PeaceNet Korea's Comments on Whois TF1 Preleminary Report

[Chun Eung Hwi <chun@xxxxxxxxxxxxxx>]

It is very hard to find out comments on whois coming from non-Western 
world in this list although a considerable ratio of gTLD users are 
composed of non-Westerners. That shows us that the present form and 
procedure for converging different views is not workable in any sense. 
This seems to be very serious because whois related issues are universally 
important. So, we hope, more views from non-Western world could be heard 
and considered in this process even not through this public comment.

We are PeaceNet Korea, a group of members who are active in the advocacy 
for public interest particularly concerned with ICT related issues. On 
behalf of our group members and those gTLD users’ concerns in our 
society, we are submitting our comments as follows;

Basically, we should underline some fundamental principles to be applied 
to whois for the protection of privacy. Those are purpose specification 
principle and use limitation principle. These principles had been clearly 
described in OECD guidelines on the protection of privacy, which could be 
used as a tool for the least basis of global community for privacy 
protection. This fair information practice should rigidly be applied even 
to whois because today whois data is being much more abused and exploited 
by some interest group for the-not-specified purposes in its collection. 
The original and inherent purpose of whois registry is to help the 
functional operation of the network, which is the fundamental mission of 
ICANN. Therefore, all other purposes could not be justified for the public 
disclosure and use of whois data. 

1. The separation of whois data into two categories of sensitive and 
non-sensitive and to allow only non-sensitive data to be publicly 
available is very cautious, appropriate and seems to be very effective to 
discourage data miners. Therefore, we strongly support this 
recommendation.

2. We do not support the notion of whitelist nor individual use list at 
all. But sometimes, exceptionally if any, the disclosure of whois data 
could be allowed. Such requirements and formal procedure for the 
exceptional disclosure of sensitive data should be clearly documented 
particularly in bearing in mind legal dispute or criminal investigation 
cases and the importance of each national law to be applied.

3. According to OECD gudelines, the consent of the data subject, here 
registrants, is prerequisite for personal information disclosure. This is 
the rights of the data subject as one part of human rights. Even if we do 
not acknowledge the full rights of data subject, to notify the fact that 
one’s own data is disclosed to the third party is to be the minimum 
requirement. Therefore, who request to get his/her sensitive information 
from whois and why and when the person/entity requests it should be 
necessarily notified to registrants beforehand or in parallel with the 
disclosure. 

4. All kinds of bulk access, except for the accredited registrar’s 
functional necessity like the domain transfer, should be prohibited 
regardless of the data’s sensitivity.


-- 
------------------------------------------------------------
Chun Eung Hwi
General Secretary, PeaceNet | phone:     (+82)  2-2166-2205
Seoul Yangchun P.O.Box 81   |   pcs:     (+82) 019-259-2667
Seoul, 158-600, Korea       | eMail:   chun@xxxxxxxxxxxxxx
------------------------------------------------------------