IRIS Actions / SMSI / Human Rights / List

[Précédent par date] [Index par date] [Suivant by date] [Précédent par thème] [Index par thème] [Suivant par thème]
[Previous by date] [Index by date] [Next by date] [Previous by thread] [Index by thread] [Next by thread]

Fwd: Please Sign - EPIC worldwide action - Letter to ICANN on WHOIS Privacy



Trying once more, with English version only. French and Spanish ones in  
next messages

Début du message réexpédié :

> De: Meryem Marzouki <meryem.marzouki@dial.oleane.com>
> Date: Ven 24 oct 2003  10:35:29 Europe/Paris
> À: hr-wsis@iris.sgdg.org
> Objet: Please Sign - EPIC worldwide action - Letter to ICANN on WHOIS  
> Privacy
>
> Below you'll find in English, Spanish and French versions, a call for  
> signatures from groups/organizations
> issued by EPIC - The Electronic Privacy Information Center, a HR  
> caucus member. EPIC is asking us to join the first signatories of a  
> letter to ICANN, regarding serious privacy concerns with the WOHIS  
> database.
> I recommend that your organizations add their signatures (to be sent  
> directly to Cedric Laurant, see below) to this important worldwide  
> action.
> Deadline for first signatures is October 26. Please don't circulate  
> publicly before EPIC releases the letter.
>
> Best regards,
> Meryem
> ===========
> ENGLISH VERSION
> Dear Friends,
>
> In less than a week, the Internet Corporation for Assigned Names and
> Numbers (ICANN) will hold meetings in Carthage, Tunisia.  The
> meetings will include discussions of WHOIS, a database that could
> have a significant impact on privacy, civil liberties, and freedom
> of expression for Internet users.  The WHOIS database broadly
> exposes domain registrants' personal data to a global audience,
> including criminals and spammers.
>
> We believe that ICANN should work to ensure that network
> administrators have access to accurate information in order to
> contact domain registrants and combat fraud and spam.  However, this
> also requires the establishment of corresponding privacy safeguards,
> including reduced access and minimal data requirements, in order to
> encourage the submission of accurate data.  In addition, users of
> domain names have a legitimate expectation of privacy and right to
> free speech, which should be protected.
>
> We have drafted a letter to the President of ICANN, Paul Twomey,
> asking him to ensure that strong privacy safeguards, based on
> internationally accepted standards, are established for the WHOIS
> database.  We would sincerely appreciate it if you would join us in
> this statement to ICANN.  Domain registrants should not be required
> to submit extensive data that could lead to fraud victimization or
> political persecution.
> If you agree with the statement below, please send an email to
> mailto:chlaurant@epic.org with your name, email address, and
> organizational affiliation before October 26.
>
> Thank you for your help with this.
>
> Marc Rotenberg <rotenberg@epic.org>
> Cedric Laurant <chlaurant@epic.org>
> Frannie Wellings <wellings@epic.org>
>
>
>
> ---------------------------------------------------------------------
>
>
> 28 October 2003
>
> Mr. Paul Twomey
> President and Chief Executive Officer
> Internet Corporation for Assigned Names and Numbers
> 4676 Admiralty Way, Suite 330
> Marina del Rey, CA 90292-6601
> United States of America
>
> Dear Mr. Twomey,
>
> We write to you, on behalf of many consumer and civil liberties
> organizations from around the world, regarding the significant
> privacy issues surrounding the WHOIS database and the need to ensure
> that strong privacy safeguards are established.  ICANN has moved
> aggressively to establish accuracy requirements for domain name
> registrants, but has failed to establish corresponding protections
> for personal information that is provided. As representatives of
> Internet users around the world, we are keen to ensure that the
> policies developed for the WHOIS database respect the freedom of
> expression and the privacy of every individual who registers
> Internet domains.
>
> Many organizations, consumer advocates, and technical experts have
> advocated strong protection for privacy interests.  Those privacy
> concerns have not thus far been adequately addressed. We hope that
> our comments will be given due consideration during the WHOIS
> workshop at the upcoming ICANN meetings in Carthage, Tunisia.
>
>   1. The main purpose of the WHOIS database should be to resolve
