WHOIS TASK FORCE 2 |
1. Introduction
1.1 Previous Discussion
1.2 Genesis of the Task Force
1.3 Terms of Reference
1.4 Overview of Recommendations
2. Findings on each issue
2.1 Notification and Consent
2.2 Proxy Registrations
2.3 Local Law
2.4 Collection of Data
2.5 Publication of Data
3. Recommendations
3.1 Notification and Consent
3.2 Proxy Services
3.3 Local Law
3.4 Collection of Data
3.5 Publication of Data
4. Impact of recommendations
5. Outreach efforts
6. Task force vote
6.1 Public Comments on Terms and Conditions
6.2 Data Gathering Process
Appendix A – Data Analysis
I. National laws and regulations
II. Current practices by registrars, registries, and resellers
A. Current data gathered and displayed, by TLD
B. Existing proxy registration or anonymization services
III. Current Use of Whois Data
The WHOIS service dates back at least to 1985 and, as defined in RFC 954, provides a “directory service to Internet users”. Today the WHOIS “directory” includes contact information for tens of millions of domain names, and is used for a wide variety of purposes by network operators, business of all kinds, law enforcement, consumer protection agencies, and members of the public. Through its contracts, ICANN requires registries and registrars to gather and display both technical information and contact details for all registrants. As an increasingly diverse range of both registrants and WHOIS data users have begun making use of the domain name system in recent years, situations have arisen where a registrant’s contact information may be considered sensitive, and calls have been made for better privacy protections within the WHOIS system. This Task Force was chartered to examine the manner in which data is both collected and displayed. We make a number of recommendations that allow the WHOIS service to continue to serve its valuable contactability function, while providing protection for the privacy needs of domain name registrants where appropriate.
WHOIS has been a topic of interest and focus for ICANN since its early days. Following up on the work of a WHOIS Committee convened by ICANN staff to give advice on implementation of WHOIS for the .com/.net/.org domains as required under the RAA, the DNSO (Domain Name Supporting Organization, the precursor to the GNSO) created a Names Council committee. Based on the recommendations of that committee, the DNSO created a task force, with the terms of reference: “Consult with the community with regard to establish whether a review of questions related to ICANN’s WHOIS policy is due and to recommend a mechanism for such a review”. This initial task force was originally composed of representatives from all constituencies, including the ccTLDs and the General Assembly, and was later expanded to include up to three representatives of each of the constituencies of the DNSO and of the General Assembly. The task force launched a survey of WHOIS and its use, analyzed the responses, and prepared a report that included both consensus policy recommendations and other considerations for the Council to consider in further policy work. The survey finding and analysis, and initial Task Force’s membership can be found at http://www.dnso.org/dnso/notes/20021015.NCWhoisTF-interim-report.html and the Task Force's membership at http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00000.html.
In order to meet its mandate of consulting broadly with the community, in addition to the survey and analysis of the responses, the initial task force undertook extensive outreach to various experts and groups, in order to inform and provide additional input to the task force, including consultation within the constituencies and General Assembly. Consultation via conference calls were held with experts from ccTLDs, IETF leadership, the Security and Stability Advisory Committee regarding its report on the impact of WHOIS on security and stability of the Internet; two presentations were hosted with .name and the IETF CRISP working group. Transcripts of these conference call consultations were provided and are available in the DNSO archive. In the course of the work of the Task Force, workshops were also held to brief Council, the Board and the community; these workshops included both reports on the work of the Task Force and its findings, and also on the expert input the Task Force was receiving, including questions related to privacy and accuracy of data.
A final policy report was prepared on November 30, 2002. Public comments were solicited until December 8, 2002, and a (revised) final Policy Report published in December, 2002, proposing both consensus policy and enhancements in ICANN’s enforcement of existing obligations in two areas: Accuracy and Bulk access.
Further work was recommended for both areas and on searchability and consistency of data elements across all TLDS. At its Amsterdam meeting, the Council discussed the task force report and reopened the report for further comment by constituencies and the community. Also at the Amsterdam meeting, the Council also established an Implementation Committee with a deadline of January 31,2003.
The initial WHOIS task force recommended a number of consensus policies that were, after revision by the Implementation Committee and review by the task force, adopted by the GNSO Council and the ICANN board:
- WHOIS Data Accuracy
- WHOIS Data Reminder Policy
- Interaction between deletions of domain names due to inaccurate WHOIS data and the the Redemption Grace Period.
- Bulk Access
- Use of Bulk Access WHOIS data for marketing purposes should not be permitted, regardless of the medium used for marketing.
- Users who license bulk access to WHOIS data must agree not to sell or redistribute the data except as included in “value-added products” that do not permit extraction of a significant portion of the data. (I.e., the clause specified in RAA 3.3.6.5 is now mandatory.)
The recommendations of the initial task force included the continuance of work by Council in several areas.These were not presented as consensus policy but as recommendations to Council for consideration in the further work of Council related to WHOIS.
The final consensus policy recommendations, and other findings of the initial task force, can be found in the Final Report of the GNSO Councils WHOIS TF on Accuracy and Bulk Access, Feb. 6, 2003 approved by the Council, and forwarded to the ICANN Board on 20 February 2003.
The Implementation Committee report can be found at http://www.dnso.org/clubpublic/nc-impwhois/Arc00/msg00057.html. The Council received the Implementation Committee report and included its recommendations in the final Report forwarded to the Board 20 February 2003.
Following the work and recommendation of the initial WHOIS task force, the Council discussed how to proceed on WHOIS issues. The Council did not consider the further recommendations of the initial task force definitive, and thus, there may appear to be something of a discontinuity between the recommendations for further work provided by the initial WHOIS task force and the ongoing GNSO task force work on WHOIS. Some areas suggested by the previous task force are being addressed, and some are pending.
The Council was divided on how to proceed in addressing next stages of work on WHOIS, with some members preferring to focus on the recommendations from the Task Force for next stages of work, and others primarily concerned about privacy aspects of WHOIS. At its meeting in Rio de Janeiro, Council decided to ask ICANN staff to prepare a staff manager's report on WHOIS privacy that would consolidate reports received from the WHOIS Task Force and NCUC. The Council also agreed to schedule discussion of remaining accuracy issues for six months after the implementation of the WHOIS recommendations before the board in Rio de Janeiro, or until completion of the policy development process on privacy, whichever comes first. As suggested in the Staff Manager's Issues Report on Privacy Issues Related to WHOIS, the Council decided to create a WHOIS Privacy Steering Group, in order to examine what issues should be addressed by further WHOIS task forces of Council. Council also requested the ICANN President to organize a workshop for the Montreal meetings which should incorporate the GNSO constituencies as well as the Government Advisory Committee and other groups. The WHOIS Steering Group attempted to identify a neutral chair, but given time constraints, the group agreed to conduct their work with Bruce Tonkin, the chair of Council, as the Chair of the group. The group included members from all constituencies, liaisons from ALAC, ccTLDs, GAC and Council members appointed by the Nominating Committee.
The group worked to identify priorities for the community based on a review of the constituencies and the stakeholders perspectives. This work provided the basis for Council’s chartering of further Task Force work on WHOIS.
The Privacy Steering Group held several conference call meetings, and met face to face at ICANN meetings. Parallel to the steering group’s work, ICANN hosted two workshops in Montreal and Tunisia, where invited experts from key stakeholder groups were invited to present. Presentations were invited from all constituencies and the At Large Advisory Committee. Participants included the OECD, the U.S. Federal Trade Commission, the US Department of Justice, the European Commission, WIPO, data privacy experts from Europe, industry experts in intellectual property issues affected by WHOIS, and ccTLD managers who were invited as experts on how particular issues are dealt with within their ccTLD.
The Council reviewed the work and recommendations of the original TF, and the WHOIS Privacy Steering Group, as well as the public comments and workshop presentations and the formal decision of the At-Large Advisory Committee to raise the review of data elements collected and displayed as an issue for policy development, and decided to create a new PDP related to WHOIS policy. The Council was divided on how best to address the work and after much debate, decided to launch three simultaneous task forces on WHOIS, with the assumption that the alignment of recommendations will take place in Council. WHOIS Task Forces 1 and 2 were launched on 22 October 2003 and Whois Task Force 3 on 23 October 2003; the Descriptions of Work (DOW) of each Task Force is available at:
WHOIS Task Force 1 | |
WHOIS Task Force 2 | |
WHOIS Task Force 3 |
The purpose of this task force is to determine:
a) What the best way is to inform registrants of what information about themselves is made publicly available when they register a domain name and what options they have to restrict access to that data and receive notification of its use?
b) What changes, if any, should be made in the data elements about registrants that must be collected at the time of registration to achieve an acceptable balance between the interests of those seeking contact-ability, and those seeking privacy protections?
c) Should domain name holders be allowed to remove certain parts of the required contact information from anonymous (public) access, and if so, what data elements can be withdrawn from public access, by which registrants, and what contractual changes (if any) are required to enable this? Should registrars be required to notify domain name holders when the withheld data is released to third parties? If registrants have the ability to withhold data from public anonymous access, will this increase user incentive to keep the contact information they supply current and accurate.
To ensure that the task force remains focused and that its goal is achievable and within a reasonable time frame, it is necessary to be clear on what is out of scope for the task force.
Out-of-scope:
The task force should not examine the mechanisms available for anonymous public access of the data - this is the subject of a separate task force.
The task force should not examine mechanisms for law enforcement access to the data collected. This is generally subject to varying local laws, and may be the subject of a future task force.
The task force should not study new methods or policies for ensuring the accuracy of the required data, as this will be subject of a separate task force.
The task force should not consider issues regarding registrars' ability to use Whois data for their own marketing purposes, or their claims of proprietary rights to customers' personal data.
1.4 Overview of Recommendations
The task force discussions and ensuing recommendations focus on our attempt to balance the needs and rights of registrants to keep their personal information from wrongful access and misappropriation while enabling legitimate uses of the data elements and respecting the needs of those requesting access to the data.
The Task Force recommends a number of changes to current WHOIS policy that are intended to reflect this balance in a reasonable and consistent manner. These recommendations are described in detail in section 3 of this report, but are summarized below:
- More conspicuous notice to registrants by registrars, at the point of registration, of the possible uses of Whois data.
- More conspicuous notice and clarifications to registrants by registrars, at the point of registration, as to the process by which registrant data will be shared.
- Further inquiry should be made into proxy registration services provided by registrars and others in order to provide increased privacy for registrants.
- Registries and registrars should not have to violate local data protection laws in order to conform with Whois policy. If there is a conflict of law and Whois policy, a process should be in place to allow for registrars to show such conflict and make appropriate changes needed for it to conform to the respective local laws.
- The task force believes that a system that provides different data sets for different uses (also known as "tiered access") should be explored to see if it may serve as a useful mechanism to balance the privacy interests of registrants with the ongoing need to contact those registrants by other members of the Internet community, and to determine its viability, balance of interests and financial feasibility.
According to the ICANN Registrar Accreditation Agreement (RAA), Registrars are required to form an agreement with Registered Name Holders containing the following elements.
Section 3.7.7 of the RAA addresses the requirements of the Registrar/Registrant agreement, including the need for accurate and reliable registrant contact information. To the extent the notice to registrants of data elements collected and displayed are not clear or may be overlooked by registrants based on the overall length and complexity of the registration agreement, it is useful to change the format so that better notice is delivered to registrants. The task force finds that disclosures regarding availability and access to Whois data should be set aside from other provisions of a registration agreement by way of bigger or bolded font, a highlighted section, simplified language or otherwise made more conspicuous.
It follows that separate consent to the Whois disclosures is also useful. By obtaining separate consent from registrants, at the time of agreement, to the specific Whois data provisions, it would further draw attention to and facilitate better understanding of the registrar’s Whois disclosure policy.
“Proxy Services” were looked at during the Task Force's data analysis phase; see appendix A for results from that phase of the Task Force's work. Groups that submitted preliminary statements during this phase of the Task Force's work included the IPC, NCUC, ISPCP, and ALAC. ISPCP pointed to various proxy providers. IPC indicated that only little anecdotal data about how these services work in practice was available. NCUC warned that the proxy situation means that an intermediary is inserted into the contractual relationship between the “actual” registrant and the registrar, and that this party can do whatever it wants with the domain name. NCUC also pointed out that proxy services are not providing anonymity suitable to protect free speech, because of liabilities incurred by those offering these services. ALAC identified disclosure of actual registrants' identity on slight provocation as the chief problem with proxy services, and suggested that wrongdoing could be stopped without revealing actual registrants' identities. ALAC also pointed to the risks created by inserting a proxy into the contractual relationships between registrar and actual registrant.
Proxy Services were addressed in formal constituency statements by the IPC and NCUC. IPC suggested further research on the use of these services, and identified a number of issues that could be addressed in this kind of research.
NCUC specifically proposed removing sections from the Registrar Accreditation Agreement that require proxy services to disclose registrant and administrative contact data for reasons falling short of legal due process (specifically section 3.7.7.3 of the RAA), and characterized the services as “not providing true protections for privacy or freedom of expression.”
During discussion, NCUC and ALAC representatives suggested that these proxy services do not provide sufficient privacy protections, and proposed stricter protections. IPC recommended further study of proxy services, since the evidence available on the business practices of existing proxy services was insufficient.
Registrar and ALAC representatives argued that regulating the conduct of proxy services that work by registering domain names that are then sub-licensed to registrants proper would amount to generally regulating registrant conduct, and would be undesirable.
Registrar and ALAC representatives also argued that use of this kind of proxy service as a model for large-scale privacy protection would undermine basic assumptions that are at the heart of the new inter-registrar transfers policy, and would break this policy. IPC representatives suggested that further research in this area was needed.
A registrar representative pointed out that proxy services should not be considered a final solution, and that pushing registrants to a separate for-pay service may not address local privacy law concerns. It was also noted that, when provided free of charge, proxy services would effectively lead to a tiered access proposal. A registrar representative stated that his constituency may be more comfortable with a tiered access model than with proxy services, but that no consensus has yet been reached.
Related models under which registrars proxy some communication for registrants were also discussed in the context of balancing contactability and privacy: It was, for instance, suggested that registrars may provide an electronic point of contact for registrants and domain name contacts, without making the registrant's usual e-mail address publicly available.
Registrars are obligated per section 3.3 of the RAA to make available a predefined set of data elements on the whois. As this dataset might contain personal data and Registrars contracting with ICANN, to be able to provide domain name registration services, might operate under different legislation than ICANN the taskforce was mandated in the description of work for Task Force 2:
Document examples of existing local privacy laws in regard to display/transmittal of data (DOW TF2)
to investigate if this obligation might lead to problems in regard to existing privacy laws and regulations in these legislations.
After documenting and reviewing the examples of local privacy laws it is the Task Force’s finding that different nations have very different privacy laws and that the determination whether they are applicable to the gTLD WHOIS situation is not an easy one. However, situations have arisen in which privacy laws or regulations have conflicted with WHOIS-related contractual obligations with ICANN. For example, the recently revised .name WHOIS policy which had to be changed to comply with a request of the UK Data Commissioner. In the Task Force’s questionnaire the Global Names Registry stated that:
“we have changed, and may have to change in the future, the WHOIS policy to follow local regulation as it evolves and incase of successful complaints to the Information Commissioner.” (http://gnso.icann.org/mailing-lists/archives/dow2tf/msg00152.html)
The Task Force belives that there is an ongoing risk of conflict between a registrars or registries legal obligations under local privacy laws and their contractual obligations to ICANN.
Since the variety of the existing local privacy laws does not allow for a One-Size-Fits-All solution the Registrars and Registries encountering such local difficulties should be allowed an exception from the contractual WHOIS obligation for the part of the WHOIS data in question by the local regulation. after proving the existence of such a conflict with a law or regulation. In addition a procedure should be established for seeking to resolve such conflicts with local authorities as new regulations evolve in a way that promotes stability and uniformity of the WHOIS system.
