domain name registrant data the privacy questions
Download
Skip this Video
Download Presentation
Domain Name Registrant Data: The Privacy Questions

Loading in 2 Seconds...

play fullscreen
1 / 11

DavidsonWIPOWhois - PowerPoint PPT Presentation


  • 249 Views
  • Uploaded on

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology http://www.cdt.org Understanding the Privacy Questions Goal: A framework for considering potential privacy questions raised by collection of and access to DNS registrant data.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'DavidsonWIPOWhois' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
domain name registrant data the privacy questions

Domain Name Registrant Data: The Privacy Questions

Alan Davidson

Center for Democracy and Technology

http://www.cdt.org

slide2

Understanding the Privacy Questions

  • Goal: A framework for considering potential privacy questions raised by collection of and access to DNS registrant data.
  • Context: What data is collected, why is it needed, and who is it collected about?
  • Privacy: What privacy questions are raised?
  • Best practices: Ideas for reconciling privacy questions and data access needs.

1

context the need for registrant data
Context: The Need for Registrant Data
  • Technical stability
  • Law enforcement
  • Consumer protection
  • Intellectual property protection
  • Competition

2

a spectrum of dns registrants
A Spectrum of DNS Registrants
  • Range of domain name registrants: From large companies to individuals pursuing non-commercial purposes.
  • Increasing number of individuals in gTLDs. (Verisign estimate: 15% “non-business” and growing)
  • Note: Very different privacy expectations for different types of users.

3

data collection and access requirements
Data Collection and Access Requirements

The gTLD experience:

  • Data collected: Technical, billing, and administrative contact. Require name, address, phone, and email.
  • Access to data: Full public access, as quickly and completely as possible, for anyone online.
  • Bulk access: Both individual queries and bulk transfer to compilers and resellers of registrant info.

4

privacy questions
Privacy Questions
  • Note: Wide range of cultural perspectives and national laws.
  • Is personal information collected? For businesses, almost certainly not. For individuals, data can be personally identifiable and sensitive. (ex. home phone number)
  • Is there an expectation of privacy? For businesses, should be no. But for individuals, possible expectation of privacy today.

5

privacy questions ii
Privacy Questions II

For individuals with a privacy expectation:

  • Are Fair Information Practices followed? Key issue is use of data.
  • Is the data used solely for the purpose for which it was collected? Difficult to enforce against secondary uses today. Possible unintended uses: Marketing and unsolicited email. Criminal use. Government persecution.
  • Other concerns? Some will not want to sacrifice privacy in order to access the DNS.

6

reconciling privacy questions
Reconciling Privacy Questions

Some ideas for dealing with individual privacy::

  • Public education: Good notice, clear understanding of alternatives
  • Meaningful alternatives to registration
  • Allow proxy contacts (like “unlisted” numbers in the telephone book) for some registrant data

7

reconciling privacy questions ii
Reconciling Privacy Questions II

Other ideas, raising implementation difficulties:

  • Limit secondary uses (allow bona fide requests, prohibit others)
  • Make only some data widely available (such as tech contact, legal address)
  • Separate commercial actors and non-commercial individuals (difficult!)
  • Create audit system and allow review of database queries (with delay as needed)

8

conclusion
Conclusion
  • Range of important demands for fast access to registrant data.
  • Privacy questions limited in commercial setting, but raised by individual registrants and secondary use of information.
  • Look forward to working on ways to balance these concerns and reconcile privacy questions.

9

fair information practice principles
Fair Information Practice Principles
  • Openness (Notice)
  • Consent (Choice)
  • Access
  • Security
  • Accountability (Enforcement)
  • Collection Limitation
  • Data Quality
  • Use Limitation
ad