

The ICANN Public Comments on WHOIS Privacy - ehPReth
https://www.imperialviolet.org/2015/07/05/icannwhois.html

======
dmschulman
"The the week of the 29th brought 995 more. So I think it's clear that,
without significant outside promotion of these topics, almost nobody would
have noticed this proposal."

This sentence makes me seeth. ICANN's proposal affects many millions of people
who've chosen to utilize a domain name or will choose to do so in the future.
If you asked a majority of these users they'd probably have difficulty placing
ICANN as an organization if anything at all yet this unawareness would justify
ICANN's position? ICANN certainly hasn't gone out of their way to make the
public aware of the situation.

The tone of the article suggests the author is ready to disregard the
templated responses from Save Domain Privacy and others yet wouldn't these be
the main channels for users to become aware of the ICANN proposal and take the
opportunity to register their disapproval? One of the _few_ places where one
can educate themselves about this secretive ICANN situation is one of the
primary sources that can't be trusted for honest comment. It sounds like
they've already made up their mind on things.

Even sweeping indictments in the last year from an overwhelming portion of the
public on similar issues surrounding online privacy and the desire for an open
internet don't seem to weigh on ICANN's mind in regards to this decision.

~~~
agl
> The tone of the article suggests the author is ready to disregard the
> templated responses from Save Domain Privacy and others.

I didn't intend to suggest that they be disregard, I just didn't have much to
say about them other than their number.

Without these efforts to promote opposition, /I/ wouldn't have heard about
this proposal I believe. I certainly don't think that the template messages
should be ignored just because of their form.

~~~
ted0
The sheer volume of comments has raised awareness, I think/hope. We've tried
to get people to customize the form letter as much as possible.

------
codezero
It's so baffling that they are pushing these changes when only a year or so
ago they were preparing to eliminate WHOIS altogether... [1][2]

Does anyone know what led to this complete change in direction?

[1] [https://en.wikipedia.org/wiki/WHOIS](https://en.wikipedia.org/wiki/WHOIS)

[2] [https://www.icann.org/en/system/files/files/final-
report-06j...](https://www.icann.org/en/system/files/files/final-
report-06jun14-en.pdf)

~~~
ademarre
I wouldn't call that a change of direction. More like patching WHOIS to make
it more useful until we can replace it with something better.

------
ted0
My team at Namecheap built RespectOurPrivacy.com. In case you were wondering,
visitors have dialed ICANN's LA office through our site 1,800 times.

~~~
No1
Have you guys been checking on the functionality of this system?

Multiple attempts through the web site yielded a busy signal, but calling
directly went through immediately, which makes me think they somehow have your
Twilio number blocked.

They don't seem to be taking any input via telephone, and instead direct you
to Google to find a webpage with an email address.

I understand that having the phone ring off the hook could possibly make ICANN
take notice, but you're probably losing a good portion of people's feedback
being registered due to the hurdles involved with calling.

~~~
ted0
We definitely have been getting busy signals the past few days but we figured
it was multiple callers trying to ring them at once. We'll switch our Twilio
number.

We've also encouraged people in multiple places that both calling and emailing
will make the most impact. Most people have been emailing rather than calling
anyway.

Thanks for the feedback.

