Sorry, you need to enable JavaScript to visit this website.

Preliminary Task Force Report on the Purpose of Whois and of the Whois Contacts

Last Updated:
04 September 2009
Date

Preliminary
task force report on the purpose of Whois and of the Whois contacts


18 January, 2006


1 Introduction & background

This
document is the Preliminary Task Force Report on the Purpose of Whois
and of the Whois Contacts. The report was produced by the Whois Task
Force of the GNSO, and published following a unanimous task force
vote on publication for public comments on 18 January, 2006. The
report comprises the task force's work on tasks 1 and 2 of its
terms of reference. On 2nd June, 2005, the GNSO Council
agreed terms of reference
(http://gnso.icann.org/policies/terms-of-reference.html
) for the Whois Task force. These terms of reference required the
Whois Task Force to complete the following tasks regarding the
purpose of Whois:

(1)
Define the purpose of the WHOIS service in the context of ICANN's
mission and relevant core values, international and national laws
protecting privacy of natural persons, international and national
laws that relate specifically to the WHOIS service, and the changing
nature of Registered Name Holders.

(2)
Define the purpose of the Registered Name Holder, technical, and
administrative contacts, in the context of the purpose of WHOIS, and
the purpose for which the data was collected. Use the relevant
definitions from Exhibit
C of the Transfers Task force report
(http://www.icann.org/gnso/transfers-tf/report-exh
c-12feb03.htm
)
as a starting point:


"Contact:
Contacts are individuals or entities associated with domain name
records. Typically, third parties with specific inquiries or concerns
will use contact records to determine who should act upon specific
issues related to a domain name record. There are typically three of
these contact types associated with a domain name record,
the

Administrative contact, the Billing contact and the Technical
contact.

Contact,
Administrative: The administrative contact is an individual,
role or organization authorized to interact with the Registry or
Registrar on behalf of the Domain Holder. The administrative contact
should be able to answer non-technical questions about the domain
name's registration and the Domain Holder. In all cases, the
Administrative Contact is viewed as the authoritative point of
contact for the domain name, second only to the Domain Holder.

Contact,
Billing
: The billing contact is the individual, role or
organization designated to receive the invoice for domain name
registration and re-registration fees.

Contact,
Technical
: The technical contact is the individual, role or
organization that is responsible for the technical operations of the
delegated zone. This contact likely maintains the domain name
server(s) for the domain. The technical contact should be able to
answer technical questions about the domain name, the delegated zone
and work with technically oriented people in other zones to solve
technical problems that affect the domain name and/or zone.



Domain
Holder
: The individual or organization that registers a specific
domain name. This individual or organization holds the right to use
that specific domain name for a specified period of time, provided
certain conditions are met and the registration fees are paid. This
person or organization is the "legal entity" bound by the
terms of the relevant service agreement with the Registry operator
for the TLD in question."

The
Whois Task Force has worked steadily since June 2005, and has now
produced two working formulations of the purpose of Whois. These
formulations were presented by the task force chair, Jordyn Buchanan,
at the GNSO Public Forum during the ICANN Vancouver meeting in
December 2005. (An excerpt of the public forum summary is reproduced
in section 4 of this document, below.) Jordyn Buchanan invited public
comments on the two draft formulations of the purpose of Whois in
section 2, below.

The
constituency statements included in this report present the
constituencies' positions on the broad issues of the purpose of
Whois and the Whois contacts and do not include specific comments on
the formulations 1 and 2. They provide important background
information that supplements the two formulations. The formulations
were developed by considering the positions advocated by each of the
constituency statements and creating text that seems to be generally
consistent with several of those statements.

Public comments are invited particularly
on the two formulations of the purpose of Whois in section 2.
Commenters are encouraged to explain the use cases of the
formulations where appropriate, e.g. by giving practical examples and
explaining how the differences between the two definitions may affect
those practical examples. Following the public comment period on
this preliminary task force report, the Whois Task Force will
consider the public comments received and prepare a final task force
report for submission to the GNSO Council.


2 Formulations of the definition of the purpose of Whois

Task 1 of
the task force terms of reference requires the Whois Task Force to
define the purpose of Whois. Defining the purpose is important as it
will guide work on the other work items in the terms of reference.
The purpose of Whois — when defined — will have a significant
impact in determining the operation of Whois.

The Whois
Task Force worked on developing definitions of the purpose of Whois
from July to November, 2005. Beginning from a list of the current
uses of Whois, the task force paid particular attention to the uses
and purpose of Whois in relation to solving problems. The task force
discussed the difference between use and purpose, analysed the
technical and legal uses and purposes of Whois, and whether its
purpose relates to the domain name registration only or more broadly
to how the domain name is used.

The task
force has not been able to reach a consensus definition on the
purpose of Whois. Instead, the task force has produced two
formulations of the definition of the purpose of Whois. Public
comments on the formulations, along with specific examples and
illustrations of support or opposition, are invited to help reach a
decision on the definition of the purpose of Whois.

Formulation
1

"The
purpose of the gTLD Whois service is to provide information
sufficient to contact a responsible party for a particular gTLD
domain name who can resolve, or reliably pass on data to a party who
can resolve, issues related to the configuration of the
records associated with the domain name within a DNS nameserver."

Formulation
1 is supported by the representatives of the following
constituencies:

  • Registrar
    Constituency

  • Registry
    Constituency

  • NonCommercial
    Users Constituency.

These
representatives support Formulation 1 because they believe it is
consistent with the narrow technical mission of ICANN, ICANN's Core
Values1
(particularly 1-3) and national data protection laws worldwide.

The
core values cited in support of Formulation #1 are:

  1. Preserving
    and enhancing the operational stability, reliability, security, and
    global interoperability of the Internet.

  1. Respecting
    the creativity, innovation, and flow of information made possible by
    the Internet by limiting ICANN's activities to those matters within
    ICANN's mission requiring or significantly benefiting from global
    coordination.

  1. To
    the extent feasible and appropriate, delegating coordination
    functions to or recognizing the policy role of other responsible
    entities that reflect the interests of affected parties.


Formulation 2

"The
purpose of the gTLD Whois service is to provide information
sufficient to contact a responsible party or parties for a particular
gTLD domain name who can resolve, or reliably pass on data to a party
who can resolve, technical, legal or other issues related to the
registration or use of a domain name."

Formulation
2 is supported by representatives of the following constituencies:

  • Intellectual
    Property Constituency

  • Internet
    Service Providers and Connectivity Providers Constituency

  • Commercial
    and Business Users Constituency

These
representatives support Formulation 2 because they believe it is most
consistent with the history of Whois and follows its growth and
expansion as a means of communication - in both number of users and
importance - of the Internet. They also believe that Formulation 2
is most consistent with the actual uses of Whois to help resolve
issues broadly related to how the domain name is used, and that it is
consistent with ICANN's Mission and Core Values

Common
ground and differences between formulations 1 and 2

These
two formulations are similar in a number of respects. Both
formulations indicate that the purpose of the Whois service is to
display contact information for domain names, and that the contact
information displayed by the services should be capable of resolving
issues relating to the domain name, or of passing on information to
someone who can. The principal differences between the two
formulations is that Formulation 2 describes a broader range of
issues that the service is intended to address.

The
text of the two formulations is compared in the following version,
which uses square brackets to show the differences between
Formulation 1 and Formulation 2:

The
purpose of the gTLD Whois service is to provide information
sufficient to contact [a] or [the] responsible [party] or

[parties] for a particular gTLD domain name who can resolve, or
reliably pass on data to a party who can resolve [issues related
to the configuration of the records associated with the domain
name within a DNS nameserver] or [technical, legal or other
issues related to the registration or use of a domain name]."


