Preliminary Task Force Report on the Purpose of Whois and of the Whois Contacts

Last Updated: 04 September 2009
Date: 
18 January 2006

Preliminary
task force report on the purpose of Whois and of the Whois contacts


18 January, 2006


1 Introduction & background

This
document is the Preliminary Task Force Report on the Purpose of Whois
and of the Whois Contacts. The report was produced by the Whois Task
Force of the GNSO, and published following a unanimous task force
vote on publication for public comments on 18 January, 2006. The
report comprises the task force's work on tasks 1 and 2 of its
terms of reference. On 2nd June, 2005, the GNSO Council
agreed terms of reference
(http://gnso.icann.org/policies/terms-of-reference.html
) for the Whois Task force. These terms of reference required the
Whois Task Force to complete the following tasks regarding the
purpose of Whois:

(1)
Define the purpose of the WHOIS service in the context of ICANN's
mission and relevant core values, international and national laws
protecting privacy of natural persons, international and national
laws that relate specifically to the WHOIS service, and the changing
nature of Registered Name Holders.

(2)
Define the purpose of the Registered Name Holder, technical, and
administrative contacts, in the context of the purpose of WHOIS, and
the purpose for which the data was collected. Use the relevant
definitions from Exhibit
C of the Transfers Task force report
(http://www.icann.org/gnso/transfers-tf/report-exh
c-12feb03.htm
)
as a starting point:


"Contact:
Contacts are individuals or entities associated with domain name
records. Typically, third parties with specific inquiries or concerns
will use contact records to determine who should act upon specific
issues related to a domain name record. There are typically three of
these contact types associated with a domain name record,
the

Administrative contact, the Billing contact and the Technical
contact.

Contact,
Administrative: The administrative contact is an individual,
role or organization authorized to interact with the Registry or
Registrar on behalf of the Domain Holder. The administrative contact
should be able to answer non-technical questions about the domain
name's registration and the Domain Holder. In all cases, the
Administrative Contact is viewed as the authoritative point of
contact for the domain name, second only to the Domain Holder.

Contact,
Billing
: The billing contact is the individual, role or
organization designated to receive the invoice for domain name
registration and re-registration fees.

Contact,
Technical
: The technical contact is the individual, role or
organization that is responsible for the technical operations of the
delegated zone. This contact likely maintains the domain name
server(s) for the domain. The technical contact should be able to
answer technical questions about the domain name, the delegated zone
and work with technically oriented people in other zones to solve
technical problems that affect the domain name and/or zone.



Domain
Holder
: The individual or organization that registers a specific
domain name. This individual or organization holds the right to use
that specific domain name for a specified period of time, provided
certain conditions are met and the registration fees are paid. This
person or organization is the "legal entity" bound by the
terms of the relevant service agreement with the Registry operator
for the TLD in question."

The
Whois Task Force has worked steadily since June 2005, and has now
produced two working formulations of the purpose of Whois. These
formulations were presented by the task force chair, Jordyn Buchanan,
at the GNSO Public Forum during the ICANN Vancouver meeting in
December 2005. (An excerpt of the public forum summary is reproduced
in section 4 of this document, below.) Jordyn Buchanan invited public
comments on the two draft formulations of the purpose of Whois in
section 2, below.

The
constituency statements included in this report present the
constituencies' positions on the broad issues of the purpose of
Whois and the Whois contacts and do not include specific comments on
the formulations 1 and 2. They provide important background
information that supplements the two formulations. The formulations
were developed by considering the positions advocated by each of the
constituency statements and creating text that seems to be generally
consistent with several of those statements.

Public comments are invited particularly
on the two formulations of the purpose of Whois in section 2.
Commenters are encouraged to explain the use cases of the
formulations where appropriate, e.g. by giving practical examples and
explaining how the differences between the two definitions may affect
those practical examples. Following the public comment period on
this preliminary task force report, the Whois Task Force will
consider the public comments received and prepare a final task force
report for submission to the GNSO Council.


2 Formulations of the definition of the purpose of Whois

Task 1 of
the task force terms of reference requires the Whois Task Force to
define the purpose of Whois. Defining the purpose is important as it
will guide work on the other work items in the terms of reference.
The purpose of Whois — when defined — will have a significant
impact in determining the operation of Whois.

The Whois
Task Force worked on developing definitions of the purpose of Whois
from July to November, 2005. Beginning from a list of the current
uses of Whois, the task force paid particular attention to the uses
and purpose of Whois in relation to solving problems. The task force
discussed the difference between use and purpose, analysed the
technical and legal uses and purposes of Whois, and whether its
purpose relates to the domain name registration only or more broadly
to how the domain name is used.

The task
force has not been able to reach a consensus definition on the
purpose of Whois. Instead, the task force has produced two
formulations of the definition of the purpose of Whois. Public
comments on the formulations, along with specific examples and
illustrations of support or opposition, are invited to help reach a
decision on the definition of the purpose of Whois.

Formulation
1

"The
purpose of the gTLD Whois service is to provide information
sufficient to contact a responsible party for a particular gTLD
domain name who can resolve, or reliably pass on data to a party who
can resolve, issues related to the configuration of the
records associated with the domain name within a DNS nameserver."

Formulation
1 is supported by the representatives of the following
constituencies:

  • Registrar
    Constituency

  • Registry
    Constituency

  • NonCommercial
    Users Constituency.

These
representatives support Formulation 1 because they believe it is
consistent with the narrow technical mission of ICANN, ICANN's Core
Values1
(particularly 1-3) and national data protection laws worldwide.

The
core values cited in support of Formulation #1 are:

  1. Preserving
    and enhancing the operational stability, reliability, security, and
    global interoperability of the Internet.

  1. Respecting
    the creativity, innovation, and flow of information made possible by
    the Internet by limiting ICANN's activities to those matters within
    ICANN's mission requiring or significantly benefiting from global
    coordination.

  1. To
    the extent feasible and appropriate, delegating coordination
    functions to or recognizing the policy role of other responsible
    entities that reflect the interests of affected parties.


Formulation 2

"The
purpose of the gTLD Whois service is to provide information
sufficient to contact a responsible party or parties for a particular
gTLD domain name who can resolve, or reliably pass on data to a party
who can resolve, technical, legal or other issues related to the
registration or use of a domain name."

Formulation
2 is supported by representatives of the following constituencies:

  • Intellectual
    Property Constituency

  • Internet
    Service Providers and Connectivity Providers Constituency

  • Commercial
    and Business Users Constituency

These
representatives support Formulation 2 because they believe it is most
consistent with the history of Whois and follows its growth and
expansion as a means of communication - in both number of users and
importance - of the Internet. They also believe that Formulation 2
is most consistent with the actual uses of Whois to help resolve
issues broadly related to how the domain name is used, and that it is
consistent with ICANN's Mission and Core Values

Common
ground and differences between formulations 1 and 2

These
two formulations are similar in a number of respects. Both
formulations indicate that the purpose of the Whois service is to
display contact information for domain names, and that the contact
information displayed by the services should be capable of resolving
issues relating to the domain name, or of passing on information to
someone who can. The principal differences between the two
formulations is that Formulation 2 describes a broader range of
issues that the service is intended to address.

The
text of the two formulations is compared in the following version,
which uses square brackets to show the differences between
Formulation 1 and Formulation 2:

The
purpose of the gTLD Whois service is to provide information
sufficient to contact [a] or [the] responsible [party] or

[parties] for a particular gTLD domain name who can resolve, or
reliably pass on data to a party who can resolve [issues related
to the configuration of the records associated with the domain
name within a DNS nameserver] or [technical, legal or other
issues related to the registration or use of a domain name]."


3 Constituency statements


3 (a) Commercial and Business Users Constituency

Background

Constituencies
have been invited to provide input on the Whois Task Force Terms of
Reference Items 1 (Purpose) and 2 (Purpose of WHOIS contacts). This
statement has been prepared in accordance with the GNSO policy
development process criteria for "Constituency Statements". (see
annex).

Related
Documents:

  • Call for constituency statements on
    Tasks 1&2 of Whois Task Force Terms of

Reference,
http://forum.icann.org/lists/gnso-dow123/msg00416.html.
p>

1. Purpose of Whois

  • The Internet has evolved from its
    early days of technical experimentation and has become

a key medium for commerce and a rich
source of information and resources for users.  The purpose of
the Whois database as the primary resource of contact information
must therefore reflect this evolution.

  • ICANN's responsibility for stability
    and security are highly relevant to an accurate Whois.

