[registrars] Draft WHOIS task force terms of reference

["Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>]

Hello All,

For those that haven't been following the WHOIS policy work lately, here
is a short summary.

- the ICANN Board accepted 4 recommendations from the GNSO Council on 27
March 2003 that related to reminding registrants of WHOIS data and
restricting bulk access data for use in marketing, and 

- Louis Touton (ICANN staff at the time) produced an issues report on 13
May 2003
http://www.icann.org/gnso/issue-reports/whois-privacy-report-13may03.htm

- The GNSO Council created three WHOIS task forces in October 2003 to
consider:
(1) Restricting access to WHOIS data for marketing purpose
(2) Review of data collected and displayed
(3) Improving Accuracy of collected data 

Each of these task forces have given the matter careful consideration,
and the GNSO Council decided recently to combine all three task forces
into a single new task force that is focussed on the issues that are
currently being discussed.

Below is a fresh draft of the terms of reference for the WHOIS task
force for discussion at the Council meeting on 12 May 2005.

I welcome comments on the draft terms of reference, and of course on
proposed solutions for each of the issues identified.

Regards,
Bruce Tonkin



Draft of Terms of Reference for WHOIS task force

ICANN's mission is to maintain the stability and security of the
Internet's unique identifier systems, while fostering competition where
appropriate to give Internet users greater choice at optimal cost.
Within the context of this mission, ICANN has agreements with gtld
registrars and gtld registries that require the provision of a WHOIS
service via three mechanisms: port-43, web based access, and bulk
access.   The purpose of the WHOIS service as contained in the Registrar
Accreditation Agreement (RAA) is to provide accurate technical and
administrative contact information adequate to facilitate timely
resolution of any problems that arise in connection with the Registered
Name.  A registrar is also required in the RAA to take reasonable
precautions to protect Personal Data from loss, misuse, unauthorized
access or disclosure, alteration, or destruction.

The goal of the WHOIS task force is to improve the effectiveness of the
WHOIS service in maintaining the stability and security of the
Internet's unique identifier systems, whilst taking into account where
appropriate the need to ensure privacy protection for the Personal Data
of individuals that may be Registered Name Holders, or the
administrative or technical contact for a domain name.

Tasks:

(1) Review the current purpose of WHOIS, and determine whether it should
be refined in the context of ICANN's mission and the changing nature of
Registered Name Holders.
"The purpose of WHOIS is to provide accurate technical and
administrative contact information adequate to facilitate timely
resolution of any problems that arise in connection with the Registered
Name"

(2) Define the purpose of the technical and administrative contacts, in
the context of the purpose of WHOIS, to improve the accuracy and
relevance of the data collected.

(3) Determine what WHOIS data elements should be available for public
access that are needed to maintain the stability and security of the
Internet.  Determine how to access data that is not available for public
access.   The current elements that must be displayed by a registrar
are:

- The name of the Registered Name;

- The names of the primary nameserver and secondary nameserver(s) for
the Registered Name;

- The identity of Registrar (which may be provided through Registrar's
website);

- The original creation date of the registration;

- The expiration date of the registration;

- The name and postal address of the Registered Name Holder;

- The name, postal address, e-mail address, voice telephone number, and
(where available) fax number of the technical contact for the Registered
Name; and

- The name, postal address, e-mail address, voice telephone number, and
(where available) fax number of the administrative contact for the
Registered Name.


(4) Determine how to improve the process for notifying a registrar of
inaccurate WHOIS data, and the process for investigating and correcting
inaccurate data.  Currently a registrar "shall, upon notification by any
person of an inaccuracy in the contact information associated with a
Registered Name sponsored by Registrar, take reasonable steps to
investigate that claimed inaccuracy. In the event Registrar learns of
inaccurate contact information associated with a Registered Name it
sponsors, it shall take reasonable steps to correct that inaccuracy."