3 Constituency statements


3 (a) Commercial and Business Users Constituency

Background

Constituencies
have been invited to provide input on the Whois Task Force Terms of
Reference Items 1 (Purpose) and 2 (Purpose of WHOIS contacts). This
statement has been prepared in accordance with the GNSO policy
development process criteria for "Constituency Statements". (see
annex).

Related
Documents:

    • Call for constituency statements on
      Tasks 1&2 of Whois Task Force Terms of

    Reference,
    http://forum.icann.org/lists/gnso-dow123/msg00416.html.
    p>

      1. Purpose of Whois

        • The Internet has evolved from its
          early days of technical experimentation and has become

        a key medium for commerce and a rich
        source of information and resources for users.  The purpose of
        the Whois database as the primary resource of contact information
        must therefore reflect this evolution.

          • ICANN's responsibility for stability
            and security are highly relevant to an accurate Whois.

          • The Registrar Accreditation Agreements
            (RAA) maintained by ICANN require, as a pre-

          requisite to the registration of a
          domain name, the inclusion of the administrative, technical and
          contact details into a publicly accessible Whois database.  The
          RAA also mandates that registrants receive notification of the public
          accessibility of this information.

            • The BC supports having clear and easy
              to find "notice" of both the collection and the

            display of data.

              • The BC also notes that registrants are
                able to use agents as contact points should

              anonymous registration be desired. In
              any case, the correct data should be collected, and maintained by the
              agent, for provision upon legitimate request.

              With
              the above in mind, the BC proposes the following purpose of the Whois
              database:

              A database of contact information
              sufficient to contact the registrant or their agent(s) to enable the
              prompt resolution of technical, legal and other matters relating to
              the registrant's registration and use of its domain name.

              Effect
              on the Constituency, including financial impact

                  • BC
                    members rely on accurate WHOIS data to engage in a number of
                    important actions, including: verification of who holds a
                    particular name; trademark/domain name portfolio management;
                    contacting a registrant due to network or phishing attacks
                    originating from a particular domain; engaging in trademark
                    protection, cooperation with law enforcement and consumer
                    protection authorities when investigation of illegal activity in a
                    domain; contacting a registrant to make an offer to purchase an
                    existing registration, etc.

                  • The
                    BC believes that this policy will have a positive impact on the
                    Constituency, and will help to limit the costs to business users.
                    We do not believe that there is any cost associated with this
                    policy since it is essentially maintaining the status quo.

              Analysis of the period of time that
              would likely be necessary to implement the policy.

              • Little time would be needed for
                implementation, since this is essentially the status quo.

              2. Purpose of Whois
              contacts

              The
              BC believes there is a need to clarify the information that should be
              provided in the three categories defined in the Transfers Policy and
              to use consistency of terminology.

              Terminology

              The
              Transfers policy uses the term "domain holder" in place of
              "Registered Name Holder". The BC recommends that these two
              terms are treated as interchangeable with each other.

              a.
              Registered Name Holder

              The
              Registered Name Holder is the registrant and thus responsible for the
              domain name registration generally, including for canceling or
              transferring a name. This individual's or the organisation's name
              and contact should be provided in this category.

              b.
              Technical Contact

              The
              technical contact is responsible for responding to inquiries related
              to the technical functioning of the web site and to deal with any
              technical problems. An individual competent to respond to those kinds
              of inquiries should be provided in this category.

              (If
              a registrant chooses to use their ISP or other third party as the
              technical contact, that changes in no way the need for accurate data
              for the Registered Name Holder).

              1. Administrative Contact

              The
              Administrative Contact may be responsible for dealing with the
              content on the web site and is responsible to the registered name
              holder, unless they are the same person. The BC supports the
              definition in the Transfers policy:

              The
              Administrative Contact is: "an individual, role, or organization
              authorized to interact with the Registry or Registrar on behalf of
              the Domain Holder. The administrative contact should be able to
              answer non-technical questions about the domain name's registration
              and the Domain Holder. In all cases, the Administrative Contact is
              viewed as the authoritative point of contact for the domain name,
              second only to the Domain Holder."

              Note:
              the holder, technical and administrative contacts may be one and the
              same.

              Effect
              on the Constituency, including financial impact

              • This policy will have a positive impact
                on the BC and more broadly for all Internet users who need to check
                Whois data for policing domain names, deal with network problems and
                phishing attacks; check out a web site to see with whom they are
                doing business, or where their children are finding information,
                etc. by enhancing the accuracy and usability of the Whois database.

              • There
                should be no financial impact on the constituency as a result of
                this policy. It is possible that there may be minimal costs to the
                Registrars if they are not fully complying with the present RAA. Any
                costs would be related to the provision, in automated form, of
                descriptive information of what is recommended to fill each separate
                category.

              Analysis
              of the period of time that would likely be necessary to implement the
              policy.

              • An implementation working group, to
                include representation from the user constituencies, but largely to
                include Registrars, should be established. The implementation time
                frame should be short.

              3.
              Outreach process

              GNSO
              policy development process section 7.d.:

              1.
              Constituency Statements.
              The Representatives will each be
              responsible for soliciting the position of their constituencies, at a
              minimum, and other comments as each Representative deems appropriate,
              regarding the issue under consideration. This position and other
              comments, as applicable, should be submitted in a formal statement to
              the task force chair (each, a "Constituency Statement")
              within thirty-five (35) calendar days after initiation of the PDP.
              Every Constituency Statement shall include at least the following:

              (i)
              If a Supermajority Vote was reached, a clear statement of the
              constituency's position on the issue;

              (ii)
              If a Supermajority Vote was not reached, a clear statement of all
              positions espoused by constituency members;

              (iii)
              A clear statement of how the constituency arrived at its position(s).
              Specifically, the statement should detail specific constituency
              meetings, teleconferences, or other means of deliberating an issue,
              and a list of all members who participated or otherwise submitted
              their views;

              (iv)
              An analysis of how the issue would affect the constituency, including
              any financial impact on the constituency; and

              (v)
              An analysis of the period of time that would likely be necessary to
              implement the policy.

              With
              respect to (i) (ii) (iii) the BC approval process allows for a 14
              day comment period for a position to be adopted combined where
              appropriate with meetings and member calls.

              Statement
              on Purpose

              • The BC members were notified of the new
                terms of reference for the combined Task

              Force on 19 May 2005

              • The TF reps prepared a draft purpose
                statement and posted it to the Constituency on 19

              July 2005.

              • The statement and the issues were
                discussed at the Luxembourg meeting 11 July 2005.

              • A conference call was held on 26 July
                2005

              • The draft statement on Purpose was
                posted to the BC list on 2 August 2005 and adopted

              after a 14 day period.

              Statement
              on Purpose of Contacts

              • The BC members were notified of new
                terms of reference for the combined Task Force

              on 19 May 2005

              • The forthcoming draft statement on
                Purpose of Contacts was discussed at the

              Luxembourg meeting 11 July 2005.

              • BC members were asked to participate in
                a Contacts survey on 22 July 2005

              • A conference call was held on 26 July
                2005.

              • The draft statement on Purpose of
                Contacts was posted to the BC list on 2 August 2005

              and adopted after a 14 day period.

