WHOIS Task Forces 1 and 2 minutes

WHOIS Task Forces 1 and 2 Teleconference 21 September, 2004 - Minutes

ATTENDEES:

GNSO Constituency representatives:
gTLD Registries constituency: - Jeff Neuman - Co-Chair
Registrars constituency - Jordyn Buchanan - Co-Chair
gTLD Registries constituency - David Maher
Registrars constituency - Paul Stahura
Registrars constituency - Tom Keller
Intellectual Property Interests Constituency - Steve Metalitz
Liaisons:
At-Large Advisory Committee (ALAC) liaisons - Thomas Roessler


ICANN Staff Manager: Barbara Roseman
GNSO Secretariat: Glen de Saint Géry

Absent:
Commercial and Business Users constituency - Marilyn Cade, apologies
Commercial and Business Users constituency - David Fares
Internet Service and Connectivity Providers constituency: - Antonio Harris, apologies
Internet Service and Connectivity Providers constituency - Maggie Mansourkia, apologies
Intellectual Property Interests Constituency - Jeremy Banks, apologies
Intellectual Property Interests Constituency - Niklas Lagergren, apologies
Amadeu Abril l Abril
Non Commercial Users Constituency - Milton Mueller - apologies
Non Commercial Users Constituency - Marc Schneiders - apologies
At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer

MP3 recording

Jeff Neuman introduced the topic "Conspicuous notice" which stemmed out of a task force 2 requirement
Steve Metalitz summarized the task force 2 data analysis on consent stating that the Registrars Accreditation Agreement said that registrars were supposed to tell registrants what use would be made and who would have access to Whois data and obtain the registrants consent. The task force 2 asked registrars how they obtained consent from registrants but unfortunately did not receive much information to the questionnaires. The ICANN staff also did a survey looking at the websites of a number of registrars. Most registrars were including the statement of consent in a very large user agreement with many other provisions. A summary of the results of survey conducted by ICANN staff stated that 2 registrars obtained specific consent from registrants via Registration Agreements but when task force members looked at these it appeared that they were being asked to a consent to a whole user agreement. In terms of the questionnaire some European registrars stated that customers were not required to give express consent in terms of their local law.
Concerns:
- some registrars were not obtaining the consent the Registrars Accreditation Agreement (RAA) required of them
- should something be done to bring this issue more to the attention of registrants and should it be sufficient to have this as one of many terms in the user agreement
or should there be one click that says" I agree"
At that level it would be fairly straight forward.
Should ICANN require or encourage registrars to obtain specific consent from registrants on the issue of user Whois data.

Jeff Neuman asked whether separate consent could be a click through button or some mechanism like that

Jordyn Buchanan stated that the TF 3 initial report mentioned 3 specific recommendations on which the task force reached consensus:

ICANN should:
a) incorporate compliance with the notification and consent requirement (R.A.A. Secs. 3.7.7.4, 3.7.7.5) as part of its overall plan to improve registrar compliance with the RAA. (See MOU Amendment II.C.14.d).
b) issue an advisory reminding registrars of the importance of compliance with this contractual requirement, even registrars operating primarily in countries in which local law apparently does not require registrant consent to be obtained.
c) encourage development of best practices that will improve the effectiveness of giving notice to, and obtaining consent from, domain name registrants with regard to uses of registrant contact data, such as by requesting that GNSO commence a policy development process (or other procedure) with goal of developing such best practices.

(c) could be a focus of the work:
develop best practices for separate consent to be obtained,
discuss various mechanisms that might be useful,
or having an implementation team look at how it could best be done

Jordyn Buchanan went on to say that there could be a variety of ways of approaching the issue from specific language to results orientated mechanisms which would allow the registrant to understand what they had consented to

Tom Keller commented that it was important to define a standard form that could be used by all registrars and displayed uniformly. However,
- what would the consequences be if the box were not checked?
- would there be one notice or differentiation between bulk Whois Regular Whois, options on the amount of data ?

Jeff Neuman mentioned that it could be in the form of a "Whois policy" just as there are privacy policies
Tom Keller mentioned that it would be a problem for example in Germany, it could not be a yes or no as checking a box to buy a product would be feasible but does not work in privacy matters. There must be an option.