Such steps will undoubtedly achieve a greater legal certainty and foster the international competition on the domain name market.
In the Description of Work, the GNSO Council asked the Task Force: "What Changes, if any should be made in the data elements about registrants that must be collected at the time of registration to achieve an acceptable balance between the interests of those seeking contact-ability, and those seeking privacy protection." Through the use of questionnaires to which constituencies and members of the public were invited to respond, the Task Force attempted to determine whether there was any consensus on the elimination or expansion of the existing data elements that are collected and disclosed via Whois.
The Noncommercial Users' Constituency (NCUC) commented that Registrars should follow well-established data protection principles before collecting extensive personal data, including name, address, phone and email for registrants and administrative contacts. NCUC felt the current data elements raise deep concerns for privacy and anonymous expression, and that Registrars should be allowed to collect this data as-needed for business purposes, but not on a mandatory basis for global publication in the WHOIS directory. ALAC's comments similarly called for limits to the collection of personal data: "What information is actually required for placing a domain name registration should be a matter of registrars' business models, and of applicable law, not of ICANN policy."
ICANN also heard calls to limit the collection of personal data at the Rome meeting and in comments, including a reference to the European Data Protection Commissioners' Article 29 Working Party, which wrote: "it is essential to limit the amount of personal data to be collected and processed. This should be kept particularly in mind when discussing the wishes of some parties to increase the uniformity of diverse WHOIS directories." ("Opinion 2/2003 on the application of the data protection principles to the Whois directories," http://europa.eu.int/comm/internal_market/privacy/workingroup/wp2003/wpdocs03_en.htm)
The ISP, Intellectual Property and Business constituencies stated that all data elements should continue to be collected. The Business Constituency’s statement noted “the continued need for all the data elements that are collected in Whois today.” The ISP constituency proposed that “all [data] elements continue to be collected and displayed, for those authorized to obtain access.” The IP constituency opposed elimination of any data element and suggested five others whose inclusion “would improve the usefulness of Whois data.” The Registry constituency, however, did “not see a need for additional fields beyond those presently available.” The registrar constituency did not comment specifically on collection of data, but did propose three lists of data elements that should be displayed to different types of requesters, including at least one elements not now required to be collected or displayed under the RAA (e-mail address of registrant).
Accordingly, the Task Force proposes the following conclusions on the issues identified in Task/Milestone 2 of the Task Force 2 Description of Work:
- all of the data elements now collected are considered by at least some constituencies to be necessary for current and foreseeable needs of the community, though others dispute whether such needs are consistent with the purpose of the WHOIS database and the reasons for collection of sensitive/personal data by registrars;
- the Task Force deferred to Task Force 3 on the issue of whether Whois data can be acquired accurately at low cost;
- there was no consensus about whether any of the current elements should be made voluntary;
- some additional data elements were proposed, but questions were raised about whether some of these (e.g., date and method of last verification of data) fell within the purview of Task Force 3 rather than Task Force 2;
- no issues were raised about how the data may be acquired in compliance with applicable security, and stability considerations;
- while some view the acquisition of this data as raising privacy concerns, there was no consensus on this point, and the Task Force devoted more of its time and resources to discussing the issues raised in Tasks/Milestones 3 and 4 (limiting data made available for public access/existing and future options to maintain registrant anonymity).
The topic of publication of data received considerable attention in the Task Force. While public access to the WHOIS databases by Internet users have been a feature of the domain name system since its inception, the network was originally small and the WHOIS database was limited to the information of research and technical institutions. This data—including registrant name, address, phone and email—is now accessible to a much broader spectrum of members of the public (including on anonymous basis). With this evolution have come increasing expressions of concern about the impact of the data on personal privacy and freedom of expression infringement (outlined below).
One topic the Task Force addressed and did not answer was the purpose of the database. Our mandate was to balance contactability and privacy, which we have tried to do. We leave to another day the knotty question of the ultimate purposes of this database, and whether and how they can change.
Findings:
a) WHOIS data continues to serve a host of technical and operational functions for Registries and Registrars. Transfers and other technical processes require the ability to access, verify and transfer WHOIS data.
b) WHOIS data often includes personally identifiable and otherwise in the registrant, administrative contact and technical contact fields. It is the type of information that, in some other contexts, individuals, human rights organizations and businesses (such as abortion clinics) have some ability to limit and control access to (e.g. an unlisted or ex-directory phone number).
c) Submissions to the Task Force show that WHOIS data is used for a wide range of uses. The data is widely used by network operators, businesses of all kinds, law enforcement, consumer protection agencies and members of the public for learning who has registered a domain name.
d) Abuses of public access to Whois data have occurred and have impacted on registrant privacy. Instances of identity theft, telemarketing, spamming and other forms of email and telephone harassment, stalking, abuse and harassment by groups acting outside of normal scope and legal need have been presented to the Task Force, although the extent of such abuses has not been documented.
e) In order to maintain the balance of contactability and privacy, which the Task Force was charged to find, a tiered access system deserves careful consideration and received extensive discussion in the Task Force. Other options that also merit consideration but received less discussion in task force deliberations to date include proxy registration services (see questions raised in section 2.2) and the ability of domain name registrants to “opt-out” of publication of WHOIS data on a case-by-case basis (as is currently the case in some ccTLDs).
f) Some data requesters want timely, even immediate, responsiveness to their requests for WHOIS data. Some data subjects (domain name holders) want timely, even immediate, notification when their personal/sensitive data is requested and revealed to a third party.
Possible Balances:
Several models were submitted in Constituency statements. The Registries recommended that only General Information be provided in the WHOIS (which is technical data without registrant, administrative contact or technical contact information). The Registrars recommended a 3-tiered system with limited information in the public WHOIS (name/country of registrant, administrative contact and technical contact) and technical data; additional information at a screened-access second tier (name/address of registrant, administrative contact and technical contact) and all data displayed for technical purposes by registries and registrars.
Noncommercial Users Constituency called for publication of technical contact data in the WHOIS, but removal of all registrant and administrative contact fields. ALAC also requested removal of all personally identifying information, but asked as an alternative for notification of the domain name holder when his/her personal data was revealed. On the other hand, the ISPCP raised the concern that notification of the domain name holder when his/her personal data was revealed would be in conflict with ISPs’ legally mandated responsibilities in assisting law enforcement personnel would compromise ISP security and network protection efforts and would otherwise not be a viable aspect of any possible tiered system. The attention of the Task Force was also called to the example of GNR, registry operator for .name, which adopted (with ICANN approval), but has not yet implemented, a tiered access system for Whois in .name.
A tiered access proposal submitted to the Task Force during its deliberations called for a combination of some of the elements above: reduction of data available to the public for anonymous and unlimited access; additional but limited contact information provided to a party who can verify his/her/its identity and state a specific reason for the access to the particular domain name data; confirmation and then release of data via an automated process; immediate notification of the domain name holder by email of the release of personal data (allowing domain name holder to act for personal safety (e.g., data released to stalker) or enforce legal rights). Finally, registrars would be provided with access to the full data for technical co-ordination purposes, such as fulfilling inter-registrar transfer requests.
Other constituencies urged further explorations of other mechanisms to adjust the privacy/contactability balance, including (a) whether a system for withholding some contact data on individual registrants on a case-by-case basis due to special circumstances, already in place in some ccTLDs, could be viably extended to the gTLD environment as well as (b) the role of CRISP and other merging and relevant technical standards.
ICANN should:
a) incorporate compliance with the notification and consent requirement (R.A.A. Secs. 3.7.7.4, 3.7.7.5) as part of its overall plan to improve registrar compliance with the RAA. (See MOU Amendment II.C.14.d).
b) issue an advisory reminding registrars of the importance of compliance with this contractual requirement, even registrars operating primarily in countries in which local law apparently does not require registrant consent to be obtained.
c) encourage development of best practices that will improve the effectiveness of giving notice to, and obtaining consent from, domain name registrants with regard to uses of registrant contact data, such as by requesting that GNSO commence a policy development process (or other procedure) with goal of developing such best practices.
The Task Force considered a proposal by the non-commercial users' constituency to strike section 3.7.7.3 of the RAA based on privacy and anonymity concerns. Concerns with proxy services were also raised with respect to issues surrounding the far-reaching control that proxy registration service providers can exercise over registrations: In the typical “proxy” setting, the service provider enters into a registration agreement and then sub-licenses the domain name to the “actual” registrant.
There was no agreement on the task force to recommend any modifications to existing ICANN policies regarding proxy services based on the information available to the Task Force.
Instead, through an appropriate mechanism, further research should be conducted on the use of “proxy registration services” within the framework of Sec. 3.7.7.3 of the RAA, including but not limited to the following issues:
- the rate of uptake of such services, their cost, and consumer response to them;
- what steps are taken to ensure the proxy service provider collects (or has immediate access to) accurate, complete and current contact information on all registrants taking advantage of such services?
- the circumstances under which contact information of the actual registrant is disclosed pursuant to the RAA provision (i.e., the “evidence of actionable harm” scenario) and the consequences of such disclosures;
- how registrants are notified when the withheld data is released to third parties;
- the impact of such services on registrar portability;
- scalability of such services;
- concerns raised by customers regarding disclosure of data;
- complaints about registrar proxy or 3rd party proxy services, including complaints to or by law enforcement officials;
- contractual terms between registrants and proxy services.
- effect of proxy situations on the stability of domain name registrations – what happens when a proxy goes out of business, and the “actual” registrant is unknown to the registrar?
- Usefulness of proxy services to enable anonymous free speech.
The results of such research could be used to:
- develop a set of best practices for the operation of such services; and/or
- initiate a policy development or other appropriate process toward changing the terms of Sec. 3.7.7.3, if warranted.
Further work should also be conducted on the feasibility of requiring registrars to provide e-mail forwarding services to registrants, and the impact of such a requirement upon registrant privacy and contactability. As a first step, the research agenda outlined above could be expanded to study the operation of such services to the extent they exist today.
ICANN should develop and implement a procedure for dealing with the situation where a registrar (or registry, in thick registry settings) can credibly demonstrate that it is legally prevented by local mandatory privacy law or regulations from fully complying with applicable provisions of its ICANN contract regarding the collection, display and distribution of personal data via Whois. The goal of the procedure should be to resolve the conflict in a manner conducive to stability and uniformity of the Whois system. In all cases this procedure should include:
- Written notification by the affected registrar/registry to ICANN with a detailed report which includes but is not limited to:
- The law or regulation that causes the conflict.
- The part of the Whois obligation in question.
- The steps that will have to be taken to cure the conflict.
- If data elements are removed this must be notified to the requester by the insertion of standardized notice in the Whois results advising the requester of the problem and, if possible, directing requester to another source or alternative procedure for obtaining access to this data element.
- Prompt notification from ICANN to the public informing it of the change and of the reasons for ICANN’s forbearance from enforcement of full compliance with the contractual provision in question.
- The changes must be archived on a public website for future research
Except in those cases arising from a formal complaint or contact by a local law enforcement authority that will not permit consultation with ICANN prior to resolution of the complaint under local law, the procedure should be initiated using the following steps:
- prompt notification by the affected registrar/registry to ICANN with detailed summary of the problem arising including:
- The law or regulation that causes the conflict.
- The part of the Whois obligation in question.
- consultation by the registrar/registry with ICANN and other parties (which may include government agencies) to try to resolve the problem/ remove the impediment to full compliance with contract.
The Task Forces makes no recommendation with regards to the collection of data at this time.
The task force believes that a system that provides different data sets for different uses (also known as "tiered access") may serve as a useful mechanism to balance the privacy interests of registrants with the ongoing need to contact those registrants by other members of the Internet community. The task force believes that such a system should be based on the following principles:
a) Technical and operational details about the domain name should continue to be displayed to the public on anonymous basis. Providing some basic contact information (possibly limited to the name and country for both the registrant and administrative contact) may also be appropriate in the interest of balancing contactibility and privacy concerns for publicly available information. Further contact details for the registrant and administrative contact would only be available in one or more protected tiers.
b) Registrants should have the option to direct that some or all of their protected data be displayed to the public.
c) Those meeting the requirements and identifying a legitimate use to access protected information should be able to obtain it in a timely manner.
d) Those seeking access to protected information should identify themselves in a verifiable manner. Once identified, the user would be issued a portable credential, rather than needing to verify their identity on a registrar-by-registrar (or even registry-by-registry) basis.
e) The system should be affordable, both for implementers and users.
f) Registrars and registries should continue to have full access to the WHOIS data for technical and operational purposes.
However, the task force also identified several questions that still must be answered before a tiered access system can be implemented. Specifically:
a) What process of notification to registrants, if any, should take place when their protected data is accessed other than in circumstances required by law or contract (e.g. the provision of contact to UDRP providers during a UDRP dispute, or to another registrar during a transfer)?
b) What contact data should be shown in the protected tier? How will the data compare with what is now available? How will the accuracy compare with what is now available?
c) What are the mechanisms available for identifying and authorizing those requesting access to protected information? Are those mechanisms fast? Are they affordable? Are they online? Who will administer them, using what criteria?
d) How will the costs of implementing a tiered access system be borne?
e) Will existing technology standards (such as CRISP) would support such a system? If so, how?
The task force intends to assess the impact of its recommendations prior to the issuance of its final report.
This report was approved for publication and public comment by a unanimous vote of the task force. However, several constituencies made comments in conjunction with their vote. Those comments are recorded as footnotes to the record of votes below.
The following representatives voted to publish this report:
- Business Constituency
- ntellectual Property Constituency
- Internet Service Providers and Content Providers
- Noncommercial Users Constituency
- Registrar Constituency
- Registry Constituency
Additionally, the representative of the At-Large Advisory Committee and Amadeu Abril-i-Abril, a Nominating Committee appointee to the GNSO Council who participated in the task force, voted in favor of publishing the report.
There were no votes against publication or abstentions.
6.1 Public Comments on Terms and Conditions
After the initial publication of the task force’s terms of reference, public comments on the terms of reference were solicited. Five responses were received. Four of the responses were essentially identical in content. These responses were posted by John Lawford of the Public Interest Advocacy Centre, Barbara Simons, the Past-President of the Association of Computing Machinery, Philippa Lawson of the Canadian Internet Policy and Public Interest Clinic, and Andriy Pazyuk of Privacy Ukraine. These comments suggested that the task force’s charter should be updated to consider laws that protect privacy and freedom of expression.
The fifth comment was received from Mike Lampson of The Registry at Info Avenue. His comment indicated that an individual’s contact information should not be made available to the public, but only in limited circumstances through a “back door” with access rights managed by ICANN or some other non-government organization.
The full text of the public comments is available at http://gnso.icann.org/mailing-lists/archives/dow2/.
Initially convened on 8 December, 2003, Task Force 2 engaged its work in a serious and diligent manner. The Task Force held weekly meetings and established a schedule for addressing the milestones outlined in the Description of Work. A mailing list was established, with public archives, and materials prepared from work completed was posted to the GNSO website on Whois Privacy issues.
The Task Force presented work-to-date in a public workshop at the Rome ICANN meeting in March 2004.
Task Force 2 developed several resources from existing data: A chart of Whois data elements required and displayed according to registry agreements; A review of the online notification practices of the top 20 registrars (in terms of number of registrants) for whois data uses and requirements; A review of the Montreal Whois workshops for relevant discussions regarding Whois data elements collection and display.
Additionally, the Task Force prepared several surveys, each aimed at a specific audience, to collect information from the GAC members, ccNSO members and ccTLD managers, Registrars, and from the GNSO constituencies. Responses to these surveys were extremely limited.
The Task Force also utilized resources produced outside of ICANN, including the 2003 OECD report: Privacy Online.