              3
              (b) Statement of the Noncommercial Users Constituency

              1. Purpose of Whois

              Task
              1 asks us to "Define the purpose of the WHOIS service in the
              context of ICANN's mission and relevant core values, international
              and national laws protecting privacy of natural persons,
              international and national laws that relate specifically to the WHOIS
              service, and the changing nature of Registered Name Holders."

              The
              importance of defining "purpose":

              Regarding
              international and national privacy laws, NCUC notes that it is
              well-established in data protection law that the purpose of data and
              data collection processes must be well-defined before policies
              regarding data collection, use and access can be established. The
              need for an explicit, well-defined purpose is meant to protect data
              subjects from abuse by either the data collectors or third parties
              using the data. A definition of purpose is intended to impose strict
              constraints on the collection and use of contact data. A specified
              purpose determines what data elements should be collected, and
              therefore actively prevents collection of any data that is not
              clearly necessary for that purpose.

              Furthermore,
              a defined purpose helps to ensure that data is used only for the
              specified purposes, preventing uses that are different from or
              incompatible with the purpose giving rise to their collection.
              Finally, sound data protection principles hold that data subjects
              must be informed of the purpose for which the Data is intended and
              whether and under what conditions the Data is likely to be passed to
              a third party.

              WHOIS
              and ICANN's mission and core values

              Regarding
              ICANN's mission and relevant core values, we note that ICANN's
              mission is primarily technical: "to coordinate, at the overall
              level, the global Internet's systems of unique identifiers, and in
              particular to ensure the stable and secure operation of the
              Internet's unique identifier systems." In enumerating ICANN's
              core values, we find that the first three are most relevant to a
              discussion of WHOIS and its purpose:

              1.
              Preserving and enhancing the operational stability, reliability,
              security, and global interoperability of the Internet.

              2.
              Respecting the creativity, innovation, and flow of information made
              possible by the Internet by limiting ICANN's activities to those
              matters within ICANN's mission requiring or significantly benefiting
              from global coordination.

              3.
              To the extent feasible and appropriate, delegating coordination
              functions to or recognizing the policy role of other responsible
              entities that reflect the interests of affected parties

              The
              original purpose of the WHOIS protocol, when the Internet was an
              experimental network, was the identification of and provision of
              contact information for domain administrators for purposes of solving
              technical problems. This original purpose is consistent with the
              plain language of ICANN's current mission and is further supported by
              core value #1, which addresses exclusively technical values such as
              stability, reliability, security and interoperability.

              Vinton
              G. Cerf, speaking at the "Freedom 2.0" conference held in
              Washington DC in May 2004 confirmed directly that the original
              purpose of WHOIS was indeed purely technical.**

              Further,
              Core Value #3 expressly recognizes the "policy role" of
              "other responsible entities." Nowhere is this policy role
              clearer than in the steps governments have taken to protect the
              personal data of their citizens. It is incumbent on ICANN to limit
              its role in the collection, use and especially disclosure of data to
              only that needed for technical and operational tasks. The rest is
              rightly governed by sovereign law.

              We
              further note that Core Values #2 and #3 **(respecting creativity and
              recognizing the policy role of other responsible entities,
              respectively), in spirit and language mandate that ICANN must limit
              its activities to a minimal set of areas requiring global technical
              coordination. Thus, although WHOIS data may be useful for a broad
              variety of purposes, uses and users, ICANN's core values require that
              it not embrace those purposes and activities just because it can, or
              because interested parties find it convenient. ICANN must limit its
              activities to matters within its mission and recognize and defer to
              the policy role of other responsible entities.

              Proposed
              definition of purpose

              NCUC
              proposes the following definition of purpose for the WHOIS service:

              The
              purpose of the WHOIS is to provide to third parties an accurate and
              authoritative link between a domain name and a responsible party who
              can either act to resolve, or reliably pass information to those who
              can resolve, technical problems associated with or caused by the
              domain.

              By
              "technical problems" we mean problems affecting the
              operational stability, reliability, security, and global
              interoperability of the Internet.

              Excluded
              or invalid purposes

              It
              is important to also identify purposes that are inconsistent with
              ICANN's stated mission and core values.

              First,
              WHOIS is not designed to be a global data mining operation with
              completely unlimited access to all registrant data by any Internet
              user for any purpose, including marketing.

              Second,
              the purpose of WHOIS data is not to facilitate legal or other kinds
              of retribution by those interested in pursuing companies and
              individuals who criticize and compete against them. Companies with
              allegations against domain name registrants can seek subpoenas of
              specific subscriber records through Internet service providers, or
              learn about a domain name registrant's identity information through
              requested subpoenas of registrar records.

              Third,
              the purpose of WHOIS is not to expand the surveillance powers given
              to law enforcement under law, or to bypass the protections and
              limitations imposed by sovereign governments to prevent the abuse and
              misuse of personal data, even by law enforcement. Law enforcement
              agencies can subpoena specific subscriber records through Internet
              service providers, or learn about a domain name registrant's identity
              information through subpoenas of registrar records. It is not for
              ICANN to preempt or undervalue the due process protections set up by
              national government who must balance not only legitimate law
              enforcement needs, but also officers operating "ultra vires"
              and outside of their authority and law enforcement officers operating
              for other countries which do not share the same laws and values of
              the registrant's country.

              Conclusion
              of NCUC statement on purpose of WHOIS

              Overall,
              the published WHOIS data should serve only the original purpose of
              the database and the powers of ICANN - technical. Additional access
              to information about the domain name registrant, including the names
              and address of those using their domain names to post valuable and
              controversial political and social messages and critiques, should be
              handled pursuant to the well thought out national laws that exist in
              every other area of telecommunications (e.g., telephone, cable, and
              Internet Service Provider data).

              2. Purpose of Whois
              contacts

              Task
              2 asks us to "(2) Define the purpose of the Registered Name
              Holder, technical, and administrative contacts, in the context of the
              purpose of WHOIS, and the purpose for which the data was collected.
              Use the relevant definitions from Exhibit C of the Transfers Task
              Force Report as a starting point
              (http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm).




              The NCUC believes that once we have selected a purpose for
              our database, data protection laws require us to closely examine
              whether the information we collect meets the goals we have set out —
              and make adjustments accordingly. These comments discuss the Contact
              data currently collected for WHOIS and the personal nature of much of
              it.  They raise the question whether this data should be
              collected at all for WHOIS purposes.



              I. Data protection
              laws require limited collection of personal data


              In its 2003
              Opinion, the Article 29 Data Protection Working Party of European
              Union Data Protection Commissions urged ICANN to closely examine the
              personal data it collects for WHOIS.  The Commissioners warned: 




              "Article 6c of the Directive imposes clear limitations
              concerning the collection and processing of personal data meaning
              that data should be relevant and not excessive for the specific
              purpose.  In that light it is essential to limit the amount of
              personal data to be collected and processed." 



              Opinion
              2/2003 on the application of the data protection principles to the
              Whois
              directories

              http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2003/wp7…
              (emphasis added). 



              The Data Protection Commissioners'
              concern over collection of WHOIS data is grounded in the clear
              language of the EU Data Protection Directive and its Article 6 
              "Principles Relating to Data Quality" which clearly sets limits
              on the collection of personal data: 



              "Member States
              shall provide that personal data must be:

              (a) processed fairly and
              lawfully;

              (b) collected for specified, explicit and legitimate
              purposes and not further  processed in a way incompatible with
              those purposes. ***

              (c) adequate, relevant and not excessive in
              relation to the purposes for which they are collected and/or further
              processed;"



              Directive 95/46/EC of the European Parliament
              and of the Council of 24 October 1995 on the protection of
              individuals with regard to the processing of personal data and on the
              free movement of such data,
              http://europa.eu.int/comm/justice_home/fsj/privacy/law/index_en.htm.