Most European Registrars do not do anything because they are trying to abide by the ICANN regulations

If the check box is taken to conspicuous notice level, the box would be checked meaning that the notice had been read but not necessarily agreed to
Jeff Neuman said the check box could be any form as long as it was an affirmation that the notice had been read.

Steve Metalitz commented that consent for the purpose of the Registrar Accreditation Agreement was different from consent according to international law
Jeff Neuman commented that the issue was breaking out "notice" from "consent".
Looking at the "notice" aspect and deal with "consent" later in the call or on the next call

Jeff Neuman referred to the definition of "conspicuous" used in the United States:
Section 1-201 of the UCC defines "Conspicuous" as:
"A term of clause is conspicuous when it is so written that a reasonable person against whom it is to operate ought to have noticed it. A printed heading in capitals is conspicuous. Language in the body of a form is "conspicuous" if it is in larger or other contrasting type or color. Whether a term or clause is "conspicuous" or not is for decision by the court. Conspicuous terms include the following: (A) a heading in capitals equal to or greater in size than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same or lesser size; and (B) language in the body of a record or display in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from surrounding text of the same size by symbols or other marks that call attention to the language."

Jeff Neuman commented that there could be two different ways of presenting the notice:
- as part of the registrars accreditation agreement
- as a separate Whois policy

Barabra Roseman raised the following issues :
- If too prescriptive, difficult to determine how conspicuous notice would be provided
- Compliance aspect - how would it be anticipated that ICANN would enforce compliance - should every reseller be checked - how would non web-based registrations be handled
The more prescriptive the more difficult the issues becomes with regard to the amount of work for ICANN, whether every reseller should be checked, how to deal with non web-based registrations.

Paul Stahura commented that form a practical point of view it would be difficult to get companies to put a check box unless it were part of the registration agreement and suggested that by changing the registration agreement or the Whois output the policy would reach more registrants.

Jeff Neuman stated that the findings in tf 2 were that in most agreements notice was not adequate and the requirement was that some sort of conspicuous notice be provided to the registrants on the Whois policy above and beyond current practices.
Steve Metalitz stated that the word conspicuous was not used in tf 2 but the ft suggested that it should be best practices to improve the effectiveness of giving notice to the registrant.
Paul Stahura was in favour of changing the text so there would be one, rather than multiple check boxes

Steve Metalitz suggests that if the new policy goes into effect, the registrars need to notify ICANN of what they are doing to comply
Jordyn Buchanan suggests enforcement side in a separate conversation from the actual mechanism side
Thomas Roessler suggested:
- a separate agreement for consent to publication of data on privacy as may be required by law,
- link not a good idea for conspicuous notice as people would not read it
- a success measurement for the policy such as a random sample of registrars, questions involving their data and what they know will happen to their data before the policy becomes effective and a random sample of new registrars after the policy has become effective
- have Whois output in the notice and not the notice in the Whois output.

Jeff Neuman referring to Marilyn Cade's e-mail would it help to ask legal experts, perhaps from other countries what conspicuous meant.
David Maher did not feel legal experts were necessary.
Steve Metalitz agreed that legal experts were not necessary and repeated that the task force did not use the term conspicuous but rather looked for ways to better inform people and get their agreement to the policy.
Suggested addressing the issues related to people registering with other methods than web based.

Jeff Neuman commented that people could not be forced to read agreements.
To "have done your job" is accepted and legal experts could clarify what what it means in different countries to have done your job.

David Maher suggested a practical approach to the a definition of conspicuous.
Paul Stahura if information was the aim the notice should be put it in the Whois output, if agreement was the aim, it could be there in bold text
Jordyn Buchanan felt that it was not a legal issue, but that it would be useful to bring in usability experts to advise on presenting the information in meaningful way to the user.

Summary of ideas for improving the ways of giving notice and getting consent from registrants:
- check box
- changing the Whois output
- a deferent type of print, all caps, bold etc in the Registration agreement/Whois output
- a separate link to a description of a few key issues relating to privacy issues/separate section on privacy issues


Next steps:
- Use mailing list to express views
- Discuss options - why you support them, why you do not support them
- Consider usability experts
- Legal experts because it is legal
- Post the text of what should be conspicuous

Jeff Neuman and Jordyn Buchanan thanked everyone for their presence and participation.
The call ended at 12:15 EST, 18:15 CET

Next Call: 28 September 2004
see: GNSO calendar