[council] NCUC analysis of WHOIS purpose definitions

Tue Apr 11 03:50:49 UTC 2006

I would like to share with my fellow GNSO Council Members this analysis 
regarding the two WHOIS purpose formulations from NCUC member and WHOIS 
TASK FORCE member Kathryn Kleiman, who is also a DC attorney:

ICANN has a very narrow technical mission. It is that defined mandate 
that gives ICANN its legitimacy. ICANN is the technical coordinator of 
the domain name system. Its mission does not extend to the use of a 
domain name.

Use is a matter of discretion and balance. What is posted on a website, 
what is sent in an email, what is shared in a listserv all involve the 
use of a domain name, but far exceed the narrow bounds of ICANN’s work. 
It is for countries, by law and treaty, to determine how they want to 
share and disclose data if someone does not like the religious or 
political content posted on a website, shared in an email, or conveyed 
on a list.

Only Formulation 1 continues to keep the purpose of Whois within the 
narrow technical scope of “issues related to the configuration of the 
records associated with the domain name within a DNS nameserver.” This 
use directly involves the registration of a domain name, its resolution, 
and technical problems associated directly with DNS issues – powers 
clearly given to ICANN.

Revised Formulation 2 gives certain constituencies unlimited access to 
personal data for any purpose even remotely related to their Internet 
work. While the words “technical” and “networking” resonate nicely in 
our ears, the Business and ISP constituencies repeatedly told the Whois 
Task Force the broad definition they have for these terms. “Technical” 
and “networking” is anything online! It includes any use, question or 
concern an ISP or large online business might have about anyone coming 
to their website, transacting business with them or even having mail 
routed through their servers. ICANN never received unlimited power to 
regulate all technical and networking activities online, and it is a 
scope few would want it to have.

“Legal issues related to registration or use of a gTLD domain name” is 
similarly undefined and unbounded. Any question of content that any 
attorney may have is covered by this definition. Should he/she want to 
use the Whois personal data to harass, criticize or intimidate a domain 
name registrant for content on a website, listserv or email, the 
attorney would have the right to do so under Revised Formulation 2 
because the content involves “use of a domain name.” Nowhere is there 
any standard that the attorney has to state a cause of action or even 
present a non-frivolous claim. Any attorney can state a legal issue for 
any type of problem (just ask them!) But allowing such action would also 
foster intimidation and abuse of all who hold and share minority 
opinions online using domain names – minority personal, political and 
religious speech could be driven off the Net.

An example of balance between personal data and legal needs occurred in 
the US a few years ago. ISPs used to disclose chatroom identities on 
demand. Attorneys would come to ISPs claiming that people had defamed 
their companies, engaged in violations of insider trading, etc. 
Attorneys received the personal data, but it turns out that in many 
cases, they were really trying to find out and silence whistleblowers 
(those pointing out illegalities in businesses or government contracts), 
stop those complaining of workplace harassment, or just harass anyone 
who criticized their company’s products or services (even legitimately) 
in a chatroom. The legal claims were trumped up.

Now to seek disclosure of chatroom identities in the US, attorneys must 
go to court in “John Doe” suits. They must first demonstrate to the 
court that they have solid evidence of illegality, a true cause of 
action under law, and clear evidence that the chatroom identity they 
seek is really the one involved in the unlawful conduct they allege. No 
more fishing expeditions or intimidation of speakers.

Formulation 1 provides a similar balance – a purpose for Whois within 
the narrow technical DNS mandates of ICANN. The personal data remains in 
the hands of registrars for all other legitimate purposes. It is 
available for access to resolve all other technical, networking, legal 
or social issues or concerns consistent with law and due process.