              The
              Canadian Personal Information Protection and Electronics Document Act
              also sets limits on the collection of personal data:  



              "The purpose of this Part is to establish, in an era in
              which technology increasingly facilitates the circulation and
              exchange of information, rules to govern the collection, use and
              disclosure of personal information in a manner that recognizes the
              right of privacy of individuals with respect to their personal
              information and the need of organizations to collect, use or disclose
              personal information for purposes that a reasonable person would
              consider appropriate in the circumstances." 




              http://laws.justice.gc.ca/en/P-8.6/93196.html#rid-93228
              [emphasis added].



              Similarly, Australia's Privacy Principles
              mandate:

              "1.1 An organisation must not collect personal
              information unless the information is necessary for one or more of
              its functions or activities."


              National Privacy Principles
              (Extracted from the Privacy Amendment (Private Sector) Act 2000),
              http://www.privacy.gov.au/publications/npps01.html.



              Based on
              these legal requirements, the NCUC submits that the WHOIS Task Force
              must review the contact data currently collected, evaluate whether it
              is personal, and determine whether it should continue to be collected
              in keeping with the purpose of the WHOIS Database. 
              Over-collection of personal data does not serve ICANN's mission nor
              does it help registrars comply with the many existing laws that
              protect registrant privacy worldwide. 



              II. The
              Purpose of the WHOIS Database


              In our Task 1 comments, NCUC
              submitted a clear definition of the purpose of the WHOIS
              database:


              "The purpose of the WHOIS is to provide to
              third parties an accurate and authoritative link between a domain
              name and a responsible party who can either act to resolve, or
              reliably pass information to those who can resolve, technical
              problems associated with or caused by the domain."
               

              (Statement
              of the NCUC on WHOIS Purpose, above)



              As discussed in our
              comments, this technical purpose is consistent with the original
              purpose of the WHOIS, as set out by Vint Cerf and others, and within
              the limited scope of ICANN's mission. 



              III. 
              Contact Data:  Definition?  Personal?  Fits Purpose of
              WHOIS?

              The GNSO Council asked us to examine the definitions
              and purpose of the Technical Contact, Administrative Contact and
              Registered Name Holder.  We do so in light of the legal
              considerations set out above.



              A. Technical Contact

              The
              Transfer Task Force defined technical contact as:

              "the
              individual, role or organization that is responsible for the
              technical operations of the delegated zone. This contact likely
              maintains the domain name server(s) for the domain. The technical
              contact should be able to answer technical questions about the domain
              name, the delegated zone and work with technically oriented people in
              other zones to solve technical problems that affect the domain name
              and/or zone."



              The next step requires us to assess whether
              Technical Contact data is personal and needs to be treated with
              special care.  In our review with our Constituency, we found
              that occasionally Technical Contact Data is the personal data of an
              individual.  Increasingly, however, registrants entrust a
              technical party to manage their domain name and expertly handle any
              technical problems that arise — often an ISP, online service
              provider, Registrar or web host provider.   Thus, for
              individuals and small organizations, we found that the technical
              contact field does not raise strong concerns regarding personal
              data. 



              Further, in assessing whether collection of
              Technical Contact data fits within the purpose of ICANN and the WHOIS
              database, we found that it does.  The Technical Contact is the
              person designated to respond to exactly the set of technical problems
              and issues at the heart of the WHOIS purpose.  Accordingly, NCUC
              submits that Technical Contact data should be collected and
              maintained for the WHOIS database.



              B. Administrative
              Contact


              The Transfer Task Force defined administrative contact
              as:

              "an individual, role or organization authorized to interact
              with the Registry or Registrar on behalf of the Domain Holder. The
              administrative contact should be able to answer non-technical
              questions about the domain name's registration and the Domain
              Holder."

                   

              The next step
              requires us to assess whether Administrative Contact data is personal
              and needs to be treated with special care.  In our review, we
              found that the Administrative Contact data OFTEN includes personal
              data, especially for individuals and small organization leaders who
              must list their own names, home addresses, personal (and often
              unlisted) phone numbers and private email addresses for the
              Administrative Contact field. 



              This type of personal
              data is exactly what the privacy laws of many regions and countries
              set out to protect.  Its collection invokes major privacy
              concerns for individuals and small organizations -- and draws the
              formal protection of data protection laws in many countries in which
              registrants live and registrars operate. 



              Further, in
              assessing whether collection of Administrative Contact data fits
              within the purpose of ICANN and the WHOIS database, we found that it
              does not.  By the Transfer TF definition, the Admin is
              responsible for "non-technical questions" which range as far as
              the imagination and generally are completely outside the scope of
              ICANN:  Is the domain name for sale?  Is the woman
              described on a website available for a date?  Can a stranger
              meet the child shown in a family picture?  There are very good
              reasons for the privacy protections and other national and local
              protections to operate for the Administrative Contact.



              Finally,
              since the purpose of the WHOIS database is technical and the
              Administrative Contact is expressly non-technical, NCUC submits that
              this contact data should no longer be collected for the WHOIS
              database. 



              C. Registered Name Holder or "Domain
              Holder"


              The Transfer Task Force defined domain holder
              as:

              "The individual or organization that registers a specific
              domain name. This individual or organization holds the right to use
              that specific domain name for a specified period of time, provided
              certain conditions are met and the registration fees are paid. This
              person or organization is the 'legal entity' bound by the terms
              of the relevant service agreement with the Registry operator for the
              TLD in question."



              Following this definition, we must
              evaluate whether the registrant data is personal and should be
              treated with special care.  Of all the contact data, we find the
              Domain Holder to be the most personal.  This is the woman, the
              family head, the Cub Scout leader, and other individuals and leaders
              of small organizations who must list their personal names, home
              addresses, private phone numbers and personal email addresses. 

              Once published, this personal data is used for all the abuse and
              misuse documented in the Task Force Uses report — from spamming to
              stalking and harassment. 



              This personal data is exactly
              the type of data that data protection laws seek to protect. 
              Article 29 Data Protection Commissioners now urge ICANN and our TF
              that: 



              "The registration of domain names by
              individuals raises different legal considerations than that of
              companies and other legal persons registering domain names" and 
              "it is essential to limit the amount of personal data to be
              collected and processed." Article 29 WG citation above.



              The
              collection of such personal data as a global ICANN WHOIS policy
              serves no technical purpose.  Individual registrants rarely
              answer technical questions about their domains or their abuse — and
              would refer such questions (such as the hijacking of their domain
              name by a spammer) to their technical contact instead.  
              Accordingly, the collection of Domain Holder data serves little
              purpose for the WHOIS database and should not be continued as a
              global ICANN policy.



              Conclusion

              The best way to
              protect millions of individual and small organizational domain name
              registrants, and to comply with data protection laws worldwide, is
              for ICANN to carefully review the contact data collected for the
              WHOIS database and limit the data strictly to that necessary for its
              technical purposes and mission.



              Outreach statement

              Months
              ago, the NCUC TF representatives queried NCUC members regarding Whois
              data and what they and their organizations place in the contact
              fields.  The answers and discussion that ensued were
              incorporated into this statement.  The NCUC TF representatives
              then prepared this Contacts Statement.  It was posted to the
              Constituency list on August 31, and subsequently adopted as the
              official position of the Constituency.  


