[IAG-WHOIS conflicts] Response to final report

Holly Raiche h.raiche at internode.on.net
Sun Nov 22 19:38:13 UTC 2015 

The following is an informal statement that represents the view of many of the ALAC members.   We simply did not have the bandwidth or time to formally approve this statement, so it cannot be considered as a formal ALAC response.  That said, this issue has been discussed and does have support within ALAC.  Again, my apologies in not managing to have the time for this to go through formal ALAC  processes.  I’m happy to take any questions on its content.
Holly

The ALAC has deep concerns with the Implementation Advisory Group’s proposed alternative ‘triggers’ and supports the “Minority Views’ of Stephanie Perrin and Christopher Wilkinson.
 
The original goal of this policy (concluded by the GNSO in November 2005) was to develop procedures that could reconcile mandatory laws on privacy with the requirements on registries and registrars under contract with ICANN for the collection, display and distribution of WHOIS personal information.   
 
Unfortunately, the Task Force charged with implementing the policy adopted a ‘solution’ that is virtually unworkable and has never been used.  Under the ‘solution’ the registrar/registry should notify ICANN within 30 days of situations (an inquiry, litigation or threat of sanctions) when the registry/registrar can demonstrate that it cannot comply with WHOIS obligations due to local or national privacy laws. 
 
There are two fundamental reasons why the policy is unworkable. The first is the bizarre outcome that registrars and registries must seek ICANN permission to comply with their applicable local laws.  The second obvious flaw is that it means registrars/registries must wait until there is an ‘inquiry or investigation etc of some sort before the process can be triggered.
 
This Implementation Working Group (IWG) was formed to ‘ consider the need for changes to how the procedure is invoked and used’.  The difficulty with that approach is that it does not address the basic flaws in the processes proposed: it still assumes that ICANN has a role in determining registry/registrar compliance with applicable local law and it still believes that solution lies in legal events that ‘trigger’ a resolution process.
 
The ISG report proposes an “Alternative Trigger’ (Appendix 1) or a Written Legal Opinion (Dual Trigger) (Appendix 2).  The Alternative Trigger process is far simpler and preferable.  Indeed, the language suggests that the process might be used to reconcile ICANN WHOIS requirements with relevant privacy law more generally, and not on just on a case by case basis.
 
There are, however, difficulties with the Alternative Trigger proposal, as follows.
It relies on advice from law firms (whose advice would not bind the relevant privacy agency), or on agencies themselves (who are most often reluctant to provide such advice)
The onus is on individual registries/registrars to invoke the process.  There are many smaller registries/registrars that would not have the resources to fund such advice, particularly if it is needed on a case by case basis
Because laws/regulations on the handling of personal information vary from area to area (whether national or regional), different registries/registrars will be bound by different sets of requirements – in order to comply with the same contractual terms
It is also not clear why GAC advice is included in both proposed ‘triggers’. The expertise of individual GAC members relates to ICANN’s remit: domain names, IP addresses and protocols.
 
The ALAC supports both of the proposals made by Christopher Wilkinson (Appendix 4) which address the issues raised .  The first is – at the least – a ‘block exemption’ for all registries/registrars in the relevant jurisdiction.  This would eliminate the ‘case by case’ approach to the issue and provide certainty for all registries/registrars (whether large or small) in that area. 
 
A better approach is his call for a ‘best practice’ policy on the collection, retention and revealing of WHOIS information.  This would ensure that, regardless of the jurisdiction of the registrar/registries – and registrants – all would receive the same privacy protection.

Holly Raiche
Carlton Samuels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/whois-iag-volunteers/attachments/20151123/30b78dbf/attachment.html>

More information about the Whois-iag-volunteers mailing list