  • The Registrar Accreditation Agreements
    (RAA) maintained by ICANN require, as a pre-

requisite to the registration of a
domain name, the inclusion of the administrative, technical and
contact details into a publicly accessible Whois database.  The
RAA also mandates that registrants receive notification of the public
accessibility of this information.

  • The BC supports having clear and easy
    to find "notice" of both the collection and the

display of data.

  • The BC also notes that registrants are
    able to use agents as contact points should

anonymous registration be desired. In
any case, the correct data should be collected, and maintained by the
agent, for provision upon legitimate request.

With
the above in mind, the BC proposes the following purpose of the Whois
database:

A database of contact information
sufficient to contact the registrant or their agent(s) to enable the
prompt resolution of technical, legal and other matters relating to
the registrant's registration and use of its domain name.

Effect
on the Constituency, including financial impact

      • BC
        members rely on accurate WHOIS data to engage in a number of
        important actions, including: verification of who holds a
        particular name; trademark/domain name portfolio management;
        contacting a registrant due to network or phishing attacks
        originating from a particular domain; engaging in trademark
        protection, cooperation with law enforcement and consumer
        protection authorities when investigation of illegal activity in a
        domain; contacting a registrant to make an offer to purchase an
        existing registration, etc.

      • The
        BC believes that this policy will have a positive impact on the
        Constituency, and will help to limit the costs to business users.
        We do not believe that there is any cost associated with this
        policy since it is essentially maintaining the status quo.

Analysis of the period of time that
would likely be necessary to implement the policy.

  • Little time would be needed for
    implementation, since this is essentially the status quo.

2. Purpose of Whois
contacts

The
BC believes there is a need to clarify the information that should be
provided in the three categories defined in the Transfers Policy and
to use consistency of terminology.

Terminology

The
Transfers policy uses the term "domain holder" in place of
"Registered Name Holder". The BC recommends that these two
terms are treated as interchangeable with each other.

a.
Registered Name Holder

The
Registered Name Holder is the registrant and thus responsible for the
domain name registration generally, including for canceling or
transferring a name. This individual's or the organisation's name
and contact should be provided in this category.

b.
Technical Contact

The
technical contact is responsible for responding to inquiries related
to the technical functioning of the web site and to deal with any
technical problems. An individual competent to respond to those kinds
of inquiries should be provided in this category.

(If
a registrant chooses to use their ISP or other third party as the
technical contact, that changes in no way the need for accurate data
for the Registered Name Holder).

  1. Administrative Contact

The
Administrative Contact may be responsible for dealing with the
content on the web site and is responsible to the registered name
holder, unless they are the same person. The BC supports the
definition in the Transfers policy:

The
Administrative Contact is: "an individual, role, or organization
authorized to interact with the Registry or Registrar on behalf of
the Domain Holder. The administrative contact should be able to
answer non-technical questions about the domain name's registration
and the Domain Holder. In all cases, the Administrative Contact is
viewed as the authoritative point of contact for the domain name,
second only to the Domain Holder."

Note:
the holder, technical and administrative contacts may be one and the
same.

Effect
on the Constituency, including financial impact

  • This policy will have a positive impact
    on the BC and more broadly for all Internet users who need to check
    Whois data for policing domain names, deal with network problems and
    phishing attacks; check out a web site to see with whom they are
    doing business, or where their children are finding information,
    etc. by enhancing the accuracy and usability of the Whois database.

  • There
    should be no financial impact on the constituency as a result of
    this policy. It is possible that there may be minimal costs to the
    Registrars if they are not fully complying with the present RAA. Any
    costs would be related to the provision, in automated form, of
    descriptive information of what is recommended to fill each separate
    category.

Analysis
of the period of time that would likely be necessary to implement the
policy.

  • An implementation working group, to
    include representation from the user constituencies, but largely to
    include Registrars, should be established. The implementation time
    frame should be short.

3.
Outreach process

GNSO
policy development process section 7.d.:

1.
Constituency Statements.
The Representatives will each be
responsible for soliciting the position of their constituencies, at a
minimum, and other comments as each Representative deems appropriate,
regarding the issue under consideration. This position and other
comments, as applicable, should be submitted in a formal statement to
the task force chair (each, a "Constituency Statement")
within thirty-five (35) calendar days after initiation of the PDP.
Every Constituency Statement shall include at least the following:

(i)
If a Supermajority Vote was reached, a clear statement of the
constituency's position on the issue;

(ii)
If a Supermajority Vote was not reached, a clear statement of all
positions espoused by constituency members;

(iii)
A clear statement of how the constituency arrived at its position(s).
Specifically, the statement should detail specific constituency
meetings, teleconferences, or other means of deliberating an issue,
and a list of all members who participated or otherwise submitted
their views;

(iv)
An analysis of how the issue would affect the constituency, including
any financial impact on the constituency; and

(v)
An analysis of the period of time that would likely be necessary to
implement the policy.

With
respect to (i) (ii) (iii) the BC approval process allows for a 14
day comment period for a position to be adopted combined where
appropriate with meetings and member calls.

Statement
on Purpose

  • The BC members were notified of the new
    terms of reference for the combined Task

Force on 19 May 2005

  • The TF reps prepared a draft purpose
    statement and posted it to the Constituency on 19

July 2005.

  • The statement and the issues were
    discussed at the Luxembourg meeting 11 July 2005.

  • A conference call was held on 26 July
    2005

  • The draft statement on Purpose was
    posted to the BC list on 2 August 2005 and adopted

after a 14 day period.

Statement
on Purpose of Contacts

  • The BC members were notified of new
    terms of reference for the combined Task Force

on 19 May 2005

  • The forthcoming draft statement on
    Purpose of Contacts was discussed at the

Luxembourg meeting 11 July 2005.

  • BC members were asked to participate in
    a Contacts survey on 22 July 2005

  • A conference call was held on 26 July
    2005.

  • The draft statement on Purpose of
    Contacts was posted to the BC list on 2 August 2005

and adopted after a 14 day period.

3
(b) Statement of the Noncommercial Users Constituency

1. Purpose of Whois

Task
1 asks us to "Define the purpose of the WHOIS service in the
context of ICANN's mission and relevant core values, international
and national laws protecting privacy of natural persons,
international and national laws that relate specifically to the WHOIS
service, and the changing nature of Registered Name Holders."

The
importance of defining "purpose":

Regarding
international and national privacy laws, NCUC notes that it is
well-established in data protection law that the purpose of data and
data collection processes must be well-defined before policies
regarding data collection, use and access can be established. The
need for an explicit, well-defined purpose is meant to protect data
subjects from abuse by either the data collectors or third parties
using the data. A definition of purpose is intended to impose strict
constraints on the collection and use of contact data. A specified
purpose determines what data elements should be collected, and
therefore actively prevents collection of any data that is not
clearly necessary for that purpose.

Furthermore,
a defined purpose helps to ensure that data is used only for the
specified purposes, preventing uses that are different from or
incompatible with the purpose giving rise to their collection.
Finally, sound data protection principles hold that data subjects
must be informed of the purpose for which the Data is intended and
whether and under what conditions the Data is likely to be passed to
a third party.

WHOIS
and ICANN's mission and core values

Regarding
ICANN's mission and relevant core values, we note that ICANN's
mission is primarily technical: "to coordinate, at the overall
level, the global Internet's systems of unique identifiers, and in
particular to ensure the stable and secure operation of the
Internet's unique identifier systems." In enumerating ICANN's
core values, we find that the first three are most relevant to a
discussion of WHOIS and its purpose:

1.
Preserving and enhancing the operational stability, reliability,
security, and global interoperability of the Internet.

2.
Respecting the creativity, innovation, and flow of information made
possible by the Internet by limiting ICANN's activities to those
matters within ICANN's mission requiring or significantly benefiting
from global coordination.

3.
To the extent feasible and appropriate, delegating coordination
functions to or recognizing the policy role of other responsible
entities that reflect the interests of affected parties

The
original purpose of the WHOIS protocol, when the Internet was an
experimental network, was the identification of and provision of
contact information for domain administrators for purposes of solving
technical problems. This original purpose is consistent with the
plain language of ICANN's current mission and is further supported by
core value #1, which addresses exclusively technical values such as
stability, reliability, security and interoperability.

Vinton
G. Cerf, speaking at the "Freedom 2.0" conference held in
Washington DC in May 2004 confirmed directly that the original
purpose of WHOIS was indeed purely technical.**

Further,
Core Value #3 expressly recognizes the "policy role" of
"other responsible entities." Nowhere is this policy role
clearer than in the steps governments have taken to protect the
personal data of their citizens. It is incumbent on ICANN to limit
its role in the collection, use and especially disclosure of data to
only that needed for technical and operational tasks. The rest is
rightly governed by sovereign law.

