2 June 2005
Proposed agenda and related documents
List of attendees:
Philip Sheppard - Commercial & Business Users C.
Marilyn Cade - Commercial & Business Users C.
Grant Forsyth - Commercial & Business Users C
Greg Ruth - ISCPC
Antonio Harris - ISCPC - absent - apologies - proxy to Tony Holmes/Greg Ruth
Tony Holmes - ISCPC
Thomas Keller- Registrars
Ross Rader - Registrars - absent - apologies - proxy to Bruce Tonkin/Tom Keller
Bruce Tonkin - Registrars
Ken Stubbs - gTLD registries
Philip Colebrook - gTLD registries
Cary Karp - gTLD registries
Lucy Nichols - Intellectual Property Interests C
Niklas Lagergren - Intellectual Property Interests C
Kiyoshi Tsuru - Intellectual Property Interests C. - absent
Robin Gross - Non Commercial Users C.- - absent - apologies - proxy to Marc Schneiders/Norbert Klein
Marc Schneiders - Non Commercial Users C. - absent - apologies - proxy Robin Gross/Norbert Klein/Tom Keller/Ross Rader/Bruce Tonkin
Norbert Klein - Non Commercial Users C.
Alick Wilson - absent - apologies - proxy to Maureen Cubberley/ Bruce Tonkin
14 Council Members
Paul Verhoef - Vice President, Policy Development Support - absent - apologies
Kurt Pritz - Vice President, Business Operations
Olof Nordling - Manager, Policy Development Coordination
Maria Farrell - ICANN GNSO Policy Support Officer
Glen de Saint G�ry - GNSO Secretariat
GNSO Council Liaisons
Suzanne Sene - GAC Liaison
Bret Fausett - acting ALAC Liaison - absent
Michael Palage - ICANN Board member
Jordyn Buchanan - Whois task force 1/2/3 chair
Quorum present at 14:06 CET.
Bruce Tonkin chaired this teleconference.
Item 1: Approval of the Agenda
Item 2: Approval of the
Minutes of 12 May 2005
Ken Stubbs moved the adoption of the minutes of 12 May 2005
Motion approved. One abstention from Maureen Cubberley
Maureen Cubberley asked for clarification on the staff reports that were mentioned in the minutes of 12 May 2005 but were not on the website or the mailing lists.
Bruce Tonkin suggested that the minutes reflect the action items and that there be a follow up.
Decision 1: The minutes of 12 May 2005 were adopted
Item 3: Staff Report
- current areas of work - WHOIS, new gTLDs, transfers, IDNs
- update on .net agreement and new sponsored agreements
- update on strategic/operational planning process
- status on meeting agenda for Luxembourg
- GNSO Council review
To be discussed on Sunday morning 10 June, 2005 at the pre-council meeting in Luxembourg.
Maria Farrell reported that :
1. the Whois combined task force final report on recommendation 1 for improving notification and consent for the use of contact data in the Whois system had been submitted to the GNSO Council along with a list of possible implementation issues for consideration in accordance with the policy development process.
2. the draft terms of reference for the combined Whois task force had been further redrafted following a discussion at the GNSO Council Meeting on 12 May 2005 and were to be voted on by the council during the present meeting.
3. regarding Recommendation 2, A procedure for conflicts, when there are conflicts between a registrar's or registry's legal obligations under local privacy laws and their contractual obligations to ICANN, Steve Metalitz and Kathy Kleiman were working on a revised draft.
4. at the GNSO Council meeting on 12 May 2005, Ross Rader volunteered to lead a Transfers policy implementation group and the staff had prepared some statistics on the most common problems regarding transfers to be made available to the implementation group.
Olof Nordling reported that drafting had begun on an inventory of questions and answers necessary to fulfill the implementation stage of new TLDs and this would be sent to the GNSO council for input. As background documents, a new WIPO report, requested by Dr. Paul Twomey had been released.
Kurt Pritz added that the strategy for the implementation for new TLDs specified certain issues that were a prerequisite for building a process. The current work focus has been fleshing them out and they would be sent to the council for review.
