WHOIS Task Force13 September 2005 - Minutes ATTENDEES: GNSO Constituency representatives: Jordyn Buchanan - Chair gTLD Registries constituency - David Maher gTLD Registries constituency - Phil Colebrook Registrars constituency - Paul Stahura Registrars constituency - Ross Rader Registrars constituency - Tim Ruiz (alternate) Intellectual Property Interests Constituency - Steve Metalitz Intellectual Property Interests Constituency - Niklas Lagergren Internet Service and Connectivity Providers constituency - Tony Harris Internet Service and Connectivity Providers constituency - Maggie Mansourkia Non Commercial Users Constituency - Kathy Kleiman Commercial and Business Users Constituency - David Fares Liaisons At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer - absent GAC Liaison - Suzanne Sene - absent - apologies ICANN Staff: Olof Nordling - Manager, Policy Development Coordination Maria Farrell Farrell - ICANN GNSO Policy Officer GNSO Secretariat - Glen de Saint Géry Absent: Internet Service and Connectivity Providers constituency - Greg Ruth gTLD Registries constituency - Ken Stubbs gTLD Registries constituency - Tuli Day Non Commercial Users Constituency - Milton Mueller Non Commercial Users Constituency - Frannie Wellings Commercial and Business Users Constituency - Sarah Deutsch - apologies Commercial and Business Users constituency - Marilyn Cade - apologies Registrars constituency - Tom Keller - apologies MP3 Recording Summary (the date on the summary should be 13 September and not 12 September 2005) Agenda Types of problems that Whois is intended to address. Maria reported that the recommendation 2 had been posted for public comment. All constituency statements on the purpose of WHOIS, except for the Registrar constituency, and the statement on purpose of the contacts by the NCUC have been received Ross Rader gave a high level summary of the registrar's statement saying the purpose should be limited, technical in nature, and facilitate the purposes supported under the ICANN contract such as transfers. Ross further clarified technical saying that it was an issue if a domain was being used for spam, or if there was a web server non-functioning, sending out spam. Jordyn Buchanan noted that the purpose of constituency statements was to inform the ongoing process, serve as a base line to the discussion and ascertain common ground. Jordyn Buchanan referred to his email of August 17- Purpose of WHOIS - types of problems "1) Some constituency statements indicate that the purpose of the Whois system is to provide contact information to assist in the resolution of specific types of problems. For example, the NCUC statement suggests that the purpose is limited to resolving "technical problems". On the other hand, the IPC statement does not limit the purpose to resolving a specific type of problem. The CBUC Statement gives a broader range Should the purpose of Whois be defined in resolving specific types of problems? ...if so... 2) What types of problems should the purpose encompass? Technical problems? Legal problems relating to the domain name itself? Legal problems relating to the content hosted using the domain? Non-legal issues relating to content? Others?" Jordyn asked whether it was the ISP and IPC view that the purpose of WHOIS should not include a type of problem or was it something not incorporated into their statements ? Tony Harris, ISP representative, responded that there was a risk, giving as an example cyber crime which was an evolving science, impacting different issues, legal and technical and specific definitions of types of problems today, no longer applied in a short while. Thus, if problems were to included, the definition should be broad. Maggie Mansourkia added that a useful approach would be a white list versus a black list and the ISP considered a black list more helpful than an all-inclusive list, because future legitimate uses were difficult to predict. Steve Metalitz IPC representative, generally agreed with Tony and Maggie and commented that there were some uses of WHOIS that were already prohibited by contracts, and there were some uses in certain countries that were not allowed. Jordyn Buchanan summarised the views, as a directory of contact information which might not be allowed for certain things but there was no judgment about what types of issues it addressed. In addition, caution was expressed about the terminology "uses" versus "purpose". David Maher expressed the opinion that "purpose" and "use" could not be disconnected. The issue was the public availability of the names. Historically the WHOIS kept track of the very limited number of people who had domain names. Things had changed, and the entire world who uses the internet can see every one's private information. There was no consensus on this. The IP constituency had clearly stated that all the information should be publicly available while the Registry constituency totally rejected that concept. Thus there was no consensus possible if the purpose of WHOIS was based on the IP constituency's version of purpose. Attempting to limit the concept of purpose was not very useful. Paul Stahura commented that the purpose of the WHOIS was not to display contact information but be able to contact the registrant. So, another technology or mechanism to contact the registrant without displaying the contact information could be a solution but as long as it was defined as displaying the contact information, there would not be a solution. It was a subtle, but important difference. Jordyn Buchanan suggested another variant, whether the purpose of WHOIS was to provide a directory or display of contact information or to allow registrants to be contacted? Kathy Kleiman quoted from the Article 29 Working Party established under the EU Privacy Directive that addressed the question of purpose. “From the data protection viewpoint it is essential to determine in very clear terms what is the purpose of the WHOIS and which purpose(s) can be considered as legitimate and compatible to the original purpose. http://europa.eu.int/comm/justice_home/fsj/privacy/workinggroup/wpdocs/… (Opinion 2/2003 on the application of the data protection principles to the Whois directories). Purposes could not be extended to other purposes considered desirable just because they were useful thus Jordyn's question was important. A similar comment from the European Commission, Internet Market DG, Comments to ICANN 1/2003, was noted: “From the data protection viewpoint it is essential to determine in very clear terms what is the purpose of the Whois database and which purpose(s) can be considered as legitimate and compatible to the original purpose.’ http://www.dnso.org/dnso/notes/eccommentswhois22jan03.pdf. David Fares commented that the Working Party 29 views were non-binding opinion and while the CBUC enumerates the purpose of WHOIS at a high level, the task force would be perpetual if all the specific purposes of WHOIS were enumerated. Jordyn Buchanan clarified that the question was whether there should be a list. If the WHOIS was simply a list of contact information that was not intended to resolve problems, other issues such as accuracy or access would fall away.The issues were contingent, if the data was intended for something rather than just plain data. Steve Metalitz commented that the issue was not either a finite list of WHOIS purposes or that WHOIS was intended to solve problems.The NCUC and Ross Rader expressed the view that it could be used to resolve technical problems and that It might be helpful to understand what was in that category. Jordyn Buchanan commented that it was important to look into the reasons for listing the contact information. Paul Stahura commented that if the problems to be solved were not defined the risk was that the information could be used for undesirable purposes such as marketing. Kathy Kleiman suggested inviting people to address the task force on the technical purpose of WHOIS. David Maher commented that there were two purposes for the WHOIS : for what and for whom and believed that the original and existing purpose was to serve the registrars to contact their customers directly for such purposes as billing, transfers or expiring domain names. If it could be agreed that the purpose was to supply the registrars only with the data, except in limited other instances, progress would be made. Tony Harris commented that in fact the critical data was the credit card data which was the key to contact the registrant for any purpose and it was independent from what was shown to the public. Ross Rader and Paul Stahura were not of the same opinion as Tony and Ross commented that not all registrars had the same business model and process for registering and that in 20 – 50% of registrations that assumption was not valid that data was collected at the ISP level rather than from the registrar. Tim Ruiz commented that even retail registrars and resellers were bound by agreements on the payment process or with paypal about what they could and could not do with the information. So there were other agreements and legal uses of the information. Jordyn Buchanan asked, since there appeared to be concern about being overly constraining in defining types of problems, whether a definition of the purpose of WHOIS, as broad as the CBUC 's was helpful in addressing the purpose of WHOIS? CBUC proposed the following purpose of the Whois database: "A database of contact information sufficient to contact the registrant or their agent(s) to enable the prompt resolution of technical, legal and other matters relating to the registrant’s registration and use of its domain name." The purpose of defining purpose was to further frame the discussion and additional actionable items would be clearer once the purpose was established. If the CBUC definition were adopted, would there be issues that WHOIS was supposed to address that would not be incorporated in that definition? Maggie and Tony, responded "no" Paul Stahura commented that the CBUC ruled out the purposes that were not problems, the statement used the terminology"matters" and not problems, for example the use of WHOIS for obtaining a certificate. Was the purpose to know the identity of the registrant or to contact them? Jordyn Buchanan summarised saying that assuming it was considered useful to formulate a definition of what WHOIS was intended to accomplish, how should it be defined The NCUC mentioned "technical problems" and the CBUC mentioned "matters related to the registration or use of the domain name", and David Maher suggested that the purpose was limited to providing data to a certain group of people - registrars. Was there a need to go beyond technical problems? David Maher proposed including Law Enforcement and Intellectual Property as the purposes of the WHOIS list provided they were limited so that the entire list of names and personal data was not available to the public globally. Since the members of the group had different viewpoints, an approach that looked at the meaning of purpose in a different way was needed. The general trend of the discussion that followed indicated that the terms "technical" and "legal" should be fleshed out. Jordyn Buchanan proposed two sub groups to examine "technical" and "legal" issues to reach a useful definition and incorporate some specific scenarios as well. Ross Rader suggested that in policy discussions, the focus should be on what was practical and possible and there was a distinct body of work that referred to WHOIS. Jordyn Buchanan reminded the group that WHOIS was a directory of contact information which placed a that constraint on what could be done. It was suggested that the Proposed NCUC definition of purpose be used a the starting point for "technical" "The purpose of the WHOIS is to provide to third parties an accurate and authoritative link between a domain name and a responsible party who can either act to resolve, or reliably pass information to those who can resolve, technical problems associated with or caused by the domain. By "technical problems" we mean problems affecting the operational stability, reliability, security, and global interoperability of the Internet." Jordyn Buchanan summarised: Two subgroups tasked with creating language on "Technical issues " and "Legal issues " within the context of the WHOIS, ICANN core values and mission, national and legal laws and refer back to the terms of reference. ACTION: Two separate mailing lists set up for the subgroup work. "Technical issues " subgroup - Steve Metalitz, Kathy Kleiman, Ross Rader "Legal issues" subgroup - Davis Fares, Maggie Mansourkia, Jordyn Buchanan Other task force members were encouraged to join the groups. Next Call: 27 September 2005 Report back from the" technical" and "legal" subgroups. Jordyn Buchanan thanked all the task force members for participating. The WHOIS task force call ended at 17 :10 CET - |