We
further note that Core Values #2 and #3 **(respecting creativity and
recognizing the policy role of other responsible entities,
respectively), in spirit and language mandate that ICANN must limit
its activities to a minimal set of areas requiring global technical
coordination. Thus, although WHOIS data may be useful for a broad
variety of purposes, uses and users, ICANN's core values require that
it not embrace those purposes and activities just because it can, or
because interested parties find it convenient. ICANN must limit its
activities to matters within its mission and recognize and defer to
the policy role of other responsible entities.

Proposed
definition of purpose

NCUC
proposes the following definition of purpose for the WHOIS service:

The
purpose of the WHOIS is to provide to third parties an accurate and
authoritative link between a domain name and a responsible party who
can either act to resolve, or reliably pass information to those who
can resolve, technical problems associated with or caused by the
domain.

By
"technical problems" we mean problems affecting the
operational stability, reliability, security, and global
interoperability of the Internet.

Excluded
or invalid purposes

It
is important to also identify purposes that are inconsistent with
ICANN's stated mission and core values.

First,
WHOIS is not designed to be a global data mining operation with
completely unlimited access to all registrant data by any Internet
user for any purpose, including marketing.

Second,
the purpose of WHOIS data is not to facilitate legal or other kinds
of retribution by those interested in pursuing companies and
individuals who criticize and compete against them. Companies with
allegations against domain name registrants can seek subpoenas of
specific subscriber records through Internet service providers, or
learn about a domain name registrant's identity information through
requested subpoenas of registrar records.

Third,
the purpose of WHOIS is not to expand the surveillance powers given
to law enforcement under law, or to bypass the protections and
limitations imposed by sovereign governments to prevent the abuse and
misuse of personal data, even by law enforcement. Law enforcement
agencies can subpoena specific subscriber records through Internet
service providers, or learn about a domain name registrant's identity
information through subpoenas of registrar records. It is not for
ICANN to preempt or undervalue the due process protections set up by
national government who must balance not only legitimate law
enforcement needs, but also officers operating "ultra vires"
and outside of their authority and law enforcement officers operating
for other countries which do not share the same laws and values of
the registrant's country.

Conclusion
of NCUC statement on purpose of WHOIS

Overall,
the published WHOIS data should serve only the original purpose of
the database and the powers of ICANN - technical. Additional access
to information about the domain name registrant, including the names
and address of those using their domain names to post valuable and
controversial political and social messages and critiques, should be
handled pursuant to the well thought out national laws that exist in
every other area of telecommunications (e.g., telephone, cable, and
Internet Service Provider data).

2. Purpose of Whois
contacts

Task
2 asks us to "(2) Define the purpose of the Registered Name
Holder, technical, and administrative contacts, in the context of the
purpose of WHOIS, and the purpose for which the data was collected.
Use the relevant definitions from Exhibit C of the Transfers Task
Force Report as a starting point
(http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm).




The NCUC believes that once we have selected a purpose for
our database, data protection laws require us to closely examine
whether the information we collect meets the goals we have set out —
and make adjustments accordingly. These comments discuss the Contact
data currently collected for WHOIS and the personal nature of much of
it.  They raise the question whether this data should be
collected at all for WHOIS purposes.



I. Data protection
laws require limited collection of personal data


In its 2003
Opinion, the Article 29 Data Protection Working Party of European
Union Data Protection Commissions urged ICANN to closely examine the
personal data it collects for WHOIS.  The Commissioners warned: 




"Article 6c of the Directive imposes clear limitations
concerning the collection and processing of personal data meaning
that data should be relevant and not excessive for the specific
purpose.  In that light it is essential to limit the amount of
personal data to be collected and processed." 



Opinion
2/2003 on the application of the data protection principles to the
Whois
directories

http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2003/wp76...
(emphasis added). 



The Data Protection Commissioners'
concern over collection of WHOIS data is grounded in the clear
language of the EU Data Protection Directive and its Article 6 
"Principles Relating to Data Quality" which clearly sets limits
on the collection of personal data: 



"Member States
shall provide that personal data must be:

(a) processed fairly and
lawfully;

(b) collected for specified, explicit and legitimate
purposes and not further  processed in a way incompatible with
those purposes. ***

(c) adequate, relevant and not excessive in
relation to the purposes for which they are collected and/or further
processed;"



Directive 95/46/EC of the European Parliament
and of the Council of 24 October 1995 on the protection of
individuals with regard to the processing of personal data and on the
free movement of such data,
http://europa.eu.int/comm/justice_home/fsj/privacy/law/index_en.htm.



The
Canadian Personal Information Protection and Electronics Document Act
also sets limits on the collection of personal data:  



"The purpose of this Part is to establish, in an era in
which technology increasingly facilitates the circulation and
exchange of information, rules to govern the collection, use and
disclosure of personal information in a manner that recognizes the
right of privacy of individuals with respect to their personal
information and the need of organizations to collect, use or disclose
personal information for purposes that a reasonable person would
consider appropriate in the circumstances." 




http://laws.justice.gc.ca/en/P-8.6/93196.html#rid-93228
[emphasis added].



Similarly, Australia's Privacy Principles
mandate:

"1.1 An organisation must not collect personal
information unless the information is necessary for one or more of
its functions or activities."


National Privacy Principles
(Extracted from the Privacy Amendment (Private Sector) Act 2000),
http://www.privacy.gov.au/publications/npps01.html.



Based on
these legal requirements, the NCUC submits that the WHOIS Task Force
must review the contact data currently collected, evaluate whether it
is personal, and determine whether it should continue to be collected
in keeping with the purpose of the WHOIS Database. 
Over-collection of personal data does not serve ICANN's mission nor
does it help registrars comply with the many existing laws that
protect registrant privacy worldwide. 



II. The
Purpose of the WHOIS Database


In our Task 1 comments, NCUC
submitted a clear definition of the purpose of the WHOIS
database:


"The purpose of the WHOIS is to provide to
third parties an accurate and authoritative link between a domain
name and a responsible party who can either act to resolve, or
reliably pass information to those who can resolve, technical
problems associated with or caused by the domain."
 

(Statement
of the NCUC on WHOIS Purpose, above)



As discussed in our
comments, this technical purpose is consistent with the original
purpose of the WHOIS, as set out by Vint Cerf and others, and within
the limited scope of ICANN's mission. 



III. 
Contact Data:  Definition?  Personal?  Fits Purpose of
WHOIS?

The GNSO Council asked us to examine the definitions
and purpose of the Technical Contact, Administrative Contact and
Registered Name Holder.  We do so in light of the legal
considerations set out above.



A. Technical Contact

The
Transfer Task Force defined technical contact as:

"the
individual, role or organization that is responsible for the
technical operations of the delegated zone. This contact likely
maintains the domain name server(s) for the domain. The technical
contact should be able to answer technical questions about the domain
name, the delegated zone and work with technically oriented people in
other zones to solve technical problems that affect the domain name
and/or zone."



The next step requires us to assess whether
Technical Contact data is personal and needs to be treated with
special care.  In our review with our Constituency, we found
that occasionally Technical Contact Data is the personal data of an
individual.  Increasingly, however, registrants entrust a
technical party to manage their domain name and expertly handle any
technical problems that arise — often an ISP, online service
provider, Registrar or web host provider.   Thus, for
individuals and small organizations, we found that the technical
contact field does not raise strong concerns regarding personal
data. 



Further, in assessing whether collection of
Technical Contact data fits within the purpose of ICANN and the WHOIS
database, we found that it does.  The Technical Contact is the
person designated to respond to exactly the set of technical problems
and issues at the heart of the WHOIS purpose.  Accordingly, NCUC
submits that Technical Contact data should be collected and
maintained for the WHOIS database.



B. Administrative
Contact


The Transfer Task Force defined administrative contact
as:

"an individual, role or organization authorized to interact
with the Registry or Registrar on behalf of the Domain Holder. The
administrative contact should be able to answer non-technical
questions about the domain name's registration and the Domain
Holder."

     

The next step
requires us to assess whether Administrative Contact data is personal
and needs to be treated with special care.  In our review, we
found that the Administrative Contact data OFTEN includes personal
data, especially for individuals and small organization leaders who
must list their own names, home addresses, personal (and often
unlisted) phone numbers and private email addresses for the
Administrative Contact field. 



This type of personal
data is exactly what the privacy laws of many regions and countries
set out to protect.  Its collection invokes major privacy
concerns for individuals and small organizations -- and draws the
formal protection of data protection laws in many countries in which
registrants live and registrars operate. 



