Re: [council] Fifth draft of WHOIS terms of reference

["Ross Rader" <ross@xxxxxxxxxx>]

I am not in the office for the next two weeks, and my 
internet access will be quite sporadic, but I'd like to 
toss a quick comment into the drafting process -

Regarding the first two work items - I propose that each 
be reworded to remove the phrase "the purpose of " (i.e. 
"...define the purpose of..." should simply read 
"...define...". The task force should simply focus on 
creating definitions that can be used to set the context 
for other decisions. The council should then consider 
whether or not further policy work should be conducted to 
define which purposes are appropriate/inappropriate as a 
separate work item.

The current instructions as written are simply too broad 
to allow this group to effectively meet the goals we have 
set out.

Also, for our next meeting, I will have to give my proxy 
to Bruce and then to Tom. Apologies that I can't make it.

On Mon, 30 May 2005 20:25:32 +1000
 "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx> wrote:
> Hello All,
>
> The draft below incorporates a specific reference to the 
> current work on
> resolving conflict between national laws and ICANN, as 
> suggested by
> Maria Farrell.
>
> Regards,
> Bruce
>
> Fifth Draft of Terms of Reference for WHOIS task force
>
> The mission of The Internet Corporation for Assigned 
> Names and Numbers
> ("ICANN") is to coordinate, at the overall level, the 
> global Internet's
> systems of unique identifiers, and in particular to 
> ensure the stable
> and secure operation of the Internet's unique identifier 
> systems. 
>
> In performing this mission, ICANN's bylaws set out 11 
> core values to
> guide its decisions and actions. Any ICANN body making a 
> recommendation
> or decision shall exercise its judgment to determine 
> which of these core
> values are most relevant and how they apply to the 
> specific
> circumstances of the case at hand, and to determine, if 
> necessary, an
> appropriate and defensible balance among competing 
> values.
>
> ICANN has agreements with gTLD registrars and gTLD 
> registries that
> require the provision of a WHOIS service via three 
> mechanisms: port-43,
> web based access, and bulk access.   The agreements also 
> require a
> Registered Name Holder to provide to a Registrar 
> accurate and reliable
> contact details and promptly correct and update them 
> during the term of
> the Registered Name registration, including: the full 
> name, postal
> address, e-mail address, voice telephone number, and fax 
> number if
> available of the Registered Name Holder; name of 
> authorized person for
> contact purposes in the case of an Registered Name 
> Holder that is an
> organization, association, or corporation; the name, 
> postal address,
> e-mail address, voice telephone number, and (where 
> available) fax number
> of the technical contact for the Registered Name; and 
> the name, postal
> address, e-mail address, voice telephone number, and 
> (where available)
> fax number of the administrative contact for the 
> Registered Name.   The
> contact information must be adequate to facilitate 
> timely resolution of
> any problems that arise in connection with the 
> Registered Name.
>
> A registrar is required in the Registrar Accreditation 
> Agreement (RAA)
> to take reasonable precautions to protect Personal Data 
> from loss,
> misuse, unauthorized access or disclosure, alteration, 
> or destruction.
>
> The goal of the WHOIS task force is to improve the 
> effectiveness of the
> WHOIS service in maintaining the stability and security 
> of the
> Internet's unique identifier systems, whilst taking into 
> account where
> appropriate the need to ensure privacy protection for 
> the Personal Data
> of natural persons that may be Registered Name Holders, 
> the authorised
> representative for contact purposes of a Register Name 
> Holder, or the
> administrative or technical contact for a domain name.
>
> Tasks:
>
> (1) Define the purpose of the WHOIS service in the 
> context of ICANN's
> mission and relevant core values, international and 
> national laws
> protecting privacy of natural persons, international and 
> national laws
> that relate specifically to the WHOIS service, and the 
> changing nature
> of Registered Name Holders.
>
>
> (2) Define the purpose of the Registered Name Holder, 
> technical, and
> administrative contacts, in the context of the purpose 
> of WHOIS, and the
> purpose for which the data was collected.  