There was general agreement amongst Council members to encourage a stronger relationship and steady interaction between the ICANN staff and the Council so that the Council could be engaged in the development of the documents on 'work in progress' at an early stage to give guidance and identify policy issues. There was a need for a predictable process on an ongoing basis that would allow organizations to plan for submitting future proposals to ICANN.
Kurt Pritz agreed and said that ICANN also felt a sense of urgency regarding moving forward on gTLD strategy implementation. The present sTLD round has raised a series of complex issues that needed to be resolved by economists and technologists before future TLDs were launched.
The list of questions to be sent to Council by June 9, 2005, were regarded as a 'work in progress document' and creating a procedure for introducing new TLDs. A matrix would be created into which the input from various organizations would be filled in.
Council proposed working sessions with ICANN staff and the GNSO Council either at a physical ICANN meeting or a special teleconference to work through the questions and answers.
Kurt Pritz commented that the draft proposal for the annual ICANN strategic and operational planning process was being reviewed and the group who created the document would be contacted for further discussion. The ICANN six-month strategic planning cycle will begin with consultations in Luxembourg. In addition, the ICANN Operational Plan/Budget will be submitted to the ICANN Board for approval.
Council believed that it was necessary to have a public forum on the operational plan in Luxembourg.
Lucy Nicholls and Marilyn Cade asked whether the proposed revisions in the Registrars Accreditation Agreement, mentioned in the budget process, would be available for public comment and what was the role of the council in developing consensus policy to support contractual changes.
Bruce Tonkin responded that one of the issues concerning registrars was that they had joined at different stages and the agreements were for 5 years. In the existing Registrars Accreditation Agreement (RAA) consensus policy had to be complied with at the time that it was created and there are now inconsistencies between the RAA and some of the new consensus policies. The RAA needs to be updated to reflect the changes from the consensus policies. Further changes would need to be subject to a policy development process (which makes them binding on all registrars), unless all registrars agreed to the changes.
Kurt Pritz commented that most of the changes would be related to new consensus policies and in rewriting the contracts Council should be presented with a staff report of issues that need to be addressed.
- update on new sTLDs
Maria Farrell reported that .JOBS and .TRAVEL had been approved by the ICANN Board and have been designated as registries. On 3 May, at an ICANN Board meeting additional information was requested on .Asia. ICANN has entered into commercial and technical negotiations with an additional candidate registry for .XXX. ICANN has already entered into technical and commercial negotiations with .CAT, .MOBI and .POST.
It would be appropriate for the issues to be numbered in future staff reports according to the priorities that were determined by the GNSO council.
Item 4: Consideration of the final report from the WHOIS task force with respect to improving notification and consent for the use of contact data in the Whois system.
Bruce Tonkin referred to his posting to the Council list stating, that with respect to considering the final report from the WHOIS task force on improving notification and consent for the use of contact data in the Whois system, the GNSO council would follow the ICANN bylaws, section 10, of Annex A, for the Policy Development Process.
Section 10 states:
10. Council Deliberation
a. Upon receipt of a Final Report, the Council chair will
(i) distribute the Final Report to all Council members;
The Final report has been distributed to all council members and
(ii) call for a Council meeting, which has been done on 2 June 2005.
"The Council may commence its deliberation on the issue prior to the formal meeting, including via in-person meetings, conference calls, e-mail discussions or any other means the Council may choose. The deliberation process shall culminate in a formal Council meeting either in person or via teleconference, wherein the Council will work towards achieving a Supermajority Vote to present to the Board."
Bruce Tonkin proposed adjourning the vote until the next council meeting on 23 June 2005 to assure that proxy votes had specific voting instructions, but using the current debate to determine if Council could reach a Supermajority vote, 66%, based on the recommendation or whether changes were needed.
If the Council could reach a SuperMajority vote on the recommendation, the Council might decide to create an implementation committee to flesh out some of the implementation details before providing the Final Report
to the Board.