Further, in
assessing whether collection of Administrative Contact data fits
within the purpose of ICANN and the WHOIS database, we found that it
does not.  By the Transfer TF definition, the Admin is
responsible for "non-technical questions" which range as far as
the imagination and generally are completely outside the scope of
ICANN:  Is the domain name for sale?  Is the woman
described on a website available for a date?  Can a stranger
meet the child shown in a family picture?  There are very good
reasons for the privacy protections and other national and local
protections to operate for the Administrative Contact.



Finally,
since the purpose of the WHOIS database is technical and the
Administrative Contact is expressly non-technical, NCUC submits that
this contact data should no longer be collected for the WHOIS
database. 



C. Registered Name Holder or "Domain
Holder"


The Transfer Task Force defined domain holder
as:

"The individual or organization that registers a specific
domain name. This individual or organization holds the right to use
that specific domain name for a specified period of time, provided
certain conditions are met and the registration fees are paid. This
person or organization is the 'legal entity' bound by the terms
of the relevant service agreement with the Registry operator for the
TLD in question."



Following this definition, we must
evaluate whether the registrant data is personal and should be
treated with special care.  Of all the contact data, we find the
Domain Holder to be the most personal.  This is the woman, the
family head, the Cub Scout leader, and other individuals and leaders
of small organizations who must list their personal names, home
addresses, private phone numbers and personal email addresses. 

Once published, this personal data is used for all the abuse and
misuse documented in the Task Force Uses report — from spamming to
stalking and harassment. 



This personal data is exactly
the type of data that data protection laws seek to protect. 
Article 29 Data Protection Commissioners now urge ICANN and our TF
that: 



"The registration of domain names by
individuals raises different legal considerations than that of
companies and other legal persons registering domain names" and 
"it is essential to limit the amount of personal data to be
collected and processed." Article 29 WG citation above.



The
collection of such personal data as a global ICANN WHOIS policy
serves no technical purpose.  Individual registrants rarely
answer technical questions about their domains or their abuse — and
would refer such questions (such as the hijacking of their domain
name by a spammer) to their technical contact instead.  
Accordingly, the collection of Domain Holder data serves little
purpose for the WHOIS database and should not be continued as a
global ICANN policy.



Conclusion

The best way to
protect millions of individual and small organizational domain name
registrants, and to comply with data protection laws worldwide, is
for ICANN to carefully review the contact data collected for the
WHOIS database and limit the data strictly to that necessary for its
technical purposes and mission.



Outreach statement

Months
ago, the NCUC TF representatives queried NCUC members regarding Whois
data and what they and their organizations place in the contact
fields.  The answers and discussion that ensued were
incorporated into this statement.  The NCUC TF representatives
then prepared this Contacts Statement.  It was posted to the
Constituency list on August 31, and subsequently adopted as the
official position of the Constituency.  


3 (c) Intellectual Property Constituency

This
statement responds to the request for constituency input on the Whois
Task Force Terms of Reference Items 1 (purpose of Whois) and 2
(purpose of Whois contacts). See Call for constituency
statements on Tasks 1&2 of Whois Task Force Terms of Reference,
at http://forum.icann.org/lists/gnso-dow123/msg00416.html
a>
.
The Terms of Reference may be found at
http://gnso.icann.org/policies/terms-of-reference.html.
Pursuant to requirements of the GSNO policy development process,
outlined by the ICANN bylaws, see Annex A, Sec. 7(d), available at
http://www.icann.org/general/archive-bylaws/bylaws-19apr04.htm,
the IPC came to the following conclusion.

1. Purpose of Whois

Term
of Reference #1 is to define the purpose of the Whois database in the
context of (1) ICANN's mission and relevant core values, (2)
international and national laws protecting privacy of natural
persons, (3) international and national laws that relate specifically
to Whois services, and (4) the changing nature of Registered
Name Holders.

In
IPC's view, it is clear that the purpose of the Whois database —
from its inception, through the commercialization of the Internet,
and continuing today — has always included to provide the public
with ready access to the identity and contact information for domain
name registrants. That purpose has never changed, and registrants
have always been on notice of this purpose, regardless of when they
registered their domains. This purpose is also fully consistent with
the contextual factors listed in TOR #1. Please see attached
background paper for further documentation of this conclusion.
(backgrounder is available at
http://forum.icann.org/lists/gnso-dow123/msg00465.html

)

i)
If a Supermajority Vote was reached, a clear statement of the
constituency's position on the issue;

See
above.

(ii)
If a Supermajority Vote was not reached, a clear statement of all
positions espoused by constituency members;

N/A

(iii)
A clear statement of how the constituency arrived at its position(s).
Specifically, the statement should detail specific constituency
meetings, teleconferences, or other means of deliberating an issue,
and a list of all members who participated or otherwise submitted
their views;

The
IPC membership was notified of the request for a constituency
statement on June 22. A draft constituency statement was circulated
on July 8. The statement and the issue were discussed at the IPC
meeting in Luxembourg on July 11. A revised statement was circulated
to the IPC membership on July 20, and was discussed at an IPC
teleconference meeting on July 22. At that meeting, on a motion,
which was seconded, it was agreed without objection to approve the
constituency statement, subject to minor drafting changes in the
background paper.

(iv)
An analysis of how the issue would affect the constituency, including
any financial impact on the constituency;

This
issue will have a positive impact on IPC by maintaining and
potentially enhancing the utility of the Whois database, a vital tool
for protecting intellectual property rights in the online
environment. IPC does not anticipate any financial impact on the
constituency as a result of this policy, nor do we perceive any new
costs associated with this particular policy that would need to be
borne by another constituency.

(v)
An analysis of the period of time that would likely be necessary to
implement the policy.

None.

2. Purpose of Whois
contacts

Term
of Reference #2 is to define the purpose of (1) the Registered Name
Holder,2
(2) the technical contact, and (3) the administrative contact, in the
context of the purpose of the Whois database. IPC supports the
effort to define these terms. We note that, today, there is
absolutely no consistency in how registrants populate these
databases. the fact that these terms (or their cognates) are defined
in a Transfers Policy of ICANN is completely unknown to all but a
handful of domain name registrants, and thus these definitions have
no correlation to the reality of how these categories are defined in
practice. However, providing information in the Whois database about
each of these points of contact fulfills a useful role.

A. Registered
Name Holder

As
discussed in response to Terms of Reference #1 above, the purpose of
the Whois database, in terms of ICANN's mission and core values, is
primarily to promote the reliability and security of the Internet.
Making Whois data publicly available regarding the Registered Name
Holder is critical to accomplishing this purpose. The Registered
Name Holder is ultimately responsible for the use of the domain name
and the operation of the corresponding website or other Internet
resource, and is also the entity with authority to transfer the
domain name registration to another party. Making information on the
Registered Name Holder available thus directly promotes
accountability and transparency, which in turn increases the overall
reliability and security of the Internet.

B. Technical Contact

The
purpose of the Technical Contact is to help ensure the operational
stability, security, and global interoperability of the Internet,
pursuant to ICANN's core value (1).

C. Administrative Contact

The
purposes of identifying the Administrative Contact in the Whois
database are (1) to give registrars a clearly identified authorized
voice of the Registered Name Holder for purposes of managing the
domain name, and (2) to give other members of the public a clearly
identified point of contact for issues regarding the content of the
corresponding website or other Internet resource. For instance, the
Administrative Contact should have the authority to modify content on
the site or to accept legal process or similar notifications
concerning that content.

The
IPC notes, however, that the definition provided by the Transfers
Task Force Report as referenced in ICANN's June 2 Terms of
Reference is somewhat confusing. Namely, the Transfers Report
defines the administrative contact as:

an
individual, role [?], or organization authorized to interact with the
Registry or Registrar on behalf of the Domain Holder [note reference
is not to the "Registered Name Holder"]. The administrative
contact should be able to answer non-technical questions about the
domain name's registration and the Domain Holder. In all cases,
the Administrative Contact [sic — note inconsistent capitalization
within the definition] is viewed as the authoritative point of
contact
for the domain name, second only to the Domain Holder.

Final
Report and Recommendations of the GNSO Council's Transfers Task
Force, Exhibit C: Standardized Definitions, at
http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03
.htm

(emphasis added).

The
definition thus states that the Administrative Contact is "the"
authoritative point of contact, but in the next breath demotes that
authority to being secondary to the Domain Holder. The IPC agrees
that the Domain Holder should have ultimate authority over the domain
name, and suggests that the definition of Administrative Contact more
clearly reflect that it is not "the" authoritative point of
contact, but rather that it is the Domain Holder's authorized point
of contact for managing the domain name.

i)
If a Supermajority Vote was reached, a clear statement of the
constituency's position on the issue;

See
above.

