From sdelbianco at netchoice.org Tue Apr 6 00:49:59 2021 From: sdelbianco at netchoice.org (Steve DelBianco) Date: Tue, 6 Apr 2021 00:49:59 +0000 Subject: [bc-gnso] ICANN Business Constituency (BC) comment on .us TLD privacy plan In-Reply-To: References: <7e381ec0897c4c05be7a2f986db36e1b@perkinscoie.com> <854defafc3a2469f937f5767ba56d864@perkinscoie.com> , <563a2528d4114452ad3a8b3ab99ba361@perkinscoie.com>, Message-ID: Please accept this comment from the CANN Business Constituency (BC), regarding the comment opportunity on the .us TLD privacy plan. The BC appreciates the details shared by the Stakeholder Council on its plan to allow .US domain name registrants to use a registry-level privacy service. We believe the importance of this proposed policy and its potential impact on BC members and Internet users justifies calling out the following 3 high level concerns. First, As you know the ICANN community has been busy setting several policies related to WHOIS data, including the Privacy/Proxy Service Accreditation Issues (PPSAI) Policy and the various policies related to bringing the ICANN WHOIS system in line with the EU?s GDPR (a.k.a the Phase 1 and Phase 2 EPDP). As such we feel the .US Based Registry Privacy Service Plan, which we note was drafted in September 2016, should be updated and be informed by both the PPSAI and EPDP policies. For example, we note that the proposed Whois output column in Appendix A goes far beyond what is even specified in the EPDP Phase 1 report. At a minimum the full contact details of the .US privacy service should be published / displayed. Second, given the importance the role contactability of the registrant behind the privacy services plays in mitigating abuse, we would like to see standardization of the email address published in the Whois response and suggest an email address similar to the following would be helpful: <.us domain name>@privateregistration.us (e.g. example.us at privateregistration.us) Third, detail on how both private 3rd parties and law enforcement agencies request access to registrant data from the privacy service is inadequate. Any privacy service policy must detail, at a minimum, how requests can be made, what information is required and the timeline requestors should expect for a response. In addition, our initial read of the .US Registry Based Privacy Service Plan seemed to be focused solely on the release of information to Law Enforcement Agencies (LEA). Upon closer reading we do note that private parties and LEA are included, so we urge the council to update the language to ensure clarity in this regard. In conclusion, given the issues touched upon above, it is our view that more work is required before this policy is implemented for .US registrants. Sincerely, Steve DelBianco Vice chair for policy coordination ICANN Business Constituency (BC) -------------- next part -------------- An HTML attachment was scrubbed... URL: