WHOIS Task Force 3 Teleconference January 14, 2004 - Minutes ATTENDEES: GNSO Constituency representatives: Intellectual Property Interests Constituency - Brian Darville - Chair: Intellectual Property Interests Constituency - Terry Clark Registrars Constituency - Ross Rader Non Commercial Users constituency - Frannie Wellings Internet Service Providers and connectivity providers Constituency - Greg Ruth gTLD Registries constituency: - Ken Stubbs At-Large Advisory Committee (ALAC) liaisons: Vittorio Bertola GNSO Secretariat: Glen de Saint Géry Absent: ICANN Staff Manager: Barbara Roseman Commercial and Business Users constituency - Sarah Deutsch Intellectual Property Interests Constituency - Kiyoshi Tsuru Brian Darville proposed the following agenda: 1. ccTLDs Questions from Brian Darville 2. Questions from Sarah Deutsch 3. Identifying other companies to check their data verification procedure Item 1. ccTLDs Questions from Brian Darville Brian Darville referred to the draft ccTLD Questionnaire he sent to the task force list : The GNSO's WHOIS Task Force #3 is chartered with reviewing the current ICANN whois policy regarding the accuracy of collected WHOIS data. Toward that end, we are interested to know what procedures various ccTLDs employ relating to the accuracy of collected WHOIS data. It would be very helpful if the ccTLDs who will be part of your survey could provide information (including links and copies) concerning the following points, which are of particular interest: a) What steps do you currently take to verify the accuracy of collected WHOIS data? b) What if any staff members do you employ who have responsibility for verifying the accuracy of collected WHOIS data? c) What if any automated processes do you use or employ to verify the accuracy of collected WHOIS data? d) At what stage in the domain name registration process do you verify the accuracy of the collected WHOIS data? e) What steps, if any, do you take upon learning that submitted WHOIS data is inaccurate or false? f) Do you employ or retain any outside services for the verification of the accuracy of collected WHOIS data? If so, what is the approximate cost of such services and how are they priced? It was suggested that Sarah Deutsch's 8th question be added to the list. 8. Do you have a process in place for receiving reports of inaccuracies or fraud? What is that process? Ken Stubbs suggested contacting other ccTLD regional organizations. Ken Stubbs mentioned a recent Australian Government bill on tightening the rules for domain names as a result of fraud and commented that there were perhaps laws in other countries that impacted domain names registered in their own ccTLD space as opposed to the administrative policy by the ccTLD management. Brian Darville suggested adding a question: What laws and regulations do you currently have in place regarding the accuracy of WHOIS data? Summarize those rules and regulations. The questions were approved by the task force. Brian Darville suggested contacting the GNSO Council ccTLD liaison concerning a wide distribution of the questions. Item 2. Sarah Deutsch's questions: Brian Darville referred to the following list of general survey questions for other industries regarding their handling the accuracy of data in online transactions submitted by Sarah Deutsch. 1. What steps do you take to verify the accuracy of data that is submitted to your company as part of an online transaction? 2. How do you ensure that the customer's name, address and other identifying information is correct? 3. Do you rely on a web GUI, template or other up front screening mechanism to encourage the accurate listing of identifying information? 4. Do you use credit card information and passwords to verify the accuracy of the customer's identity and the legitimacy of the transaction? 5. Do you believe these systems work to provide your company with a warning about inaccurate data or potential frauds in online transactions? 6. Do you use in-house capabilities or retain outside services to provide verification services? What are the approximate costs? 7. What steps do you take when you learn that your customer data may be inaccurate or instances of fraud are reported? 8. Do you have a process in place for receiving reports of inaccuracies or fraud? What is that process? There was general consensus on the questions and they were approved. Item 3: Identifying other companies to check their data verification procedure Brian Darville referred to the following list he submitted of several industries, companies and other sources that might be surveyed in connection with data gathering regarding WHOIS data accuracy practices by other online service providers. 1) Telecommunications/Cellular - AT&T, Verizon, Sprint, British Telecom, Nortel 2) Banking/Financial Services - VISA, American Express, Citi Bank, [European and other International Financial Services Companies] 3) E-Bay, Paypal, Amazon 4) Verisign 5) Travel: Expedia, Travelocity 6) News: CNN, New York Times, Wall Street Journal, Washington Post.com, London Times Online 7) UN Centre for Trade Facilitation and Electronic Business www.unece.org/cefact 8) ENUM Project previously circulated by Sarah Deutsch Ken Stubbs commented that Banking/Financial Services were off scale relative to what was required from the task force. It was suggested that the cellular telephone industry should be surveyed. Ross Rader commented that surveying a bunch of multi-national enterprises was not going to give a broad understanding regarding what was happening in the internet services industry. The scale was very different and the practices were going to be very different so it was difficult to see how they would be relevant in best practices. What the typical operator was experiencing was considered to be of greater value. There was discussion on going to a specific registry, rather than registries in general. It was suggested that all the registries be surveyed and Ken Stubbs volunteered to assure the registry cooperation. Ross Rader suggested that would be helpful to identify local and regional companies that provided Internet services and undertook to find the necessary information so that they could be included as another category. Terry Clark would take on looking at the available data in the UN Centre for Trade Facilitation and Electronic Business www.unece.org/cefact and the ENUM Project Ross Rader suggested also contacting Richard Shockey as the chair of the ENUM working group rather than relying on unofficial internet-drafts which while publicly available, typically do not have official standing. It was proposed that Ken Stubbs find information on cellular telephone companies to include in the survey. Next Call: 1. Brian Darville: circulate revised list of companies adding Internet Service Providers and web hosting companies. Deadline Friday 16, January 2. Ross Rader: Provide information on pingid.com 3. Terry Clark to summarize UN Centre for Trade Facilitation and Electronic Business www.unece.org/cefact ENUM Project material for the task force. Deadline Friday 23, January 4. Respond to the circulated revised list e-mail where task force members have contacts that they could focus on to in the relevant company to get the relevant information. 5. Finalize the survey and the companies. Brian Darville thanked everyone for their presence and participation and ended the call at 16:50 UTC. Next call: Wednesday 21 January 15:00 UTC, 10:00 EST, 7:00 Los Angeles, 16:00 CET. |