>   technical network issues, the most important being spam.
>
> The WHOIS database was originally intended to allow network
> administrators to find and fix problems to maintain the stability of
> the Internet.  It now exposes domain name registrants' personal
> information to many other users for many other purposes unrelated to
> network access.  Anyone with Internet access can now have access to
> WHOIS data, and that includes stalkers, governments that restrict
> dissidents' activities, law enforcement agents without legal
> authority, and spammers.  The original purpose for WHOIS should be
> reestablished.
>
> One of the most important technical problems that threaten public
> use of the Internet today is spam. A sensible WHOIS policy would
> improve contact-ability and data accuracy for network
> administrators.  It would not make personal information more widely
> accessible to third parties.
>
>   2. The use and management of the WHOIS database without adequate
>   data protection safeguards raises risks for domain name holders'
>   right to privacy and freedom of expression.
>
> Users of domain names have a legitimate and reasonable expectation
> of privacy.  There are many users, particularly in the
> non-commercial world, who have valid reasons to conceal their
> identities or to register domain names anonymously.  Although there
> are some domain name registrants who use the Internet to conduct
> fraud or to infringe on other people's or companies' intellectual
> property rights, we believe that a sensible privacy policy for WHOIS
> must protect the legitimate privacy expectations for domain  
> registrants.
>
> First, for domain name registrars to compel registrants to
> disclose personal information, even information related to domain
> registration, poses dangers to freedom of expression and privacy on
> the Internet.  Many domain name registrants--and particularly
> noncommercial users--do not wish to make public the information that
> they furnished to registrars.  Some of them may have legitimate
> reasons to conceal their actual identities or to register domain
> names anonymously.  For example, there are political, cultural,
> religious groups, media organizations, non-profit and public
> interest groups around the world that rely on anonymous access to
> the Internet to publish their messages.  Anonymity may be critical
> to them in order to avoid persecution.
>
> Second, WHOIS data should not be available to anyone with access to
> the Internet.  It is well known that broad access to personal
> information online contributes to fraud such as identity theft.  US
> Federal Trade Commission (FTC) advises consumers to protect
> themselves from identity theft, and generally from Internet-related
> frauds, by not disclosing personally identifiable information.  The
> mandatory publication of WHOIS data is contrary to the FTC's advice.
>
> We urge ICANN to consider the views of consumer organizations
> and civil liberties groups on the WHOIS.  At a minimum, we
> believe that adequate privacy safeguards should include the
> following principles:
>
>    - The purposes for which domain name holders' personal data
>     may be collected and published in the WHOIS database have to
>    be specified; they should, as a minimum, be legitimate and
>      compatible to the original purpose for which this database was
>  created; and this original purpose cannot be extended to other
>  purposes simply because they are considered desirable some
>      users of the WHOIS database;
>
>    - The most relevant purpose for collecting WHOIS data is to
>     combat spam;
>
>    - The amount of data collected and made publicly available in
>   the course of the registration of a domain name is limited to
>   what is essential to fulfill the purposes specified;
>
>    - Any secondary use that is incompatible with the original
>      purpose specified requires the individual's freely given and
>    informed consent;
>
>       - The publication of individuals' personal information on the
>   Internet through the WHOIS database should not be mandatory;
>    it should be possible for individuals to register domain names
>  without their personal information appearing on a publicly
>      available register; amnd
>
>        - Disclosure of WHOIS information to a law enforcement official
> or in the context of civil litigation must be pursuant to explicit
>      legal authority set out in statute.
