ICANN/GNSO GNSO Email List Archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

[registrars] Motion to Adopt: Whois Conflicts

  • To: ross@xxxxxxxxxx, registrars@xxxxxxxx
  • Subject: [registrars] Motion to Adopt: Whois Conflicts
  • From: Ross Rader <ross@xxxxxxxxxx>
  • Date: Mon, 11 Jul 2005 16:34:58 +0200
  • Sender: owner-registrars@xxxxxxxxxxxxxx
  • User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

I move that we adopt Bruce Tonkin's amendments to the Whois Task Force
Recommendations on Avoiding Conflicts with National Law and that our
Task Force and Council representatives advocate the adoption of this
position in their respective meetings and discussions.

A text version of Bruce's amendments follow this motion. I have attached PDF and RTF versions to this message.

Preamble:

Task Force 2 spent over a year collecting data and working on the
conflict between a registrar/registry’s legal obligations under privacy
laws and their contractual obligations to ICANN.  Its report included
the statement:  “The Task Force believes that there is an ongoing risk
of conflict between a registrar’s or registry’s legal obligations under
local privacy laws and their contractual obligations to ICANN.  TF2
Report, Section 2.3,
http://www.gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html.

By vote of the Task Force, now merged, on May 24, 2005, the work of Task
 Force 2 is hereby divided into a recommendation for “consensus policy”
accompanied by “well-developed advice for a procedure.”

I.  Task Force Policy for WHOIS Conflicts with Privacy Law

Consensus Policy Recommendation

In order to facilitate reconciliation of any conflicts between
local/national mandatory privacy laws or regulations and applicable
provisions of the ICANN contract regarding the collection, display and
distribution of personal data via Whois, ICANN should:

1.  Develop and publicly document a procedure for dealing with the
situation in which a registrar or registry can credibly demonstrate that
 it is legally prevented by local/national privacy laws or regulations
from fully complying with applicable provisions of its ICANN contract
regarding the collection, display and distribution of personal data via
WHOIS.

2.  Create goals for the procedure which include:

	a.  Ensuring that ICANN staff is informed of a conflict at the earliest

appropriate juncture;

	b.  Resolving the conflict, if possible, in a manner conducive to
stability and uniformity of the Whois system;

	c.  Providing a mechanism for the recognition, in appropriate
circumstances where the conflict cannot be otherwise resolved, of an
exception to contractual obligations for all registrars` with regard to
collection, display and distribution of personally identifiable data via
 Whois; and

	d.  Preserving sufficient flexibility for ICANN staff to respond to
particular factual situations as they arise.


II.  Guidance on  Procedure

Well-Developed Advice on a Procedure for Handling WHOIS Conflicts
  with Privacy Law

Based on extensive research and negotiation among Task Force 2 together
with the merged Task Force and ICANN staff, the following procedure for
handling the policy recommendation set out in Section I above is set out
 as a Recommended
Step-by-Step Procedure for Resolution of WHOIS Conflicts with Privacy
Law.  We encourage ICANN staff to use this Recommended Procedure as a
starting point for developing the procedure called for in the Consensus
Policy Recommendation above.


Step One: Notification of Initiation of Action

Once receiving notification of an investigation, litigation, regulatory
proceeding or other government or civil action that might affect its
compliance with the provisions of the RAA or other contractual agreement
 with ICANN dealing with the collection, display or distribution of
personally identifiable data via Whois (“Whois Proceeding”), a
Registrar/ Registry must within thirty (30) days provide ICANN’s General
 Counsel (or other staff member as designated by ICANN)1 with the
following information:

Summary description of the nature and status of the action (e.g.,
inquiry, investigation, litigation, threat of sanctions, etc.)
Contact information for the responsible official of the
registrar/registry for resolving the problem.
Contact information for the responsible territorial government agency or
 other claimant and a statement from the registrar/registry authorizing
ICANN to communicate with those officials or claimants on the matter. If
 the registrar/registry is prevented by applicable law from granting
such  authorization, the notification should document this.
The text of the applicable law or regulations upon which the local
government or other claimant is basing its action or investigation, if
such information has been indicated by the government or other claimant.

Meeting the notification requirement permits Registrars/Registries to
participate in investigations and respond to court orders, regulations,
or enforcement authorities in a manner and course deemed best by their
counsel.

Depending on the specific circumstances of the Whois Proceeding, the
Registrar/Registry may request that ICANN keep all correspondence
between the parties confidential pending the outcome of the Whois
Proceeding.  It is recommended that ICANN respond favorably to such
requests to the extent that they can be accommodated with other legal
responsibilities and basic principles of transparency applicable to
ICANN operations.

