Australian Government Comments on Whois Task Force Interim Reports

["Le Busque, Allan" <Allan.LeBusque@xxxxxxxxxxxx>]

Australian Comments on WHOIS Task Force Interim Reports

 

The Generic Names Supporting Organisation (GNSO) of the Internet Corporation for Assigned Names and Numbers (ICANN), via a series of Task Forces has been inquiring into the accuracy, use and privacy implications associated with Whois data lists.

 

Australia appreciates the efforts of the convenors and participants who have invested so much effort in producing this series of reports.  The issues confronting the management and use of Whois data lists and personal data are a microcosm of the many public policy challenges facing the Internet global policy domain.  It is appropriate that country code Top Level Domain (ccTLD) policy makers and Governmental Advisory Committee (GAC) members contribute to the public debate on this issue.

 

Privacy is an individual right and bulk access to Whois personal data can be misused to send spam, or for criminal activity such as identity theft and/or fraud.  On these grounds, Australia urges GAC members and the GNSO to adopt policies and practices that:

 

·        Limit the public disclosure of personal Whois data fields (particularly, address, telephone, facsimile) to preserve and improve personal privacy protection,

 

·        Introduce tier level access for Whois data between TLD operators and explore the potential for technical solutions to improve the grade of service offered by Port 43 access to Whois data and services,

 

·        Facilitate cross border access to TLD Whois data for legitimate law enforcement purposes and consumer protection, and

 

·        Amend ICANN Registrar Accreditation Agreement contractual obligations that govern the collection, use and disclosure of Whois personal data for gTLD and ccTLD with the aim of achieving international ‘privacy’ best practice.  

 

There are many reasons why a domain name registrant may wish to limit access to personal data.  While some Registrants may have suspicious intentions, others merely wish to protect themselves from bulk marketing (spam), virus and security related events and/or internet based fraud and swindles, such as false and misleading registration renewals.  There is no empirical data suggesting these issues or the problem of inaccuracy of the Whois data is widespread.  However, if permitted to develop, a perceived lack of accuracy of this essential data could lead to a lack of confidence and trust in the credibility of Whois data and the administration of the Internet.

 

Some published Whois data such as creation and renewal data may serve as a tool for Registrar administration of domains, however, its key use is to ensure the technical sustainability of the Internet.  It is clear the designers never envisaged the additional uses and potential abuses for the personal data contained in Whois records.  The bulk access to Whois data in gTLD, under license or otherwise, for marketing is in most cases inconsistent with the purpose for which it was collected.

 

Many jurisdictions have enacted laws to cover the use and publication of personal data and these apply to ccTLD.  gTLD are marketed globally and Registrants are increasingly seeking the right to apply conditions on the use of their personal data.  It is appropriate that gTLD policy and practices maintain the integrity of personal data in accordance with its intended purpose.

 

Privacy and the right to privacy are important individual rights.  In Australia, the Privacy Act 1988 is the overarching legislation applying in this area and ccTLD Registrars and Registrants operating in the Australian jurisdiction are subject to the provisions of the Act.  

 

The Australian Domain Administration limited (auDA) is endorsed by the Australian Government to operate the .au domain for the benefit of all Australian stakeholders.  auDA regularly reviews its policies and completed a review of its Whois Policy in August 2003.  auDA’s Whois policy is fully compliant with the Australian Privacy Act.  The Australian Government is satisfied with the operation of auDA and its policies.

 

It is imperative that the integrity of the Internet be guaranteed and that all Whois data (administrative and technical) be correctly maintained and published to ensure the stability of the Internet.  There is a requirement for a balanced approach to managing this situation, in a way that is beneficial to the individuals and appropriate for the Internet as a whole, but importantly in a way consistent with national law.

 

It is incumbent upon all Registrars to collect Registrant data conformant with RFC 954.  However, it is not necessary for all personal data to be published or made available because of every inquiry, nor should its availability be negotiated for purposes outside its intended use.  It is therefore more practical, not to disclose the street address, telephone or facsimile numbers and creation date of Whois records in TLD. 

 

 

ASHLEY CROSS

GAC Representative

Australia

 

June 2004

 

_______________________________________________________________________________________________________

The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material.
Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties.
If you have received this e-mail in error please notify the Security Advisor of the Department of Communications, Information Technology and the Arts, telephone (02) 6271-1880 and delete all copies of this transmission together with any attachments.
_______________________________________________________________________________________________________