> Use the relevant definitions from Exhibit C of the 
> Transfers Task force
> report as a starting point (from
> http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):
>
> "Contact: Contacts are individuals or entities 
> associated with domain
> name records. Typically, third parties with specific 
> inquiries or
> concerns will use contact records to determine who 
> should act upon
> specific issues related to a domain name record. There 
> are typically
> three of these contact types associated with a domain 
> name record, the
> Administrative contact, the Billing contact and the 
> Technical contact.
>
> Contact, Administrative: The administrative contact is 
> an individual,
> role or organization authorized to interact with the 
> Registry or
> Registrar on behalf of the Domain Holder. The 
> administrative contact
> should be able to answer non-technical questions about 
> the domain name's
> registration and the Domain Holder. In all cases, the 
> Administrative
> Contact is viewed as the authoritative point of contact 
> for the domain
> name, second only to the Domain Holder.
>
> Contact, Billing: The billing contact is the individual, 
> role or
> organization designated to receive the invoice for 
> domain name
> registration and re-registration fees.
>
> Contact, Technical: The technical contact is the 
> individual, role or
> organization that is responsible for the technical 
> operations of the
> delegated zone. This contact likely maintains the domain 
> name server(s)
> for the domain. The technical contact should be able to 
> answer technical
> questions about the domain name, the delegated zone and 
> work with
> technically oriented people in other zones to solve 
> technical problems
> that affect the domain name and/or zone.
> Domain Holder: The individual or organization that 
> registers a specific
> domain name. This individual or organization holds the 
> right to use that
> specific domain name for a specified period of time, 
> provided certain
> conditions are met and the registration fees are paid. 
> This person or
> organization is the "legal entity" bound by the terms of 
> the relevant
> service agreement with the Registry operator for the TLD 
> in question."
>
>
> (3) Determine what data collected should be available 
> for public access
> in the context of the purpose of WHOIS.  Determine how 
> to access data
> that is not available for public
> access.   The current elements that must be displayed by 
> a registrar
> are:
>
> - The name of the Registered Name;
>
> - The names of the primary nameserver and secondary 
> nameserver(s) for
> the Registered Name;
>
> - The identity of Registrar (which may be provided 
> through Registrar's
> website);
>
> - The original creation date of the registration;
>
> - The expiration date of the registration;
>
> - The name and postal address of the Registered Name 
> Holder;
>
> - The name, postal address, e-mail address, voice 
> telephone number, and
> (where available) fax number of the technical contact 
> for the Registered
> Name; and
>
> - The name, postal address, e-mail address, voice 
> telephone number, and
> (where available) fax number of the administrative 
> contact for the
> Registered Name.
>
>
> (4) Determine how to improve the process for notifying a 
> registrar of
> inaccurate WHOIS data, and the process for investigating 
> and correcting
> inaccurate data.  Currently a registrar "shall, upon 
> notification by any
> person of an inaccuracy in the contact information 
> associated with a
> Registered Name sponsored by Registrar, take reasonable 
> steps to
> investigate that claimed inaccuracy. In the event 
> Registrar learns of
> inaccurate contact information associated with a 
> Registered Name it
> sponsors, it shall take reasonable steps to correct that 
> inaccuracy."
>
>
> (5) Determine how to resolve differences between a 
> Registered Name
> Holder's, gTLD Registrar's, or gTLD Registry's 
> obligation to abide by
> all applicable laws and governmental regulations that 
> relate to the
> WHOIS service, as well as the obligation to abide by the 
> terms of the
> agreements with ICANN that relate to the WHOIS service. 
>  
> [Note this task refers to the current work in the WHOIS 
> task force
> called 'Recommendation 2', A Procedure for conflicts, 
> when there are
> conflicts between a registrar's of registry's legal 
> obligations under
> local privacy laws and their contractual obligations to 
> ICANN.]