browse comments: WIPO RFC-3

WIPO RFC-3
lchua@cdt.org
Thu, 11 Mar 1999 18:52:28 -0500

Browse by: [ date ][ subject ][ author ]
Next message: ptb: "Domain name ownership"
Previous message: reverett@haleybp.com: "WIPO RFC-3"

Attachment: http://arbiter.wipo.int/processes/process1/rfc/dns_attachments/rfc3/attach921196348.rtf

Comments
of the Center for Democracy and Technology
on the WIPO Interim Report and
on the ICANN Guidelines for Accreditation of Internet Domain Name Registrars:

Privacy and Other Human Rights Implications
of the Domain Name System

26 February 1999

Introduction

"The Internet can be very simply described as a, or the, network of networks. That simple technical description, however, lacks the eloquence to speak of the profound ways in which the Internet is affecting the way in which we communicate with each other, the way we express ourselves, the way we learn, the way we do business and the way in which we interact culturally. Given the profound changes that we sense are underway, we have difficulty in placing faith in the simple technical definition."

With this beginning, the Interim Report of the World Intellectual Property Organization (WIPO) on the domain name process takes note of the manner in which the Internet is affecting many aspects of modern communications, business, and culture. The decentralized nature of the Internet makes private, anonymous communication possible; it lowers barriers to speaking and publishing, allowing every user to voice an opinion. While a stable and well-functioning domain name system is essential to the continued well-being of the Internet, a centralized management structure for domain names has implications for these decentralized, democratic values.

Domain name management impacts not only narrow technical questions and the interests of the trademark community, but the privacy and free expression interests of Internet users. These comments of CDT assume that it is necessary, in the course of DNS administration, to collect, at one or more central repositories, some information about domain names. But careful consideration must be given to how much information should be collected about domain name holders: fair information practices dictate that collection of personally-identifiable information should be kept to the minimum necessary to achieve the immediate purpose. There may even be situations in which registrars would collect no personally-identifiable information and still promote stability and respect for the rights of others. There also arise a set of questions surrounding the use and disclosure of the information that is collected: who should have access to it, for what purposes and under what standard of authority or justification.

These comments explore these broader civil liberties issues involved in name registration in general and trademark dispute resolution in particular. We focus on possible privacy concerns with the creation, access to and use of the domain name registration database(s). No immediate solutions are presented. Our basic message is that establishing privacy rules will not be easy, but that current proposed rules are inadequate and that the task must be given fuller attention through a broader consultative process. We also briefly mention some free expression/access concerns.

Background on DNS Database Proposals

The WIPO Interim Report focuses on creation of a database of domain name holders in order to provide an efficient and reliable manner of identifying and contacting potential trademark infringers. "[T]he purpose of the collection of contact details is to enable a third party which considers that its intellectual property rights have been infringed as a result of a domain name registration to be able to obtain reliable and accurate information concerning the domain name holder in order to establish contact with the holder."

The goals of the Internet Corporation for Assigned Names and Numbers (ICANN) are to ensure the stability of the DNS while promoting competition in the delivery of registration services. ICANN has said that the registration system should be convenient and easy to use from the perspective of individuals or organizations. The system should allow portability of domain name registration from one registrar to another without disadvantage, and should put all registrars on a level playing field with regard to access to registries.

The draft guidelines issued by ICANN for the establishment of a domain name registry system address data collection issues in the following principles for accrediting registrars:

3. The registration agreement should protect legal rights (including intellectual property rights) of the parties, and of third parties where applicable. It should contain provisions that minimize disputes over rights to use of particular domain names, and in the event of dispute, it should contain provisions that enhance the orderly and timely resolution of disputes.

4. The information obtained from applicants for domain names should include only the data elements reasonably needed for the assignment and use of the name. Registrars and other parties acquiring, storing and using such information should be bound by reasonable privacy principles, consistent with facilitation of dispute resolution and law enforcement. Domain name applicants should have an opportunity to register names on behalf of third parties who wish to remain anonymous.