Constituency statements were received from all GNSO constituencies, and from the At-Large Advisory Committee. Using the statements and other materials, the Task Force members worked cooperatively through discussion and debate to prepare the Preliminary Report.
The initial phase of Whois Task Force #2’s work involved gathering and analyzing data relating to the task force’s policy objectives. This document presents a summary analysis of the data reviewed by the task force.
The data gathering phase of the task force’s work examined the following data sources:
- Questionnaires developed by the task force for each of the GNSO’s constituencies, the GAC, the CNSO launching group, and CENTER.
- Data gathered as a part of previous ICANN-related WHOIS initiatives.
- A survey conducted by ICANN staff of data collection and consent practices by large ICANN-accredited registrars.
- Some third party studies of national laws and regulations
I. National laws and regulations
The following statements were reviewed:
George Papapavlou, European Commission:
- Personal data may be processed only if:
- The data subject has unambiguously consented, or
- There is a contract to which the data subject is a party.
- Processing is necessary for compliance of legal obligation of the data controller.
- Necessary to protect the vital interests of the data subject.
- To perform a task in the public interest or in the exercise of official authority.
- Legitimate interests of the controller or third parties to whom data are disclosed except where such interests are overridden by fundamental interests of data subject.
- However, personal data must be:
- Processed fairly and lawfully.
- Collected for specific, explicit, and legitimate purposes and not further processed in a way not incompatible with those purposes.
- Adequate, relevant, and not excessive in relation to the processing purpose.
- Data subject does not have to consent to the disclosure of his personal data if disclosure was part of the processing purpose, of which the data subject has been informed.
- There is no explicit regulation of the transmittal of personal data to other countries that is applicable in connection with domain name registration, but Articles 25 & 26 of Directive 95/46/EC deal with transfer of personal data to third countries and apply to all cases.
- There are various possibilities foreseen to facilitate international transfers of data while ensuring adequate data protection (consent, contracts, important public interest grounds, public information registers).
- In principle, law of the country where data controller is applies; this may be registrar/registry.
- Where the data controller is established outside the EU but has processing activities/facilities inside the EU, the law of the EU Member State where his processing equipment is used applies.
- For more information on EU privacy principles, please see Mr. Papavlou’s presentation at http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html
Marc Schneiders, Responses from the NCUC:
- Laws worldwide protect the collection, distribution and publication of personal data and give people a right to expect that their home addresses, phone numbers and email addresses will be protected. The EU Privacy Directive is the model of these laws, and its principles have been adopted by many countries (both members and not members of the EU).
- For more information, please see full NCUC comments at http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00013.html
Marvin J. Johnson, ACLU (US):
- Comments provide a legal argument for anonymity and against use of WHOIS data both for US case law regarding commercial and noncommercial registrants in the US.
- For details regarding individual cases please see ACLU comments at http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00018.html
In addition, information regarding a variety of countries was compiled below:
Country | United States |
1 Overall Count | |
1.1 Number of Registrars | 34 |
1.2 Rank | 1 |
1.3 Region | N Amr |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Sectoral laws (e.g., financial, health, children's online privacy) and Self-Regulation; Supreme Court cases find right of anonymous political and personal speech in US First Amendment. |
2.2 Enforcement | Depends on law; Federal Trade Commission for some laws (e.g., children's online privacy); no data protection commission or commissioner. http://www.icann.org/presentations/mithal-whois-workshop-24jun03.pdf |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | No |
4.2 Existing Opinion on WHOIS? | No |
4.3 Link to Opinion on WHOIS | N/A |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | .US Privacy Statement v.2 |
5.2 Any limitations on data elements collected and/or displayed? | No |
5.3 Links to ccTLD WHOIS policy | http://www.us/policies/docs/us_privacy.pdf |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | http://gnso.icann.org/mailing-lists/archives/tf2-survey/doc00000.doc |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1] |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to | American Civil Liberties Union (ACLU) comment on US Supreme Court case law protecting anonymous speech from name and address publication under the First Amendment, http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00018.html |
International Working Group on Data Protection in Telecommunications (IWGDPT), Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet ("Common Position"), adopted at the 27th meeting of the Working Group on 4/5 May 2000 in Rethymnon / Crete, commenting: "The Working Group stresses that any registrar operating within the jurisdiction of existing data protection laws and any national domain name registration procedures are subject to the existing national data protection and privacy legislation and to the control by the existing national Data Protection and Privacy Commissioners," http://www.datenschutz-berlin.de/doc/int/iwgdpt/dns_en.htm. | |
IWGDPT, January 2003 Letter to ICANN President Stuart Lynn, "At its meeting in November 2002 the Working Group has reaffirmed the recommendations given in its Common Position," http://www.dnso.org/clubpublic/nc-whois/Arc00/pdf00009.pdf | |
10 Principles | [1] OECD Privacy Guidelines (1980) |
1. Collection Limitation Principle. "There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject." | |
2. Data Quality Principle. "Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date." | |
3. Purpose Specification Principle. "The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose." | |
4. Use Limitation Principle. "Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 [Purpose Specification Principle above] except: (a) with the consent of the data subject; or (b) by the authority of law. | |
5. Security Safeguards Principle:. "Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data." | |
6. Openness Principle. "There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual resident of the data controller." | |
7. Individual Participation Principle. "An individual should have the right: (a) to obtain from the data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; (b) to have communicated to him, data relating to him (i) within a reasonable time; (ii) at a charge, if any, that is not excessive; (iii) in a reasonable manner; and (iv) in a form that is readily intelligible to him; (c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and (d) to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed or amended." | |
8. Accountability Principle. A data controller should be accountable for complying with measures which give effect to the principles stated above. | |
Above principles from OECD, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), http://webdomino1.oecd.org/horizontal/oecdacts.nsf/Display/5401F696038E2226C1256E6B006FD3CF?OpenDocument | |
11 Explanations | |
11.1 * | The Article 29 Data Protection Working Party is a forum of the Federal Data Protection Commissioners of the EU Member States and can issue advisories. Please note that the Member States however are not obligated to adopt these advisories into their national legislation |
Country | United Kingdom |
1 Overall Count | |
1.1 Number of Registrars | 12 |
1.2 Rank | 2 |
1.3 Region | Eur |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Comprehensive laws govern the collection, use and dissemination of personal information; oversight body ensures compliance; transborder flows of personal data limited to countries with adequate levels of protection. (The UK Data Protection Act 1998 implements EU Data Protection Directive; "limitations for the use of personal information, access to and correction of records and requires that entities that maintain records register with the Information Commissioner.") Global .Name Registry ("GNR)" is required to get informed consent of the Registrants about the WHOIS policy. |
2.2 Enforcement | Office of the Information Commissioner; independent agency; maintains Records Register; enforces Data Protection Act; receives complaints; forwards cases for prosecution; issues reports to public. http://www.informationcommissioner.gov.uk |
3 EU Privacy Directive | |
3.1 Member of EU? | Yes |
3.2 Link to EU Privacy Directive | http://europa.eu.int/comm/internal_market/privacy/law_en.htm |
3.3 EU Opinion of WHOIS data? | EU Paper to GAC, 12 May 2003: "To the extent that Whois data refer to or allow the identification of natural persons, they fall within the scope of the European directives on personal data protection and in particular Directive 95/46/EC." "Therefore, uniformity could only be supported if data are kept to a minimum at global level. Additional registration requirements cannot be imposed on the basis of achieving uniformity." |
3.4 Links to EU WHOIS comments and papers. | http://www.dnso.org/dnso/notes/ec-comments-whois-22jan03.pdf http://www.icann.org/presentations/alonso-blas-whois-workshop-24jun03.pdf http://icann.org/montreal/captioning-whois-24jun03.htm http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | Yes |
4.2 Existing Opinion on WHOIS? | Yes, Opinion 2/2003 on the application of the data protection principles to the Whois directories (WP76): "In the light of the proportionality principle, it is necessary to look for less intrusive methods that would still serve the purpose of the Whois directories without having all data directly available on-line to everybody." |
4.3 Link to Opinion on WHOIS | English http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp76_en.pdf. Posted in 11 languages http://europa.eu.int/comm/internal_market/privacy/workingroup/wp2003/wpdocs03_en.htm. |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | "Registrant Opt-Out" of Nominet |
5.2 Any limitations on data elements collected and/or displayed? | Yes, only name/address shown for .UK domain names displayed. Additional opt-out of address listing for domain names of "consumers" not using them for business purposes. |
5.3 Links to ccTLD WHOIS policy | http://www.nic.uk/RegistrantOpt-out.html |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc00/doc00001.doc |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | Global Name Registry has been contacted by the UK Data Commissioner regarding the .name WHOIS. Contact info is www.informationcommissioner.gov.uk. GNR has changed and may have to change again in the future, its WHOIS policy to follow local regulations due to successful complaints to the UK Information Commissioner. For more information on the principles guiding EU member states' national privacy laws, please see comments submitted by GAC member, George Papapavlou on the principles and explanation of the EU Data Protection Directive. http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html |
6.3 Links to comments on WHOIS | http://gnso.icann.org/mailing-lists/archives/tf2-survey/doc00001.doc |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to | .nl Registry http://www.icann.org/presentations/boswinkel-whois-workshop-24jun03.pdf |
10 Principles | [2] EU Data Protection Directive Principles |
Collection Limitation Principle. "There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject." | |
To the extent that Whois data refer to or allow the identification of natural persons, they fall within the scope of the European directives on personal data protection and in particular Directive 95/46/EC. The following principles embedded in this Directive are particularly relevant to the Whois data discussion: | |
personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes | |
the term processing means any operation, including collection, storage, retrieval, consultation, use, disclosure, dissemination, alteration, destruction | |
personal data must be adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed (can the same purpose be achieved through less privacy-intrusive means?) | |
personal data must be accurate and, where necessary, up to date | |
personal data may be processed only if the data subject has unambiguously given his consent; or if processing is necessary: for the performance of a contract to which the data subject is party; for compliance with a legal obligation; for the performance of a contract to which the data subject is party; for compliance with a legal obligation; for the performance of a task carried out in the public interest; or for the purposes of legitimate interests pursued by the controller or by the third party to whom the data are disclosed, except where such interests are overridden by the privacy interests of the data subject. | |
every data subject has the right to obtain from the controller at reasonable intervals confirmation as to whether data relating to him are being processed and for what purpose | |
the data subject has the right to object to the processing for direct marketing purposes of personal data relating to him | |
the transfer to a third country of personal data may take place only if the third country in question ensures an adequate level of protection. |
Country | Germany |
1 Overall Count | |
1.1 Number of Registrars | 11 |
1.2 Rank | 3 |
1.3 Region | Eur |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Comprehensive laws govern the collection, use and dissemination of personal information; oversight body ensures compliance; transborder flows of personal data limited to countries with adequate levels of protection. (German Federal Data Protection Law (Bundesdatenschutzgesetz) of 1977 revised in 2002 to implement EU Data Protection Directive; covers collection, processing and use of personal data" by public and non-public entities; "one of the strictest data protection laws in the European Union.") |
2.2 Enforcement | Federal Data Protection Commissioner (Bundesbeauftragter für den Datenschutz) and its state level counterparts (State Data Protection Commissioner / Landesbeauftragter für den Datenschutz) supervise Federal Data Protection Act and receives/investigates complaints. |
3 EU Privacy Directive | |
3.1 Member of EU? | Yes |
3.2 Link to EU Privacy Directive | http://europa.eu.int/comm/internal_market/privacy/law_en.htm |
3.3 EU Opinion of WHOIS data? | EU Paper to GAC, continued: "The principle of proportionality is especially important in this context meaning that only data that are strictly necessary for the purpose or purposes of the Whois should be made publicly available. The Data Protection Authorities in Europe and at international level have stated in particular their concerns concerning the publication of telephone numbers of domain holders." |
3.4 Links to EU WHOIS comments and papers. | http://www.dnso.org/dnso/notes/ec-comments-whois-22jan03.pdf http://www.icann.org/presentations/alonso-blas-whois-workshop-24jun03.pdf http://icann.org/montreal/captioning-whois-24jun03.htm http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | Yes |
4.2 Existing Opinion on WHOIS? | Yes, Opinion 2/2003, WP76, continued: "The Working Party encourages ICANN and the Whois community to look at privacy enhancing ways to run the Whois directories in a way that serves its original purpose whilst protecting the rights of individuals. It should in any case be possible for individuals to register domain names without their personal details appearing on a publicly available register. |
4.3 Link to Opinion on WHOIS | English http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp76_en.pdf. Posted in 11 languages http://europa.eu.int/comm/internal_market/privacy/workingroup/wp2003/wpdocs03_en.htm. |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | "Data Protection" of DENIC |
5.2 Any limitations on data elements collected and/or displayed? | Yes, only name/address shown for .DE domain names, "not their telephone numbers or e-mail addresses." DENIC comments. |
5.3 Links to ccTLD WHOIS policy | http://www.denic.de/en/domains/recht/datenschutz/index.html |
5.4 Comments on WHOIS | DENIC is in permanent contact with the DPA in whose precinct DENIC is located. The authority is Regierungsprasidium Darmstadt. For more information on the principles guiding EU member states' national privacy laws, please see comments submitted by GAC member, George Papapavlou on the principles and explanation of the EU Data Protection Directive. http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html. |
5.5 Links to comments on WHOIS | http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00019.html |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00001.html |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
Country | Canada |
1 Overall Count | |
1.1 Number of Registrars | 10 |
1.2 Rank | 4 |