~~~
toomuchtodo
You may want to setup multiple Twilio DIDs/numbers, and roll through them for
outbound calls.

~~~
ted0
We swapped numbers and it's working flawlessly now.

They did indeed block our previous #!

------
teraflop
A similar discussion got posted to Reddit a while back, and nobody seems to be
mentioning that the phrase that has everybody so riled up ("domains used for
online financial transactions for commercial purpose should be ineligible for
[WHOIS] privacy and proxy registrations") is taken entirely out of context. If
you read the actual document, it's clear that this is a suggestion from a few
specific parties to the discussion, and it is emphatically _not_ the opinion
of the ICANN working group as a whole, much less does it rise to the status of
a "proposed rule". From the PDF: ([https://gnso.icann.org/en/issues/raa/ppsai-
initial-05may15-e...](https://gnso.icann.org/en/issues/raa/ppsai-
initial-05may15-en.pdf))

> The WG agrees that the status of a registrant as a commercial organization,
> non-commercial organization, or individual should not be the driving factor
> in whether P/P services are available to the registrant. Fundamentally, P/P
> services should remain available to registrants irrespective of their status
> as commercial or non-commercial organizations or as individuals.

...

> As noted above, the WG agrees that the mere fact of a domain being
> registered by a commercial entity, or by anyone conducting commercial
> activity in other spheres, should not prevent the use of P/P services. In
> addition, a majority of WG members did not think it either necessary or
> practical to prohibit domain names being actively used for commercial
> activity from using P/P services.

...

> the WG does not believe that P/P registrations should be limited to private
> individuals who use their domains for non-commercial purposes.

I think it's telling that the vast majority of feedback came from members of
the public who read Namecheap's call-to-action at
[https://www.respectourprivacy.com/](https://www.respectourprivacy.com/). As
an outsider, it looks to me like Namecheap and the EFF are purposely
distorting the situation to drum up some positive PR.

~~~
icebraining
I don't see the EFF saying that ICANN is as a whole of that opinion; what they
said is that there is such a proposal, and that ICANN is considering it (which
they are, and which is why they're asking for external input).

------
bhc
If you want to submit comment directly to ICANN, you do so here.

[https://www.icann.org/public-comments/ppsai-
initial-2015-05-...](https://www.icann.org/public-comments/ppsai-
initial-2015-05-05-en)

Scroll down to "Template for Responses (if desired)." (Direct link:
[https://s.zoomerang.com/s/VTLNGF5](https://s.zoomerang.com/s/VTLNGF5) )

The form asks you to comment on a dozen or so specific parts of the report and
the working group proposal. I imagine comments submitted this way will have
more impact than a plain letter since you will be guided to address all of the
contentious parts.

------
yc1010
Knowing ICANN they will just want to make yet another .tld called .dissident
or something retarded like .sucks for all those who want their privacy and
also make it easy to block those who want privacy by authoritarian governments
worldwide.

------
Qantourisc
Anyone else getting a fork/replace itch from ICANN lately ?

~~~
dlitz
With what, though? ITU-T wants to take over their role, but I can't imagine
that being anything but worse.

------
ecaron
The public "You should go voice your complaint" campaigns do more harm than
good as far as ICANN goes.

In the end, it all comes down to ICANN typically just has one person review
all the feedback - and when there's a mass write-in those typically get
dismissed in bulk.

If you want a good example, check out how ICANN handled the .jobs adjustment
in 2010 ([http://forum.icann.org/lists/jobs-phased-
allocation/pdfDrGz8...](http://forum.icann.org/lists/jobs-phased-
allocation/pdfDrGz87sHKK.pdf)). Heartbreaking.

------
jessaustin
_The comment period opened on May 5th, but between then and June 22nd there
were only seven messages. However, the week of the 22nd brought 10,015
messages. The the week of the 29th brought 995 more. So I think it 's clear
that, without significant outside promotion of these topics, almost nobody
would have noticed this proposal._

Does ICANN not want the public to contribute to its process? ISTM they could
do a bit more publicity.

~~~
the_ancient
>Does ICANN not want the public to contribute to its process?

No, no they do not..

They post "public comment periods" as a smoke screen so they can claim
transparency, openness and give the illusion of some kind of democratic
process.

~~~
ted0
I really do think that they tried to sneak this through.

------
hellbanner
Which comments were "the author doesn't know what they meant"?

~~~
ted0
I'm also curious about this

------
coldcode
I sent ICANN a direct email without a template and received an automated
acknowledgment. Does this mean they care what I said? I have no way to know.