Contents of the DNS Database(s)

Paragraph 85 of the WIPO Interim Report describes the potential scope of the domain name registration database by identifying at least 17 data elements:

(1) domain name (or embedded part thereof), and (2) name of domain name holder. The result of a query on these items could be a browse list featuring any records corresponding to the search criteria. In relation to each record the following information could be displayed: (1) gTLD, (2) any sublevel domain(s), (3) name of domain name holder, (4) street address, (5) city, (6) state/province, (7) postal codes, (8) country, (9) e-mail address, (if available), (10) phone number, (11) fax number, (if applicable), (12) authorized contact person, (if applicable), (13) status of the domain name including whether it is in dispute (e.g., operational, pending, on hold, in dispute), (14) the registration authority for the domain name, (15) the date the domain name was registered, (16) primary and secondary servers hostnames and netaddresses, and (17) an indication of whether the domain name holder has opted for certain ADR procedures further discussed in Chapter 3, below.

In addition, paragraph 85 notes that some would like to include the historical chain of title information for a domain name and any information about relevant intellectual property rights that may be held by the domain name holder.

ICANN’s proposal seems to be only slightly more limited. According to the draft guidelines, "The SLD [Second Level Domain name] holder shall be required to provide to the registrar accurate and reliable contact details and promptly to update them during the term of the SLD registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the SLD holder; name of authorized person for contact purposes in the case of an SLD holder that is an organization, association or corporation; and the data elements listed in IV.3.a.ii, iii, and vi-ix above." The referenced section IV.3.a states that the data elements to be submitted would include:

i. The name of the SLD being registered;
ii. The IP addresses of the primary nameserver and any secondary nameservers for the SLD;
iii. The corresponding names of those nameservers;
iv. The identity of the registrar;
v. The expiration date of the registration;
vi. The name and postal address of the SLD holder;
vii. The name, postal address, e-mail address, voice telephone number, and where available fax number of the technical contact for the SLD;
viii. The name, postal address, e-mail address, voice telephone number, and where available fax number of the administrative contact for the SLD;
ix. The name, postal address, e-mail address, voice telephone number, and where available fax number of the zone contact for the SLD;
x. Any remark concerning the registered SLD name that should appear in the Whois data.

The use of the word "include" suggests that the list is not exclusive. Nowhere do the guidelines implement the promise of the principles that "The information obtained from applicants for domain names should include only the data elements reasonably needed for the assignment and use of the name." Unless it is made clear that these data elements are a ceiling, information maintained by registrars on their customers may include additional information.

It is noteworthy that the last paragraph of proposed Section IV.9.g.i of the ICANN guidelines would provide a mechanism for anonymous holding of SLDs through an entity (such as an ISP) that licenses SLDs to third parties wishing to remain anonymous.

Privacy Concerns

As both ICANN and WIPO recognize, demands for contact information will surely arise. A database containing names, street addresses, email addresses, and telephone numbers of domain name holders would be a valuable commodity for marketers, reporters, governments, and others. Litigants with complaints not related to trademark infringement, businesses, reporters, and others can be expected to seek access to any DNS administrative database.

In addition to private third party uses, the proposed domain name database will be of great interest to – and could be subject to misuse by -- government entities. In connection with criminal investigations, governments may make demands on registrars or on the database for information about domain name holders and their activities. For example, a government agency pursuing an investigation of a domain name holder for fraud might seek to obtain information without any notice to the domain name holder under investigation. In other instances, a government might seek special access to the database in the name of national security. Establishing rules to balance governmental interests against the other interests and values represented on the Internet will present a significant challenge. Certain countries do not have legal standards limiting law enforcement access to personal data, and Internet user may be vulnerable to inappropriate searches in the guise of criminal or national security investigations.

The U.S. Postal Service address system provides an example of how personal contact information in a database can be used by third parties. The U.S. Postal Service used to offer a service that allowed anyone to obtain the new address of an individual who had filed a change of address order. Investigators, attorneys, financial and insurance companies, businesses, and news organizations routinely used the system, often buying the entire database, often without the knowledge of postal customers. In 1994, the Postal Service decided to limit the service to governments, to process servers, and when necessary to comply with a court order.

The Question of Standards

Guidelines limiting the types of information to be collected must be established to prevent registrars or others in the DNS process from cultivating this valuable data resource for their own purposes. Without standards for information collection, Internet users could be subjected to potentially inappropriate requests for information, including identification numbers, demographic information, and online usage information.

>From our viewpoint, it is not clear that people have to sacrifice privacy in order to have a presence on the Internet. For example, a registrar could offer to register names without collecting any personally-identifiable information. The registrar could be obligated to suspend or cancel the name of a particular SLD holder in the event of trademark infringement or illegal conduct, but otherwise the system would allow very robust protection of anonymity, something that could be extremely important, for example, to those wishing to use the power of the Internet to criticize repressive regimes.