1.3 Region | N Amr |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Comprehensive data protection laws. (2001 Personal Information and Electronic Documents Act governs collection, disclosure, retention, and disposal of personal information by business.) |
2.2 Enforcement | Privacy laws overseen by the Privacy Commissioner of Canada (and independent agency, headed by an officer of Parliament); powers to receive complaints, and to "investigate, mediate, and make recommendations, but cannot issue orders or impose penalties." EPIC* |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | No |
4.2 Existing Opinion on WHOIS? | No |
4.3 Link to Opinion on WHOIS | No |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | CIRA Privacy Policy and Registration Agreements |
5.2 Any limitations on data elements collected and/or displayed? | Yes, "The [WHOIS] information is currently limited to the following: The name, address, phone number, email, and fax number (if provided) of the Administrative Contact and Technical Contact; The Registrant's CIRA assigned Registrant number; |
5.3 Links to ccTLD WHOIS policy | http://www.cira.ca/en/privacypolicy.html#q6 |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
Country | Republic of (South) Korea |
1 Overall Count | |
1.1 Number of Registrars | 10 |
1.2 Rank | 5 |
1.3 Region | Asia-Pac |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Sectoral laws (e.g., Korean Act on Promotion of Information and Communications Network Utilization and Data Protection adopts "rules for the collection, use, and disclosure of personal data by 'providers of information and communications services") and self-regulation. |
2.2 Enforcement | Data Protection Review Commission under Premier's Office "to recommend and review proposals on improving data protection policy." EPIC* |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | No |
4.2 Existing Opinion on WHOIS? | No |
4.3 Link to Opinion on WHOIS | No |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | "Privacy Policy of Korea Network Information Center" |
5.2 Any limitations on data elements collected and/or displayed? | Yes, if registrant is an individual, he/she can submit a request to KRNIC asking that personal information not be published; only registrant name will appear with various technical data. |
5.3 Links to ccTLD WHOIS policy | http://www.nic.or.kr/www/english/domain/policy.htm |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
Country | France |
1 Overall Count | |
1.1 Number of Registrars | 7 |
1.2 Rank | 6 |
1.3 Region | Eur |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Comprehensive laws govern the collection, use and dissemination of personal information; oversight body ensures compliance; transborder flows of personal data limited to countries with adequate levels of protection. French Data Protection Act of 1978 covers personal information held by government agencies and private entities. Amendments in progress will make Act consistent with EU Data Protection Directive.) |
2.2 Enforcement | Data protection authority is Commission Nationale de l'Informatique and des Libertés (CNIL); independent agency; "takes complaints, issues rulings, sets rules, conducts audits, makes reports, and ensures the public access to information by being a registr |
3 EU Privacy Directive | |
3.1 Member of EU? | Yes |
3.2 Link to EU Privacy Directive | http://europa.eu.int/comm/internal_market/privacy/law_en.htm |
3.3 EU Opinion of WHOIS data? | See EU Data Protection Principles below [2]. For more information on the principles guiding EU member states' national privacy laws, please see comments submitted by GAC member, George Papapavlou on the principles and explanation of the EU Data Protection Directive. http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html |
3.4 Links to EU WHOIS comments and papers. | http://www.dnso.org/dnso/notes/ec-comments-whois-22jan03.pdf http://www.icann.org/presentations/alonso-blas-whois-workshop-24jun03.pdf http://icann.org/montreal/captioning-whois-24jun03.htm http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | Yes |
4.2 Existing Opinion on WHOIS? | Signatory of Opinion 2/2003. |
4.3 Link to Opinion on WHOIS | English http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp76_en.pdf. Posted in 11 languages http://europa.eu.int/com/internal_market/privacy/workingroup/wp2003/wpdocs03_en.htm, 13.06.2003. |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | Charte .fr, Règles d'enregistrement pour les noms de domaine se terminant en .fr 2004-01-05 (English: Charter for .fr, Registration rules for domain names under .fr) |
5.2 Any limitations on data elements collected and/or displayed? | Yes, SPECIFIC RULES FOR THE .NOM.FR EXTENSION, “26. Anyone registering a name under the .nom.fr extension may request to take up the so-called "Ex-directory" option. 27. When the "Ex-directory" option is activated, no personal information (name, address, telephone or fax number, email address if applicable) can be accessed from the public database Whois. The only information that will appear in the database will be of a technical nature, such as technical contact details and details of the registrar and DNS servers.” |
5.3 Links to ccTLD WHOIS policy | http://www.afnic.fr/obtenir/chartes/nommage-fr_fr (French), http://www.afnic.fr/obtenir/chartes/nommage-fr_en (English) |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
Country | Australia |
1 Overall Count | |
1.1 Number of Registrars | 6 |
1.2 Rank | 7 |
1.3 Region | Asia-Pac |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Sectoral laws (e.g., financial, tax file number) and self-regulation. (Australian Privacy Act of 1988, amended in 2000, requires private businesses to follow 10 national privacy principles based on principles for fair handling of personal information). Anonymity has federal protection with National Privacy Principle #8 stating: "Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering into transactions with an organization." |
2.2 Enforcement | The Office of Privacy Commissioner enforces the Privacy Act; separate statutory agency; "wide range of functions, including handling complaints, auditing compliance, promoting community awareness, and advising the government and others on privacy matters. |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | No |
4.2 Existing Opinion on WHOIS? | No |
4.3 Link to Opinion on WHOIS | No |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | WHOIS Policy (2003-08) |
5.2 Any limitations on data elements collected and/or displayed? | Yes, "In order to comply with Australian privacy legislation, the street address, telephone and facsimile numbers of registrants will not be disclosed." |
5.3 Links to ccTLD WHOIS policy | http://www.auda.org.au/policies/auda-2003-08/ |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
Country | Japan |
1 Overall Count | |
1.1 Number of Registrars | 5 |
1.2 Rank | 8 |
1.3 Region | Asia-Pac |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Sectoral laws and self-regulation. (Personal Data Protection Act for businesses dealing with personal information passed May, 2003) |
2.2 Enforcement | Designated Cabinet Ministers implement the Personal Data Protection Act and issue recommends or orders to businesses dealing with personal information. EPIC* |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | No |
4.2 Existing Opinion on WHOIS? | No |
4.3 Link to Opinion on WHOIS | |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | "Privacy Policy" |
5.2 Any limitations on data elements collected and/or displayed? | Information collected and published. |
5.3 Links to ccTLD WHOIS policy | http://jprs.jp/en/privacy.html |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
Country | China |
1 Overall Count | |
1.1 Number of Registrars | 5 |
1.2 Rank | 9 |
1.3 Region | Asia-Pac |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | No general data protection laws; a few sectoral laws (e.g., banking, minors). |
2.2 Enforcement | |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | No |
4.2 Existing Opinion on WHOIS? | No |
4.3 Link to Opinion on WHOIS | |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | |
5.2 Any limitations on data elements collected and/or displayed? | |
5.3 Links to ccTLD WHOIS policy | |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | No |
8.2 Explanation OECD Privacy Principles | |
8.3 Link to OECD Privacy Principles | |
8.4 Additional OECD Reports on Privacy? | |
8.5 Links to Additional OECD Privacy Report | |
9 Other relevant comments collected but not yet referred to |
Country | Spain |
1 Overall Count | |
1.1 Number of Registrars | 5 |
1.2 Rank | 8 |
1.3 Region | Asia-Pac |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Sectoral laws and self-regulation. (Personal Data Protection Act for businesses dealing with personal information passed May, 2003) |
2.2 Enforcement | Designated Cabinet Ministers implement the Personal Data Protection Act and issue recommends or orders to businesses dealing with personal information. EPIC* |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | No |
4.2 Existing Opinion on WHOIS? | No |
4.3 Link to Opinion on WHOIS | |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | "Privacy Policy" |
5.2 Any limitations on data elements collected and/or displayed? | Information collected and published. |
5.3 Links to ccTLD WHOIS policy | http://jprs.jp/en/privacy.html |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
Country | Israel |
1 Overall Count | |
1.1 Number of Registrars | 3 |
1.2 Rank | 11 |
1.3 Region | Africa |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Comprehensive "Protection of Privacy Law" regulates the processing of personal information in computer databases to protect personal privacy. Requirements include registration of the database. |
2.2 Enforcement | The Registrar of Databases enforces the Privacy Law with regard to databases; the Registrar is part of the Ministry of Justice. |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | No |
4.2 Existing Opinion on WHOIS? | No |
4.3 Link to Opinion on WHOIS | |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | |
5.2 Any limitations on data elements collected and/or displayed? | |
5.3 Links to ccTLD WHOIS policy | |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | No |
8.2 Explanation OECD Privacy Principles | |
8.3 Link to OECD Privacy Principles | |
8.4 Additional OECD Reports on Privacy? | |
8.5 Links to Additional OECD Privacy Report | |
9 Other relevant comments collected but not yet referred to |
Country | Italy |
1 Overall Count | |
1.1 Number of Registrars | 2 |
1.2 Rank | 12 |
1.3 Region | Eur |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Comprehensive laws govern the collection, use and dissemination of personal information; oversight body ensures compliance; transborder flows of personal data limited to countries with adequate levels of protection. (Italian Data Protection Act 1996 fully implements EU Data Protection Directive.) |
2.2 Enforcement | |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | http://europa.eu.int/comm/internal_market/privacy/law_en.htm |
3.3 EU Opinion of WHOIS data? | See EU Data Protection Principles below [2] For more information on the principles guiding EU member states' national privacy laws, please see comments submitted by GAC member, George Papapavlou on the principles and explanation of the EU Data Protection Directive. http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html |
3.4 Links to EU WHOIS comments and papers. | http://www.dnso.org/dnso/notes/ec-comments-whois-22jan03.pdf http://www.icann.org/presentations/alonso-blas-whois-workshop-24jun03.pdf http://icann.org/montreal/captioning-whois-24jun03.htm http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | |
4.2 Existing Opinion on WHOIS? | Signatory and a principal author of Opinion 2/2003. |
4.3 Link to Opinion on WHOIS | English http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp76_en.pdf. Posted in 11 languages http://europa.eu.int/comm/internal_market/privacy/workingroup/wp2003/wpdocs03_en.htm. |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | |
5.2 Any limitations on data elements collected and/or displayed? | |
5.3 Links to ccTLD WHOIS policy | |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
Country | India |
1 Overall Count | |
1.1 Number of Registrars | 2 |
1.2 Rank | 13 |
1.3 Region | Asia-Pac |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | No general data protection laws. (Data protection law under development by Ministry of Communication and Information Technology.) |
2.2 Enforcement | |
3 EU Privacy Directive | |
3.1 Member of EU? | |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | |
4.2 Existing Opinion on WHOIS? | |
4.3 Link to Opinion on WHOIS | |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | |
5.2 Any limitations on data elements collected and/or displayed? | |
5.3 Links to ccTLD WHOIS policy | |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | No |
8.2 Explanation OECD Privacy Principles | |
8.3 Link to OECD Privacy Principles | |
8.4 Additional OECD Reports on Privacy? | |
8.5 Links to Additional OECD Privacy Report | |
9 Other relevant comments collected but not yet referred to |
Country | Jordan |
1 Overall Count | |
1.1 Number of Registrars | 1 |
1.2 Rank | 14 |
1.3 Region | Africa |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | No general data protection laws. |
2.2 Enforcement | |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | |
4.2 Existing Opinion on WHOIS? | |
4.3 Link to Opinion on WHOIS | |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | |
5.2 Any limitations on data elements collected and/or displayed? | |
5.3 Links to ccTLD WHOIS policy | |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | No |
8.2 Explanation OECD Privacy Principles | |
8.3 Link to OECD Privacy Principles | |
8.4 Additional OECD Reports on Privacy? | |
8.5 Links to Additional OECD Privacy Report | |
9 Other relevant comments collected but not yet referred to |
Country | Kuwait |
1 Overall Count | |
1.1 Number of Registrars | 1 |
1.2 Rank | 15 |
1.3 Region | Africa |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | No information. |
2.2 Enforcement | |
3 EU Privacy Directive | |
3.1 Member of EU? | No |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | |
4.2 Existing Opinion on WHOIS? | |
4.3 Link to Opinion on WHOIS | |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | |
5.2 Any limitations on data elements collected and/or displayed? | |
5.3 Links to ccTLD WHOIS policy | |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | No |
8.2 Explanation OECD Privacy Principles | |
8.3 Link to OECD Privacy Principles | |
8.4 Additional OECD Reports on Privacy? | |
8.5 Links to Additional OECD Privacy Report | |
9 Other relevant comments collected but not yet referred to |
Country | Barbados |
1 Overall Count | |
1.1 Number of Registrars | 1 |
1.2 Rank | 16 |
1.3 Region | Latin Amr |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | No information. |
2.2 Enforcement | |
3 EU Privacy Directive | |
3.1 Member of EU? | |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | |
4.2 Existing Opinion on WHOIS? | |
4.3 Link to Opinion on WHOIS | |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | |
5.2 Any limitations on data elements collected and/or displayed? | |
5.3 Links to ccTLD WHOIS policy | |
5.4 Comments on WHOIS | |
5.5 Links to comments on WHOIS | |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | No |
8.2 Explanation OECD Privacy Principles | |
8.3 Link to OECD Privacy Principles | |
8.4 Additional OECD Reports on Privacy? | |
8.5 Links to Additional OECD Privacy Report | |
9 Other relevant comments collected but not yet referred to |
Country | Poland |
1 Overall Count | |
1.1 Number of Registrars | 0 (Answered GAC questions) |
1.2 Rank | |
1.3 Region | Eur |
2 Privacy/Anonymity Laws or Regimes | |
2.1 Laws (Major source for this section, and its citations: Electronic Privacy Information Center's Privacy & Human Rights: An International Survey of Privacy Laws and Development | Comprehensive laws govern the collection, use and dissemination of personal information; oversight body ensures compliance; transborder flows of personal data limited to countries with adequate levels of protection. (Personal Data Protection Act issued by Polish Parliament in 1997. The Polish registry (Research and Academic Computer Network research and academic entity "NASK") data may be collected solely for purposes determined to be in the provision of legal acts. Company, organizations or other entities' data may be collected and disclosed without limitation, unless otherwise stated in a contract. Private individual's data may not be disclosed to anyone unless the individual consents, but there are exceptions. Exceptions include a justified legal interest in obtaining data.) |
2.2 Enforcement | Bureau of the Inspector General for Personal Data Protection. |
3 EU Privacy Directive | |
3.1 Member of EU? | Joining in next two months. |
3.2 Link to EU Privacy Directive | |
3.3 EU Opinion of WHOIS data? | See EU Data Protection Principles below [2] For more information on the principles guiding EU member states' national privacy laws, please see comments submitted by GAC member, George Papapavlou on the principles and explanation of the EU Data Protection Directive. http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00017.html |
3.4 Links to EU WHOIS comments and papers. | |
4 Article 29 Data Protection Working Party * | |
4.1 Member of A29WP? | Participate in the meetings. |
