ICANN/GNSO GNSO Email List Archives

[dow1tf]


<<< Chronological Index >>>    <<< Thread Index >>>

[dow1tf] Against a Whois "White List"

  • To: <dow1tf@xxxxxxxxxxxxxx>, <liaison6c@xxxxxxxxxxxxxx>, <Jeff.Neuman@xxxxxxxxxx>
  • Subject: [dow1tf] Against a Whois "White List"
  • From: "Milton Mueller" <mueller@xxxxxxx>
  • Date: Sun, 09 May 2004 12:20:11 -0400
  • Sender: owner-dow1tf@xxxxxxxxxxxxxx


NCUC opposes on principle the concept of a "White List" of authorized 
Port 43 users. We ask that this concept either be stricken from the draft 
report of TF1, or that the lack of consensus on this idea be noted. If 
the latter route is taken, we ask that the following analysis of the 
reasons against the concept be afforded equal treatment in the report 
with the description of a White list and any reasons advanced for it.

Analysis
As we understand it, a "White List" is intended to give certain approved 
users the right to access sensitive data via port 43 (or other means). 
Organizations would apply for approval and once they were placed on 
the White list they could search, store and download sensitive whois data, 
without any further restriction. 

This concept is unacceptable to NCUC for the following reasons:

1. The concept is impractical.
Creating such a list would add a huge operational burden to ICANN.
There are hundreds of millions of Internet users and they come from 
every geographic region and language group, and involve data use 
purposes ranging from academic research to IP enforcement. ICANN 
would in effect be setting up a global certification process that had to 
be able to respond to all this diversity. If ICANN did this task 
conscientiously, the administrative burden would be huge. Not only 
would it have to investigate the legitimacy of each applicant, it should 
in principle also be able to constantly monitor the behavior of approved 
entities to make sure that they were not abusing their privileges. It 
would have to be willing to withdraw the privilege, and handle
disputes and appeals relating to that. 

If ICANN did not do this task conscientiously, if it simply added entities
pro forma to the list whenever they applied, then there is no reason to 
create the list at all. Anyone and everyone could get the status, which is 
no different than opening up all Whois information to everyone.

2. The concept is discriminatory
The right to access Whois data must be balanced against the privacy
rights of the domain name registrants. Once the proper balance is
struck, all Internet users should have the same rights to access Whois 
data under the same terms and conditions. Intellectual property interests 
have no greater claim on that information than anyone else. The White
List, in our opinion, is designed to create a two-class world of the
spied-upon users, who have no rights, and privileged, surveillance-
authorized users, who are permitted to spy on registrants. 

3. The concept violates international privacy norms
A White List would give any approved user the equivalent of bulk
access to whois zone files. According to George Papapavlou of the 
European Union, under data protection law bulk access is a 
"disproportionate, privacy infringing step, unless a very convincing, 
specific case can be made which has to be followed by due process. 
This applies not only to marketing but to any purpose." In other words, 
no one has the right to fish through sensitive personal data just to see 
if they can find anything of interest. But a White 
List would grant this right. 

4. The White List concept is unnecessary
Under the proposals supported by registrars, NCUC, and ALAC,
the concept of a known user with a known purpose making a request 
for each individual domain name she wants to investigate can give 
legitimate users and purposes access to the information they need 
without creating a centralized administrative entity and without 
violating privacy. 






<<< Chronological Index >>>    <<< Thread Index >>>