whois comments

[Jisuk Woo <jisuk@xxxxxxxxx>]

I praise the efforts of the task force 1 for putting together this preliminary report, and I would like to make comments regarding 3 issues.

 

1)      I oppose the creation of a “whitelist” of IP addresses. The idea of providing access to sensitive data to a certain group of so-called “nonmarketing” users does not reflect the reality of data users. Not only it is very difficult to determine criteria for users who would be included in the whitelist, but also a user would want to access the data for various purposes at various points. Providing a blanket access to a certain user only because the user identifies itself as a justified user at some point would pose great danger for abuse. Furthermore, having “Intellectual Property Organizations” in the whitelist as suggested as an example in the preliminary report does not seem to be based on a realistic expectation on this regard. I especially oppose providing any greater access to the data to intellectual property organizations than to any other kind of organizations. Property rights are important, but privacy rights should not be compromised in order to provide property right holders an easier tool to maximize their rights.

 

2)      Domain name registrants should be notified when a potential user requested their data, and this notification should consist of very specific information regarding who is requesting the data, what kind of entity is this data requester, the purpose of the data request, the scope and nature of the data requested, and who is the contact person of the data requester if problem arises. Creating a “list of approved purposes” would certainly better protect the domain name registrants’ rights than a whitelist, but the registrants should be provided enough information and assistance so that they can recognize when problem arises and act on it properly.

 

3)      When sensitive data are involved, domain name registrants should not only be notified but also have a right not to give consent to the release of the data if the notification does not have convincingly specific and proper information regarding the data requester, purpose of the use, what the registrant can do if the data are abused in any way. This way, data requesters and registrars will make a careful and specific notification that can realistically protect domain name registrants from potential, and probably invisible abuse of the data.

 

Jisuk Woo

Seoul National University

Jinbonet Korea

우지숙
서울대학교 행정대학원
Assistant Professor
Graduate School of Public Administration
Seoul National University
tel: 02-880-5633
fax: 02-6248-0951
email: jisuk@xxxxxxxxx