In common with several other ccTLDs, the .nz ccTLD is split into two bodies. While the registry operator is NZRS, the policies are managed by a different entity The Domain Name Commission. They’ve recently been reviewing their whois related policies and have come up with a proposal which would allow private individuals to opt out of public whois. However the proposal is incredibly narrow in scope and limits who would be eligible to opt out.
Personally I think it’s a good thing that they’ve taken the time to review their whois policies. However the proposal they’ve come up with is terribly flawed and is of little benefit to most registrants, as it makes the, in my view, flawed assumption that whois data should be public by default.
I became aware of the proposals via a blog post from .nz’s Jordan Carter a few weeks back. So rather than simply writing a blog post about my views on the policy I’ve submitted my comments today.
Here they are in full:
Dear Sir / Madam
I am submitting these comments in my personal capacity and not on behalf of any organisation with whom I may be associated.
I have been an active participant in both gTLD and ccTLD policy development for more than a decade and have spent quite a lot of that time examining issues related to both whois and privacy. I currently serve on multiple policy work groups within ICANN. I also served on the .eu registrar advisory board for 6 years and currently serve on both the .us stakeholder council, as well as the .ie ccTLD’s policy advisory board.
While it is laudable that the .nz Domain Name Commission would wish to review the whois policy, I find the proposed changes are flawed.
In many jurisdictions the privacy of an individual is a right. It is not an afterthought.
However the proposal that has been presented in this instance assumes that publishing contact details for all registrants in a fully unrestricted whois directory is a prerequisite of a functional system. Starting from that point the proposal is far too narrow in its scope and ignores the reality that many registrants would strive towards, namely privacy by default.
Historically whois was used by network operators and other technical actors to deal with technical issues. The amount of data that ended up in whois records over time was never really planned or examined in light of any proper privacy or legal regime. So over the course of 20 plus years many other “actors” came to rely on public whois data for a multitude of purposes, both valid and abusive. (We examined some of these in the EWG report of which I was an author: https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf )
Just because the amount of information that is publicly available via whois has grown over the past 2 decades does not mean that granting unrestricted access to it is either correct, necessary or even legal.
If the .nz DNC was serious about protecting individuals’ privacy then they would allow for simple a “whois opt-out” as is available in several other ccTLDs including .uk and .fr. Any registrant should be able to exercise the right to not have their details published in the whois without having to go through a long and tedious process.
As a ccTLD .nz operates a “thick whois” model, so the underlying registrant data would be collected by the registrar and held by the registry. If there is a legitimate need by law enforcement or others to access the underlying data then they would be able to submit a request and allow for some form of proper due process when assessing access requests.
While in the gTLD space most TLDs operate a fully open and public whois model there are already two TLDs .tel and .cat who have implemented policies and processes that give individuals the ability to not have their details in public whois.
See here for the form used by .cat: http://fundacio.cat//en/whois-access or here for the .tel equivalent: https://sas.nic.tel/
I hope that the .nz DNC takes my comments and those of others in a similar vein into consideration and comes up with a more suitable proposal.
The consultation period on the whois policy is open until June 7 2016 if you want to make your voice heard.