WHOIS Task Force 1
Description of Work

Amended: 29 October 2003

Title: Restricting access to WHOIS data for marketing purposes

Participants:
- 1 representative from each constituency
- ALAC liaison
- GAC liaison
- ccNSO liaison
- SECSAC liaison
- liaisons from other GNSO WHOIS task forces
- up to three outside advisors

Description of Task Force:
==========================

In the recent policy recommendations relating to WHOIS:
it was decided that the use of bulk access WHOIS data for marketing should not be permitted. However, these recommendations did not directly address the issue of marketing uses of Whois data obtained through either of the other contractually required means of access: Port 43 and web-based. Bulk access under license may be only a minor contributor to the perceived problem of use of Whois data for marketing purposes. A subset of a registrar's Whois database that is sufficiently large for data mining purposes may be obtained through other means, such as a combination of using free zonefile access (via signing a registry zonefile access agreement - the number of these in existence approaches 1000 per major registry) to obtain a list of domains, and then using anonymous (public) access to either port-43 or interactive web pages to retrieve large volumes of contact information. Once the information is initially obtained it can be kept up-to-date by detecting changes in the zonefile, and only retrieving information related to the changed records.
This process is often described as "data mining". The net effect is that large numbers of Whois records are easily available for marketing purposes, and generally on an anonymous basis (the holders of this information are unknown).

The purpose of this task force is to determine what contractual changes (if any) are required to allow registrars and registries to protect domain name holder data from data mining for the purposes of marketing The focus is on the technological means that may be applied to achieve these objectives and whether any contractual changes are needed to accommodate them.

In-scope
========
The purpose of this section to clarify the issues should be considered in proposing any policy changes.

The task force should consider the effects of any proposed policy changes on the ability of groups such as law enforcement, intellectual property, internet service providers, and consumers to continue to retrieve information necessary to perform their functions.

The task force should consider the effects of any proposed policy changes on the competitive provision of domain name services including WHOIS access and transfers, and on the competitive provision of value-added services using WHOIS information.

Out-of-scope
============
To ensure that the task force remains narrowly focussed to ensure that its goal is reasonably achievable and within a reasonable time frame, it is necessary to be clear on what is not in scope for the task force.

The task force should not aim to specify a technical solution. This is the role of registries and registrars in a competitive market, and the role of technical standardisation bodies such as the IETF. Note the IETF presently has a working group called CRISP to develop an improved protocol that should be capable of implementing the policy outcomes of this task force. However, the task force should seek to achieve an understanding of the various technological means that could be applied to prevent or inhibit data mining with an eye toward evaluating their impact on other uses and their compatibility with the currently applicable contracts.

The task force should not review the current bulk access agreement Provisions, except to the extent that these can be improved to enhance protection against marketing uses and to facilitate other uses. These were the subject of a recent update in policy in March 2003.

The task force should not study the amount of data available for public (anonymous) access for single queries. Any changes to the data collected or made available will be the subject of a separate policy development process.

Tasks/Milestones
================
- collect the stated needs and the justification for those needs from non-marketing users of contact information (this could be extracted from the Montreal workshop and also by GNSO constituencies, and should also include accessibility requirements (e.g based on W3C standards) [milestone 1 date]
- review general approaches to prevent automated electronic data mining and ensure that the requirements for access are met (including accessibility requirements for those that may for example be visually impaired) [milestone 2 date]
- determine whether any changes are required in the contracts to allow the approaches to be used above (for example the contracts require the use of the port-43 WHOIS protocol and this may not support approaches to prevent data mining) [milestone 3 date]

Each milestone should be subject to development internally by the task force, along with appropriate public comment processes (e.g seeking specific advice from the technical community, or from WHOIS service operators) to ensure that as much input as possible is taken into account.