Secondly, users should not be forced to choose between anonymity and full exposure. Establishing clear, restrictive rules can avoid the development of inappropriate uses of DNS database records. Setting standards for access to and disclosure of information can prevent potential secondary uses of the database from infringing upon the privacy of Internet users.

So far, neither WIPO nor ICANN have developed adequate rules for privacy of information collection and use in the course of DNS administration. While the ICANN draft guidelines state as a general principle that "registrars and other parties acquiring, storing and using such information should be bound by reasonable privacy principles," the draft ICANN guidelines fall far short of fair information practices. The privacy provision in IV.8 states:

a. The registry administrator would provide each registrar with notice as to:
i. The purposes for which data about any identified or identifiable natural person ("Personal Data") to be provided by the registrar are intended;
ii. The recipients or categories of recipients of any Personal Data provided by the registrar; and
iii. How any Personal Data provided by the registrar and maintained in the registry can be accessed and, if necessary, rectified.
b. The registry administrator would, in the registrar/registry administrator contract, agree that the registry will not process any Personal Data provided by the registrar in a way incompatible with the purposes and other limitations about which it has provided notice to the registrar.

Thus, the guidelines state that any use of the data is permitted so long as notice is provided. In a similar vein, the guidelines go on to require that domain name holders must consent to whatever data use and disclosure the registrar gives notice of:

ii. The registrar would provide notice to each SLD holder-customer stating:
A. The purposes for which any data collected from the applicant about any
identified or identifiable natural person ("Personal Data") are intended;
B. The intended recipients or categories of recipients of the data (including the
registry administrator and others who will receive the data from the registry);
C. Which data are obligatory and which data, if any, are voluntary; and
D. How the data subject can access and, if necessary, rectify the data held about
them.

iii. The SLD holder shall consent to the data processing referred to in section IV.9.g.ii.

The ICANN draft guidelines do not explicitly restrict registrars from using the data for purposes other than ensuring that domain names will resolve to the IP addresses of their host computers throughout the Internet. To the contrary, the guidelines seem to endorse any use for which notice has been given:

v. The registrar shall agree that it will not process the Personal Data collected from the SLD holder in a way incompatible with the purposes and other limitations about which it has provided notice to the SLD holder in accordance with Section ii, above.

The WIPO Interim Report notes that there are potential privacy concerns with open access to the proposed database: "In contrast to this call for the widespread availability of registration data, some other commentators were of the opinion that the extent to which, and the manner in which, any contact information is made available to third parties should be guided by privacy considerations." The Interim Report proposes two alternative approaches: (1) an open, searchable database; and (2) a "filtered" database. The report goes on to state that filtered access would work in one of two ways, in which third party intermediary would handle requests for contact information. With a "filtered" database, designating a third party as an intermediary raises further privacy issues. Who will be given this decision-making capability? What will be their standards and procedures for permitting access? The WIPO Interim Report calls for further discussion regarding access capabilities.

Models of Responsible Database Management

The information in any DNS database need not be viewed in a unitary fashion. Some elements may be treated as public information while others are not. For example, some information must be made available to Internet users in order to support the technical functioning of the Internet. It does not follow, however, that the home address of a domain name holder should be available to all requesters without restriction. Even for information that must be broadly available for technical reasons, however, different methods can be employed to make the information available. Even with a more open database, some information might be made public directly, other information might be searchable, and yet other information might not be disclosable at all or only with cause. Regardless of the management structure, standards for access that consider and protect privacy principles should be established.

There are several models that could be adopted in managing the DNS system databases:

(1) The database could be regarded as a public register, subject to government regulation, which might permit anything from unrestricted access to very limited access by authorized users only.

(2) The database might be treated as the private property of a domain name registrar to be used and made accessible as the registrar sees fit in accordance with rules agreed to by the registrar and its customers.

(3) Another approach would be to consider the database as privately produced but subject to governmental regulatory controls.

(4) The database could be viewed as privately controlled but subject to rules and limitations developed by a non-governmental body such as ICANN or an international body.

Whether publicly managed or privately owned, access to the database can be made available at several different levels, and careful consideration must be given to the impact that each of these possibilities will have on the privacy of Internet users. Legal models already exist that offer valuable points of reference.