(ii)
If a Supermajority Vote was not reached, a clear statement of all
positions espoused by constituency members;

N/A

(iii)
A clear statement of how the constituency arrived at its position(s).
Specifically, the statement should detail specific constituency
meetings, teleconferences, or other means of deliberating an issue,
and a list of all members who participated or otherwise submitted
their views;

The
IPC membership was notified of the request for a constituency
statement on June 22. A draft constituency statement was circulated
on July 8. The statement and the issue were discussed at the IPC
meeting in Luxembourg on July 11. A revised statement was circulated
to the IPC membership on July 20, and was discussed at an IPC
teleconference meeting on July 22. On a motion, which was seconded,
it was agreed without objection to approve the constituency
statement.

(iv)
Analysis of how the issue would affect the constituency, including
any financial impact on the constituency;

This
policy will have a positive impact on IPC by potentially enhancing
the utility of the Whois database, a vital tool for protecting
intellectual property rights in the online environment. IPC does not
anticipate any financial impact on the constituency as a result of
this policy, nor do we perceive any costs associated with this
particular policy that would need to be borne by another
constituency. However, this could change depending upon
implementation of the policy (see below).

(v)
Analysis of the period of time that would likely be necessary to
implement the policy.

It
is not clear that this particular Term of Reference contemplates any
implementation activity. Assuming that agreement is reached upon the
purpose of the various contact categories, IPC believes the Task
Force should consider what steps should be taken to (1) inform
current and future registrants of these conclusions; (2) encourage or
require registrars and registries to provide guidance to registrants
in populating these data fields; and (3) facilitate registrants
making changes to Whois entries in order to bring them into greater
compliance with the agreed-upon purposes. The period of time for
implementation would of course be one topic for consideration.


3 (d) Registrar Constituency

Preamble
— The Purpose of the Domain Name System, ICANN and the GNSO

ICANN's
scope of engagement is defined by its agreement with the United
States Department of Commerce3

("DOC") which stipulates that ICANN and the DOC will collaborate
to carry out the following domain name system ("DNS") management
functions;

  1. Establishment
    of policy for and direction of the allocation of IP number blocks;

  2. Oversight
    of the operation of the authoritative root server system;

  3. Oversight
    of the policy for determining the circumstances under which new top
    level domains

would
be added to the root system;

  1. Coordination
    of the assignment of other Internet technical parameters as needed
    to maintain

universal
connectivity on the Internet; and

  1. Other
    activities necessary to coordinate the specified DNS management
    functions, as agreed by

the
Parties.

In
turn, the GNSO finds its mandate within ICANN"s bylaws
4

which stipulate that the function of the GNSO shall be limited to
"...developing and recommending to the ICANN Board substantive
policies relating to generic top-level domains."

The
purpose of the domain name system is to enable a decentralized system
of administering the Internet's authoritative database of host
information. This host information includes IP address and mail
routing information, references to other domains and other technical
information required to facilitate client-server interactions via the
Internet.

The
purpose of the gTLD domain registration system is to provide host
operators with the means to register and receive a delegation of
authority for a specific zone which they administer via the domain
name system.

These
arrangements carry several implications. It puts direct management of
root-level and top-level domain delegations within ICANN's scope.
The GNSO's responsibility for developing policy in the area of
generic top level domains is derived from this. Responsibility for
policy development related to IP addressing, country-code domains and
protocol identifiers fall to other organizations within ICANN's
structure.

The
GNSO has influence over policy that manages the types of gTLD
delegations that may be requested and granted. String-length
restrictions, character set guidelines and trademark-centric
string-content restrictions are all examples of the types of
limitations ICANN's GNSO has imposed on delegation requests.
However, this does not mean that the GNSO has any direct policy
influence over how delegations that do meet these criteria are
managed after they have been granted. The GNSO's influence over the
operational management of a zone is limited to a very narrow and
appropriate set of specifications that outline the processes
registrants may use to transfer delegations to one another, choose a
new registrar to interface with and so on.

Since
neither of ICANN and the GNSO are technical standards creation
bodies, neither have any control over how delegations technically
function within the domain name system beyond specifying the
standardized protocols that will be used. For instance, past GNSO
policy recommendations have included advice advocating the
development of new technical standards within the IETF and
stipulations that currently deployed standards continue to be used.
Neither of these recommendations are inappropriate nor out of scope
for the GNSO.

Finally,
the functional mapping of hostnames to IP addresses, and of IP
addresses to host based applications and content such as web sites or
email services via the DNS record is a function that is managed
locally by the DNS administrator. Central to the function of the DNS
is the notion of zone delegation which puts 100% of the technical,
operational and policy management of a zone in the hands of the local
host administrator. These local functions are naturally outside of
ICANN and the GNSO's sphere of control.

The
GNSO's policy making powers can be summed up very simply —

The
GNSO only has the capability to manage what gets registered and how
registrations are administered, but not what registrations are used
for.

Any
discussion of the purpose of Whois must be consistent with this
context and naturally limited to two key areas;

  1. Processes,
    standards and policies related to domain registration and
    administration activity.

  2. specific
    areas of the domain name system, including;

    1. ensuring
      technical standards compliance for registrants, registrars and
      registries, and;

    2. the
      ongoing management of the authoritative record of name server
      delegations.

1. Purpose of Whois

Shedding
light on the purpose of ICANN, the GNSO and the domain name system
also sheds light on the purpose of the gTLD Whois System. There is a
tendency within ICANN circles to view specific parts of the DNS as
being isolated from one another, when in fact each of these
constituency pieces is an integral part of a much larger system. Each
of these specific parts is required to function efficiently or the
stability and efficiency of the entire system will start to fail.

But,
there is little understanding of what the domain name system actually
entails, and as a result, there are many opinions as to what the gTLD
Whois System actually is. A popular view is that the purpose of the
Whois System is to act as a directory of contact information.
However, an examination of the data and protocols that ICANN requires
registrars and registries to publish and use to implement the Whois
System paints a picture that implies a much broader purpose for the
gTLD Whois System than the very narrow purpose of acting as a
directory of contact information.

Publicly
accessible directories of contact information, such as the directory
of Senators of the 109th Congress of the United States of
America5

typically includes information like the name, mail and email address
and phone number of the individuals and companies included in the
directory.

i.e.

Sample
record from the directory of Senators of the 109th
Congress

Akaka,
Daniel
- (D - HI)

141
HART SENATE OFFICE BUILDING WASHINGTON DC 20510 (202) 224-6361

E-mail:
senator@akaka.senate.gov
pan>


This
sample record is consistent with records found in other contact
directories, online and offline, such as the white page directories
published by telephone companies6,
the professional networking web directory operated by LinkedIn7

or the directory of contact information for the members of the MPAA8.

Each
of these directories has one thing in common — the data included in
each of the records is consistent with its purpose — to provide the
public with ready access to contact information.

On
the other hand, the gTLD Whois System provides a much broader dataset
in response to third party queries;

Sample
record from the gTLD Whois System

Whois
info for, tucows.com:

Registrant:

Tucows
( Delaware ) Inc.

96
Mowat Avenue

Toronto,
Ontario M6K3M1

CA

Domain
name: TUCOWS.COM

Administrative
Contact:

Administrator, DNS
dnsadmin@tucows.com

96
Mowat Avenue

Toronto,
Ontario M6K3M1

CA

+1.4165350123x0000

Technical
Contact:

Administrator, DNS
dnsadmin@tucows.com

96
Mowat Avenue

Toronto,
Ontario M6K3M1

CA

+1.4165350123x0000

Registrar
of Record: TUCOWS, INC.

Record
last updated on 22-Nov-2004.

Record
expires on 06-Sep-2006.

Record
created on 07-Sep-1995.

Domain
servers in listed order:

DNS1.TUCOWS.COM
216.40.37.11

DNS2.TUCOWS.COM
216.40.37.12

DNS3.TUCOWS.COM
204.50.180.59

Domain
status: REGISTRAR-LOCK

If
the gTLD Whois System was simply a directory of contact information,
then there would be no reason to include additional information about
the domain delegation
in the record displayed in response to a
query which would be intended to discover contact information.

This
additional information includes:

  • the
    zone that was delegated ("tucows") and the zone that the
    delegation belongs to ("com")

  • the
    date that the delegation was granted ("07-Sep-1995") and
    when the delegation next expires ("06-Sep-2006")

  • which
    domain name servers are authoritative for this particular zone
    ("dns1, dns2 and dns3.tucows.com")

  • the
    status of the delegation ("REGISTRAR-LOCK")

This
is a lot of additional information to include in a simple database of
contact information for domain name registrants. This additional
information was not included by accident — it was included because
it was central to the intended purpose of the gTLD Whois System in
support of the domain name system. Queries destined for this system
are not provided with contact records, they are provided delegation
records.