4.2 Existing Opinion on WHOIS? | Generally support current decisions. |
4.3 Link to Opinion on WHOIS | English http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp76_en.pdf. Posted in 11 languages http://europa.eu.int/comm/internal_market/privacy/workingroup/wp2003/wpdocs03_en.htm. |
5 County Code Registries | |
5.1 ccTLD WHOIS Policy/data elements | Untitled. |
5.2 Any limitations on data elements collected and/or displayed? | Yes, "Data of a private person such as the name and the address are protected by The Personal Data Protection Act of the 29th August 1997." |
5.3 Links to ccTLD WHOIS policy | http://dns.pl/english/whois.html |
5.4 Comments on WHOIS | "Therefore from WHOIS under .PL cannot be retrieved any data of a private person unless the concerned person agreed to make public its data or there exists legitimate interest in obtaining the data," Comments to Task Force 2, March 9, 2004. |
5.5 Links to comments on WHOIS | http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00016.html |
6 gTLD Registries | |
6.1 Links to gTLD WHOIS Policy | |
6.2 Comments on WHOIS | |
6.3 Links to comments on WHOIS | |
7 gTLD Registrars | |
7.1 Comments on WHOIS | |
7.2 Links to comments on WHOIS | |
8 OECD Privacy Guidelines | |
8.1 Member of OECD? | Yes |
8.2 Explanation OECD Privacy Principles | OECD Privacy Principles, see Endnote [1]. |
8.3 Link to OECD Privacy Principles | http://www.oecd.org/document/18/0,2340,en_2649_37441_1815186_1_1_1_37441,00.html |
8.4 Additional OECD Reports on Privacy? | PRIVACY ONLINE: OECD GUIDANCE ON POLICY AND PRACTICE (14th November, 2003) |
8.5 Links to Additional OECD Privacy Report | http://www1.oecd.org/publications/e-book/9303051E.PDF |
9 Other relevant comments collected but not yet referred to |
II. Current practices by registrars, registries, and resellers
A. Current data gathered and displayed, by TLDC
| RAA (2001), 3.3 |
| .com r'y agmt (app. O) | .net r'y agmt (app. O) | .org r'y agmt (app. O; thin) | .org r'y agmt (app. O; thick) |
| .aero spons. Agmt (att. 15) | .biz r'y agmt (app. O) | .coop spons. Agmt (att. 15) | .info r'y agmt (app. O) | .museum spons. Agmt (att. 15) | .pro r'y agmt (app. O) |
|
General Information |
|
|
|
|
|
|
|
|
|
|
|
| ||
- Domain Status |
|
| R | X | R | X | X | X | X | X | X |
| ||
- Domain Name ID |
|
|
|
| X | X | X | X | X | X | X | X | ||
- Domain Name | X |
| X | X | X | X | X | X | X | X | X | X | ||
- Registrar ID |
|
|
|
|
|
| (act.) |
|
|
|
|
| ||
- Name of Registrar | X |
| X | X | X | X | [x] | X | X | X | X | X | ||
- Name Server(s) | X |
| X | X | X | X | X | X | X | X | X | X | ||
- Name Server ID |
|
|
|
|
|
|
|
|
|
|
|
| ||
- Creation Date | X |
| R |
| R | X | X | X | X | X | X | X | ||
- Expiration Date | X |
| R |
| R | X | X | X | X | X | X | X | ||
- Updated Date |
|
| X | X | X | X | X | X | X | X | X | X | ||
- WHOIS Server |
|
| X | X | X |
|
|
|
|
|
|
| ||
- Referral URL |
|
| X | X | X |
|
|
|
|
|
| X | ||
- Created by |
|
|
|
|
|
| X | X | X |
|
|
| ||
- Last Updated by |
|
|
|
|
|
| X | X | X |
|
|
| ||
- Last Transferred Date |
|
|
|
|
|
| X | X | X |
| X |
| ||
- Last Transferred by |
|
|
|
|
|
|
|
| X |
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
| |||
Registrant |
|
|
|
|
|
|
|
|
|
|
|
| ||
- ID |
|
|
|
|
| X | X | X | X | X | X | X | ||
- Name | X |
|
|
|
| X | X | X | X | X | X | X | ||
- Organization |
|
|
|
|
|
| (x) | (x) | (x) | (x) | (x) | (x) | ||
- Address | X |
|
|
|
| X | X | X | X | X | X | X | ||
- E-Mail address |
|
|
|
|
|
| X | X | X | X | X | X | ||
- Phone number |
|
|
|
|
|
| X | X | X | X | X | X | ||
- Fax number |
|
|
|
|
|
| (x) | (x) | X | X | (x) | (x) | ||
|
|
|
|
|
|
|
|
|
|
|
| |||
Technical Contact |
|
|
|
|
|
|
|
|
|
|
|
| ||
- ID |
|
|
|
|
| X | X | X | X | X | X | X | ||
- Name | X |
|
|
|
| X | X | X | X | X | X | X | ||
- Organization |
|
|
|
|
|
| (x) | (x) | (x) | (x) | (x) | (x) | ||
- Address | X |
|
|
|
| X | X | X | X | X | X | X | ||
- E-Mail address | X |
|
|
|
| X | X | X | X | X | X | X | ||
- Phone number | X |
|
|
|
| X | X | X | X | X | X | X | ||
- Fax number | (x) |
|
|
|
| (x) | (x) | (x) | X | X | (x) | (x) | ||
|
|
|
|
|
|
|
|
|
|
|
| |||
Administrative Contact |
|
|
|
|
|
|
|
|
|
|
|
| ||
- ID |
|
|
|
|
| X | X | X | X | X | X | X | ||
- Name | X |
|
|
|
| X | X | X | X | X | X | X | ||
- Organization |
|
|
|
|
|
| (x) | (x) | (x) | (x) | (x) | (x) | ||
- Address | X |
|
|
|
| X | X | X | X | X | X | X | ||
- E-Mail address | X |
|
|
|
| X | X | X | X | X | X | X | ||
- Phone number | X |
|
|
|
| X | X | X | X | X | X | X | ||
- Fax number | (x) |
|
|
|
| (x) | (x) | (x) | X | X | (x) | (x) | ||
|
|
|
|
|
|
|
|
|
|
|
| |||
Billing Contact |
|
|
|
|
|
|
|
|
|
|
|
| ||
- ID |
|
|
|
|
|
| X | X | X | X | X |
| ||
- Name | Coll |
|
|
|
|
| X | X | X | X | X |
| ||
- Organization |
|
|
|
|
|
| (x) | (x) | (x) | (x) | (x) | (x) | ||
- Address | (Coll) |
|
|
|
|
| X | X | X | X | X |
| ||
- E-Mail address | (Coll) |
|
|
|
|
| X | X | X | X | X |
| ||
- Phone number | (Coll) |
|
|
|
|
| X | X | X | X | X |
| ||
- Fax number | (Coll) |
|
|
|
|
| X | (x) | X | X | X |
| ||
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
| |||
Remarks | (0) |
|
|
|
| (3) | (1), (4) | (3), (4) | (1), (3) | (2), (3) | (1), (3), (4) | (2), (5) | ||
|
|
|
|
|
|
|
|
|
|
|
|
| .name Summary WHOIS | .name Standard WHOIS | .name Detailed WHOIS | .name Extensive WHOIS | .uk WHOIS | .de WHOIS | .pl WHOIS |
General Information |
|
|
|
|
| ||
- Domain Status | [x] | X | X | X | X |
| |
- Domain Name ID | X | [x] | [x] | [x] |
|
| |
- Domain Name | [x] | X | X | X | X | X | X |
- Registrar ID |
| X |
|
| (x) |
| |
- Name of Registrar |
| X | X | (x) | X | ||
- Name Server(s) |
| X | X | X | X | X | |
- Name Server ID |
| X |
| [x] |
|
| |
- Creation Date |
| X | X | X | (x) | X | |
- Expiration Date |
| X | X | X | (x) |
| |
- Updated Date |
| X | X | X | X | X | X |
- WHOIS Server |
|
|
|
|
| ||
- Referral URL |
|
|
| (x) |
| ||
- Created by |
|
|
|
|
| ||
- Last Updated by |
|
|
|
|
| ||
- Last Transferred Date |
|
|
|
|
| ||
- Last Transferred by |
|
|
|
|
| ||
|
|
|
|
| |||
Registrant |
|
|
|
|
| ||
- ID |
| X | X | X |
|
| |
- Name |
| X | X | X | X | X | |
- Organization |
|
|
| (x) | (x) | (x) | |
- Address |
| X | X | (x) | X | (x) | |
- E-Mail address |
|
| X |
|
| ||
- Phone number |
|
| X |
|
| ||
- Fax number |
|
| X |
|
| ||
|
|
|
|
| |||
Technical Contact |
|
|
|
|
| ||
- ID |
| X | U | X |
|
| |
- Name |
| U | X |
| X |
| |
- Organization |
| U | X |
| (x) |
| |
- Address |
| U | X |
| X |
| |
- E-Mail address |
| U | X |
| (x) |
| |
- Phone number |
| U | X |
| (x) |
| |
- Fax number |
| U | X |
| (x) |
| |
|
|
|
|
| |||
Administrative Contact |
|
|
|
|
| ||
- ID |
| X | U | X |
|
| |
- Name |
|
| U | X |
| X |
|
- Organization |
| U | X |
| (x) |
| |
- Address |
| U | X |
| X |
| |
- E-Mail address |
| U | X |
| (x) |
| |
- Phone number |
| U | X |
| (x) |
| |
- Fax number |
| U | X |
| (x) |
| |
|
|
|
|
| |||
Billing Contact |
|
|
|
|
| ||
- ID |
| X | U | X |
|
| |
- Name |
|
| U | X |
|
| |
- Organization |
| U | X |
|
| ||
- Address |
| U | X |
|
| ||
- E-Mail address |
| U | X |
|
| ||
- Phone number |
| U | X |
|
| ||
- Fax number |
| U | X |
|
| ||
|
|
|
|
| |||
|
|
|
|
| |||
Remarks |
|
|
|
|
| ||
|
|
|
|
| |||
|
|
|
|
|
a. Practices by registrars, registries (including ccTLDs) to obtain consent from potential registrants for the collection and publication of their data in the Whois database
Whois Task Force 2 (“TF2”) is tasked with reviewing ICANN’s current policy with respect to the collection, disclosure, and transmission of data as a part of the Whois database. Two of the questionnaires created and circulated by TF2 ask registrars and ccTLD registries, accordingly, how they obtain consent from registrants to the collection and publication of their data in the Whois database. Unfortunately, the Task Force did not receive much information in response to these questionnaires. Only five responses provided pertinent information, and even among those, the responses are somewhat inconsistent.
Two responses were from registrars. Deutsche Telekom, which acts as a registrar for a number of TLDs, states that customers are not required to give express consent. Rather, these customers accept the Terms and Conditions which include notifications that they agree to have their contact data collected and published. See http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00001.html (German language only). In a response submitted by Tim Ruiz on behalf of Go Daddy, Wild West Domains, and Blue Razor Domains, these registrars likewise state that they provide a notice to registrants that they will only make contact data available to third parties if required to do so by law. See http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00004.html.
A summary of the results of survey of the top 20 registrars (includes Go Daddy also covered by Tim Ruiz’s submission, see above) conducted by ICANN staff in early 2004 states that 15 of the 20 registrars obtain consent from registrants via Registration Agreements. See http://gnso.icann.org/mailing-lists/archives/dow2tf/msg00076.html. According to the survey results, these registrars are: Corenic.org; Dotster.com; Enom.com; Gandi.net; Discount-domain.com; Godaddy.com; Dotregistrar.com; Itsyourdomain.com; inww.com; Netsol.com; Onlinenic.com; Register.com; Schlund.de; Stargate.com; and Domaindirect.com. A review of the registration agreements for some of these registrars indicates that they include language ascribing consent to registrants as part of a much longer list of applicable terms and conditions to which the registrant agrees. See, e.g., Corenic.org registration agreement sec. 4.4. at http://www.corenic.org/Registration-Agreement.htm: "By accepting this Agreement, you consent to the use of your Data as described above, and to the transfer of data to the abovementioned recipients." See also GoDaddy registration agreement, sec. 3: “You agree that for each domain name registered by You the following information will be made publicly available in the Whois directory as determined by ICANN Policy and may be sold in bulk as set forth in the ICANN agreement [followed by a list of data elements].” See https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp?isc=&se=%2B&from%5Fapp=&prog%5Fid=GoDaddy&pageid=REG%5FSA. See also section 7.iv of Enom's registration agreement: “You agree and acknowledge that eNom will make available domain name registration information you provide or that we otherwise maintain to ICANN, to the registry administrator(s), and to other third parties as ICANN and applicable laws may require or permit. You further agree and acknowledge that eNom may make publicly available, or directly available to third party vendors, some, or all, of the domain name registration information you provide, for purposes of inspection (such as through our "whois" service) or for targeted marketing and other purposes as required or permitted by ICANN and applicable laws. You hereby consent to any and all such disclosures and use of, and guidelines, limits and restrictions on disclosure or use of, information provided by you in connection with the registration of a domain name (including any updates to such information), whether during or after the term of your registration of the domain name. You hereby irrevocably waive any and all claims and causes of action you may have arising from such disclosure or use of your domain name registration and other information by eNom.” See http://www.enom.com/help/agreement.asp. Identical language is employed by Register.com in sec. 8(d) of its Services Agreement. See http://www.register.com/service-agreement.cgi#1.
The ICANN staff survey also states that 2 of the 20 registrars surveyed require registrants to click a box indicating their consent to having data published. These are Bulkregister.com and Domaindirect.com (the latter is listed in both categories). Finally, the ICANN staff survey was unable to determine how 4 of the 20 surveyed registrars obtained consent. These are Joker.com; Domaindiscover.com; Directnic.com; and Yesnic.com. See http://gnso.icann.org/mailing-lists/archives/dow2tf/msg00076.html
Responses were also received from two registries. The Global Name Registry, the registry for .name, simply stated that registrars are required to get informed consent from registrants but did not state how. See http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00012.html. Finally, DENIC, the registry for the German ccTLD, .de, submitted a response that stated the German Data Protection Act did not require express consent from registrants. See http://gnso.icann.org/mailing-lists/archives/tf2-survey/msg00019.html. All that is needed, according to DENIC, is that the registrant be put on notice as to what data is collected and made publicly available, which is stated in DENIC’s conditions for registration.
B. Existing proxy registration or anonymization services
III. Current Use of Whois Data
12 comments have been made on the basis of questions #1 and #2 of the questionnaires distributed to all constituencies:
- Levitt, Mallory
- ASCAP (American Society of Authors, Composers and Publishers)
- Fox/Newscorp
- ISPCP Constituency
- Philips Electronics
- Walt Disney
- Tyler Self
- Oxfam
- NCUC Constituency
- IP Constituency
- ALAC
- ACLU (American Civil Liberties Union)
Additionally, the result of 8 Q&As of the former Whois Survey have been retrieved (see attachment).
The 12 sets of comments have been compiled and presented in the same template (one per comment, see attachments).
A. High-level summary of some of the comments received (see attachment for exact details of each response) – Current use:
- IPC members use Whois data in cases of cybersquatting, trademark and copyright infringements. They have no concern with making Whois info available. ASCAP uses Whois data to negotiate performance license with websites offering music.
- The NCUC Constituency sees no need Whois data (except technical contact info) and is concerned about unconditional and anonymous Whois access and notably considers that the current system facilitates identity theft, spamming, stalking and unwarranted IP claims.
- ALAC states that individual Internet users use and abuse Whois data for the same purposes as members of any other constituency. It notably considers that current access to Whois chills online speech, opens the door to harassment and consumer fraud and contradicts the Data Quality (relevance), Purpose Specification and Use Limitation privacy principles.
- ISPCP’s need Whois data to be able to comply with C&D requests, find cyber-squatters and identify multiple domains with different expiration dates.
- Tyler Self uses Whois to avoid theft of domain names and help restoring domain name to rightful owner.
- Oxfam finds Whois data useful to see if a domain name is available for purchase.
B. High-level summary of comments received (see attachment for exact details of each response) – Suggestions for new useful fields:
- Levitt, Mallory: “Registrar name information”
- Fox/Newscorp: “Registrar’s contact data” + “Date of domain name deletion”.
- ISPCP: “One-stop for all registries and indicators re: pending transfers, deletion or expiration”
- Philips Electronics: “Historical information about domain name ownership and changes of ownership”
- IPC: Usefulness of Whois would be improved by adding some specific data, notably with regard to “chain of title information”, “date of initial registration”, notice of encumbrances” and “date and method of last verification of registrant contact information”.
1)
QUESTION | ANSWER |
Respondent: | ACLU |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | All |
1.a) How do members of your constituency make use of the data? | <Not a constituency> No usage mentioned |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | No |
1.c) Describe any concerns your constituency may have with making this information available. | Violates right to anonymity, which is a Constitutional right under U.S. law |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | No new data elements suggested |
2.a) Use – How would members of your constituency make use of the data? | n/a |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | n/a |
2)
QUESTION | ANSWER |
Respondent: | ALAC |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | All |
1.a) How do members of your constituency make use of the data? | In general, individual Internet users use and abuse WHOIS for the same purposes as members of any other constituency. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | No, but individual Internet uses should have equal access to all elements of WHOIS data to which other users have access. If conditions are imposed on access, individual Internet users should be able to meet those same neutral conditions. |
1.c) Describe any concerns your constituency may have with making this information available. |
|
3)
QUESTION | ANSWER |
Respondent: | Intellectual Property Constituency |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | Fields falling under “Registrant Information” category |
1.a) How do members of your constituency make use of the data? | A. ID Use: Use of this data element was unclear. Queries in .biz, for example, appear to result in the same contact information that is revealed in a general domain name search. This data element would probably be more useful for searches based on registrant, which most gTLD registries no longer provide. Necessity: see above. Concerns: The IPC has no concerns making this data available.
