[Gnso-ppsai-pdp-wg] PPSAI - Reveal requests

James Gannon james at cyberinvasion.net
Mon Mar 30 23:31:38 UTC 2015

Very well said Holly, thank you for saying very eloquently what many of are attempting to elucidate!

-----Original Message-----
From: gnso-ppsai-pdp-wg-bounces at icann.org [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of Holly Raiche
Sent: Monday, March 30, 2015 11:37 PM
Subject: [Gnso-ppsai-pdp-wg] PPSAI - Reveal requests


Could we go back a bit please to remember, that originally, Whois was just a set of protocols for communications between computers back in the days of ARPAnet (apologies to those who were on the Whois Review team - who know this) When ICANN was established, one of the things it took over was Whois - and it eventually became something it had not been - a public repository of personal information. It created that fundamental conflict between the transmogrified requirement on registrars  to publish personal information of registrants as against the fundamental rights of individuals to protect their personal information unless there are established and accepted reasons otherwise.  The EWG is ICANN's attempt to address that conflict - between information that can be made public, information that should not be public and information that should be revealed in limited circumstances to accredited individuals.  And until EWG recommendations are worked through and implemented, we are still dealing with the inherent conflict between a right to privacy and circumstances in which there is a countervailing obligation to reveal personal information. But the starting point must always be to protect privacy rights UNLESS there is an acceptable and evidenced reason to reveal that information.

What we are working through, as I understand it, is situations which we can all agree, amount to the evidenced based, prima facie reason for revealing personal information.  Law Enforcement is the easy bit, at least in theory.  While the details need to be worked through, I haven't heard anyone object to revealing personal information when we are talking about either serious abuse of the DNS or tracking down criminal activity.  The IP cases are more difficult.  However, I think we have made really good progress in setting out what a requestor should provide to a service provider so that the evidenced, prima facie case is made out. The last bit is to insist that the request is genuine, that whomever is making the request has seriously considered the facts and believes there is a prima facie case of infringement.

I think we have all become aware of situations where  automated notices are generated alleging infringement.  Clearly, that must question the extent (if any) that serious consideration has been given as to whether there has been infringement. So if we are all to agree on the sorts of information that a requestor must provide to a service provider, we need to be sure that the information has, in fact, been considered and signed off - not by a computer program but by a real and responsible person who has enough responsibility in the organisation to take responsibility for what would otherwise be an infringement of privacy rights.  It is not about an equality between requestor and beneficial registrant.  The registrant has - a priori - the right to the protection of their personal information.  The onus is fairly and squarely on the requestor to credibly establish the prima facie case to infringement of those rights to privacy.  As I have said, the language we have worked through goes a long way to meeting that.   What we are asking for is that the PERSON who stands behind such requests has enough authority within the organisation to do so. 'Authorised legal representative' has been suggested.  Happy if other words can be found.  But what we want is for there to be a real, credible individual with the responsibility that can back up each individual request.

End my rant

Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org

More information about the Gnso-ppsai-pdp-wg mailing list