruce Tonkin<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>ICANN commits to enforcing its policy relating to the current WHOIS and any future gTLD Directory Service, subject to applicable laws, and working with the community to explore structural changes to improve accuracy and access to gTLD registration data, as well as consider safeguards for protecting data. <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>This Review includes a commitment that becomes part of ICANN Bylaws, regarding enforcement of the current WHOIS and any future gTLD Directory Service policy requirements.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>The Board shall cause a periodic Review to assess the extent to which WHOIS/Directory Services policy is effective and its implementation meets the legitimate needs of law enforcement, promotes consumer trust, and safeguards data. <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>The Review Team shall assess the extent to which prior Review recommendations have been completed, and the extent to which implementation has had the intended effect.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>This periodic Review shall be convened no less frequently than every five years, measured from the date the Board took action on previous review recommendations.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif'>_______________________________________________<o:p></o:p></span></p></div></div></div><div><div><p class=MsoNormal><span style='color:red'>From CCWG 2nd draft proposal, page 81:</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:red'>ICANN commits to enforcing its existing policy relating to WHOIS/Directory Services, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information.</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:red'>The Board shall cause a periodic Review to assess the extent to which WHOIS/Directory Services policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust. </span><o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:red'>This Review will consider the OECD guidelines regarding privacy, as defined by the OECD in 1980 and amended in 2013.</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:red'>The Review Team shall assess the extent to which prior Review recommendations have been implemented.</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:red'>This periodic Review shall be convened no less frequently than every five years, measured from the date the previous Review was convened.</span><o:p></o:p></p></div><p class=MsoNormal><br><br><br><o:p></o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>Accountability-Cross-Community mailing list<o:p></o:p></pre><pre><a href="mailto:Accountability-Cross-Community@icann.org">Accountability-Cross-Community@icann.org</a><o:p></o:p></pre><pre><a href="https://mm.icann.org/mailman/listinfo/accountability-cross-community">https://mm.icann.org/mailman/listinfo/accountability-cross-community</a><o:p></o:p></pre></blockquote><p class=MsoNormal><o:p> </o:p></p></div></body></html>