B. Name Use: Used to contact and identify those engaged in possibly infringing activity and to identify to whom to send cease & desist letters or licensing demands. Obviously inaccurate name information might give a first indication whether the website is a legitimate site. Necessity: IPC members indicate that this element is necessary. C. Address Use: Used to contact and identify those engaged in possibly infringing activity and to identify where and to whom to send cease & desist letters or licensing demands. Obviously inaccurate address information might give a first indication whether the website is a legitimate site. Necessity: IPC members indicate that this element is necessary. An address is required for service of legal process. Concerns: The IPC has no concerns making this data available. D. Email Address Use: Provides a prompt means of contact with the domain name registrant to facilitate investigation and IP enforcement. Necessity: This information is necessary where it is provided, and should be added in those registries where it is not currently provided. Concerns: The IPC has no concerns making this data available. E. Phone Number Use: Provides a prompt means of contact with the domain name registrant to facilitate investigation and IP enforcement. Necessity: This information is necessary where it is provided, and should be added in those registries where it is not currently provided. Concerns: The IPC has no concerns making this data available. F. Fax Number Use: Provides a prompt means of contact with the domain name registrant to facilitate investigation and IP enforcement. Necessity: This information is necessary where it is provided, and should be added in those registries where it is not currently provided. Concerns: The IPC has no concerns making this data available. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | See above |
1.c) Describe any concerns your constituency may have with making this information available. | See above |
1) List of data fields on which respondent has commented. | Fields falling under “Technical Contact Information” category |
1.a) How do members of your constituency make use of the data? | A. ID [see response above on “ID” for “Registrant information”] B. Name Use: Contact info used for inquiries and sending cease & desist notices to ISPs & infringers; aids in identifying possible host of a website. Necessity: IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. C. Address Use: Used to identify those engaged in possibly infringing activity, and to whom to send cease & desist letters or licensing demands. May indicate if the website is a legitimate site and probable location. Necessity: IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. D. E-Mail Address Use: Used to identify to whom ISP and cease & desist notices/licensing demands are sent. Also used to identify possible hosts, as well as giving an indication of the site’s legitimacy and probable location. Necessity: IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. E. Telephone Number Use: Used to identify to whom ISP and cease & desist notices/licensing demands are sent. Also used to identify possible hosts, as well as giving an indication of the site’s legitimacy and probable location. Necessity: IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. F. Fax Number Use: Used to identify to whom ISP and cease & desist notices/licensing demands are sent. Also used to identify possible hosts, as well as giving an indication of the site’s legitimacy and probable location. Necessity: Some IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | See above |
1.c) Describe any concerns your constituency may have with making this information available. | See above |
1) List of data fields on which respondent has commented. | Fields falling under “Administrative Contact Information” category |
1.a) How do members of your constituency make use of the data? | A. ID [see response above on “ID” for “Registrant information”] B. Name Use: Used to identify to whom ISP and cease & desist notices/licensing demands are sent. Also used to identify possible hosts, as well as giving an indication of the site’s legitimacy and probable location. Necessity: IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. C. Address Use: Used to identify to whom ISP and cease & desist notices/licensing demands are sent. Also used to identify possible hosts, as well as giving an indication of the site’s legitimacy and probable location. Necessity: IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. D. E-Mail Address Use: Used to identify to whom ISP and cease & desist notices/licensing demands are sent. Also used to identify possible hosts, as well as giving an indication of the site’s legitimacy and probable location. Necessity: IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. E. Telephone Number Use: Used to identify to whom ISP and cease & desist notices/licensing demands are sent. Also used to identify possible hosts, as well as giving an indication of the site’s legitimacy and possible location. Necessity: Some IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. F. Fax Number Use: Used to identify to whom ISP and cease & desist notices/licensing demands are sent. Also used to identify possible hosts, as well as giving an indication of the site’s legitimacy and possible location. Necessity: Some IPC members indicate that this element is necessary. Concerns: The IPC has no concerns making this data available. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | See above |
1.c) Describe any concerns your constituency may have with making this information available. | See above |
1) List of data fields on which respondent has commented. | Fields falling under “Billing Contact Information” category |
1.a) How do members of your constituency make use of the data? | A. ID [see response above on “ID” for “Registrant information”] B. Name Use: Not used in most popular TLDs, but would be useful for investigation and IP enforcement purposes. Necessity: This information is necessary where it is provided, and should be added in those registries where it is not currently provided. Concerns: The IPC has no concerns making this data available. C. Address Use: Not used in most popular TLDs, but would be useful for investigation and IP enforcement purposes. Necessity: This information is necessary where it is provided, and should be added in those registries where it is not currently provided. Concerns: The IPC has no concerns making this data available. D. E-Mail Address Use: Not used in most popular TLDs, but would be useful for investigation and IP enforcement purposes. Necessity: This information is necessary where it is provided, and should be added in those registries where it is not currently provided. Concerns: The IPC has no concerns making this data available. E. Phone Number Use: Not used in most popular TLDs, but would be useful for investigation and IP enforcement purposes. Necessity: This information is necessary where it is provided, and should be added in those registries where it is not currently provided. Concerns: The IPC has no concerns making this data available. F. Fax Number Use: Not used in most popular TLDs, but would be useful for investigation and IP enforcement purposes. Necessity: This information is necessary where it is provided, and should be added in those registries where it is not currently provided. Concerns: The IPC has no concerns making this data available. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | See above |
1.c) Describe any concerns your constituency may have with making this information available. | See above |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | Suggestions for new fields that would fall under the “General Information” category |
2.a) Use – How would members of your constituency make use of the data? | A. Last Verified Date Use: this would show when the data was last verified. This would indicate whether the data is possibly outdated or stale, therefore having a high likelihood of inaccuracy. Necessity: Because it’s not currently offered, it’s impossible to determine whether or not it is necessary. This information will almost certainly increase the value of Whois data to the IPC, and may become indispensable to online investigations of piracy or trademark infringement. ICANN’s Security and Stability Advisory Committee (SECSAC) recommended that this information be added to the Whois database. See Whois Recommendation of the Security and Stability Advisory Committee, at http://www.icann.org/committees/security/sac003.htm B. Last Verified Method Use: This would show by what method the data was last verified. Methodology, or a combination of methodologies will go far to indicate the reliability of the data in the Whois database. Necessity: This information will increase the value of Whois data to the IPC, and may become indispensable to online investigations of piracy or trademark infringement. ICANN’s Security and Stability Advisory Committee (SECSAC) recommended that Whois data “contain a reference to the data verification process.” |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | See above |
2) Suggestion 2 | Suggestions for new fields that would fall under the “Registrant Information” category |
2.a) Use – How would members of your constituency make use of the data? | A. E-Mail Address (where not currently provided) Use: This element would allow another prompt method of contacting the registrant for a domain name in connection with which infringing activity takes place. Necessity: Quick response is vital for IP enforcement in the online environment. Of the contact methods Whois gives information for, E-mail is perhaps the fastest, and certainly the most suitable to the Internet. Having E-Mail addresses displayed would great facilitate online enforcement. B. Telephone Number (where not currently provided) Use: Like the E-Mail address data element, a telephone number would allow another prompt means of contacting registrants connected with infringing domain names. Necessity: A multitude of methods is needed to ensure at least one open channel of contact with a registrant. Telephone numbers, while perhaps not as conducive to the Internet as E-Mail, may prove more helpful by quickly facilitating prompt resolutions to taking down infringing material connected with a domain name. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | See above |
2) Suggestion 3 | Suggestions for new fields that would fall under the “Billing Information” category |
2.a) Use – How would members of your constituency make use of the data? | A. ALL (where not currently provided) Use: Billing information is not included in the Whois output for the most popular TLDs. IP owners would use this information to contact the individual or company connected to a domain name engaged in infringing activity. As registrars arguably are paid for domain name registrations, they must be paid by someone. Having access to the billing contact information may more quickly lead to accurate contact information for the registrant. Necessity: This information is not currently provided in .com, for example, and its necessity is therefore impossible to prove. As stated above, it may become invaluable for IP enforcement if it promptly leads to accurate registrant contact information. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | See above |
2) Suggestion 4 | Chain of Title Information (to extent not currently provided) |
2.a) Use – How would members of your constituency make use of the data? | Data showing previous registrants, dates of transfer, etc., would be useful in documenting the presence or absence of bad faith, recovering domain names lost to fraud or hijacking, and for similar purposes. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | This information is not currently provided in most gTLDs, and its necessity is therefore impossible to prove. If provided, it may become invaluable for IP enforcement for the reasons stated above. |
2) Suggestion 5 | Date of initial registration |
2.a) Use – How would members of your constituency make use of the data? | To the extent that this does not equate with “date of creation,” this is part of the set of historical data that would be useful for the reasons stated above under “Chain of Title Information”. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | This information is not currently provided in most gTLDs, and its necessity is therefore impossible to prove. If provided, it may become invaluable for IP enforcement for the reasons stated above. |
2) Suggestion 6 | Notice of encumbrances |
2.a) Use – How would members of your constituency make use of the data? | A reference to whether there are encumbrances on the domain name registration, and the location where the details of those encumbrances may be reviewed, would be useful in conducting due diligence on registrants whose registration is a significant financial asset, and in protecting, e.g., purchasers of registrant entities. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | This information is not currently provided in most gTLDs, and its necessity is therefore impossible to prove. If provided, it may become invaluable for IP enforcement for the reasons stated above. |
2) Suggestion 7 | Actual deletion Date |
2.a) Use – How would members of your constituency make use of the data? | An actual deletion date would state when a domain name had actually been deleted, as opposed to an expiration date. Domain names, while technically “expired,” may continue to be active for several months after expiration, increasing the likelihood that they may be re-registered by cybersquatters. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | This information is not currently provided in most gTLDs, and its necessity is therefore impossible to prove. If provided, it may become invaluable for IP enforcement for the reasons stated above. |
4)
QUESTION | ANSWER |
Respondent: | NCUC |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | All except technical contact info |
1.a) How do members of your constituency make use of the data? | None listed |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | No |
1.c) Describe any concerns your constituency may have with making this information available. | 1. Concerned about making contact information available unconditionally and anonymously to the public, companies, and governments without accountability, auditability or due process. 2. Identity Theft 3. Spamming and other Forms of Email and Phone Harassment 4. Stalking 5. Unwarranted Threats from Overly Broad Intellectual Property Claims 6. Unwarranted Surveillance and Threats from Companies, Government, and Law Enforcement |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | NCUC: no new data elements suggested |
2.a) Use – How would members of your constituency make use of the data? | n/a |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | n/a |
5)
QUESTION | ANSWER |
Respondent: | OXFAM |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | All |
1.a) How do members of your constituency make use of the data? | Oxfam: to see if a domain is available for purchase |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | Did not say that it was “necessary” only that it was “useful” |
1.c) Describe any concerns your constituency may have with making this information available. | None expressed |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | Oxfam: no new data elements suggested |
2.a) Use – How would members of your constituency make use of the data? | n/a |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | n/a |
6)
QUESTION | ANSWER |
Respondent: | T.Self |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | T.Self: all |
1.a) How do members of your constituency make use of the data? | (Not a constituency) used to help restore DN to rightful owner |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | Yes - to avoid theft of DNs |
1.c) Describe any concerns your constituency may have with making this information available. | No comment |
7)
QUESTION | ANSWER |
Respondent: | WALT DISNEY COMPANY |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | General Information |
1.a) How do members of your constituency make use of the data? | Disney utilizes the below identified whois fields in enforcing its intellectual property rights, all of which are necessary for Disney's enforcement purposes, except as indicated otherwise. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | Domain Name - USED TO CONFIRM THAT THE RECORD RELATES TO THE RELEVENT DOMAIN |
1.c) Describe any concerns your constituency may have with making this information available. | No comment |
1) List of data fields on which respondent has commented. | Registrant |
1.a) How do members of your constituency make use of the data? | Disney utilizes the below identified whois fields in enforcing its intellectual property rights, all of which are necessary for Disney's enforcement purposes, except as indicated otherwise. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | Name - USED FOR COMMUNICATING WITH SUSPECTED INFRINGERS. |
1.c) Describe any concerns your constituency may have with making this information available. | No comment |
1) List of data fields on which respondent has commented. | Administrative contact |
1.a) How do members of your constituency make use of the data? | Disney utilizes the below identified whois fields in enforcing its intellectual property rights, all of which are necessary for Disney's enforcement purposes, except as indicated otherwise. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | Name - USED AS AN ALTERNATE MEANS OF COMMUNICATING WITH SUSPECTED INFRINGERS |
1.c) Describe any concerns your constituency may have with making this information available. | No comment |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | No comment |
2.a) Use – How would members of your constituency make use of the data? | N/A |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | N/A |
8)
QUESTION | ANSWER |
