[IAG-WHOIS conflicts] Response to final report

Stephanie Perrin stephanie.perrin at mail.utoronto.ca
Mon Nov 23 03:36:39 UTC 2015 

Thanks very much Holly....NCSG was also unfortunately late in its 
comments.  There is too much going on at the moment....
Stephanie Perrin

On 2015-11-22 14:38, Holly Raiche wrote:
> The following is an informal statement that represents the view of 
> many of the ALAC members.   We simply did not have the bandwidth or 
> time to formally approve this statement, so it cannot be considered as 
> a formal ALAC response.  That said, this issue has been discussed and 
> does have support within ALAC.  Again, my apologies in not managing to 
> have the time for this to go through formal ALAC  processes.  I’m 
> happy to take any questions on its content.
> Holly
>
> The ALAC has deep concerns with the Implementation Advisory Group’s 
> proposed alternative ‘triggers’ and supports the “Minority Views’ of 
> Stephanie Perrin and Christopher Wilkinson.
> The original goal of this policy (concluded by the GNSO in November 
> 2005) was to develop procedures that could reconcile mandatory laws on 
> privacy with the requirements on registries and registrars under 
> contract with ICANN for the collection, display and distribution of 
> WHOIS personal information.
> Unfortunately, the Task Force charged with implementing the policy 
> adopted a ‘solution’ that is virtually unworkable and has never been 
> used.  Under the ‘solution’ the registrar/registry should notify ICANN 
> within 30 days of situations (an inquiry, litigation or threat of 
> sanctions) when the registry/registrar can demonstrate that it cannot 
> comply with WHOIS obligations due to local or national privacy laws.
> There are two fundamental reasons why the policy is unworkable. The 
> first is the bizarre outcome that registrars and registries must seek 
> ICANN permission to comply with their applicable local laws.  The 
> second obvious flaw is that it means registrars/registries must wait 
> until there is an ‘inquiry or investigation etc of some sort before 
> the process can be triggered.
> This Implementation Working Group (IWG) was formed to ‘ consider the 
> need for changes to how the procedure is invoked and used’.  The 
> difficulty with that approach is that it does not address the basic 
> flaws in the processes proposed: it still assumes that ICANN has a 
> role in determining registry/registrar compliance with applicable 
> local law and it still believes that solution lies in legal events 
> that ‘trigger’ a resolution process.
> The ISG report proposes an “Alternative Trigger’ (Appendix 1) or a 
> Written Legal Opinion (Dual Trigger) (Appendix 2).  The Alternative 
> Trigger process is far simpler and preferable. Indeed, the language 
> suggests that the process might be used to reconcile ICANN WHOIS 
> requirements with relevant privacy law more generally, and not on just 
> on a case by case basis.
> There are, however, difficulties with the Alternative Trigger 
> proposal, as follows.
>
>   * It relies on advice from law firms (whose advice would not bind
>     the relevant privacy agency), or on agencies themselves (who are
>     most often reluctant to provide such advice)
>   * The onus is on individual registries/registrars to invoke the
>     process. There are many smaller registries/registrars that would
>     not have the resources to fund such advice, particularly if it is
>     needed on a case by case basis
>   * Because laws/regulations on the handling of personal information
>     vary from area to area (whether national or regional), different
>     registries/registrars will be bound by different sets of
>     requirements – in order to comply with the same contractual terms
>   * It is also not clear why GAC advice is included in both proposed
>     ‘triggers’. The expertise of individual GAC members relates to
>     ICANN’s remit: domain names, IP addresses and protocols.
>
> The ALAC supports both of the proposals made by Christopher Wilkinson 
> (Appendix 4) which address the issues raised . The first is – at the 
> least – a ‘block exemption’ for all registries/registrars in the 
> relevant jurisdiction.  This would eliminate the ‘case by case’ 
> approach to the issue and provide certainty for all 
> registries/registrars (whether large or small) in that area.
> A better approach is his call for a ‘best practice’ policy on the 
> collection, retention and revealing of WHOIS information.  This would 
> ensure that, regardless of the jurisdiction of the 
> registrar/registries – and registrants – all would receive the same 
> privacy protection.
>
> Holly Raiche
> Carlton Samuels
>
>
> _______________________________________________
> Whois-iag-volunteers mailing list
> Whois-iag-volunteers at icann.org
> https://mm.icann.org/mailman/listinfo/whois-iag-volunteers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/whois-iag-volunteers/attachments/20151122/79377970/attachment-0001.html>

More information about the Whois-iag-volunteers mailing list