If the Council could not reach a SuperMajority position, then the Council members that voted against the recommendations needed to provide written reasons within 5 days for inclusion in the Final Report to the Board why they voted against the recommendation.
Text of the Recommendation
"1. Registrars must ensure that disclosures regarding availability and third-party access to personal data associated with domain names actually be presented to registrants during the registration process. Linking to an external web page is not sufficient.
2. Registrars must ensure that these disclosures are set aside from other provisions of the registration agreement if they are presented to registrants together with that agreement. Alternatively, registrars may present data access disclosures separate from the registration agreement. The wording of the notice provided by registrars should, to the extent feasible, be uniform.
3. Registrars must obtain a separate acknowledgement from registrants that they have read and understand these disclosures. This provision does not affect registrars' existing obligations to obtain registrant consent to the use of their contact information in the WHOIS system. "
Philip Sheppard, representing the Commercial and Business Users constituency, Niklas Lagergren, a task force member and representing the Intellectual Property Interests constituency and Maureen Cubberley, appointed to the Council by the Nominating Committee all spoke in favour of the recommendation as being clear, concise, implementable, maintained privacy as well as a high standard of data protection.
Tom Keller, a task force member and Bruce Tonkin, both representing the Registrar constituency spoke against the recommendation.
Tom Keller, against supporting the recommendation, commented that it placed too much constraint on Registrars, it was unnecessary to single out one issue especially in view of the list of issues to be clarified to be clarified, and pointed out that there was a difference between acknowledgement and consent.
Bruce Tonkin commented from a registrars view point that the recommendation dealt with consumer education and moved away from ICANN's core issues regarding security and stability. There were many elements of registrar agreements that consumers should be made aware of such as delete, expiration of names practices, UDRP requirements, registering names in good faith, and rather than single out one issue, the ICANN organization, the Intellectual Property and Business Users should be encouraging their communities to read all the terms and conditions.
Regarding part one, Registrars support making information about WHOIS practices available, but disagreed that it was not possible to use a link to a separate webpage. This is a standard way of linking to privacy policies and terms and conditions amongst Internet ecommerce websites.
Obtaining a separate acknowledgement from registrants placed an unnecessary burden on the registration process.
The Registrar Accreditation Agreement had a standard text that registrars should use to inform registrants 2.7.4
Ken Stubbs, a task force member and a gTLD registries constituency representative, proposed a uniform disclosure policy agreed on by the registrars.
Jordyn Buchanan, the chair of the combined WHOIS task force, commented that the current recommendation arose from concern the Whois task force 2 had expressed that in the current notification to registrants it was neither very conspicuous nor obvious that their data would be published in a public data base.
2.1 Notification and Consent
"According to the ICANN Registrar Accreditation Agreement (RAA), Registrars are required to form an agreement with Registered Name Holders containing the following elements.
Section 3.7.7 of the RAA addresses the requirements of the Registrar/Registrant agreement, including the need for accurate and reliable registrant contact information. To the extent the notice to registrants of data elements collected and displayed are not clear or may be overlooked by registrants based on the overall length and complexity of the registration agreement, it is useful to change the format so that better notice is delivered to registrants. The task force finds that disclosures regarding availability and access to Who is data should be set aside from other provisions of a registration agreement by way of bigger or bolded font, a highlighted section, simplified language or otherwise made more conspicuous.
It follows that separate consent to the Whois disclosures is also useful. By obtaining separate consent from registrants, at the time of agreement, to the specific Whois data provisions, it would further draw attention to and facilitate better understanding of the registrar’s Whois disclosure policy."
a. There could be general agreement on:
2." Registrars must ensure that these disclosures are set aside from other provisions of the registration agreement if they are presented to registrants together with that agreement. Alternatively, registrars may present data access disclosures separate from the registration agreement. The wording of the notice provided by registrars should, to the extent feasible, be uniform. "
b. This recommendation was not supported by registrars:
3. Registrars must obtain a separate acknowledgement from registrants that they have read and understand these disclosures. This provision does not affect registrars' existing obligations to obtain registrant consent to the use of their contact information in the WHOIS system."
c. "Linking to an external web page is not sufficient." was not supported by the Registrars
The motion received 22 votes in favour, out of a total of 26 votes, (4 councillors were absent for the vote).