The
gTLD Whois System is a record lookup service that uses the Whois
protocol to allow third parties to determine which entity currently
holds the delegation for a particular second level domain. The
purpose of this lookup service is to facilitate the technical
co-ordination and inter-operation of specific delegations within the
registration and domain name systems.

Examples
of technical co-ordination and inter-operation include;

  • Resolving
    issues related to lame delegation (i.e. delegation records that
    specify nameservers that are not authoritative for the delegation in
    question).

  • Determining
    which name servers are intended to be authoritative for a specific
    delegation (i.e. comparing the delegation records with data from
    other sources while troubleshooting configuration issues).

  • Determining
    the status of a delegation (INACTIVE, CLIENT LOCK, PENDING RENEW,
    and other EPP/RRP status codes9.). /p>

  • Determining
    which delegant is responsible for the activity of a specific network
    host.

  • Determining
    when a specific delegation was granted.

Facilitating
technical co-ordination and inter-operation does not include;

  • Providing
    contact information for host operators to help third parties resolve
    civil and criminal matters.

  • Facilitating
    commercial transactions related to the transfer of delegations
    between registrants.

  • Facilitating
    interactions between network providers.

  • Providing the general public with ready
    access to the identity and contact information for domain name
    registrants and the associated contacts.

  • Facilitating the resolution of host
    based security and network attacks.

2. Purpose of Whois Contacts

The
purpose of specific contact types in the gTLD Whois System cannot be
divorced from the purpose of the overall gTLD Whois System, or that
of the GNSO and ICANN.

There
are at least four contact types listed in the current gTLD Whois
System — the "Registrant", the "Administrative Contact",
the "Technical Contact" and the "Sponsoring Registrar". Some
gTLD Whois records also include contact information for the ISP or
reseller acting as the liaison between the Registrar and Registrant.
As previously discussed, there are many other technical details
included in these records in addition to the contact information.

The
following table describes the purpose of only three of these contact
types;


Contact
Type

Purpose

Registrant

To
provide a clear record of the entity responsible for a specific
delegation.

Administrative
Contact

To
provide contact information for an individual or role that can
provide assistance to third parties who have questions regarding
the administration of the delegation.

Technical
Contact

To
provide contact information for an individual or role that can
provide assistance to third parties who have questions regarding
the technical management of the zone.

This
view of the purpose of these contact types also carries implications
that warrant further examination.

  1. The
    contact information currently associated with the Registrant type is
    extraneous. A record that intends to provide delegation information
    need not also provide contact information. This contact information
    could be removed from the gTLD Whois System with little operational
    impact.

  1. The
    purpose of the Administrative Contact and the Technical Contact are
    very closely related. In fact, there is little to distinguish each
    of these record types on a practical basis. The continued relevance
    and value of maintaining separate contact types should be examined.


3 (e) Registry Constituency

This
statement responds to the request for constituency input on the WHOIS
COMBINED TASK FORCE Terms of Reference (2 June 2005) Tasks 1 (Purpose
of WHOIS) and 2 (Purpose of WHOIS contacts).

.

Pursuant
to requirements of the GSNO policy development process, the RyC has
concluded:

1. Purpose of Whois

The
WHOIS function had one original purpose, clearly articulated by the
European Commission Data Protection Working Party — "to give
people who operate networks a way of contacting the person
technically responsible for another network, another domain, when
there was a problem."10
This purpose is a direct result of the nature of the Internet at the
time when the function was originated, namely a limited
interconnection of research, university and government networks. The
visionary founders of the Internet never conceived of the Internet as
the global means of mass telecommunications that it has now become

The
WHOIS function now has additional purposes that have arisen from the
change of character of the Internet. Its explosive growth has
unfortunately attracted a minority of users who do not share the
high-minded idealism of the Internet's founders. The spammers,
cybersquatters, phishers and other abusers of the functions of the
Internet, together with users whose intent is criminal (terrorists,
et al) have made it necessary to recognize that the WHOIS function
has purposes beyond its original purpose. However, recognition of
this need does not imply that the function must make all personal
data public. There is no justification at this time for a WHOIS
function that makes available to the entire world the personal data
of millions of domain name registrants.

There
are adequate techniques, such as tiered access, that can make WHOIS
data available to law enforcement agencies and others that need the
data.

The
EC Working Party Opinion cited above recognizes the expansion of
purposes and at the same time strongly supports the concept that not
all data should be made public:

"...it
is essential to limit the amount of personal data to be collected and
processed."

"The
registration of domain names by individuals raises different legal
considerations than that of companies or other legal persons
registering domain names."

"In
the light of the proportionality principle, it is necessary to look
for less intrusive methods that would still serve the purpose of the
Whois directories without having all data directly available on-line
to everybody."

"The
Working Party encourages ICANN and the Whois community to look at
privacy enhancing ways to run the Whois directories in a way that
serves its original purpose whilst protecting the rights of
individuals. It should in any case be possible for individuals to
register domain names without their personal details appearing on a
publicly available register."

[emphasis in original]

It
is entirely disingenuous to argue that personal data must be made
publicly available because ICANN requires that domain name
registrants consent or acknowledge that their data will be
publicized. The point of this Task Force's proceeding (and the
proceeding of its predecessors) has always been to determine how the
WHOIS function should be structured, not to defend its legality or
illegality as presently structured.

b) Constituency
Position on Task 2 — Purpose of WHOIS Contacts

The
RyC believes that the purposes of the various contacts are adequately
described in Exhibit C of the Transfers Task force report.

(from
http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):

II.
Method for Reaching Agreement on RyC Position

The
RyC drafted and circulated via email a constituency statement,
soliciting input from its members. RyC members suggested edits and
additions to the draft which were subsequently incorporated into the
final constituency statement. The statement was adopted by a
unanimous vote of the members present at the teleconference meeting
on 17 August 2005.

III.
Impact on Constituency

Recognition
that the WHOIS function has a limited purpose and that personal data
should not be publicly available would assist the members of the RyC
in fulfilling their legal obligations in their respective
jurisdictions.

IV.
Time Period Necessary to Complete Implementation

Depending
on the actual technical implementation requirements of any agreed-to
WHOIS changes, it could take considerable time for registries to
implement changes.  Moreover, time for implementation may vary
by registry depending on resource availability, size of the WHOIS
database, etc.  If the changes involve implementing the IRIS
protocol, a lengthy amount of time should be allowed for transition
because of the widespread and longstanding use of the existing
protocol.


3 (f) Internet Service Providers and Connectivity Providers
Constituency

Introduction

The
ISPCP Constituency herein provides input as requested to the combined
Whois Task Force on the revised terms of reference tasks to be
undertaken for by the task force.

  1. The task force tasks 1 and 2 as set
    forth in the terms of reference for the combined Whois task force.

    1. Task 1 is to define the purpose of
      the WHOIS service in the context of ICANN's

mission and relevant core values,
international and national laws protecting privacy of natural
persons, international and national laws that relate specifically to
the WHOIS service, and the changing nature of Registered Name
Holders.

    1. Task 2 is to define the purpose of the
      registered name holder, technical, and

administrative contacts, in the context
of the purpose of WHOIS, and the purpose for which the data was
collected. As required by the task force terms of reference, the
relevant definitions from Exhibit C of the Transfers Task force is
used as a starting point and commented upon.

2. Purpose of Whois

The
Whois database serves the purpose of providing contact information to
the public regarding the individual or organization that has
registered a domain name. This is true today, and it has been true
throughout the history of the domain name system's Whois database.
The ISPCP believes that regardless of the vast growth of the number
of domain registrations, some core principles should remain
unchanged, and ready access to all Whois data is one such principle.

The
ISPCP does not believe there to be a conflict between ICANN's core
mission and public access to Whois. In fact, in an open and
transparent process that relies on a global community for a bottom-up
consensus development process public access should always be a core
value in any policy development. After having considered policy
changes related to the Whois database for so many years this
constituency does not feel any change in this core value is
warranted.

Certainly,
as we have stated in the past, some rules for protection of the Whois
database and registrant privacy are important. Conspicuous notice,
prohibition of bulk access for marketing purposes and compliance with
local laws are positive aspects of the Whois task forces that the
ISPCP welcomes.

In
providing the ISPCP specific purposes of Whois data, we'd like to
highlight the fact that this discussion has been had before, many
times. Despite the confusion over the "use" versus the
"purpose", in fact both are dependant on the type of notice that
is provided at time of registration. If adequate notice is provided
regarding the intended purposes of data collection, then all uses
(but nothing more) consistent with that notice shall be valid.