              3 (c) Intellectual Property Constituency

              This
              statement responds to the request for constituency input on the Whois
              Task Force Terms of Reference Items 1 (purpose of Whois) and 2
              (purpose of Whois contacts). See Call for constituency
              statements on Tasks 1&2 of Whois Task Force Terms of Reference,
              at http://forum.icann.org/lists/gnso-dow123/msg00416.html
              a>
              .
              The Terms of Reference may be found at
              http://gnso.icann.org/policies/terms-of-reference.html.
              Pursuant to requirements of the GSNO policy development process,
              outlined by the ICANN bylaws, see Annex A, Sec. 7(d), available at
              http://www.icann.org/general/archive-bylaws/bylaws-19apr04.htm,
              the IPC came to the following conclusion.

              1. Purpose of Whois

              Term
              of Reference #1 is to define the purpose of the Whois database in the
              context of (1) ICANN's mission and relevant core values, (2)
              international and national laws protecting privacy of natural
              persons, (3) international and national laws that relate specifically
              to Whois services, and (4) the changing nature of Registered
              Name Holders.

              In
              IPC's view, it is clear that the purpose of the Whois database —
              from its inception, through the commercialization of the Internet,
              and continuing today — has always included to provide the public
              with ready access to the identity and contact information for domain
              name registrants. That purpose has never changed, and registrants
              have always been on notice of this purpose, regardless of when they
              registered their domains. This purpose is also fully consistent with
              the contextual factors listed in TOR #1. Please see attached
              background paper for further documentation of this conclusion.
              (backgrounder is available at
              http://forum.icann.org/lists/gnso-dow123/msg00465.html

              )

              i)
              If a Supermajority Vote was reached, a clear statement of the
              constituency's position on the issue;

              See
              above.

              (ii)
              If a Supermajority Vote was not reached, a clear statement of all
              positions espoused by constituency members;

              N/A

              (iii)
              A clear statement of how the constituency arrived at its position(s).
              Specifically, the statement should detail specific constituency
              meetings, teleconferences, or other means of deliberating an issue,
              and a list of all members who participated or otherwise submitted
              their views;

              The
              IPC membership was notified of the request for a constituency
              statement on June 22. A draft constituency statement was circulated
              on July 8. The statement and the issue were discussed at the IPC
              meeting in Luxembourg on July 11. A revised statement was circulated
              to the IPC membership on July 20, and was discussed at an IPC
              teleconference meeting on July 22. At that meeting, on a motion,
              which was seconded, it was agreed without objection to approve the
              constituency statement, subject to minor drafting changes in the
              background paper.

              (iv)
              An analysis of how the issue would affect the constituency, including
              any financial impact on the constituency;

              This
              issue will have a positive impact on IPC by maintaining and
              potentially enhancing the utility of the Whois database, a vital tool
              for protecting intellectual property rights in the online
              environment. IPC does not anticipate any financial impact on the
              constituency as a result of this policy, nor do we perceive any new
              costs associated with this particular policy that would need to be
              borne by another constituency.

              (v)
              An analysis of the period of time that would likely be necessary to
              implement the policy.

              None.

              2. Purpose of Whois
              contacts

              Term
              of Reference #2 is to define the purpose of (1) the Registered Name
              Holder,2
              (2) the technical contact, and (3) the administrative contact, in the
              context of the purpose of the Whois database. IPC supports the
              effort to define these terms. We note that, today, there is
              absolutely no consistency in how registrants populate these
              databases. the fact that these terms (or their cognates) are defined
              in a Transfers Policy of ICANN is completely unknown to all but a
              handful of domain name registrants, and thus these definitions have
              no correlation to the reality of how these categories are defined in
              practice. However, providing information in the Whois database about
              each of these points of contact fulfills a useful role.

              A. Registered
              Name Holder

              As
              discussed in response to Terms of Reference #1 above, the purpose of
              the Whois database, in terms of ICANN's mission and core values, is
              primarily to promote the reliability and security of the Internet.
              Making Whois data publicly available regarding the Registered Name
              Holder is critical to accomplishing this purpose. The Registered
              Name Holder is ultimately responsible for the use of the domain name
              and the operation of the corresponding website or other Internet
              resource, and is also the entity with authority to transfer the
              domain name registration to another party. Making information on the
              Registered Name Holder available thus directly promotes
              accountability and transparency, which in turn increases the overall
              reliability and security of the Internet.

              B. Technical Contact

              The
              purpose of the Technical Contact is to help ensure the operational
              stability, security, and global interoperability of the Internet,
              pursuant to ICANN's core value (1).

              C. Administrative Contact

              The
              purposes of identifying the Administrative Contact in the Whois
              database are (1) to give registrars a clearly identified authorized
              voice of the Registered Name Holder for purposes of managing the
              domain name, and (2) to give other members of the public a clearly
              identified point of contact for issues regarding the content of the
              corresponding website or other Internet resource. For instance, the
              Administrative Contact should have the authority to modify content on
              the site or to accept legal process or similar notifications
              concerning that content.

              The
              IPC notes, however, that the definition provided by the Transfers
              Task Force Report as referenced in ICANN's June 2 Terms of
              Reference is somewhat confusing. Namely, the Transfers Report
              defines the administrative contact as:

              an
              individual, role [?], or organization authorized to interact with the
              Registry or Registrar on behalf of the Domain Holder [note reference
              is not to the "Registered Name Holder"]. The administrative
              contact should be able to answer non-technical questions about the
              domain name's registration and the Domain Holder. In all cases,
              the Administrative Contact [sic — note inconsistent capitalization
              within the definition] is viewed as the authoritative point of
              contact
              for the domain name, second only to the Domain Holder.

              Final
              Report and Recommendations of the GNSO Council's Transfers Task
              Force, Exhibit C: Standardized Definitions, at
              http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03
              .htm

              (emphasis added).

              The
              definition thus states that the Administrative Contact is "the"
              authoritative point of contact, but in the next breath demotes that
              authority to being secondary to the Domain Holder. The IPC agrees
              that the Domain Holder should have ultimate authority over the domain
              name, and suggests that the definition of Administrative Contact more
              clearly reflect that it is not "the" authoritative point of
              contact, but rather that it is the Domain Holder's authorized point
              of contact for managing the domain name.

              i)
              If a Supermajority Vote was reached, a clear statement of the
              constituency's position on the issue;

              See
              above.

              (ii)
              If a Supermajority Vote was not reached, a clear statement of all
              positions espoused by constituency members;

              N/A

              (iii)
              A clear statement of how the constituency arrived at its position(s).
              Specifically, the statement should detail specific constituency
              meetings, teleconferences, or other means of deliberating an issue,
              and a list of all members who participated or otherwise submitted
              their views;

              The
              IPC membership was notified of the request for a constituency
              statement on June 22. A draft constituency statement was circulated
              on July 8. The statement and the issue were discussed at the IPC
              meeting in Luxembourg on July 11. A revised statement was circulated
              to the IPC membership on July 20, and was discussed at an IPC
              teleconference meeting on July 22. On a motion, which was seconded,
              it was agreed without objection to approve the constituency
              statement.

              (iv)
              Analysis of how the issue would affect the constituency, including
              any financial impact on the constituency;

              This
              policy will have a positive impact on IPC by potentially enhancing
              the utility of the Whois database, a vital tool for protecting
              intellectual property rights in the online environment. IPC does not
              anticipate any financial impact on the constituency as a result of
              this policy, nor do we perceive any costs associated with this
              particular policy that would need to be borne by another
              constituency. However, this could change depending upon
              implementation of the policy (see below).

              (v)
              Analysis of the period of time that would likely be necessary to
              implement the policy.

              It
              is not clear that this particular Term of Reference contemplates any
              implementation activity. Assuming that agreement is reached upon the
              purpose of the various contact categories, IPC believes the Task
              Force should consider what steps should be taken to (1) inform
              current and future registrants of these conclusions; (2) encourage or
              require registrars and registries to provide guidance to registrants
              in populating these data fields; and (3) facilitate registrants
              making changes to Whois entries in order to bring them into greater
              compliance with the agreed-upon purposes. The period of time for
              implementation would of course be one topic for consideration.


              3 (d) Registrar Constituency

              Preamble
              — The Purpose of the Domain Name System, ICANN and the GNSO

              ICANN's
              scope of engagement is defined by its agreement with the United
              States Department of Commerce3

              ("DOC") which stipulates that ICANN and the DOC will collaborate
              to carry out the following domain name system ("DNS") management
              functions;

              1. Establishment
                of policy for and direction of the allocation of IP number blocks;

              2. Oversight
                of the operation of the authoritative root server system;

              3. Oversight
                of the policy for determining the circumstances under which new top
                level domains

              would
              be added to the root system;

              1. Coordination
                of the assignment of other Internet technical parameters as needed
                to maintain

              universal
              connectivity on the Internet; and

              1. Other
                activities necessary to coordinate the specified DNS management
                functions, as agreed by

              the
              Parties.

              In
              turn, the GNSO finds its mandate within ICANN"s bylaws
              4

              which stipulate that the function of the GNSO shall be limited to
              "...developing and recommending to the ICANN Board substantive
              policies relating to generic top-level domains."

              The
              purpose of the domain name system is to enable a decentralized system
              of administering the Internet's authoritative database of host
              information. This host information includes IP address and mail
              routing information, references to other domains and other technical
              information required to facilitate client-server interactions via the
              Internet.

              The
              purpose of the gTLD domain registration system is to provide host
              operators with the means to register and receive a delegation of
              authority for a specific zone which they administer via the domain
              name system.

              These
              arrangements carry several implications. It puts direct management of
              root-level and top-level domain delegations within ICANN's scope.
              The GNSO's responsibility for developing policy in the area of
              generic top level domains is derived from this. Responsibility for
              policy development related to IP addressing, country-code domains and
              protocol identifiers fall to other organizations within ICANN's
              structure.

              The
              GNSO has influence over policy that manages the types of gTLD
              delegations that may be requested and granted. String-length
              restrictions, character set guidelines and trademark-centric
              string-content restrictions are all examples of the types of
              limitations ICANN's GNSO has imposed on delegation requests.
              However, this does not mean that the GNSO has any direct policy
              influence over how delegations that do meet these criteria are
              managed after they have been granted. The GNSO's influence over the
              operational management of a zone is limited to a very narrow and
              appropriate set of specifications that outline the processes
              registrants may use to transfer delegations to one another, choose a
              new registrar to interface with and so on.

              Since
              neither of ICANN and the GNSO are technical standards creation
              bodies, neither have any control over how delegations technically
              function within the domain name system beyond specifying the
              standardized protocols that will be used. For instance, past GNSO
              policy recommendations have included advice advocating the
              development of new technical standards within the IETF and
              stipulations that currently deployed standards continue to be used.
              Neither of these recommendations are inappropriate nor out of scope
              for the GNSO.

              Finally,
              the functional mapping of hostnames to IP addresses, and of IP
              addresses to host based applications and content such as web sites or
              email services via the DNS record is a function that is managed
              locally by the DNS administrator. Central to the function of the DNS
              is the notion of zone delegation which puts 100% of the technical,
              operational and policy management of a zone in the hands of the local
              host administrator. These local functions are naturally outside of
              ICANN and the GNSO's sphere of control.

              The
              GNSO's policy making powers can be summed up very simply —

              The
              GNSO only has the capability to manage what gets registered and how
              registrations are administered, but not what registrations are used
              for.

              Any
              discussion of the purpose of Whois must be consistent with this
              context and naturally limited to two key areas;

              1. Processes,
                standards and policies related to domain registration and
                administration activity.

              2. specific
                areas of the domain name system, including;

                1. ensuring
                  technical standards compliance for registrants, registrars and
                  registries, and;

                2. the
                  ongoing management of the authoritative record of name server
                  delegations.

              1. Purpose of Whois

              Shedding
              light on the purpose of ICANN, the GNSO and the domain name system
              also sheds light on the purpose of the gTLD Whois System. There is a
              tendency within ICANN circles to view specific parts of the DNS as
              being isolated from one another, when in fact each of these
              constituency pieces is an integral part of a much larger system. Each
              of these specific parts is required to function efficiently or the
              stability and efficiency of the entire system will start to fail.

              But,
              there is little understanding of what the domain name system actually
              entails, and as a result, there are many opinions as to what the gTLD
              Whois System actually is. A popular view is that the purpose of the
              Whois System is to act as a directory of contact information.
              However, an examination of the data and protocols that ICANN requires
              registrars and registries to publish and use to implement the Whois
              System paints a picture that implies a much broader purpose for the
              gTLD Whois System than the very narrow purpose of acting as a
              directory of contact information.

              Publicly
              accessible directories of contact information, such as the directory
              of Senators of the 109th Congress of the United States of
              America5

              typically includes information like the name, mail and email address
              and phone number of the individuals and companies included in the
              directory.

              i.e.

              Sample
              record from the directory of Senators of the 109th
              Congress

              Akaka,
              Daniel
              - (D - HI)

              141
              HART SENATE OFFICE BUILDING WASHINGTON DC 20510 (202) 224-6361

              E-mail:
              senator@akaka.senate.gov pan>


              This
              sample record is consistent with records found in other contact
              directories, online and offline, such as the white page directories
              published by telephone companies6,
              the professional networking web directory operated by LinkedIn7

              or the directory of contact information for the members of the MPAA8.

              Each
              of these directories has one thing in common — the data included in
              each of the records is consistent with its purpose — to provide the
              public with ready access to contact information.

              On
              the other hand, the gTLD Whois System provides a much broader dataset
              in response to third party queries;

              Sample
              record from the gTLD Whois System

              Whois
              info for, tucows.com:

              Registrant:

              Tucows
              ( Delaware ) Inc.

              96
              Mowat Avenue

              Toronto,
              Ontario M6K3M1

              CA

              Domain
              name: TUCOWS.COM

              Administrative
              Contact:

              Administrator, DNS
              dnsadmin@tucows.com

              96
              Mowat Avenue

              Toronto,
              Ontario M6K3M1

              CA

              +1.4165350123x0000

              Technical
              Contact:

              Administrator, DNS
              dnsadmin@tucows.com

              96
              Mowat Avenue

              Toronto,
              Ontario M6K3M1

              CA

              +1.4165350123x0000

              Registrar
              of Record: TUCOWS, INC.

              Record
              last updated on 22-Nov-2004.

              Record
              expires on 06-Sep-2006.

              Record
              created on 07-Sep-1995.

              Domain
              servers in listed order:

              DNS1.TUCOWS.COM
              216.40.37.11

              DNS2.TUCOWS.COM
              216.40.37.12

              DNS3.TUCOWS.COM
              204.50.180.59

              Domain
              status: REGISTRAR-LOCK

              If
              the gTLD Whois System was simply a directory of contact information,
              then there would be no reason to include additional information about
              the domain delegation
              in the record displayed in response to a
              query which would be intended to discover contact information.

