[council] NCUC analysis of WHOIS purpose definitions
I would like to share with my fellow GNSO Council Members this analysis regarding the two WHOIS purpose formulations from NCUC member and WHOIS TASK FORCE member Kathryn Kleiman, who is also a DC attorney: ICANN has a very narrow technical mission. It is that defined mandate that gives ICANN its legitimacy. ICANN is the technical coordinator of the domain name system. Its mission does not extend to the use of a domain name. Use is a matter of discretion and balance. What is posted on a website, what is sent in an email, what is shared in a listserv all involve the use of a domain name, but far exceed the narrow bounds of ICANN’s work. It is for countries, by law and treaty, to determine how they want to share and disclose data if someone does not like the religious or political content posted on a website, shared in an email, or conveyed on a list. Only Formulation 1 continues to keep the purpose of Whois within the narrow technical scope of “issues related to the configuration of the records associated with the domain name within a DNS nameserver.” This use directly involves the registration of a domain name, its resolution, and technical problems associated directly with DNS issues – powers clearly given to ICANN. Revised Formulation 2 gives certain constituencies unlimited access to personal data for any purpose even remotely related to their Internet work. While the words “technical” and “networking” resonate nicely in our ears, the Business and ISP constituencies repeatedly told the Whois Task Force the broad definition they have for these terms. “Technical” and “networking” is anything online! It includes any use, question or concern an ISP or large online business might have about anyone coming to their website, transacting business with them or even having mail routed through their servers. ICANN never received unlimited power to regulate all technical and networking activities online, and it is a scope few would want it to have. “Legal issues related to registration or use of a gTLD domain name” is similarly undefined and unbounded. Any question of content that any attorney may have is covered by this definition. Should he/she want to use the Whois personal data to harass, criticize or intimidate a domain name registrant for content on a website, listserv or email, the attorney would have the right to do so under Revised Formulation 2 because the content involves “use of a domain name.” Nowhere is there any standard that the attorney has to state a cause of action or even present a non-frivolous claim. Any attorney can state a legal issue for any type of problem (just ask them!) But allowing such action would also foster intimidation and abuse of all who hold and share minority opinions online using domain names – minority personal, political and religious speech could be driven off the Net. An example of balance between personal data and legal needs occurred in the US a few years ago. ISPs used to disclose chatroom identities on demand. Attorneys would come to ISPs claiming that people had defamed their companies, engaged in violations of insider trading, etc. Attorneys received the personal data, but it turns out that in many cases, they were really trying to find out and silence whistleblowers (those pointing out illegalities in businesses or government contracts), stop those complaining of workplace harassment, or just harass anyone who criticized their company’s products or services (even legitimately) in a chatroom. The legal claims were trumped up. Now to seek disclosure of chatroom identities in the US, attorneys must go to court in “John Doe” suits. They must first demonstrate to the court that they have solid evidence of illegality, a true cause of action under law, and clear evidence that the chatroom identity they seek is really the one involved in the unlawful conduct they allege. No more fishing expeditions or intimidation of speakers. Formulation 1 provides a similar balance – a purpose for Whois within the narrow technical DNS mandates of ICANN. The personal data remains in the hands of registrars for all other legitimate purposes. It is available for access to resolve all other technical, networking, legal or social issues or concerns consistent with law and due process. |