Step Two: Consultation

Unless impractical under the circumstances, we recommend that the ICANN
General Counsel, upon receipt and review of the notification and, where
appropriate, dialogue with the registrar/registry, consider beginning a
process of consultation with the local/national enforcement authorities
or other claimant together with the registrar/registry.  The goal of the
 consultation process should be to seek to resolve the problem in a
manner that preserves the ability of the registrar/registry to comply
with its contractual obligations to the greatest extent possible.

The Registrar should attempt to identify a solution that allows the
registrar to meet the requirements of both the local law and ICANN
obligations.  The General Counsel can assist in advising the registrar
on whether the proposed solution meets the ICANN obligations.

If the Whois proceeding  ends without requiring any changes and/or the
required changes in registrar/registry practice do not, in the opinion
of the General Counsel, constitute a deviation from the R.A.A. or other
contractual obligation , then the General Counsel and the
registrar/registry need to take no further action.

If the registrar/registry is required by local law enforcement
authorities or a court to make changes in its practices affecting
compliance with Whois-related  contractual obligations before any
consultation process can occur, the registrar/registry shall promptly
notify the General Counsel of the changes made and the law/regulation
upon which the action was based.   The Registrar/Registry may request
that ICANN keep all correspondence between the parties confidential
pending the outcome of the Whois Proceeding.   It is recommended that
ICANN respond favorably to such requests to the extent that they can be
accommodated with other legal responsibilities and basic principles of
transparency applicable to ICANN operations.


Step Three:  General Counsel analysis and recommendation

If the local/national government requires changes (whether before,
during or after the consultation process described above)  that, in the
opinion of the General Counsel, prevent full compliance with contractual
 WHOIS obligations, ICANN should consider the following alternative to
the normal enforcement procedure.  Under this alternative, ICANN would
refrain, on a provisional basis, from taking enforcement action against
the registrar/registry for non-compliance, while the General Counsel
prepares a report and recommendation and submits it to the ICANN Board
for a decision. Such a report may contain:

i.A summary of the law or regulation involved in the conflict;

ii.Specification of the part of the registry or registrar’s contractual
WHOIS obligations with which full compliance if being prevented;
iii.Summary of the consultation process if any under step two; and

iv.Recommendation of how the issue should be resolved, which may include
 whether ICANN should provide an exception for all registrars/registries
 from one or more identified WHOIS contractual provisions. The report
should include a detailed justification of its recommendation, including
 the anticipated impact on the operational stability, reliability,
security, or global interoperability of the Internet's unique identifier
 systems if the recommendation were to be approved or denied .

The registrar/registry should be provided a copy of the report and
provided a reasonable opportunity to comment on it to the Board.  The
Registrar/Registry may request that ICANN keep such report confidential
prior to any resolution of the Board.  It is recommended that ICANN
respond favorably to such requests to the extent that they can be
accommodated with other legal responsibilities and basic principles of
transparency applicable to ICANN operations.



Step Four:  Resolution

Keeping in the mind the anticipated impact on the operational stability,
 reliability, security, or global interoperability of the Internet's
unique identifier systems, the Board should consider and take
appropriate action on the recommendations contained in the General
Counsel’s report as soon as practicable.  Actions could include, but are
 not limited to:

Approving or rejecting the report’s recommendations, with or without
modifications;
Scheduling a public comment period on the report; or
Referring the report to GNSO for its review and comment by a date
certain.




Step Five:  Public Notice

	The Board’s resolution of the issue, together with the General
Counsel’s report, should ordinarily be made public, along with the
reasons for it, and be archived on a public website (along with other
related materials) for future research. Prior to release of such
information to the public, the Registry/Registrar may request that
certain information (including, but not limited to, communications
between the Registry/Registrar and ICANN, or other
privileged/confidential information) be redacted from the public notice.

  In the event that such redactions make it difficult to convey to the
public the nature of the actions being taken by the Registry/Registrar,
the General Counsel should work with the Registry/Registrar on an
appropriate notice to the public describing the actions being taken and
the justification for such actions.

Unless the Board decides otherwise, if the result of its resolution of
the issue is that data elements in the registrar’s Whois output will be
removed or made less accessible, ICANN should issue an appropriate
notice to the public of the resolution and of the reasons for ICANN’s
forbearance from enforcement of full compliance with the contractual
provision in question.



Attachment: rrar-whois-contract-conflict-res-v0r0d2-2005-07-11.pdf
Description: Adobe PDF document

Attachment: rrar-whois-contract-conflict-res-v0r0d2-2005-07-11.doc
Description: Binary data



<<< Chronological Index >>>    <<< Thread Index >>>