Marilyn Cade suggested as an administrative assignment to the ICANN policy staff:
Review of the top 10 registrars and a random selection of 10 other registrars to determine how registrars make registrants aware of their obligations to provide contact information for public display via the WHOIS service.
Report back to Council and the combined Whois task force.
Timeframe: one week
Vote adjourned until the next Council meeting June 23 2005, all councillors unable to attend that meeting should provide proxy votes with instructions.
Item 5. Approval of new terms of reference for combined WHOIS task force, and approval of membership and voting rules.
Bruce Tonkin commented that the current terms of reference, version 5, had undergone minor additions since the council meeting held on May 12, 2005.
Niklas Lagergren proposed:
that a requirement be added to the draft terms of reference v5, task 4, to develop a policy for up-front verification of WHOIS information.
Discussion on the motion:
Marilyn Cade stated that the Commercial and Business Users constituency supported the need for accurate data, but noted that there are concerns about the "unfunded mandate" approach, and she did not support adding in the up front verification processes to the terms of reference for a variety of reasons.
Bruce Tonkin suggested investigating the incidence of WHOIS problem reports, how frequent was their follow up and was the complaint system working
The motion received 12 votes in favour, 7 votes against and 6 abstentions (count as votes against) out of a total of 26 votes. Kiyoshi Tsuru no vote, absent without proxy
The motion failed.
Bruce Tonkin proposed a vote:
to accept the Draft terms of reference v5 for the combined WHOIS task force.
The motion carried
Marilyn Cade proposed instructions on the process:
- The task force should be encouraged to have an interactive relationship with Council by reporting on a continual basis the stages of work undertaken.
In order to define the purpose of WHOIS, the current uses should be identified and data collected by previous task forces with the help of the ICANN policy staff should be documented.
The GNSO Council accepted the Terms of Reference for the combined WHOIS task force, noted below:
The mission of The Internet Corporation for Assigned Names and Numbers ("ICANN") is to coordinate, at the overall level, the global Internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the Internet's unique identifier systems.
In performing this mission, ICANN's bylaws set out 11 core values to guide its decisions and actions. Any ICANN body making a recommendation or decision shall exercise its judgment to determine which of these core values are most relevant and how they apply to the specific circumstances of the case at hand, and to determine, if necessary, an appropriate and defensible balance among competing values.
ICANN has agreements with gTLD registrars and gTLD registries that require the provision of a WHOIS service via three mechanisms: port-43, web based access, and bulk access. The agreements also require a Registered Name Holder to provide to a Registrar accurate and reliable contact details and promptly correct and update them during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; the name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and the name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name. The contact information must be adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name.
A registrar is required in the Registrar Accreditation Agreement (RAA) to take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access or disclosure, alteration, or destruction.
The goal of the WHOIS task force is to improve the effectiveness of the WHOIS service in maintaining the stability and security of the Internet's unique identifier systems, whilst taking into account where appropriate the need to ensure privacy protection for the Personal Data of natural persons that may be Registered Name Holders, the authorised representative for contact purposes of a Register Name Holder, or the administrative or technical contact for a domain name.
(1) Define the purpose of the WHOIS service in the context of ICANN's mission and relevant core values, international and national laws protecting privacy of natural persons, international and national laws that relate specifically to the WHOIS service, and the changing nature of Registered Name Holders.
(2) Define the purpose of the Registered Name Holder, technical, and administrative contacts, in the context of the purpose of WHOIS, and the purpose for which the data was collected. Use the relevant definitions from Exhibit C of the Transfers Task force report as a starting point (from http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):
"Contact: Contacts are individuals or entities associated with domain name records. Typically, third parties with specific inquiries or concerns will use contact records to determine who should act upon specific issues related to a domain name record. There are typically three of these contact types associated with a domain name record, the Administrative contact, the Billing contact and the Technical contact.
