a few days ago, the italian ccTLD registry finally stopped publishing e-mails and telephone numbers in the whois queries. for the moment, the complete information is available on the web, by going through a graphic password verification. in the meantime, a complete policy is being discussed, so to allow individual registrants to keep at least some of their data out of any kind of public database, be it accessible through whois or through a web interface.

in our discussion in the italian policy board, we had no doubt that individuals have to fully identify themselves to the registry to get a domain name, so that they can be held responsible by public authorities for what they do with their domain. we also had no doubt that privacy laws must be applied, and that individuals have to provide a consent, and optionally deny some data from publication.

the only part on which we haven't made up our mind yet is whether individuals should have the option to completely hide their information, including their name, or whether they should be required at least to disclose the name and one form of contact (postal or e-mail address). personally, i would accept the idea of making the entire set of information reserved, just as you do with telephone numbers.

in the end, it took eight years and a lot of personal efforts to get privacy laws implemented in italy (i think we're the last ones in europe), but that's nothing if compared to how hard it is to get privacy respected in icann.

i must confess that i am totally disappointed by the discussion in the new (fourth or fifth rearrangement, i think) joint whois task force, where many participants - especially u.s. registrars and business/intellectual property users - are now pushing the discussion on how to find a way for icann to either ignore national privacy laws or refuse to accredit registrars from countries where the current whois requirements are illegal (more or less, any country except the united states).

one of our most famous statesmen used to say that "by thinking bad you commit a sin, but usually you get it right". so, to think bad, one could look at the facts and discover that, notwithstanding all the fuss about the advisory committees, policy is determined in a context (the gnso) where businesses (developed countries businesses, to be precise) have 5/6 of the power, civil society 1/6, and governments zero.

this is perhaps why icann since its inception keeps "working" on the whois issue, just to have an argument to keep all those noisy privacy authorities and foreign parliaments at bay, but never gets to anything.

the last argument i've heard on the list is that, since the u.s. have no privacy law, registrars from outside of the u.s. should not be allowed to "unfairly compete" with the american ones by offering privacy to their customers; and to ensure this, as said above, international registrars should either commit to break their country's laws, or be refused accreditation.

okay, icann is never going to actually approve anything like that - in fact, the staff has actually tried to bring the discussion back to reason, though in a rather unfortunate way, that has enraged most of the participants.

however, the more i look at whois, the more i get worried. it is clear that icann really needs significant structural reforms, to ensure that it really operates in the global public interest. i don't like the idea of letting the internet "fall into the hands" of bureaucracies, but what if you discover that it has already fallen into the hands of a tiny corporate group?