------
Animats
Here's our position as Sitetruth.com:

We at Sitetruth.com operate a system which attempts to evaluate the legitimacy
of the business behind business web sites. We do this by attempting to link
the web site to a real-world business, then obtaining business background
information from commercial sources. We thus have an interest in correct
ownership data for web sites being easily available.

ICANN proposes that "Domain name registrations involving P/P service providers
should be clearly labelled as such in WHOIS." We agree, and add that the
"clear labeling" should be easily machine-parsable. We would consider this a
negative indicator when evaluating business legitimacy.

As for the questions presented for public comment:

Q: "Should registrants of domain names associated with commercial activities
and which are used for online financial transactions be prohibited from using,
or continuing to use, P/P services?"

A: Yes. In many jurisdictions, a business must disclose the actual name and
address of the business behind a web site, or be guilty of a criminal offense.
See California Business and Professions Code section 17538, which reads:

"Before accepting any payment or processing any debit or credit charge or
funds transfer, the vendor shall disclose to the buyer in writing or by
electronic means of communication ... the legal name under which the business
is conducted and, except as provided in paragraph (3), the complete street
address from which the business is actually conducted." Also see The European
Electronic Commerce Directive (2000/31/EC), which is even broader:

... Member States shall ensure that the service provider shall render easily,
directly and permanently accessible to the recipients of the service and
competent authorities, at least the following information:

(a) the name of the service provider; (b) the geographic address at which the
service provider is established; (c) the details of the service provider,
including his electronic mail address, which allow him to be contacted rapidly
and communicated with in a direct and effective manner; (d) where the service
provider is registered in a trade or similar public register, the trade
register in which the service provider is entered and his registration number,
or equivalent means of identification in that register; (e) where the activity
is subject to an authorisation scheme, the particulars of the relevant
supervisory authority"

The European Union's position is quite clear. While individuals have privacy
rights under the European Privacy Directive, businesses do not. Online
businesses are subject to stringent disclosure requirements. ICANN should
follow that model.

Q: "Do you think it would be useful to adopt a definition of "commercial” or
“transactional” to define those domains for which P/P service registrations
should be disallowed? If so, what should the definition(s) be?

A: The definition of "commercial" should be that used in the European
Directive on Electronic Commerce. That definition works for the EU. Any site
which accepts payments, offers items for sale, or engages in transactions of
value should be considered commercial. Whether advertising-supported sites
should be considered commercial remains an open question.

Q: "Would it be necessary to make a distinction in the WHOIS data fields to be
displayed as a result of distinguishing between domain names used for online
financial transactions and domain names that are not?"

A: For a domain identified as "commercial" per the previous criteria, the
information listed as required by the European Directive on Electronic
Commerce should be publicly available.

    
    
            John Nagle
            Sitetruth.com

~~~
bad_user
In the EU at least, the distinction between citizens and commercial entities
is often blurry, as I'm not sure about other places, but in the EU many
countries have this notion of "authorized professional" as a legal commercial
entity and many people are taking advantage of it. EU directives are also
mostly guidelines (i.e. they specify a desired result, not how that should
happen) and yes, disclosure of information about a business should happen, but
the channel for that is not specified.

As an example of why your mention of European directives is bullshit, Romania
is an EU member, yet the WHOIS information for our .ro TLD is locked behind
www.rotld.ro. So in order to find out the WHOIS information about a domain,
you have to go to a web interface and then go through a CAPTCHA screen meant
to prevent crawlers.

Personally, I have yet to hear about a valid use-case for automated crawling
of WHOIS information.

Also, Sitetruth.com is a shady business. I mean, you block ads on search
engines you don't own and you do so for commercial purposes. That smells to me
like copyright infringement. And seriously, who patents an ad blocker?

~~~
Animats
_" You block ads on search engines you don't own and you do so for commercial
purposes. That smells to me like copyright infringement."_

Some content providers have the idea that their ad-based business model is
somehow protected by copyright, and that users can't block ads. This has no
basis in law and has gone nowhere in court.[1]

 _" And seriously, who patents an ad blocker?"_

Google's Eric Schimdt once testified before Congress that it was technically
impossible for Google to evaluate the legitimacy of web site operators. We did
it. That meets one of the strongest criteria for invention - the big guys
tried to do it and failed. Ad Limiter is a demo of that.

