Today a letter was submitted to the President of ICANN, Paul Twomey, at the ICANN Carthage meeting, “asking him to ensure that strong privacy safeguards, based on internationally accepted standards, are established for the WHOIS database.”

Latest reports indicated that the draft letter had been signed by about 50 nonprofit groups and represented 21 countries on six continents. “Signers of the letter included the American Library Association, the U.S. Association for Computing Machinery, the Australian Council for Civil Liberties, Electronic Frontier Finland, Privacy Ukraine, and the United Kingdom’s Foundation for Information Policy Research.”

As ICANN tries to decide how to balance domain name owners’ privacy with accountability, this coalition effort emphasized the fact that ICANN “has failed to establish corresponding protections for personal information that is provided. As representatives of Internet users around the world, we are keen to ensure that the policies developed for the WHOIS database respect the freedom of expression and the privacy of every individual who registers Internet domains.”

The following is an excerpt from the letter:

“First, for domain name registrars to compel registrants to disclose personal information, even information related to domain registration, poses dangers to freedom of expression and privacy on the Internet. Many domain name registrants—and particularly noncommercial users—do not wish to make public the information that they furnished to registrars. Some of them may have legitimate reasons to conceal their actual identities or to register domain names anonymously. For example, there are political, cultural, religious groups, media organizations, non-profit and public interest groups around the world that rely on anonymous access to the Internet to publish their messages. Anonymity may be critical to them in order to avoid persecution.

Second, WHOIS data should not be available to just anyone who happens to have access to the Internet. It is well known that broad access to personal information online contributes to fraud such as identity theft. US Federal Trade Commission (FTC) advises consumers to protect themselves from identity theft, and generally from Internet-related frauds, by not disclosing personally identifiable information. The mandatory publication of WHOIS data is contrary to the FTC’s advice.

We urge ICANN to consider the views of consumer organizations and civil liberties groups on the WHOIS. At a minimum, we believe that adequate privacy safeguards should include the following principles:

• The purposes for which domain name holders’ personal data may be collected and published in the WHOIS database have to be specified; they should, as a minimum, be legitimate and compatible to the original purpose for which this database was created; and this original purpose cannot be extended to other purposes simply because they are considered desirable by some users of the WHOIS database;
• The most relevant purpose for collecting WHOIS data is to combat spam;
• The amount of data collected and made publicly available in the course of the registration of a domain name is limited to what is essential to fulfill the purposes specified;
• Any secondary use that is incompatible with the original purpose specified requires the individual’s freely given and informed consent;
• The publication of individuals’ personal information on the Internet through the WHOIS database should not be mandatory; it should be possible for individuals to register domain names without their personal information appearing on a publicly available register; and
• Disclosure of WHOIS information to a law enforcement official or in the context of civil litigation must be pursuant to explicit legal authority set out in statute.

Such a policy would not frustrate lawful criminal investigations. It would instead establish necessary privacy safeguards, and reduce the risk that the widespread availability of WHOIS information will lead to greater fraud, more spam, and jeopardize freedom of expression.”