              This
              additional information includes:

              • the
                zone that was delegated ("tucows") and the zone that the
                delegation belongs to ("com")

              • the
                date that the delegation was granted ("07-Sep-1995") and
                when the delegation next expires ("06-Sep-2006")

              • which
                domain name servers are authoritative for this particular zone
                ("dns1, dns2 and dns3.tucows.com")

              • the
                status of the delegation ("REGISTRAR-LOCK")

              This
              is a lot of additional information to include in a simple database of
              contact information for domain name registrants. This additional
              information was not included by accident — it was included because
              it was central to the intended purpose of the gTLD Whois System in
              support of the domain name system. Queries destined for this system
              are not provided with contact records, they are provided delegation
              records.

              The
              gTLD Whois System is a record lookup service that uses the Whois
              protocol to allow third parties to determine which entity currently
              holds the delegation for a particular second level domain. The
              purpose of this lookup service is to facilitate the technical
              co-ordination and inter-operation of specific delegations within the
              registration and domain name systems.

              Examples
              of technical co-ordination and inter-operation include;

              • Resolving
                issues related to lame delegation (i.e. delegation records that
                specify nameservers that are not authoritative for the delegation in
                question).

              • Determining
                which name servers are intended to be authoritative for a specific
                delegation (i.e. comparing the delegation records with data from
                other sources while troubleshooting configuration issues).

              • Determining
                the status of a delegation (INACTIVE, CLIENT LOCK, PENDING RENEW,
                and other EPP/RRP status codes9.). <
                /p>

              • Determining
                which delegant is responsible for the activity of a specific network
                host.

              • Determining
                when a specific delegation was granted.

              Facilitating
              technical co-ordination and inter-operation does not include;

              • Providing
                contact information for host operators to help third parties resolve
                civil and criminal matters.

              • Facilitating
                commercial transactions related to the transfer of delegations
                between registrants.

              • Facilitating
                interactions between network providers.

              • Providing the general public with ready
                access to the identity and contact information for domain name
                registrants and the associated contacts.

              • Facilitating the resolution of host
                based security and network attacks.

              2. Purpose of Whois Contacts

              The
              purpose of specific contact types in the gTLD Whois System cannot be
              divorced from the purpose of the overall gTLD Whois System, or that
              of the GNSO and ICANN.

              There
              are at least four contact types listed in the current gTLD Whois
              System — the "Registrant", the "Administrative Contact",
              the "Technical Contact" and the "Sponsoring Registrar". Some
              gTLD Whois records also include contact information for the ISP or
              reseller acting as the liaison between the Registrar and Registrant.
              As previously discussed, there are many other technical details
              included in these records in addition to the contact information.

              The
              following table describes the purpose of only three of these contact
              types;

              Contact
              Type

              Purpose

              Registrant

              To
              provide a clear record of the entity responsible for a specific
              delegation.

              Administrative
              Contact

              To
              provide contact information for an individual or role that can
              provide assistance to third parties who have questions regarding
              the administration of the delegation.

              Technical
              Contact

              To
              provide contact information for an individual or role that can
              provide assistance to third parties who have questions regarding
              the technical management of the zone.

              This
              view of the purpose of these contact types also carries implications
              that warrant further examination.

              1. The
                contact information currently associated with the Registrant type is
                extraneous. A record that intends to provide delegation information
                need not also provide contact information. This contact information
                could be removed from the gTLD Whois System with little operational
                impact.

              1. The
                purpose of the Administrative Contact and the Technical Contact are
                very closely related. In fact, there is little to distinguish each
                of these record types on a practical basis. The continued relevance
                and value of maintaining separate contact types should be examined.


              3 (e) Registry Constituency

              This
              statement responds to the request for constituency input on the WHOIS
              COMBINED TASK FORCE Terms of Reference (2 June 2005) Tasks 1 (Purpose
              of WHOIS) and 2 (Purpose of WHOIS contacts).

              .

              Pursuant
              to requirements of the GSNO policy development process, the RyC has
              concluded:

              1. Purpose of Whois

              The
              WHOIS function had one original purpose, clearly articulated by the
              European Commission Data Protection Working Party — "to give
              people who operate networks a way of contacting the person
              technically responsible for another network, another domain, when
              there was a problem."10
              This purpose is a direct result of the nature of the Internet at the
              time when the function was originated, namely a limited
              interconnection of research, university and government networks. The
              visionary founders of the Internet never conceived of the Internet as
              the global means of mass telecommunications that it has now become

              The
              WHOIS function now has additional purposes that have arisen from the
              change of character of the Internet. Its explosive growth has
              unfortunately attracted a minority of users who do not share the
              high-minded idealism of the Internet's founders. The spammers,
              cybersquatters, phishers and other abusers of the functions of the
              Internet, together with users whose intent is criminal (terrorists,
              et al) have made it necessary to recognize that the WHOIS function
              has purposes beyond its original purpose. However, recognition of
              this need does not imply that the function must make all personal
              data public. There is no justification at this time for a WHOIS
              function that makes available to the entire world the personal data
              of millions of domain name registrants.

              There
              are adequate techniques, such as tiered access, that can make WHOIS
              data available to law enforcement agencies and others that need the
              data.

              The
              EC Working Party Opinion cited above recognizes the expansion of
              purposes and at the same time strongly supports the concept that not
              all data should be made public:

              "...it
              is essential to limit the amount of personal data to be collected and
              processed."

              "The
              registration of domain names by individuals raises different legal
              considerations than that of companies or other legal persons
              registering domain names."

              "In
              the light of the proportionality principle, it is necessary to look
              for less intrusive methods that would still serve the purpose of the
              Whois directories without having all data directly available on-line
              to everybody."

              "The
              Working Party encourages ICANN and the Whois community to look at
              privacy enhancing ways to run the Whois directories in a way that
              serves its original purpose whilst protecting the rights of
              individuals. It should in any case be possible for individuals to
              register domain names without their personal details appearing on a
              publicly available register."

              [emphasis in original]

              It
              is entirely disingenuous to argue that personal data must be made
              publicly available because ICANN requires that domain name
              registrants consent or acknowledge that their data will be
              publicized. The point of this Task Force's proceeding (and the
              proceeding of its predecessors) has always been to determine how the
              WHOIS function should be structured, not to defend its legality or
              illegality as presently structured.

              b) Constituency
              Position on Task 2 — Purpose of WHOIS Contacts

              The
              RyC believes that the purposes of the various contacts are adequately
              described in Exhibit C of the Transfers Task force report.

              (from
              http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):

              II.
              Method for Reaching Agreement on RyC Position

              The
              RyC drafted and circulated via email a constituency statement,
              soliciting input from its members. RyC members suggested edits and
              additions to the draft which were subsequently incorporated into the
              final constituency statement. The statement was adopted by a
              unanimous vote of the members present at the teleconference meeting
              on 17 August 2005.

              III.
              Impact on Constituency

              Recognition
              that the WHOIS function has a limited purpose and that personal data
              should not be publicly available would assist the members of the RyC
              in fulfilling their legal obligations in their respective
              jurisdictions.

              IV.
              Time Period Necessary to Complete Implementation

              Depending
              on the actual technical implementation requirements of any agreed-to
              WHOIS changes, it could take considerable time for registries to
              implement changes.  Moreover, time for implementation may vary
              by registry depending on resource availability, size of the WHOIS
              database, etc.  If the changes involve implementing the IRIS
              protocol, a lengthy amount of time should be allowed for transition
              because of the widespread and longstanding use of the existing
              protocol.