Public or Private Management, Unlimited Access

Some public and private records are available for unrestricted public search and use.
Example are the land ownership records, corporation registration statements, liens and other commercial documents required by law to be filed with a government agency and made available for public inspection. In the U.S., private companies routinely obtain the full content of such records, often in bulk, and sell them to their clients. Increasingly, governments are making these records available online, and increasingly privacy concerns are being raised, leading to a reevaluation of disclosure policies.

If some or all of a DNS database is freely accessible to all, the information might be employed for a variety of purposes, including the promotion of competition, marketing, research, government functions, Internet governance, government functions, and other activities. Some or all of these activities may impinge on the privacy interests of individuals and the confidentiality interests of legal persons. If the database is only made available through a search engine, users may be unable to compile a copy of all or part of the database. However, the ability to duplicate the database may depend on how the search engine is configured. The issues to be decided include how searches may be performed, what information is made available from the search process, and who is permitted to perform searches.

Private Management, Regulated Access

Some privately owned records are expressly regulated for reasons that include efficiency, public confidence, and personal privacy. The European Union's Data Protection Directive is an example of regulated access on a transnational level. The directive requires EU member states to enact laws with specified limitations on the collection, maintenance, use, and disclosure of personal information by public and private record keepers. Those who maintain personal data in any state must disclose information on their personal data processing operations to the supervisory authority of the state. The states are then required to establish a register of processing operations open for inspection by any person. The policy is that some information about data processing activities that affect individuals must be placed in the public domain for inspection by all.

In the U.S., the Fair Credit Reporting Act offers another example. Privately owned and operated consumer credit reporting companies must collect, maintain, and disclose their records in accordance with federally prescribed standards. The law benefits the subjects of consumer credit reporting records who are not customers of the credit reporting company.

Another useful example comes from the U.S. law and regulations establishing rules for the use of customer proprietary network information (CPNI) by telecommunications carriers. CPNI is information maintained by a telephone company describing who and when a customer calls and what telephone features the customer uses. When Congress deregulated the telephone industry in 1996, it recognized the need to establish policies for telecommunications companies for use of this information. The resulting complex rules provide that customer consent must be obtained before some information in the possession of the telecommunications company can be used for marketing directly to the customer. Subscriber list information, however, can be used without restriction. The rules provide for the sharing of CPNI with competing carriers with customer consent. A company may not use CPNI to regain the business of a former customer.
The CPNI rules may be particularly relevant to the DNS question because they were intended to strike a balance between privacy and competitiveness interests. Registrars may compete with each other for registration business, and they may compete with other businesses for ancillary products and services.

Public Management, Regulated Access

It is possible that, in some jurisdictions, a government agency will serve as a domain name registrar. If so, then rules regulating government databases will apply, both in terms of restrictions and access. Voter registration records are an example of a public register with regulated access. While access policies in the U.S. vary considerably from state to state, some states limit access to those who have a proper purpose recognized by state law. California allows access to any person for an election, scholarly, journalistic, political, or governmental purpose, and those seeking records must explain their intended use. Pennsylvania requires users to state in writing that the registration records will not be used for purposes unrelated to elections, political activities, or law enforcement.

The Driver's Privacy Protection Act, a U.S. federal law that regulates how the states make personal information from motor vehicle records available for public use, illustrates the potential complexity of regulating the use and disclosure of records. Motor vehicle records are used for many purposes and by many institutions not directly related to the regulation of motor vehicles. The Act allows many of these purposes and restricts others. A major feature of the Act is the provision giving individuals a choice in certain uses. Before a state can make records available in response to individual inquiries or for marketing uses, the state must give each individual an opportunity to opt-out of the disclosure. The Act has resulted in a considerable amount of constitutional litigation over the authority of the federal government to impose these limitations on the states. However, the model of individual choice over the disclosure of some information for some uses remains relevant.