Respondent: | PHILIPS ELECTRONICS |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | No comment |
1.a) How do members of your constituency make use of the data? | No comment |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | No comment |
1.c) Describe any concerns your constituency may have with making this information available. | No comment |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | We would like to make a suggestion about datafields, that could be of use to us, but that are not presently available within WHOIS.[…] We believe that historical information about domain name ownership and changes of ownership could be of use to us to track down misuse of our IP rights and to determine whether a third party has adopted and transferred a domain name in bad faith. We understood that a WHOIS database does not contain historical information about data fields, besides perhaps 'the creation date', and, therefore, we suggest to make such historical information about ownership available. (We refer as well to available historical information of International Trade Mark Registration in the WIPO Trademark Database.) |
2.a) Use – How would members of your constituency make use of the data? | We believe that historical information about domain name ownership and changes of ownership could be of use to us to track down misuse of our IP rights and to determine whether a third party has adopted and transferred a domain name in bad faith. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | Our company, Koninklijke Philips Electronics N.V. in the Netherlands has been using the Philips trademark since 1892 and we own several other registered trademarks. Unfortunately, we noticed that the Internet is crowded with businesses and people who do not understand the significance of trademark rights or do not have such experience. We have experienced , for example, that third parties transfer a conflicting domain name including our company's trademark several times, also just to frustrate legal actions from the trademark owner. |
9)
QUESTION | ANSWER |
Respondent: | ISPCP |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | ISPCP: all |
1.a) How do members of your constituency make use of the data? | Contact information re: Int.Prop. infringers to comply w/ DMCA, find cybersquatters and fraudulent sites, identify multiple domains w/ different expiration dates |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | Yes, no other source of info |
1.c) Describe any concerns your constituency may have with making this information available. | Want full info, sensitive to privacy concerns |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | ISPCP: all |
2.a) Use – How would members of your constituency make use of the data? | Wants one-stop for all registries and indicators re: pending transfer, deletion or expiration |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | see above |
10)
QUESTION | ANSWER |
Respondent: | FOX / NEWSCORP |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | GENERAL COMMENT – AIMED AT NO SPECIFIC DATA FIELD |
1.a) How do members of your constituency make use of the data? | GENERAL COMMENT: WE USE THE DATA TO OBTAIN CONTACT INFORMATION FOR DOMAIN NAME CYBERSQUATTERS AND FOR WEBSITES WHOSE CONTENT CONTAINS INFRINGEMENTS OF OUR COPYRIGHTS AND TRADEMARKS. SPECIFIC USE (Fields bolded below are used): Information Technical Contact Administrative Contact Billing Contact |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | YES, IT IS THE ONLY WAY TO DETERMINE WHO TO CONTACT, BOTH FOR CORRESPONDENCE AND FOR FILING UDRP COMPLAINTS |
1.c) Describe any concerns your constituency may have with making this information available. | NONE |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | REGISTRAR'S CONTACT DATA |
2.a) Use – How would members of your constituency make use of the data? | WE WOULD LIKE A FIELD CONTAINING THE REGISTRAR'S CONTACT DATA. WE WOULD USE THIS INFORMATION TO CONTACT THE REGISTRAR IF THERE WAS A PROBLEM WITH A TRANSFER OR IF THE WHOIS INFORMATION LISTED CONTAINED INACCURATE OR INCOMPLETE DATA. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | ALTHOUGH THIS INFORMATION CAN BE RESEARCHED CURRENTLY ON EACH INDIVIDUAL REGISTRAR'S SITE, IT WOULD BE MORE CONVENIENT IF IT WAS CENTRALLY LOCATED IN THE WHOIS RECORD. |
2) Suggestion 2 | FIELD THAT STATED THE DATE A DOMAIN NAME WILL ACTUALLY BE DELETED |
2.a) Use – How would members of your constituency make use of the data? | WE USE THIS INFORMATION (AND IT IS NECESSARY) TO MONITOR INFRINGING DOMAIN NAMES THAT ARE CLOSE TO EXPIRATION TO ENSURE THAT THEY ARE NOT REGISTERED BY A SUBSEQUENT CYBERSQUATTER. CURRENTLY, EVEN WHEN A NAME IS TECHNICALLY "EXPIRED," IT CAN REMAIN REGISTERED FOR MONTHS, AND AN ACTUAL DATE WOULD ASSIST WITH OUR MONITORING EFFORTS. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | CURRENTLY, EVEN WHEN A NAME IS TECHNICALLY "EXPIRED," IT CAN REMAIN REGISTERED FOR MONTHS, AND AN ACTUAL DATE WOULD ASSIST WITH OUR MONITORING EFFORTS. |
11)
QUESTION | ANSWER |
Respondent: | ASCAP (American Society of Authors, Composers and Publishers) |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | General Information |
1.a) How do members of your constituency make use of the data? | We wish to determine the domain name and date of creation to determine when the site began operation. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | With regards to the General Information, ASCAP mainly requires the Domain Name and the Creation Date. We wish to determine the domain name and date of creation to determine when the site began operation. |
1.c) Describe any concerns your constituency may have with making this information available. | ASCAP has no concerns that this information is available to the public. |
1) List of data fields on which respondent has commented. | “Contact information” |
1.a) How do members of your constituency make use of the data? | In general, ASCAP uses the data to determine the person or entity and contact information that is performing music on the website at issue in order to obtain a performance license. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | Yes. Although some sites have the necessary contact information to obtain the licenses we seek, many do not and we must rely on the Whois data. In these situations, without proper whois data the site will remain unlicensed and the copyright owners will not be compensated for the performance of their works. While other contact data on the site itself is helpful, often we must rely on the whois data. Without publicly available accurate Whois data, it would be difficult for ASCAP to determine the owner of websites which perform copyrighted music. With publicly available Whois data, ASCAP is able to contact website owners, negotiate performance licenses and fairly distribute royalties to the owners of performed. By and large the technical information is not as important to ASCAP. |
1.c) Describe any concerns your constituency may have with making this information available. | ASCAP has no concerns that this information is available to the public |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | The fields presently available are satisfactory to ASCAP. Our main issue is that of fraudulent or outdated information. |
2.a) Use – How would members of your constituency make use of the data? | N/A |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | N/A |
12)
QUESTION | ANSWER |
Respondent: | Levitt, Mallory |
1) For each existing data field within the Whois, please provide feedback to the task force regarding the following: | |
1) List of data fields on which respondent has commented. | “Registrant” + “Administrative contact” data fields |
1.a) How do members of your constituency make use of the data? | The data is used to identify the owner and/or track down a contact to whom C&D letters are directed. |
1.b) Is it necessary that this information be made available to members of your constituency? If so, why? | Absolutely. It is crucial to have accurate information be provided for purposes of evaluating the context of the infringement (domestic, foreign, repeat infringer, legit registrant, etc., and directing demand letters and possibly UDRP complaints. |
1.c) Describe any concerns your constituency may have with making this information available. | None. |
2) If there are fields not presently available within Whois that would be of use to members of your constituency, please suggest what those fields may be. For each suggestion, provide feedback regarding the following: | |
2) Suggestion 1 | The registrar name information is helpful, since some WHOIS databases are unable to provide the WHOIS info if it is not the registrar of the domain. We therefore are required to go to that registrar's site and conduct the WHOIS search locally. |
2.a) Use – How would members of your constituency make use of the data? | It would facilitate the access to WHOIS information in situations where WHOIS databases are unable to provide the WHOIS info because it is not the registrar of the domain. |
2.b) Necessity – Is it necessary that this information be made available to members of your constituency? If so, why? | See above. |
3)
Cut-and-paste from WHOIS Bucharest Draft Final Report:
In the very first question, participants were asked to classify themselves into one of several categories:
Category | # | % |
Commercial business user | 1063 | 35% |
Non-commercial organization user | 208 | 7% |
Governmental organization user | 35 | 1% |
Individual or household user | 1021 | 34% |
Domain name registrar and/or registry | 130 | 4% |
Internet access provider or network operator | 234 | 8% |
Other: | 222 | 7% |
(No Response) | 122 | 4% |
Total Responses: | 3035 | 100% |
Question 3 asked participants how frequently they use the WHOIS service themselves:
Question 3 | hourly | daily | weekly | occasionally | never | not stated | Grand Total |
Commercial | 183 | 184 | 290 | 374 | 31 | 1 | 1063 |
Governmental | 4 | 3 | 7 | 18 | 3 | 35 | |
Individual | 72 | 131 | 260 | 509 | 45 | 4 | 1021 |
Isp | 109 | 58 | 42 | 22 | 3 | 234 | |
non-commercial | 32 | 32 | 66 | 69 | 7 | 2 | 208 |
not stated | 1 | 4 | 5 | 13 | 99 | 122 | |
Other | 40 | 27 | 82 | 58 | 13 | 2 | 222 |
registrar-registry | 45 | 18 | 23 | 34 | 8 | 2 | 130 |
Grand Total | 486 | 457 | 775 | 1097 | 110 | 110 | 3035 |
Question 4 asked about respondents’ use of the WHOIS system:
Question 4 | availability | responsibility | technical | IP5 | marketing | law6 | other | # respondents |
Commercial | 482 | 574 | 352 | 389 | 28 | 30 | 66 | 1063 |
governmental | 26 | 16 | 19 | 6 | 7 | 4 | 35 | |
Individual | 513 | 626 | 322 | 136 | 18 | 23 | 71 | 1021 |
Isp | 97 | 142 | 167 | 36 | 5 | 20 | 23 | 234 |
non-commercial | 125 | 107 | 75 | 53 | 3 | 13 | 12 | 208 |
not stated | 109 | 14 | 7 | 9 | 1 | 2 | 1 | 122 |
Other | 140 | 97 | 49 | 117 | 8 | 12 | 31 | 222 |
Registrar-registry | 48 | 73 | 50 | 34 | 5 | 7 | 11 | 130 |
Grand Total | 1540 | 1649 | 1041 | 780 | 68 | 114 | 219 | 3035 |
The dominant use of the WHOIS system among respondents is, in the commercial, individual, and registrar-registry categories, “to find out the identity of a person or organization who is responsible for a domain name or web site”. Governmental respondents generally mention WHOIS as a means to find out about the availability of a domain, as do non-commercial, “not stated”, and “other” respondents. ISP respondents mostly use WHOIS “to support technical operations of ISPs or network administrators”.
It’s worth noting that non-IP law enforcement use is most frequently mentioned by governmental respondents (20%), followed by ISPs (9%) and non-commercials (6%). Also, almost 90% of respondents which did not assign any category to themselves mention “availability” as their most important use of WHOIS.
By-category analysis of multiple-choice questions
Question 5
Summary of rankings of availability of a domain name as the purpose of WHOIS:
Question 5.a | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Total | Avg |
commercial | 487 | 165 | 106 | 63 | 70 | 82 | 35 | 1008 | 2.4544 |
governmental | 3 | 5 | 5 | 3 | 3 | 4 | 3 | 26 | 3.8462 |
individual | 452 | 127 | 106 | 71 | 95 | 67 | 43 | 961 | 2.5869 |
Isp | 102 | 35 | 22 | 24 | 22 | 11 | 12 | 228 | 2.6053 |
Non-commercial | 76 | 19 | 27 | 24 | 28 | 9 | 7 | 190 | 2.8105 |
not stated | 13 | 7 | 1 | 1 | 1 | 1 | 2 | 26 | 2.2692 |
other | 80 | 29 | 26 | 26 | 17 | 17 | 8 | 203 | 2.7734 |
registrar-registry | 71 | 13 | 9 | 12 | 5 | 3 | 7 | 120 | 2.2 |
Summary of rankings of finding out if similar domain names are already in use:
26/88 nc-whois / Bucharest meetings DRAFT whois-final-06.doc
Question 5.b | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Total | Avg |
commercial | 70 | 286 | 207 | 157 | 130 | 105 | 35 | 990 | 3.4505 |
governmental | 2 | 4 | 3 | 4 | 7 | 4 | 3 | 27 | 4.2593 |
individual | 66 | 284 | 149 | 119 | 145 | 146 | 40 | 949 | 3.6228 |
Isp | 15 | 54 | 40 | 36 | 30 | 32 | 15 | 222 | 3.7568 |
Non-commercial | 11 | 41 | 27 | 31 | 33 | 30 | 9 | 182 | 3.8791 |
Not stated | 4 | 9 | 5 | 3 | 3 | 2 | 26 | 3.2308 | |
other | 12 | 47 | 42 | 29 | 30 | 26 | 7 | 193 | 3.6425 |
registrar-registry | 9 | 47 | 15 | 13 | 13 | 12 | 7 | 116 | 3.3276 |
Summary of rankings of identification and verification of online merchants:
Question 5.c | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Total | Avg |
commercial | 76 | 107 | 171 | 205 | 190 | 157 | 47 | 953 | 4.0336 |
governmental | 1 | 8 | 8 | 7 | 2 | 4 | 30 | 4.4 | |
individual | 102 | 105 | 203 | 193 | 156 | 123 | 42 | 924 | 3.7933 |
Isp | 17 | 28 | 29 | 35 | 40 | 41 | 24 | 214 | 4.271 |
Non-commercial | 15 | 21 | 31 | 28 | 26 | 28 | 27 | 176 | 4.2557 |
not stated | 2 | 1 | 5 | 4 | 7 | 5 | 24 | 4.1667 | |
other | 19 | 17 | 39 | 32 | 43 | 28 | 7 | 185 | 3.9459 |
registrar-registry | 8 | 13 | 26 | 17 | 11 | 18 | 15 | 108 | 4.1481 |
Summary of rankings of identifying online infringers for enforcement of intellectual property rights:
Question 5.d | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Total | Avg |
commercial | 186 | 137 | 166 | 184 | 150 | 92 | 42 | 957 | 3.4378 |
governmental | 6 | 5 | 7 | 2 | 3 | 3 | 5 | 31 | 3.6452 |
individual | 63 | 91 | 152 | 204 | 163 | 149 | 81 | 903 | 4.2004 |
ISP | 14 | 27 | 38 | 42 | 40 | 26 | 26 | 213 | 4.169 |
non-commercial | 22 | 35 | 23 | 30 | 24 | 23 | 19 | 176 | 3.8182 |
not stated | 3 | 8 | 7 | 2 | 1 | 5 | 26 | 4.0769 | |
other | 61 | 32 | 21 | 31 | 24 | 10 | 12 | 191 | 3.0157 |
registrar-registry | 13 | 12 | 24 | 24 | 17 | 13 | 10 | 113 | 3.8761 |
Summary of rankings of sourcing unsolicited e-mail:
Question 5.e | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Total | Avg |
27/88 nc-whois / Bucharest meetings DRAFT whois-final-06.doc
commercial | 83 | 104 | 135 | 129 | 160 | 192 | 128 | 931 | 4.3609 |
governmental | 6 | 7 | 2 | 5 | 4 | 3 | 5 | 32 | 3.7188 |
individual | 143 | 183 | 162 | 105 | 102 | 101 | 130 | 926 | 3.716 |
ISP | 37 | 29 | 52 | 28 | 29 | 21 | 22 | 218 | 3.6147 |
non-commercial | 27 | 30 | 44 | 23 | 19 | 19 | 19 | 181 | 3.6077 |
not stated | 1 | 3 | 5 | 6 | 3 | 6 | 2 | 26 | 4.2692 |
other | 22 | 19 | 25 | 18 | 32 | 46 | 18 | 180 | 4.2722 |
registrar-registry | 8 | 7 | 11 | 15 | 23 | 19 | 25 | 108 | 4.8056 |
Summary of rankings of identifying contacts in the investigation of illegal activity:
Question 5.f | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Total | Avg |
commercial | 137 | 155 | 157 | 158 | 136 | 152 | 56 | 951 | 3.7161 |
governmental | 11 | 5 | 5 | 3 | 4 | 3 | 31 | 3 | |
individual | 145 | 135 | 134 | 143 | 139 | 168 | 48 | 912 | 3.7588 |
ISP | 46 | 41 | 28 | 30 | 28 | 33 | 11 | 217 | 3.4424 |
non-commercial | 40 | 24 | 22 | 22 | 27 | 34 | 10 | 179 | 3.6369 |
not stated | 3 | 4 | 4 | 5 | 3 | 6 | 1 | 26 | 3.8846 |
other | 28 | 48 | 22 | 43 | 19 | 18 | 11 | 189 | 3.3968 |
registrar-registry | 13 | 19 | 11 | 17 | 22 | 20 | 10 | 112 | 4.0357 |
Summary of rankings of other purposes:
Question 5.g | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Total | Avg |
commercial | 110 | 34 | 26 | 17 | 16 | 32 | 167 | 402 | 4.3905 |
governmental | 6 | 2 | 1 | 4 | 13 | 3.1538 | |||
individual | 88 | 28 | 14 | 18 | 29 | 42 | 199 | 418 | 4.8995 |
ISP | 38 | 13 | 4 | 4 | 2 | 8 | 29 | 98 | 3.602 |
non-commercial | 33 | 11 | 8 | 4 | 6 | 4 | 20 | 86 | 3.3605 |
not stated | 3 | 1 | 1 | 7 | 12 | 4.9167 | |||
other | 28 | 7 | 13 | 1 | 3 | 8 | 46 | 106 | 4.434 |
registrar-registry | 17 | 5 | 6 | 2 | 4 | 3 | 16 | 53 | 3.8302 |
The respondents were asked what the purpose of the « WHOIS » should be. It clearly appears that for all categories of respondents (except possibly for governments) the most important purpose should be to check whether a domain name is available, closely followed by the search for similar domain names. Individuals particularly support the need to identify on-line merchants and to source unsolicited commercial communications. In addition, many respondents amongst all categories (not only commercial and governments but also non-commercials, and “others”) stated that the purpose should also be to identify on-line intellectual property infringements. In the free text responses, the majority of respondents underlined the following elements: the need to know with whom they are dealing with, the ability to access technical contacts, to know the names owned by a company, to deter irresponsible behavior and track spammers, to identify suspicious IP addresses. In “others”, most respondents noted the need to identify names which relate to suspicious activities, and to make investigations, to trace back in case of security violations, to identify ISPs hosting spam, and to identify the source of technical problems.
Free text responses were only solicited from those who checked “other” purposes. Only 1188 respondents did so, and fully half of these (585) ranked their purpose as 6th or 7th in importance out of 7.
Question 6
In contrast to the preceding questions, question 6 asked respondents to choose among three statements in identifying the issue about which they were “most concerned” with respect to Whois data.
