Why Don't GAC Representatives Follow Their Own National Law?

By Milton Mueller
Milton Mueller

A few weeks ago ICANN's domain name policy making organ (the GNSO) decided that the purpose of Whois was domain name coordination and not compulsory surveillance of domain name registrants. The US and Australian governments expressed their opposition.

The US government's lack of concern for privacy is well known. But what about Australia? The Australian ICANN Governmental Advisory Committee (GAC) representative, Ashley Cross, tried to use his authority as "a government" to intimidate the GNSO, sending it a message announcing that "Australia" supports a broader definition of Whois purpose that gives ICANN a blank check to provide free data mining services to trademark and copyright lawyers at the expense of user data protection. What does "Australia" really support, however? Here's a radical idea: Let's look at its own laws.

Take a look at the Australian national privacy principles under the heading "Use and disclosure." They state: "An organisation must not use or disclose personal information about an individual for a purpose ...other than the primary purpose of collection..."

The law goes on to state that secondary use is allowed only if law enforcement agencies have a real reason "to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities" or is otherwise "required or authorized by or under law" following due process.

The Australian national privacy principles also state: "If an organisation uses or discloses personal information under paragraph (h), it must make a written note of the use or disclosure."

So, at least in Australia, law enforcement activities are already covered under the privacy laws. What is not envisaged in the privacy laws is that the method to provide data to law enforcement should be via public publication. There is literally no practical way to restrict the subsequent "use" of data once it is published in the public.

In light of the above, is the Australia GAC representative contradicting Australia's national policy or suggesting that its laws be changed?

Another interesting question is why the Australia GAC representative is supporting a policy that contradicts the policies of the .au ccTLD. .AU has a Whois policy and purpose that respects privacy. Is Mr. Cross criticizing his own country's ccTLD policy? Is he suggesting that it be changed? If not, why should gTLDs be treated differently?

By Milton Mueller, Professor, Georgia Institute of Technology School of Public Policy. Visit the blog maintained by Milton Mueller here.

Related topics: DNS, Domain Names, ICANN, Privacy, New TLDs, Whois