We're looking for someone who wants to take a bite out of Google. Yahoo gave
up on search and became a Bing reseller, and Bing is just too confused
internally. As computing gets cheaper, it becomes cheaper to provide search
services, which makes Google vulnerable. As costs went down, ad density should
have decreased. But it didn't. This puts Google on the wrong side of Moore's
Law. A non ad supported search engine may become feasible, especially in the
mobile space where it can go on the phone bill. It's interesting to see what
Verizon is starting to do with Bing.

[1]
[http://www.ft.com/cms/s/0%2Fef6fe54e-046d-11e5-a5c3-00144fea...](http://www.ft.com/cms/s/0%2Fef6fe54e-046d-11e5-a5c3-00144feabdc0.html#axzz3bMyPvlCW)

------
arca_vorago
The changes ICANN seems to be making these days worry me, mostly because I
don't see a clear explanation of the reasoning behind their recent moves. When
I got the email from namecheap, I did use their template, but I immediately
assumed it would be tossed into /dev/null.

If you aren't aware, ICANN has recently been pushing to remove themselves from
their US contract, supposedly at the behest of other countries who don't like
the idea of US governance of the system. My problem though is that I don't see
any clear explanation of why this is actually needed, and I see plenty of
reasons why keeping it under US oversight is a good thing.

For example, has ICANN formed an independent outside auditor or oversight body
to replace the functions the US has traditionally performed? Good luck wading
through their website to figure that out. I've even heard ICANN members say
that it's merely "symbolic", so that other countries will trust ICANN more.
That doesn't make sense though, when there are some quantifiable differences
in operation and oversight under the new governance model.

From PcWorld [http://www.pcworld.com/article/2142460/us-ntias-plan-to-
end-...](http://www.pcworld.com/article/2142460/us-ntias-plan-to-end-icann-
contract-puts-internet-freedom-at-risk-critics-say.html)

"Without the NTIA contract, there’s no limit on ICANN’s ability to raise fees
on its domain-name system services, added Daniel Castro, senior analyst at the
Information Technology & Innovation Foundation, a tech-focused think tank.

“Without U.S. oversight, ICANN has the potential to grow into the world’s
largest unregulated monopoly,” he said. “We should be very mindful of creating
a global organization with little accountability that can effectively tax the
Internet.”

The participants in ICANN would not allow the organization to become an
unregulated monopoly, Strickling countered. That view “totally disregards the
presence of hundreds of stakeholders, thousands of stakeholders, who actually
set the policies for ICANN,” he said. “If you’re saying [the groups involved]
are all going to allow that to happen, then you’re basically saying you don’t
believe in the multistakeholder model.”"

Links for the curious:

ICANN Resources Page: [https://www.icann.org/resources/pages/agreements-
en](https://www.icann.org/resources/pages/agreements-en)

ICANN contract: [https://www.icann.org/en/system/files/files/iana-
contract-14...](https://www.icann.org/en/system/files/files/iana-
contract-14aug06-en.pdf)

ICANN Board: [https://www.icann.org/resources/pages/board-of-
directors-201...](https://www.icann.org/resources/pages/board-of-
directors-2014-03-19-en)

If anyone has a good explanation of what they mean, in detail, by "global
multistakeholder community", and how those "stakeholders" will actually be
able to influence ICANN, I would really like to see it.

------
alkimie2
I found it odd that the author used the personal pronoun 'I' and felt free to
apply her own evaluation of comments as the final word. ICANN is a public
trust, not a personal fiefdom.

~~~
pascal_cuoq
Why would a person who isn't a member of ICANN not be free to comment
personally on publicly available information using as medium their personal
blog?

~~~
geofft
That said, I for one support dissolving ICANN and replacing it with agl's free
time....