Question 6 | Privacy | Intellectual Property | Technical | No opinion | Other | Total |
commercial | 165 | 543 | 258 | 34 521052 | ||
governmental | 4 | 13 | 13 | 1 435 | ||
individual | 295 | 347 | 250 | 58 591009 | ||
ISP | 27 | 49 | 140 | 7 9232 | ||
non-commercial | 33 | 89 | 68 | 11 5206 | ||
not stated | 5 | 16 | 1 | 2 | 2 | 26 |
other | 15 | 136 | 29 | 11 26217 | ||
registrar-registry | 32 | 42 | 34 | 11 8127 | ||
Total | 576 | 1235 | 793 | 135 1652904 |
Question 6 (%) | Privacy | Intellectual Property | Technical | No opinion | Other |
commercial | 16% | 52% | 25% | 3% | 5% |
governmental | 11% | 37% | 37% | 3% | 11% |
individual | 29% | 34% | 25% | 6% | 6% |
29/88 nc-whois / Bucharest meetings DRAFT whois-final-06.doc
ISP | 12% | 21% | 60% | 3% | 4% |
non-commercial | 16% | 43% | 33% | 5% | 2% |
not stated | 19% | 62% | 4% | 8% | 8% |
other | 7% | 63% | 13% | 5% | 12% |
registrar-registry | 25% | 33% | 27% | 9% | 6% |
Min | 7% | 21% | 4% | 3% | 2% |
Max | 29% | 63% | 60% | 9% | 12% |
A plurality of respondents (43% of the total) agreed that they were “most concerned about effective identification of who is behind a specific domain for consumer protection or intellectual property protection purposes.” This was the leading choice among all categories of respondents, except among ISPs, 60% of whom felt that “ensuring that Whois supports the resolution of technical problems on the Internet” was the most important concern, and among governmental respondents, for whom the technical problems response tied with the effective identification response. “Protecting the privacy of domain name registrants” was not identified as the main concern of any group of respondents, and was chosen less often than “effective identification” by every group, although among respondents who identified themselves as individuals the privacy concern (29%) placed a close second to effective identification (34%). Overall, about 6% of respondents rejected the three choices and identified an “other” “main concern” regarding Whois data; these responses have not yet been comprehensively reviewed. Some of these respondents reiterated concerns about the fact that a domain name registrant must be accurately represented (need for effective identification). Some also noted the need to see whether a domain has been moved or abandoned. Others cited consumer protection.
Question 7
Question 7 asked whether respondents had been harmed or inconvenienced by inaccurate, incomplete, or out of date Whois data. 44% of respondents said they had experienced this and 56% had not.
Question 7 | yes | no | Total | % yes | % no |
commercial | 513 516 | 1029 | 50% | 50% | |
governmental | 12 18 | 30 | 40% | 60% | |
individual | 317 674 | 991 | 32% | 68% | |
ISP | 134 98232 | 58% | 42% |
30/88 nc-whois / Bucharest meetings DRAFT whois-final-06.doc
non-commercial | 94 108 | 202 | 47% | 53% | |
not stated | 12 | 15 | 27 | 44% | 56% |
other | 118 93211 | 56% | 44% | ||
registrar-registry | 67 59 | 126 | 53% | 47% | |
Min | 32% | 42% | |||
Max | 58% | 68% | |||
Total | 1267 15812848 | 44% | 56% |
Question 7 | # < 5% | # [5%, 25%] | # [25%, 50%] | # > 50% | Total |
commercial | 529 | 262 | 82 | 53 | 926 |
governmental | 14 | 7 | 1 | 1 | 23 |
individual | 553 | 166 | 54 | 44 | 817 |
ISP | 128 | 71 | 15 | 5 | 219 |
non-commercial | 100 | 58 | 13 | 6 | 177 |
not stated | 15 | 5 | 3 | 3 | 26 |
other | 99 | 68 | 21 | 11 | 199 |
registrar-registry | 57 | 33 | 13 | 10 | 113 |
Total | 1495 | 670 | 202 | 133 | 2500 |
Question 7 (%) | % < 5% | % [5%, 25%] | % [25%, 50%] | % > 50% |
commercial | 57% | 28% | 9% | 6% |
governmental | 61% | 30% | 4% | 4% |
individual | 68% | 20% | 7% | 5% |
ISP | 58% | 32% | 7% | 2% |
non-commercial | 56% | 33% | 7% | 3% |
not stated | 58% | 19% | 12% | 12% |
other | 50% | 34% | 11% | 6% |
registrar-registry | 50% | 29% | 12% | 9% |
Min | 50% | 19% | 4% | 2% |
Max | 68% | 34% | 12% | 12% |
Total | 60% | 27% | 8% | 5% |
Similarly, more than half of the respondents thought that less than 5% of the Whois records they had relied upon had been inaccurate, while 27% estimated inaccurate records to be in the 5-25% range, and about 8% thought that more than one-quarter of the records were inaccurate. Individual respondents were most likely to report very low estimates (68% in this category chose "under 5%"), while registrars/registries were most likely to report the highest estimates (21% of these respondents thought that 25% or more of the records were inaccurate). In the free text responses, respondents were asked to describe the harm or inconvenience caused by the inaccurate data and to state how they thought an improvement in accuracy might best be achieved.
Description of harm: respondents underlined they had been harmed by the inability to contact the registrants and the service provider of a web site (and to send complaints), the difficulty to trace spammers or the operator of a pornographic site. More generally they stressed the difficulty to trace infringers. They also noted the difficulty to update records, and the time and cost required to find the right company and to conduct investigations.
How to improve: Many respondents underlined that registrars should make efforts to correct and update data regularly or more often (periodic update, update on an annual basis…). Among the categories identified in our analysis, this was the single most common suggestion from every category of respondent. Other respondents underlined the need to standardize and centralize the information. They also proposed to provide an online form to facilitate updates or to check data via automated tools. Some respondents proposed to cancel the domain name if the data registered is inaccurate, or to suspend the domain name information until it is accurate. One respondent specifically referred to the need to enforce the RAA. Few noted that registrants check the accuracy of their contact on the “whois” list.
Question 8
Question 8 | Adequate | Inadequate | Unnec. | Total | %adequate | %inadeq. | %unnec. |
commercial | 770 | 146 | 129 | 1045 | 74% | 14% | 12% |
governmental | 27 | 5 | 3 | 35 | 77% | 14% | 9% |
individual | 663 | 74 | 254 | 991 | 67% | 7% | 26% |
ISP | 196 | 19 | 18 | 233 | 84% | 8% | 8% |
non-commercial | 142 | 32 | 28 | 202 | 70% | 16% | 14% |
not stated | 24 | 3 | 27 | 89% | 11% | 0% | |
other | 155 | 38 | 22 | 215 | 72% | 18% | 10% |
registrar-registry | 99 | 11 | 18 | 128 | 77% | 9% | 14% |
Min | 67% | 7% | 0% | ||||
Max | 89% | 18% | 26% | ||||
Total | 2076 | 328 | 472 | 2876 | 72% | 11% | 16% |
This question listed the data elements currently provided by Whois with regard to registrations in .com, .net and .org, and asked whether respondents considered these adequate, inadequate, or unnecessary for their purposes. A strong majority of respondents in every category (ranging from 67% to 89%) stated that the current list of data elements is adequate. Overall, about 11% of respondents thought that additional data elements should be provided in Whois, while approximately 16% considered some of the elements unnecessary. This data strongly suggests an overall high level of satisfaction among these respondents that Whois in the original gTLD environment collects and makes available the right kinds of data. The level of satisfaction did vary somewhat across categories, however, with 16% of non-commercial respondents believing that more data elements should be included, while 26% of individual respondents thought some data elements were unnecessary.
Questions 8.1 and 8.2 invited respondents to identify specific data elements they would like to see added to, or subtracted from, those currently made available to the public in Whois. Not surprisingly, most of those who responded in these free text responses noted the need for phone number, fax number, email address, some combination of these elements or all of those elements. Some noted the need to access contact information for reporting unlawful activities, and to obtain information on the last active contact with the registrar. Few asked information on for sale availability of domain name. Among those who wanted existing data elements suppressed, the largest number in most categories of respondents cited telephone and fax number and postal address.
Question 9
Building on the general attitudes expressed in response to question 8, this question sought to elicit more specific answers about the perceived value of each specific data element within the com/net/org Whois. Respondents were asked to label each data element as essential, desirable, or valueless.
Question 9A | |||||||
Name of the SLD | desirable | essential | valueless | Total | % des. | % ess. | % val.-less |
commercial | 211 | 773 | 50 | 1034 | 20% | 75% | 5% |
governmental | 8 | 26 | 34 | 24% | 76% | 0% | |
individual | 258 | 696 | 40 | 994 | 26% | 70% | 4% |
33/88 nc-whois / Bucharest meetings DRAFT whois-final-06.doc
87% | 2% | ||||||||||||
non-commercial | 44 | 149 | 9 | 202 | 22% | 74% | 4% | ||||||
not stated | 5 | 22 | 1 | 28 | 18% | 79% | 4% | ||||||
other | 50 | 154 | 7 | 211 | 24% | 73% | 3% | ||||||
21 | 101 | 4 | 126 | 17% | 80% | 3% | |||||||
Min | 11% | 70% | 0% | ||||||||||
Max | 26% | 87% | 5% |
Question 9B | |||||||
Nameserver addr. | desirable | essential | valueless | Total | % des. | % ess. | % val.-less |
commercial | 331 | 628 | 76 | 1035 | 32% | 61% | 7% |
governmental | 8 | 25 | 2 | 35 | 23% | 71% | 6% |
individual | 284 | 614 | 90 | 988 | 29% | 62% | 9% |
ISP | 43 | 179 | 12 | 234 | 18% | 76% | 5% |
non-commercial | 53 | 134 | 14 | 201 | 26% | 67% | 7% |
not stated | 9 | 19 | 28 | 32% | 68% | 0% | |
other | 80 | 117 | 17 | 214 | 37% | 55% | 8% |
registrar-registry | 29 | 87 | 12 | 128 | 23% | 68% | 9% |
Min | 18% | 55% | 0% | ||||
Max | 37% | 76% | 9% |
Question 9C | |||||||
Dom.names of NS | desirable | essential | valueless | Total | % des. | % ess. | % val.-less |
commercial | 400 | 559 | 80 | 1039 | 38% | 54% | 8% |
governmental | 12 | 20 | 2 | 34 | 35% | 59% | 6% |
individual | 384 | 514 | 92 | 990 | 39% | 52% | 9% |
ISP | 78 | 144 | 12 | 234 | 33% | 62% | 5% |
non-commercial | 79 | 113 | 9 | 201 | 39% | 56% | 4% |
not stated | 4 | 22 | 1 | 27 | 15% | 81% | 4% |
other | 80 | 115 | 19 | 214 | 37% | 54% | 9% |
registrar-registry | 34 | 87 | 7 | 128 | 27% | 68% | 5% |
Min | 15% | 52% | 4% | ||||
Max | 39% | 81% | 9% |
Question 9D | |||||||
Registrar | desirable essential | valueless | Total | % des. | % ess. | % val.-less | |
commercial | 197 | 768 | 72 | 1037 | 19% | 74% | 7% |
governmental | 6 | 27 | 2 | 35 | 17% | 77% | 6% |
individual | 285 | 593 | 118 | 996 | 29% | 60% | 12% |
ISP | 43 | 172 | 18 | 233 | 18% | 74% | 8% |
ISP | 25 | ||
5 | 233 | 11% |
203
registrar-registry
34/88 nc-whois / Bucharest meetings DRAFT whois-final-06.doc
non-commercial | 50 | 139 | 12 | 201 | 25% | 69% | 6% |
not stated | 5 | 22 | 27 | 19% | 81% | 0% | |
other | 41 | 165 | 7 | 213 | 19% | 77% | 3% |
registrar-registry | 28 | 93 | 7 | 128 | 22% | 73% | 5% |
Min | 17% | 60% | 0% | ||||
Max | 29% | 81% | 12% |
Question 9E | |||||||
Date of registration | desirable | essential | valueless | Total | % des. | % ess. | % val.-less |
commercial | 340 | 619 | 77 | 1036 | 33% | 60% | 7% |
governmental | 16 | 15 | 4 | 35 | 46% | 43% | 11% |
individual | 476 | 390 | 123 | 989 | 48% | 39% | 12% |
ISP | 92 | 117 | 23 | 232 | 40% | 50% | 10% |
non-commercial | 90 | 96 | 16 | 202 | 45% | 48% | 8% |
not stated | 6 | 21 | 1 | 28 | 21% | 75% | 4% |
other | 74 | 128 | 12 | 214 | 35% | 60% | 6% |
registrar-registry | 44 | 71 | 12 | 127 | 35% | 56% | 9% |
Min | 21% | 39% | 4% | ||||
Max | 48% | 75% | 12% |
Question 9F | |||||||
Date of expiration | desirable | essential | valueless | Total | % des. | % ess. | % val.-less |
commercial | 267 | 680 | 87 | 1034 | 26% | 66% | 8% |
governmental | 16 | 14 | 5 | 35 | 46% | 40% | 14% |
individual | 388 | 470 | 135 | 993 | 39% | 47% | 14% |
ISP | 77 | 134 | 21 | 232 | 33% | 58% | 9% |
non-commercial | 76 | 103 | 23 | 202 | 38% | 51% | 11% |
not stated | 10 | 17 | 1 | 28 | 36% | 61% | 4% |
other | 74 | 121 | 19 | 214 | 35% | 57% | 9% |
registrar-registry | 33 | 82 | 13 | 128 | 26% | 64% | 10% |
Min | 26% | 40% | 4% | ||||
Max | 46% | 66% | 14% |
Question 9G | |||||||
Registrant | desirable essential | valueless | Total | % des. | % ess. | % val.-less | |
commercial | 219 | 700 | 116 | 1035 | 21% | 68% | 11% |
governmental | 10 | 23 | 2 | 35 | 29% | 66% | 6% |
individual | 275 | 455 | 266 | 996 | 28% | 46% | 27% |
ISP | 71 | 144 | 18 | 233 | 30% | 62% | 8% |
non-commercial | 43 | 134 | 26 | 203 | 21% | 66% | 13% |
35/88 nc-whois / Bucharest meetings DRAFT whois-final-06.doc
not stated | 4 | 21 | 3 | 28 | 14% | 75% | 11% |
other | 36 | 160 | 18 | 214 | 17% | 75% | 8% |
registrar-registry | 31 | 77 | 18 | 126 | 25% | 61% | 14% |
Min | 14% | 46% | 6% | ||||
Max | 30% | 75% | 27% |
Question 9H | |||||||
Tech-C | desirable essential | valueless | Total | % des. | % ess. | % val.-less | |
commercial | 286 | 623 | 123 | 1032 | 28% | 60% | 12% |
governmental | 7 | 25 | 3 | 35 | 20% | 71% | 9% |
individual | 327 | 488 | 181 | 996 | 33% | 49% | 18% |
ISP | 43 | 174 | 14 | 231 | 19% | 75% | 6% |
non-commercial | 56 | 124 | 24 | 204 | 27% | 61% | 12% |
not stated | 8 | 17 | 3 | 28 | 29% | 61% | 11% |
other | 67 | 131 | 14 | 212 | 32% | 62% | 7% |
registrar-registry | 43 | 71 | 12 | 126 | 34% | 56% | 10% |
Min | 19% | 49% | 6% | ||||
Max | 34% | 75% | 18% |
Question 9I | |||||||
Adm-C | desirable | essential | valueless | Total | % des. | % ess. | % val.-less |
commercial | 283 | 621 | 125 | 1029 | 28% | 60% | 12% |
governmental | 11 | 21 | 3 | 35 | 31% | 60% | 9% |
individual | 336 | 433 | 222 | 991 | 34% | 44% | 22% |
ISP | 60 | 149 | 23 | 232 | 26% | 64% | 10% |
non-commercial | 68 | 112 | 24 | 204 | 33% | 55% | 12% |
not stated | 11 | 17 | 1 | 29 | 38% | 59% | 3% |
other | 61 | 141 | 12 | 214 | 29% | 66% | 6% |
registrar-registry | 32 | 78 | 17 | 127 | 25% | 61% | 13% |
Min | 25% | 44% | 3% | ||||
Max | 38% | 66% | 22% |
Not surprisingly in the light of the responses to question 8, more than half of the respondents found each individual data element now in the com/net/org whois to be essential. Across all categories and data elements, more than 70% of respondents selected either "essential" or "desirable". The largest portion of "valueless" responses to any part of this question was 27%, by individual respondents with regards to the registrant’s name and address. 22% of individual respondents also found the administrative contact’s name and address "valueless", 18% gave this answer with respect to the technical contact’s name and address. The clear trend of satisfaction among respondents with the information currently provided to the public by Whois is evident in the responses to question 9 as well as 8.