Nevertheless,
here again are the following purposes of Whois for the ISPCP:

  1. to research and verify domain
    registrants that could vicariously cause liability for ISPs

because of illegal, deceptive or
infringing content.

  1. to prevent or detect sources of
    security attacks of their networks and servers

  2. to identify sources of consumer fraud,
    spam and denial of service attacks and incidents

  3. to effectuate UDRP proceedings

  4. to support technical operations of ISPs
    or network administrators

The
ISPCP believes these purposes are consistent with ICANN's mission
and with the role of service providers in their routine connectivity,
hosting and business activities.

2. Purpose of Whois contacts

ICANN's
core mission is the security and stability of the domain name system
leading to increased reliability of the Internet.

Some
consistency in the way domain name registrants populate various
fields is useful to all who use Whois.

The
purpose of the registered name holder is to name the
person or entity that initiates the use of the domain, holds himself
or itself as having ultimate responsibility for all things associated
with the domain. This contact is often used by ISPs to address legal
or business issues related to the domain.

The
purpose of the technical contact is to name the
individual who is intended to be responsible for addressing
technical, security and/or interoperability issues related to the
domain. This is a particularly important to ISPs for resolving
technical questions related to internet traffic or the domain
generally.

The
purpose of the administrative contact is to provide a
live name and voice to the registered name holder when the registrant
is an entity. The administrative contact is intended to be the
individual to address business, legal and policy issues related to
the domain.

ISPCP
Proposal

The
Whois task force is now in its third configuration, and has been
conducting its efforts at least since 2001. The constituency is
grateful to each and every member of the task force as well as ICANN
staff, which has contributed to the work in this space. We believe
that it is important for the legitimacy of the process and the sanity
of the individual members that the task force be specific in its
goals and advances. If after years of discussion, areas still exist
where consensus policy is not achieved, the task force should so
indicate and end discussion in such areas.

It
is clear that in fact, there are positive improvements to the system
coming from this task force and its predecessors. However, if there
is still substantial disagreement over how the purpose and use of
data are connected and interact together, it leaves this constituency
somewhat disheartened and frustrated.

We
hope the task force does continue to reach consensus and achieve each
of its goals as outlined in the terms of reference tasks. However,
if there are areas where there is too much opposition to achieve
consensus, its far better to openly state that and make a report to
the ICANN board and community in this regard than to continue to
pushing members to argue the same positions and waste valuable effort
without getting any closer to policy goals.

The
ISPCP constituency wishes you all the best, and hopes that the task
force reaches a successful consensus policy on all its terms of
reference tasks.

4GNSO Public Forum discussion

4 (a) PURPOSE OF WHOIS

Jordyn Buchanan, chair of the GNSO's
Whois Task Force, update from the task force on defining the purpose
of Whois. (General details of the task force are available here:
http://gnso.icann.org/issues/Whois-privacy/
, Jordyn's presentation is available here:

Jordyn Buchanan outlined the two current
formulations on the purpose of Whois, and described the common and
distinguishing features of each:

Formulation #1

"The purpose of the gTLD Whois service
is to provide information sufficient to contact a responsible party
for a particular gTLD domain name who can resolve, or reliably pass
on data to a party who can resolve, issues related to
the configuration of the records associated with the domain name
within a DNS nameserver."

This formulation is supported by the
registrars, registries, and NCUC:

  • Consistent with the narrow technical
    mission of ICANN, ICANN's Core Values (particularly 1-3) and
    national data protection laws worldwide.

  • Core
    values: #1 Security and Stability, #2 Respecting creativity and flow
    of information by limiting ICANN's activities to matters in
    ICANN's mission,

  • Delegating to and respecting the
    policy role of responsible entities that reflect the interests of
    affected parties

Formulation #2

"The purpose of the gTLD Whois service
is to provide information sufficient to contact a responsible party
or parties for a particular gTLD domain name who can resolve, or
reliably pass on data to a party who can resolve, technical, legal or
other issues related to the registration or use of a domain name."

This formulation is supported by IPC,
ISPCP, and BC:

  • This approach is most consistent with
    the history of Whois and follows the growth and expansion, in both
    number of users and importance as a means of communication, of the
    Internet.

  • This
    approach is most consistent with the actual uses of Whois to help
    resolve these issues

  • This approach is consistent with
    ICANN's Mission and Core Values

Jordyn Buchanan reported that
everyone in the task force agrees the purpose of Whois is to provide
a system for a given domain name to be looked up and produce a set of
contact information. The crux of the differences relates to the
types of problems the constituencies believe ought to be resolved
using the Whois system. (e.g. technical, legal, etc.) Jordyn invited
public input on how to resolve differences on the purpose of Whois,
specifically on the differences between the two formulations of
purpose; which is better and why.

Bruce Tonkin recommended the
following to the task force:

  • Try to combine the two definitions of
    Whois into a single definition with unanimous support.

  • If
    the task force cannot do this, then document carefully the two
    formulations and the rationale for each.

  • When considering 'use of a domain
    name', be clear about whether you mean the name or the DNS record
    itself, and also the relationship between the domain name and the
    end content — using examples will be helpful.

The Whois Task Force will soon publish a
preliminary task force report on the ICANN website for public
comment.

Bruce Tonkin encouraged public
comments on the purpose of Whois, saying the more input we get from
the public, the better the outcome will be. He recommended the
following to those commenting on the preliminary task force report on
Whois purpose:

  • Explain the use cases, i.e. give
    practical examples and explain how the differences between the two
    definitions may affect those practical examples.




4 (b) PUBLIC QUESTIONS AND COMMENTS
ON PURPOSE OF WHOIS

Matt Hooker said that as he
needed the registrant information as he needs their legal addresses
in order to serve legal processes on registrants if necessary, he
preferred the first formulation. He spoke against private
registrations creeping into the Whois and said it was not sufficient
to have information about a registrant's legal representative or
other contact. Accuracy of the Whois information was very important.

Jordyn Buchanan said that both
formulations currently allow for the concept of agency, i.e. an agent
representing the registrant but capable of resolving issues on their
behalf or putting requesters in touch with someone who can rapidly
contact the registrant. For example, the registrant may not be the
correct person to resolve technical issues.

Kathy Kleiman said the privacy
conference on Tuesday discussed the ability to protect the
individual, small political organizations that may be criticizing
governments or corporations, and the need to balance the ability to
contact someone to resolve a technical or legal problem while
protecting the privacy of the individual. The decision of the GNSO
Council on Monday, 28 November 2005 to agree a recommendation on
conflicts with national privacy laws
(http://gnso.icann.org/issues/tf-final-rpt-25oct05.htm)
was an excellent first step, but just a first step because it does
not allow registrars and registries to come into voluntary,
pro-active compliance with their data protection laws.

Edward Hasbrouck suggested two
extra optional fields in the GNSO; one specifying the jurisdiction
where the registrant accepts legal process or considers its governing
jurisdiction, and another specifying that one of the existing
contacts is authorized to accept legal process on behalf of the
registrant or to designate an alternate agend for serving legal
process. Consumers should know where an Internet company asserts as
its jurisdiction.

Milton Mueller said the
discussion was losing focus on the issue at hand; the purpose of
Whois within ICANN's mission. He asked how Matt Hooker's and
Edward Hasbrouck's suggestions fit with ICANN's mission which is
about the coordination of unique identifiers on the Internet. Issues
relating to the regulation of e-commerce are not part of ICANN's
mission. Milton Mueller therefore supported the first formulation of
the purpose of Whois above.

Jordyn Buchanan said that after
the task force has completed work on the purpose of Whois, it will
get down to more concrete items including Whois data accuracy.

Marilyn Cade said that the
previous Whois task force had produced recommendations on bulk access
to the Whois data and this is an issue that the Council may also look
at for ideas on how to limit data-mining and restrict the uses of
bulk access to the data.

Wendy Seltzer echoed Milton
Mueller's statement about ICANN's limited mission and the limited
role of Whois information, saying Whois should be limited to what's
technically required because domain names facilitate more than
commerce, e.g. speech.

Bruce Tonkin said registrants do
not always have control over the content of the website the domain
name points to, so when we use the term 'use of' the domain name,
it should be recalled that all the domain name does is provide a link
and a mapping from a name to an IP address. Normally, it's
necessary to also look up the operator of the I.P. address in
question.