>
> Such a policy would not frustrate lawful criminal investigations. It
> would instead establish necessary privacy safeguards, and reduce the
> risk that the widespread availability of WHOIS information will lead
> to greater fraud, more spam, and jeopardize freedom of expression.
>
>
> Respectfully submitted,
>
>
> Signatories:
> Š
> cc: Š
> ------------------------------------
>
>
> REFERENCES:
>
> Memo from ICANN President Paul Twomey concerning WHOIS, 18 September  
> 2003. <http://www.icann.org/announcements/announcement-18sep03.htm>.
>
> ICANN Carthage WHOIS Workshop Agenda, 30 September 2003.
> <http://www.icann.org/carthage/whois-workshop-agenda.htm>.
>
> ICANN WHOIS Privacy Steering Group webpage.
> <http://gnso.icann.org/issues/whois-privacy/>.
>
> ICANN, Staff Manager's Issues Report on Issues Related to WHOIS, 13  
> May 2003.
> <http://www.icann.org/gnso/issue-reports/whois-privacy-report- 
> 13may03.htm>.
>
> Public Internet Registry, Letter regarding WHOIS to Chairman Lamar  
> Smith, United States House Judiciary Committee, Subcommittee on  
> Courts, the Internet, and Intellectual Property, 16 September 2003.  
> <http://www.pir.org/about_pir/pir_policy/PIR_WHOIS_HOUSE_DFT3- 
> ELECTRONIC1.pdf>.
>
> Public Interest Registry, Comments to the Final Report of the GNSO  
> Council's WHOIS Task Force Accuracy and Bulk Access, 17 February 2003.  
> <http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc03/ 
> pdf00000.pdf>.
>
> Generic Names Supporting Organization (GNSO), WHOIS Privacy Issues  
> Table, 14 August 2003.
> <http://gnso.icann.org/issues/whois-privacy/table-whois-privacy- 
> issue.shtml>.
>
> GNSO WHOIS Task Force, Final Report of the GNSO Council's WHOIS Task  
> Force Accuracy and Bulk Access, 19 February 2003.
> <http://www.icann.org/gnso/whois-tf/report-19feb03.htm>.
>
> Electronic Privacy Information Center (EPIC), Minority Comments to the  
> Final Report of the GNSO Council's WHOIS Task Force Accuracy and Bulk  
> Access.  
> <http://www.icann.org/gnso/whois-tf/report- 
> 19feb03.htm#MinorityReports>.
>
> EPIC WHOIS webpage.
> <http://www.epic.org/privacy/whois/>.
>
> EPIC WHOIS Privacy Issues Report, 10 March 2003.
> <http://www.epic.org/privacy/whois/privacy_issues_report.pdf>.
>
> EPIC and Privacy International, Privacy and Human Rights - An  
> international Survey of Privacy Laws and Developments, 2003.
> <http://www.privacyinternational.org/survey/phr2003/threats.htm#WHOIS>.
>
> Organization for Economic Co-operation and Development (OECD),  
> Guidelines on the Protection of Privacy and Transborder Flows of  
> Personal Data.
> < http://www1.oecd.org/publications/e-book/9302011E.PDF> (English).
> <http://www1.oecd.org/publications/e-book/9302012E.PDF> (français).
>
> European Union, Directive 1995/46/EC of the European Parliament and  
> the Council on the Protection of Individuals with regard to the  
> processing of Personal Data and on the Free Movement of such Data ("EU  
> Data Protection Directive").
> <http://www.europa.eu.int/smartapi/cgi/ 
> sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046&mode 
> l=guichett> (English).
> <http://www.europa.eu.int/smartapi/cgi/ 
> sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=fr&numdoc=31995L0046&mode 
> l=guichett> (français).
> <http://www.europa.eu.int/smartapi/cgi/ 
> sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=es&numdoc=31995L0046&mode 
> l=guichett> (español).
>
> European Union Article 29 Data Protection Working Group, Opinion  
> 2/2003 (WP 76) on the application of the data protection principles to  
> the Whois directories, 13 June 2003.
> <http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/ 
> wp76_en.pdf> (English).
> <http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/ 
> wp76_fr.pdf> (français).
> <http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/ 
> wp76_es.pdf> (español).
>
> International Working Group on Data Protection in Telecommunications,  
> "Common Position on Privacy and Data Protection aspects of the  
> Registration of Domain Names on the Internet" (adopted at the 27th  
> meeting of the Working Group on May 4-5, 2000 in Rethymnon, Crete).
> <http://www.datenschutz-berlin.de/doc/int/iwgdpt/dns_en.htm>.
>
> United States Federal Trade Commission, National and State Trends in  
> Fraud and Identity Theft (January 2002 - December 2002), January 22,  
> 2003.
> <http://www.consumer.gov/sentinel/pubs/Top10Fraud_2002.pdf>.