WHOIS Task Forces 1 and 2 Teleconference August 03, 2004 - Minutes

ATTENDEES:

GNSO Constituency representatives:
gTLD Registries constituency: - Jeff Neuman - Co-Chair
Jordyn Buchanan - Co-Chair
gTLD Registries constituency - David Maher
Commercial and Business Users constituency - David Fares
Commercial and Business Users constituency - Marilyn Cade
Internet Service and Connectivity Providers constituency: - Antonio Harris
Internet Service and Connectivity Providers constituency - Maggie Mansourkia
Registrars constituency - Paul Stahura
Registrars constituency - Tom Keller
Intellectual Property Interests Constituency - Steve metalitz
Non Commercial Users Constituency - Milton Mueller

Liaisons:
At-Large Advisory Committee (ALAC) liaisons - Thomas Roessler

ICANN Staff Manager: Barbara Roseman
GNSO Secretariat: Glen de Saint Géry

Absent:
Amadeu Abril l Abril
Intellectual Property Interests Constituency - Jeremy Banks
Intellectual Property Interests Constituency - Niklas Lagergren
Non Commercial Users Constituency - Marc Schneiders

MP3 Recording

Agenda

(1) Review Activities in Kuala Lumpur
(2) Selection of chair for TF 1 and TF2
(3) Select priority recommendations for further work - e.g. registrant consent, tiered access
(4) Break into sub-groups to develop reference implementations
* e.g. registrant consent * Tiered access (break into two subgroups
- what data is in each tier
- how to accredit/identify users of tier 2
(5) AOB

(1) Review Activities in Kuala Lumpur

Jeff Neuman suggested keeping in mind the GNSO Council advice, given in Kuala Lumpur, taking a step by step process aimed at getting out improvements regularly.
Prioritize the recommendations that :
(1) have the best consensus,
(2) provide a tangible improvement for the Internet community, and
(3) are likely to be implementable within the short term (months rather than years)"

- Whois task forces one and two combine and work together, in particular looking at the tiered access option and developing further up-front advice to registrants about their obligations and the fact that none of the data becomes public
- the work output of the two groups, combined Whois task forces one and two and Whois task force three, be combined before next going out to public comment.
Jeff Neuman referred to Steve Metalitz's email on prioritization
The merged task force could make a useful contribution by finding out more about the costs (in terms of time, money, and other resources) and the reliability of the available methods for achieving this.

Marilyn Cade reported that there had been an exchange between the GAC and the GNSO, on how to work together, the process needed and how best to exchange information working within the constraints of the GAC. The GAC working group is headed by Suzanne Sene with 2 members per region. Governments for the most part, cannot provide comments during the public comment period. Individual governments are restricted by what information they can give, thus the more informal exchanges through the GAC working group would be very useful. The GAC could provide advice on a final document.
A conference call with the GAC working group was proposed for September.

Jeff Neuman commented that the aim was to reach consensus as a task force.

(2) Selection of chair for TF 1 and TF2

The preference was for co-chairs. Jeff Neuman and Jordyn Buchanan accepted to co-chair the combined task force 1 and 2.

(3) Select priority recommendations for further work - e.g. registrant consent, tiered access

Work through Bruce Tonkin's decision tree as a guideline

Task force 1 and 2 review recommendations in 2 reports and come up ways with ways to move forward. Implementation analysis, reference implementation, implementatbility,standardization, best practices, funding models for additional costs.
Tiered access consisted basically of two tiers
- tier one basic data accessible to anyone (tf 1 touched on this in a footnote: sensitive data and non sensitive data)
- tier two - complete set of data that may or may not need authentication for access

After identifying what data is in each tier, the requestor should identify himself to the whois provider.
Tf 1 discussed 2 models.
Both models could operate at the same time:
(1) central white list approach,
(2) distributive model where each registrar could have his own model
Work needs to be done recommendation of tf1 can only be done at a tier two level

If tiered access were decided on, there were two options to consider: centralized or distributed, then to log or not, what to do with the information, notify registrant immediately, sometime after. Whatever policies were decided on measurement levels should be worked out. How would it be enforced and how would compliance be measured.

Steve Metalitz said the concern lay in what the feasibility would be of changing the system to one in which access to that tier would no longer be on an anonymous basis but that identity had to be authenticated as in the cases where some of the data was needed by law enforcement etc.
Milton Mueller emphasized that first a decision had to be made if tiered access was wanted or not and then decide about the costs and the implementation.

Marilyn Cade emphasized the need to better understand cost implications to move to a significant system change. Feasibility examination is important before issues go to Council.
Paul Stahura asked how the information would get to the registrants.

Where could consensus be reached - Look at the low hanging fruit:

(1) Conspicuous notification to, and obtaining consent from, registrants re availability of Whois data. (See TF 2, recommendation 1.)
Questions to be explored:
- what does it mean to give conspicuous notice, even some disagreement in the legal community.
- how does one obtain consent from the registrants, default consent or more
- when should the registrant be informed

Marilyn Cade added that if information should be given to the registrant, possibility of a standardized notice form should be examined.

Milton Mueller expected to move forward rapidly so that the issue did not cloud other issues and was willing to compromise as long as other constituencies were also willing to compromise on the real issues of Whois reform.

Jeff Neuman recommends sub group to look at above issues what legal experts should be brought in to explain what was meant by conspicuous notice, national laws.

(2) Establishing a process for handling (and, if possible, resolving) cases of conflict between applicable national privacy laws and ICANN contractual obligations with regard to Whois. (See TF 2, recommendation 3, and TF 1, recommendation 3.)
Steve Metalitz commented that within tf 2 there was some agreement about establishing a process for a thick registry when it believed that local privacy laws legally prevented it from complying with contractual obligations. The emphasis being on process and not delving into the laws.

Milton Mueller disagreed that it was low hanging fruit, very complicated problem, could not be easily handled in the current framework

Marilyn Cade commented that system change took a long time and suggested taking small steps towards a system wide change.
Jordyn Buchanan commented that if the situation did arise where a registrar was notified of local law regulations, there should be a way of working through this with ICANN.

Marilyn Cade suggested requesting a status report in a briefing from ICANN staff, to both the combined task force and task force 3, on what had been implemented from the previous Whois task force recommendations (http://www.icann.org/minutes/prelim-report-27mar03.htm.) and the timeframes for the unimplemented recommendations.

Steve Metalitz proposed conducting further research on proxy services as proposed by task force 2 in 3 .2
"further research should be conducted on the use of “proxy registration services” within the framework of Sec. 3.7.7.3 of the RAA, including but not limited to the following issues:
- the rate of uptake of such services,
- their cost, and consumer response to them;
- what steps are taken to ensure the proxy service provider collects (or has immediate access to) accurate, complete and current contact information on all registrants taking advantage of such services?
- the circumstances under which contact information of the actual registrant is disclosed pursuant to the RAA provision (i.e., the “evidence of actionable harm” scenario)
- and the consequences of such disclosures; how registrants are notified when the withheld data is released to third parties;
- the impact of such services on registrar portability; scalability of such services;
- concerns raised by customers regarding disclosure of data;
- complaints about registrar proxy or 3rd party proxy services, including complaints to or by law enforcement officials;
- contractual terms between registrants and proxy services.
- effect of proxy situations on the stability of domain name registrations
– what happens when a proxy goes out of business, and the “actual” registrant is unknown to the registrar?
- Usefulness of proxy services to enable anonymous free speech.

The results of such research could be used to: develop a set of best practices for the operation of such services; and/or initiate a policy development or other appropriate process toward changing the terms of Sec. 3.7.7.3, if warranted.
Further work should also be conducted on the feasibility of requiring registrars to provide e-mail forwarding services to registrants, and the impact of such a requirement upon registrant privacy and contactability. As a first step, the research agenda outlined above could be expanded to study the operation of such services to the extent they exist today."

There was some disagreement in the group whether further research into proxy services would be of use and what the task force could achieve by studying the question further. Steve Metalitz commented that it was in the current system but there was no knowledge of how it was working.

(3) Investigating the implementability of methods for identifying/authenticating Whois requesters.
It could be considered as a good place to start on the further exploration of tiered access.
Two sub-issues were identified:
- making available some data while other data was not available
- what would it take to identify people requesting data and authentifying them

(4) Full data versus basic data
Deciding what data should be displayed

Economic feasibility at a high level based on a standard should be examined.

Requirements/expectations for a tiered access model and then the feasibility could be discussed
Discussions on feasibility are useful but feasibility should not determine the complete policy at the current stage.
The Business and Intellectual Property constituencies were among those which felt that further work was needed on feasibility.

Jeff Neuman summed up:
Further action:

Jeff Neuman and Jordyn Buchanan thanked everyone for their presence and participation and ended the call at 11:15 EST, 17:15 CET