Annex A — WHOIS Task Force Terms of Reference

On
2 June 2005, The GNSO Council agreed the following terms of reference
for the Whois Task Force:



The
mission of The Internet Corporation for Assigned Names and Numbers
("ICANN") is to coordinate, at the overall level, the
global Internet's systems of unique identifiers, and in particular to
ensure the stable and secure operation of the Internet's unique
identifier systems.

In
performing this mission, ICANN's bylaws set out 11 core values to
guide its decisions and actions. Any ICANN body making a
recommendation or decision shall exercise its judgment to determine
which of these core values are most relevant and how they apply to
the specific circumstances of the case at hand, and to determine, if
necessary, an appropriate and defensible balance among competing
values.

ICANN has
agreements with gTLD registrars and gTLD registries that require the
provision of a WHOIS service via three mechanisms: port-43, web based
access, and bulk access. The agreements also require a Registered
Name Holder to provide to a Registrar accurate and reliable contact
details and promptly correct and update them during the term of the
Registered Name registration, including: the full name, postal
address, e-mail address, voice telephone number, and fax number if
available of the Registered Name Holder; name of authorized person
for contact purposes in the case of an Registered Name Holder that is
an

organization, association, or corporation; the name, postal
address, e-mail address, voice telephone number, and (where
available) fax number of the technical contact for the Registered
Name; and the name, postal address, e-mail address, voice telephone
number, and (where available) fax number of the administrative
contact for the Registered Name. The contact information must be
adequate to facilitate timely resolution of any problems that arise
in connection with the Registered Name.

A registrar
is required in the Registrar Accreditation Agreement (RAA) to take
reasonable precautions to protect Personal Data from loss, misuse,
unauthorized access or disclosure, alteration, or destruction.

The goal of
the WHOIS task force is to improve the effectiveness of the WHOIS
service in maintaining the stability and security of the Internet's
unique identifier systems, whilst taking into account where
appropriate the need to ensure privacy protection for the Personal
Data of natural persons that may be Registered Name Holders, the
authorised representative for contact purposes of a Register Name
Holder, or the administrative or technical contact for a domain name.

Tasks:

(1)
Define the purpose of the WHOIS service in the context of ICANN's
mission and relevant core values, international and national laws
protecting privacy of natural persons, international and national
laws

that relate specifically to the WHOIS service, and the
changing nature of Registered Name Holders.

(2)

Define the purpose of the Registered Name Holder, technical, and
administrative contacts, in the context of the purpose of WHOIS, and
the purpose for which the data was collected.

Use the
relevant definitions from Exhibit
C of the Transfers Task force report
as a starting
point:

(from
http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03
.htm

):

"Contact:
Contacts are individuals or entities associated with domain name
records. Typically, third parties with specific inquiries or concerns
will use contact records to determine who should act upon specific
issues related to a domain name record. There are typically three of
these contact types associated with a domain name record,
the

Administrative contact, the Billing contact and the Technical
contact. Contact, Administrative: The administrative contact is an
individual, role or organization authorized to interact with the
Registry or Registrar on behalf of the Domain Holder. The
administrative contact should be able to answer non-technical
questions about the domain name's registration and the Domain Holder.
In all cases, the Administrative Contact is viewed as the
authoritative point of contact for the domain name, second only to
the Domain Holder.

Contact,
Billing: The billing contact is the individual, role or organization
designated to receive the invoice for domain name registration and
re-registration fees.

Contact,
Technical: The technical contact is the individual, role or
organization that is responsible for the technical operations of the
delegated zone. This contact likely maintains the domain name
server(s) for the domain. The technical contact should be able to
answer technical questions about the domain name, the delegated zone
and work with technically oriented people in other zones to solve
technical problems that affect the domain name and/or zone.



Domain
Holder: The individual or organization that registers a specific
domain name. This individual or organization holds the right to use
that specific domain name for a specified period of time, provided
certain conditions are met and the registration fees are paid. This
person or organization is the "legal entity" bound by the
terms of the relevant service agreement with the Registry operator
for the TLD in question."

(3)
Determine what data collected should be available for public access
in the context of the purpose of WHOIS. Determine how to access data
that is not available for public access. The current elements that
must be displayed by a registrar are:

- The name
of the Registered Name;

- The names
of the primary nameserver and secondary nameserver(s) for the
Registered Name;

- The
identity of Registrar (which may be provided through Registrar's
website);

- The
original creation date of the registration;

- The
expiration date of the registration;

- The name
and postal address of the Registered Name Holder;

- The name,
postal address, e-mail address, voice telephone number, and (where
available) fax number of the technical contact for the Registered
Name; and

- The name,
postal address, e-mail address, voice telephone number, and (where
available) fax number of the administrative contact for the
Registered Name.

(4)
Determine how to improve the process for notifying a registrar of
inaccurate WHOIS data, and the process for investigating and
correcting inaccurate data. Currently a registrar "shall, upon
notification by any person of an inaccuracy in the contact
information associated with a Registered Name sponsored by Registrar,
take reasonable steps to investigate that claimed inaccuracy. In the
event Registrar learns of

inaccurate contact information
associated with a Registered Name it sponsors, it shall take
reasonable steps to correct that inaccuracy."

(5)

Determine how to resolve differences between a Registered Name
Holder's, gTLD Registrar's, or gTLD Registry's obligation to abide by
all applicable laws and governmental regulations that relate to the
WHOIS service, as well as the obligation to abide by the terms of the
agreements with ICANN that relate to the WHOIS service. [Note this
task refers to the current work in the WHOIS task force called
'Recommendation 2', A Procedure for conflicts, when there are
conflicts between a registrar's of registry's legal obligations under
local privacy laws and their contractual obligations to ICANN.]


Annex B — ICANN's core values

ICANN's
core values are as follows:

  1. Preserving and enhancing the
    operational stability, reliability, security and global
    interoperability of the Internet.

  2. Respecting the creativity, innovation
    and flow of information made possible by the Internet by limiting
    ICANN's activities to those matters within ICANN's mission
    requiring or significantly benefiting from global coordination.

  3. To the extent feasible and appropriate,
    delegating coordination functions to or recognizing the policy role
    of other responsible entities that reflect the interests of affected
    parties.

  4. Seeking and supporting broad, informed
    participation reflecting the functional, geographic and cultural
    diversity of the Internet at all levels of policy development and
    decision-making.

  5. Where feasible and appropriate,
    depending on market mechanisms to promote and sustain a competitive
    environment.

  6. Introducing and promoting competition
    in the registration of domain names where practicable and beneficial
    in the public interest.

  7. Employing open and transparent policy
    development mechanisms that (i) promote well-informed decisions
    based on expert advice, and (ii) ensure that those entities most
    affected can assist in the policy development process.

  8. Making decisions by applying documented
    policies neutrally and objectively, with integrity and fairness.

  9. Acting with a speed that is responsive
    to the needs of the Internet while, as part of the decision-making
    process, obtaining informed input from those entities most affected.

  10. Remaining accountable to the Internet
    community through mechanisms that enhance ICANN's effectiveness.

  11. While remaining rooted in the private
    sector, recognizing that governments and public authorities are
    responsible for public policy and duly taking into account
    governments' or public authorities' recommendations.

These
are the core values as re-stated in the most recent ICANN Strategic
Plan (page 4) posted on the ICANN website in May 2005:
http://www.icann.org/strategic-plan/strategic-plan-v7_3.pdf
a>

2

The source of the definitions of these terms does not define
"Registered Name Holder," but rather "Domain Holder" (see
http://www.icann.org/gnso/transfers-tf/report-exhc-12feb
03.htm
).
The IPC presumes the two terms are being used interchangeably.

3
ICANN web site, "Memorandum of Understanding Between the U.S.
Department of Commerce and the Internet Corporation for Assigned
Names and Numbers, Amendment 6",
http://www.icann.org/general/amend6-jpamou-17sep03.htm .


4
ICANN web site, "Bylaws for Internet Corporation for Assigned
Names and Numbers", [Section X, 1],
http://www.icann.org/general/archive-bylaws/bylaws-08apr05.htm#X-1 .


5
U.S. Senate web site, "Senators of the 109th Congress",
http://www.senate.gov/general/contact_information/senators_cfm.cfm .

8
Missouri Professional Auctioneers Association web site,
http://www.moauctioneers.org/VMemberList.asp

9

Web Design by Cookie, "Guide to Domain Name Status Codes",
http://www.wdbc.com/domain/status-codes.cfm

10
See Article 29 Working Party Opinion 2/2003 on the
application of the data protection principles to the Whois
directories, available at

http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2003/wp76...

Page
67 of 67 18
January, 2006

Author:
ICANN — Maria Farrell Prelim TF Report — Whois purpose

Version
1.4