Contact, Administrative: The administrative contact is an individual, role or organization authorized to interact with the Registry or Registrar on behalf of the Domain Holder. The administrative contact should be able to answer non-technical questions about the domain name's registration and the Domain Holder. In all cases, the Administrative Contact is viewed as the authoritative point of contact for the domain name, second only to the Domain Holder.
Contact, Billing: The billing contact is the individual, role or organization designated to receive the invoice for domain name registration and re-registration fees.
Contact, Technical: The technical contact is the individual, role or organization that is responsible for the technical operations of the delegated zone. This contact likely maintains the domain name server(s) for the domain. The technical contact should be able to answer technical questions about the domain name, the delegated zone and work with technically oriented people in other zones to solve technical problems that affect the domain name and/or zone.
Domain Holder: The individual or organization that registers a specific domain name. This individual or organization holds the right to use that specific domain name for a specified period of time, provided certain conditions are met and the registration fees are paid. This person or organization is the "legal entity" bound by the terms of the relevant service agreement with the Registry operator for the TLD in question."
(3) Determine what data collected should be available for public access in the context of the purpose of WHOIS. Determine how to access data that is not available for public access. The current elements that must be displayed by a registrar are:
- The name of the Registered Name;
- The names of the primary nameserver and secondary nameserver(s) for the Registered Name;
- The identity of Registrar (which may be provided through Registrar's website);
- The original creation date of the registration;
- The expiration date of the registration;
- The name and postal address of the Registered Name Holder;
- The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and
- The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name.
(4) Determine how to improve the process for notifying a registrar of inaccurate WHOIS data, and the process for investigating and correcting inaccurate data. Currently a registrar "shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy."
(5) Determine how to resolve differences between a Registered Name Holder's, gTLD Registrar's, or gTLD Registry's obligation to abide by all applicable laws and governmental regulations that relate to the WHOIS service, as well as the obligation to abide by the terms of the agreements with ICANN that relate to the WHOIS service. [Note this task refers to the current work in the WHOIS task force called 'Recommendation 2', A Procedure for conflicts, when there are conflicts between a registrar's of registry's legal obligations under local privacy laws and their contractual obligations to ICANN.]
Item 6: Process for use by ICANN in considering requests for consent and related contractual amendments to allow changes in the architecture operation of a gTLD registry.
Bruce Tonkin reported that as agreed at the last meeting, 12 May 2005, the report has been posted for a 20 day public comment period.
The constituencies were urged to submit comments to the process.
The following step would be a Final report drafted by staff incorporating the public comments, published 7 days before the Luxembourg meeting, aiming to vote on the report at the meeting.
Item 7: Transfer policy staff report
see update under item 3.
Item 8: new gTLDs
To be deferred to the next meeting on 23 June 2005.
Item 9: Internationalised Domain Names (IDN)
Cary Karp commented that UNESCO had issued two WSIS preparatory symposia addressing issues clearly related to IDNs and that a key element in the responsible introduction of IDNs were the ICANN guidelines which were in need of revision.
Bruce Tonkin suggested forming a technical committee to look at the ICANN guidelines on IDNs and submit a report to council and to ask the ICANN staff
- to advise the council on the level of discussion from the ICANN Board on IDNs
- to contact Cary Karp regarding other fora that were working on IDNs
Item 9: Comments on 2005/2006 budget operational plan
see update under item 3.
Item 10: Any other business
Suzanne Sene, the Government Advisory Committee liaison to the GNSO Council, informed the council of an invitational working session, intended for all GAC members, with invitation to the Councils of the relevant ICANN Supporting Organizations, relevant ICANN staff and invited guest speakers/participants. The aim was to broaden understanding of the diverse aspects of domain name and IP address data maintained by registries and registrars, the public display of this data via WHOIS services, and the impact of the data on combating illegal activities on the Internet. The session would not be open to other attendance and was planned for Sunday 10 July, 2005 from 14:00 to 18:00.
Bruce Tonkin declared the GNSO meeting closed and thanked everybody for participating.
The meeting ended: 16: 28 CET.