ICANN and Human Rights

By Aarti Bhavana

The topic of human rights on the Internet has been one of significant interest, right from finding mention in the WSIS Declaration of Principles in 2003, to the UN Human Rights Council’s First Resolution on Internet Free Speech, which declared that the rights available to people offline must also be protected online. These have subsequently also been reaffirmed by UN General Assembly’s resolution on the right to privacy in the digital age, and the NETmundial outcome document, which called for human rights to underpin the principles of Internet governance.

However, the issue of human rights in the specific context of Internet architecture is one that has gained significant traction only in the recent past. As the entity responsible for the technical coordination of the domain name system (DNS), ICANN’s impact on human rights is not one to be underestimated. While it is a corporation bound by California corporate law, it also functions as a global governance body that develops Internet policy.[1] As a result, a human rights study from an ICANN perspective not only includes the Universal Declaration of Human Rights (UDHR), International Covenant on Economic, Social and Cultural Rights (ICESCR) and the International Covenant on Civil and Political Rights (ICCPR), but also the UN Guiding Principles on Business and Human Rights (UNGP), which sets out corporate responsibilities to respect human rights.

ICANN policy processes and human rights

ICANN policies have a significant impact on internationally recognized human rights, such as freedom of expression, privacy, due process and freedom of association. There are also three major policy development processes (PDP) concerning issues with far-reaching human rights impacts:

New gTLD subsequent procedure: one of the biggest functions carried out by ICANN is deciding when to introduce new gTLDs[2] After the first round of new gTLD applications, a review was undertaken to determine whether adjustments needed to be made for subsequent application procedures. This PDP will examine the set of issues identified from the experiences of the 2012 round of new gTLD Program and address related policy concerns. The will also include looking into various issues which will have substantial human rights impact, such as the freedom of expression, freedom of association, economic and social rights, and privacy.

Next-Generation gTLD Registration Directory Services to Replace Whois: also known as new WHOIS, next-gen WHOIS or WHOIS2, this PDP is the culmination of over 15 years of efforts to address the many issues related to gTLD registration data. The collection and public access to registration data has long been a cause for concern, and this PDP will have to focus on data protection and the right to privacy.

Review of all Rights Protection Mechanisms (RPMs) in all gTLDs: this PDP shall be assessing the effectiveness of the Rights Protection Mechanisms for all gTLDs, such as Uniform Dispute Resolution Policy (UDRP), Trademark Clearinghouse (TMCH) and Uniform Rapid Suspension 
Procedure (URS), among others. The right to freedom of expression and due process are directly impacted by RPMs, and any review must take this into account.

The IANA Transition

Apart from the individual policy processes, there has also been some work on developing an overarching human rights framework for ICANN. The IANA Transition, expected to take place in September of this year, required an enhancement of ICANN’s accountability and transparency. This involved several discussions on ICANN’s principles, values and mission, which led to a discussion of human rights.[3] Article 4 of the Articles of Incorporation commits ICANN to “carrying out its activities in conformity with relevant principles of international law and applicable international conventions and local law.” Whether this includes international human rights instruments, is open to interpretation, and there was a demand for the bylaws to be amended to explicitly reflect human rights principles. The Cross Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability) worked on developing a human rights bylaw that explicitly commits ICANN to respect internationally recognized human rights. The bylaw language is currently being finalized, along with the rest of the CCWG-Accountability recommendations. (A detailed explanation tracing the evolution of CCWG-Accountability work on human rights can be found here).

Ongoing work on human rights

Work Party 4 of CCWG-Accountability continues its work on developing ICANN’s commitment to human rights. Future work in this area will be in the form of understanding how the proposed human rights bylaw is to be interpreted, specific to ICANN’s structure.

Further, there are groups dedicated to understanding the intricacies of human rights and ICANN’s policy work. The Cross-Community Working Party on ICANN’s Corporate and Social Responsibility to Respect Human Rights (CCWP-HR) and the GAC Working Group on Human Rights and International Law (HRIL) are two such examples. The work of these groups become even more significant with the three PDPs currently underway, as there needs to be a constant check to ensure that the policies respect internationally recognized human rights.

[1] https://www.article19.org/data/files/medialibrary/38148/ICANN_CS_to_respect_HR_report_ALL_FINAL-PDF.pdf

[2] Dr. Monika Zalnieriute and Thomas Schneider, ‘A Council of Europe Analysis on ICANN’s Procedures and Policies in the Light of Human Rights, Fundamental Freedoms and Democratic Values.’ Council of Europe, Strasbourg, DGI (2014)12.

[3] https://www.article19.org/data/files/medialibrary/38148/ICANN_CS_to_respect_HR_report_ALL_FINAL-PDF.pdf

WHOIS: The Current Landscape and a Privacy Analysis

By Aarti Bhavana

The CCG team recently wrote a memo on the privacy implications of the WHOIS database, which is available here.

Document Summary


The WHOIS service is a public, unrestricted database on which anyone can find out the real world identity, business location and contact information (including email address) of the registrant. The Affirmation of Commitments between the US Department of Commerce and ICANN requires ICANN to ensure timely, unrestricted and public access to WHOIS information.

Key Concerns

WHOIS contact information has been used to target the physical safety of domain registrants, especially women entrepreneurs, small business owners working from home, activists living in totalitarian regimes, LGBTQ bloggers, etc. It has also been used for spam.

Although Law Enforcement Agencies (LEAs) seek access to this data to identify registrants of particular websites, LEAs of oppressive countries with records of human rights violations can use this facility to identify dissidents or the owners of blogs and subject them to violent treatment.

The WHOIS policy is widely criticized for lacking accuracy. The present system has enough loopholes that enable fabrication of data, or mechanisms to keep details private.


  1. Mechanisms to contact registrants without offering access to information about them.
  2. Permitting registrant to submit an email address as contact information, without her actual name or other details.
  3. Developing systems for Law Enforcement Agencies LEAs to identify law-breakers without the WHOIS database (since law-breakers are unlikely to submit accurate details anyhow). E.g. technological methods to track people using their email addresses.