Re: [ga] Whois more in detail

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Dominik and all,

  I see several problems not the least of which are legal problems
in regards to privacy in what you are suggesting in your "Access
Modes" approach as a potential policy governing Whois data
request results.

First different countries have many and varied laws regarding
what data is and is not considered private.  Even in EU member
nations, individual privacy and corporate privacy very greatly.

 In the US, different states have different and varied privacy
laws in regards to individuals and corporate entities as to type.

Hence only your "C" suggestion may reasonably and legally
apply.

Second, and by no means last, where does ICANN or any
registrar have the idea it has the right to assign or determine
whom or what has what level of privacy in respect to any nations
law regarding privacy at any level?

Dominik Filipp wrote:

> Hi all,
>
> after reviewing the posts sent here so far, I also tend to prefer
> privacy to data disclosure in the whois. However, to satisfy the Chris's
> (and also my) need, the privacy on whois data should be something that
> individuals and, possibly, non-com organizations should be allowed to
> qualify for only.
> To be more explicit, my opinion on how the whois record could be
> accessed and dealt with (including the ideas from GA) is as follows
>
> Basically, I agree with dividing the whois record into the Holder
> contact and the OPoC contact parts as proposed in the Preliminary Draft.
> Furthermore, I see three distinct modes in which to access the whois
> data
>
> Access Modes
> ------------
>
> a) 'Exposed' mode; data is publicly visible when visiting the whois page
> (much like it works now).
>
> b) 'On-Request' mode; data is still publicly accessible but obtainable
> solely via explicit request sent to the registrar that will send the
> requested data back to the requester's email address. In this case the
> request (email, IP?) could be logged. The access should avoid automatic
> data harvesting and make data access more difficult for
> spammers/scammers.
> The 'request-response' mechanism could be improved by requiring to input
> an image-code before sending the request, and/or an email confirmation
> by the requester prior sending the requested data from the registrar
> back to the requester.
>
> c) 'Locked' mode; data is inaccessible to public but obtainable on
> behalf of explicit eligible requests (subpoena, law enforcement) from
> registrar (or thick registry).
>
> WhoIs Data
> ----------
>
> 1. Holder Part
> Holder may at his/her own discretion publish all data (Holder's full
> address, phone number and email address), but also
>
> a) if Holder is an individual or a non-com organization then he/she may
> just publish the name and country/state (short form), or to suppress
> data publication at all. In such a case the whois record would contain
> (in the Holder's part) just an assigned Holder's ID.
> The fact that the Holder is an individual or a non-com org could be
> specified during the domain registration.
> All three 'Exposed', 'On-Request', and 'Locked' access are applicable
> here.
>
> b) if Holder is a commercial organization then the necessary minimum of
> data published is company name and country/state (but, perhaps, more).
> Only 'Exposed' access mode is applicable here.
>
> 2. OPoC Part
> OPoC contact part could contain full contact information (including
> address, phone, and email). However, not all data would be directly
> exposed to the public (e.g., phone and email).
> The 'Exposed' and 'On-Request' access modes are applicable here.
> However, for commercial companies, all OPoC entries should be 'Exposed',
> except email that could be 'On-Request' (anti-spam precaution).
>
> As for the granularity of the access modes, one (extreme) possibility is
> to allow to set up specific access mode for each data entry (address,
> phone, email, etc.); or to specify a set of blocks each sharing the same
> access mode, etc.
>
> A whois record could look like
>
> a) Individual Holder (opting the private whois form)
>
> I. variant                          II. Variant
> ----------                          -----------
> HOLDER CONTACT [Locked]             HOLDER CONTACT [Locked]
> Holder ID: 4523857                  Holder ID: 4523857
>
> OPERATIONAL CONTACT                 OPERATIONAL CONTACT [On-Request]
> Name: MyPrivacy Company Ltd.        OPOC ID: 44323578
> Postal Address: My Street 123
> City: My City
> State/Region: My State
> Country: My Country
> Phone: [On-Request]
> Fax: [On-Request]
> Email: [On-Request]
>
> b) Commercial company Holder (opting the maximum allowable private form)
>
> HOLDER CONTACT
> Name: MyComm Company Ltd.
> State/Region: My State
> Country: My Country
> <perhaps more>
>
> OPERATIONAL CONTACT
> Name: MyContact Company Ltd.
> Postal Address: My Street 123
> City: My City
> State/Region: My State
> Country: My Country
> Phone: +121546589
> Fax: +121546589
> Email: [On-Request]
>
> Obviously, the more data specified in the Holder part the more eligible
> the com-company could be treated as.
>
> And, of course, I suppose the full Holder's and OPoC's contact data are
> stored somewhere at registrar.
>
> Dominik

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827