While it is unlikely that an agency of the U.S. government will serve as a registrar, it is useful to consider by analogy the effect that U.S. laws would have on a DNS database run by a federal government body. The records management provisions of the Privacy Act would not be likely to cause any special problems. However, the requirement for recording the date, nature, and purpose of each disclosure of a record might result in the maintenance of a separate compilation of information about anyone who obtained data from the domain name holder database. The Act permits disclosure of records to law enforcement agencies without the need for legal process. If the entity responsible for the DNS database were a federal agency, the federal Freedom of Information Act might require disclosure of some or all of the database in a manner that might be inconsistent with general rules for registrars. The FOIA might require the disclosure of the identity of those who use the database to retrieve information. Open
records laws vary considerably around the world, and other types of conflicts between openness laws and database disclosure rules could arise.

International Enforcement of Privacy Standards

Privacy regulatory regimes differ around the world, and efforts are underway to reconcile the differences. Regardless whether those efforts succeed, the domain name holder database may present some unique problems. Because of the global nature of the Internet, supporting records may have no natural jurisdictional locus. Alternatively, the records may have multiple loci. For some or many domain name registrars, the data subjects will be located in different jurisdictions. Thus, the same jurisdictional questions that surround other Internet activities will arise with the database.

Many existing requirements of national data protection laws can work for a domain name holder database located within the jurisdiction of those laws. However, problems will arise. The EU data protection directive includes exceptions and restrictions for national security, defense, public security, criminal investigations and prosecutions, important national economic interests, and the protection of data subjects and the rights and freedoms of others. How these exceptions and restrictions might be applied to the DNS database is a major issue. If widely divergent exceptions and restrictions are imposed in different countries, privacy protections afforded in one jurisdiction may be unavailable in another. Another set of issues derives from the EU Directive's requirement that data controllers define in advance the purposes of the processing for which the data are intended and the recipients or categories of recipients to whom data might be disclosed. In order to meet this requirement, it will be necess
ary to identify and resolve in advance uses of the DNS database.

Free Speech Concerns

The assignment of domain names creates numerous possibilities for infringements on the international human right to free expression. Will registrars have the authority to deny registration to domain names that they find offensive or obscene? We expect that registrars will face pressure to deny or revoke registration to domains hosting unpopular content. In particular, we have already seen governments pressure for denial of service to their critics. ICANN should address this threat, and develop rules that insulate or bolster registrars and registries against this kind of pressure.

WIPO's proposed trademark dispute resolution practices also have the potential to chill speech. Professor Michael Froomkin notes in his comments on the WIPO Interim Report that the "right of personality," when politicians, actors, and other famous people are given the trademark rights over their names, can "constrain expressive activity if, for example, politicians could claim that their critics were not allowed to register their names as domains." Also under the guise of trademark infringement, companies could prevent consumers from criticizing their products. The threat of having personal contact information revealed threatens the anonymity that makes Internet communication unique, and might prevent domain name holders from publishing their opinions. Internet users should not have to sacrifice their privacy to exercise their rights to free speech.

Human rights activists were among the first to recognize the power of the Internet as a democratizing medium. In order to assist in developing guidelines that will assist registrars and registries in resisting government, WIPO and ICANN should undertake a broader consultation that gives human rights and public interests communities their "seats at the table."

Conclusion

In their current form, neither the WIPO Interim Report nor the ICANN guidelines adequately addresses the issue of privacy standards on an international level. Technical means and a variety of legal mechanisms -- including contracts, license agreements, and statutes -- might be employed to enforce the limitations. Whether any of these mechanisms would be effective in the global Internet environment, however, remains to be seen.

These comments have attempted to illustrate the complexity of the choices that are involved in designing the DNS databases and the rules that will govern them, as well as to encourage open discussion regarding the privacy implications of these choices. At ICANN and WIPO, this discussion should involve representatives from beyond the trademark and technical communities. Domain name holders, registrars, data protection authorities, national governments, Internet users, civil rights and other advocacy organizations, merchants, advertisers, marketers, journalists, libraries, and others also have an interest in the rules that govern the collection, maintenance, use, and disclosure of the domain name holder database.

Furthermore, we should keep in mind that domain name management process has the potential to reach beyond the mere handling of personal information to influence the rights of Internet users in a larger context. For example, the WIPO Interim Report already suggests the possibility that when a domain name is used in connection with political activities, disclosure of contact details might lead to threats of suppression of freedom of expression. Internet users should not have to sacrifice their privacy and personal safety to exercise their right to free speech and expression. These larger civil liberties issues should be considered in the ongoing dialogue about domain name management.

For more information, contact: Lusan Chua (202) 637-9800 lchua@cdt.org

 -- Posted automatically from Process Web site