              3 (f) Internet Service Providers and Connectivity Providers
              Constituency

              Introduction

              The
              ISPCP Constituency herein provides input as requested to the combined
              Whois Task Force on the revised terms of reference tasks to be
              undertaken for by the task force.

              1. The task force tasks 1 and 2 as set
                forth in the terms of reference for the combined Whois task force.

                1. Task 1 is to define the purpose of
                  the WHOIS service in the context of ICANN's

              mission and relevant core values,
              international and national laws protecting privacy of natural
              persons, international and national laws that relate specifically to
              the WHOIS service, and the changing nature of Registered Name
              Holders.

                1. Task 2 is to define the purpose of the
                  registered name holder, technical, and

              administrative contacts, in the context
              of the purpose of WHOIS, and the purpose for which the data was
              collected. As required by the task force terms of reference, the
              relevant definitions from Exhibit C of the Transfers Task force is
              used as a starting point and commented upon.

              2. Purpose of Whois

              The
              Whois database serves the purpose of providing contact information to
              the public regarding the individual or organization that has
              registered a domain name. This is true today, and it has been true
              throughout the history of the domain name system's Whois database.
              The ISPCP believes that regardless of the vast growth of the number
              of domain registrations, some core principles should remain
              unchanged, and ready access to all Whois data is one such principle.

              The
              ISPCP does not believe there to be a conflict between ICANN's core
              mission and public access to Whois. In fact, in an open and
              transparent process that relies on a global community for a bottom-up
              consensus development process public access should always be a core
              value in any policy development. After having considered policy
              changes related to the Whois database for so many years this
              constituency does not feel any change in this core value is
              warranted.

              Certainly,
              as we have stated in the past, some rules for protection of the Whois
              database and registrant privacy are important. Conspicuous notice,
              prohibition of bulk access for marketing purposes and compliance with
              local laws are positive aspects of the Whois task forces that the
              ISPCP welcomes.

              In
              providing the ISPCP specific purposes of Whois data, we'd like to
              highlight the fact that this discussion has been had before, many
              times. Despite the confusion over the "use" versus the
              "purpose", in fact both are dependant on the type of notice that
              is provided at time of registration. If adequate notice is provided
              regarding the intended purposes of data collection, then all uses
              (but nothing more) consistent with that notice shall be valid.

              Nevertheless,
              here again are the following purposes of Whois for the ISPCP:

              1. to research and verify domain
                registrants that could vicariously cause liability for ISPs

              because of illegal, deceptive or
              infringing content.

              1. to prevent or detect sources of
                security attacks of their networks and servers

              2. to identify sources of consumer fraud,
                spam and denial of service attacks and incidents

              3. to effectuate UDRP proceedings

              4. to support technical operations of ISPs
                or network administrators

              The
              ISPCP believes these purposes are consistent with ICANN's mission
              and with the role of service providers in their routine connectivity,
              hosting and business activities.

              2. Purpose of Whois contacts

              ICANN's
              core mission is the security and stability of the domain name system
              leading to increased reliability of the Internet.

              Some
              consistency in the way domain name registrants populate various
              fields is useful to all who use Whois.

              The
              purpose of the registered name holder is to name the
              person or entity that initiates the use of the domain, holds himself
              or itself as having ultimate responsibility for all things associated
              with the domain. This contact is often used by ISPs to address legal
              or business issues related to the domain.

              The
              purpose of the technical contact is to name the
              individual who is intended to be responsible for addressing
              technical, security and/or interoperability issues related to the
              domain. This is a particularly important to ISPs for resolving
              technical questions related to internet traffic or the domain
              generally.

              The
              purpose of the administrative contact is to provide a
              live name and voice to the registered name holder when the registrant
              is an entity. The administrative contact is intended to be the
              individual to address business, legal and policy issues related to
              the domain.

              ISPCP
              Proposal

              The
              Whois task force is now in its third configuration, and has been
              conducting its efforts at least since 2001. The constituency is
              grateful to each and every member of the task force as well as ICANN
              staff, which has contributed to the work in this space. We believe
              that it is important for the legitimacy of the process and the sanity
              of the individual members that the task force be specific in its
              goals and advances. If after years of discussion, areas still exist
              where consensus policy is not achieved, the task force should so
              indicate and end discussion in such areas.

              It
              is clear that in fact, there are positive improvements to the system
              coming from this task force and its predecessors. However, if there
              is still substantial disagreement over how the purpose and use of
              data are connected and interact together, it leaves this constituency
              somewhat disheartened and frustrated.

              We
              hope the task force does continue to reach consensus and achieve each
              of its goals as outlined in the terms of reference tasks. However,
              if there are areas where there is too much opposition to achieve
              consensus, its far better to openly state that and make a report to
              the ICANN board and community in this regard than to continue to
              pushing members to argue the same positions and waste valuable effort
              without getting any closer to policy goals.

              The
              ISPCP constituency wishes you all the best, and hopes that the task
              force reaches a successful consensus policy on all its terms of
              reference tasks.

              4GNSO Public Forum discussion

              4 (a) PURPOSE OF WHOIS

              Jordyn Buchanan, chair of the GNSO's
              Whois Task Force, update from the task force on defining the purpose
              of Whois. (General details of the task force are available here:
              http://gnso.icann.org/issues/Whois-privacy/
              , Jordyn's presentation is available here:

              Jordyn Buchanan outlined the two current
              formulations on the purpose of Whois, and described the common and
              distinguishing features of each:

              Formulation #1

              "The purpose of the gTLD Whois service
              is to provide information sufficient to contact a responsible party
              for a particular gTLD domain name who can resolve, or reliably pass
              on data to a party who can resolve, issues related to
              the configuration of the records associated with the domain name
              within a DNS nameserver."

              This formulation is supported by the
              registrars, registries, and NCUC:

              • Consistent with the narrow technical
                mission of ICANN, ICANN's Core Values (particularly 1-3) and
                national data protection laws worldwide.

              • Core
                values: #1 Security and Stability, #2 Respecting creativity and flow
                of information by limiting ICANN's activities to matters in
                ICANN's mission,

              • Delegating to and respecting the
                policy role of responsible entities that reflect the interests of
                affected parties

              Formulation #2

              "The purpose of the gTLD Whois service
              is to provide information sufficient to contact a responsible party
              or parties for a particular gTLD domain name who can resolve, or
              reliably pass on data to a party who can resolve, technical, legal or
              other issues related to the registration or use of a domain name."

              This formulation is supported by IPC,
              ISPCP, and BC:

              • This approach is most consistent with
                the history of Whois and follows the growth and expansion, in both
                number of users and importance as a means of communication, of the
                Internet.

              • This
                approach is most consistent with the actual uses of Whois to help
                resolve these issues

              • This approach is consistent with
                ICANN's Mission and Core Values

              Jordyn Buchanan reported that
              everyone in the task force agrees the purpose of Whois is to provide
              a system for a given domain name to be looked up and produce a set of
              contact information. The crux of the differences relates to the
              types of problems the constituencies believe ought to be resolved
              using the Whois system. (e.g. technical, legal, etc.) Jordyn invited
              public input on how to resolve differences on the purpose of Whois,
              specifically on the differences between the two formulations of
              purpose; which is better and why.

              Bruce Tonkin recommended the
              following to the task force:

              • Try to combine the two definitions of
                Whois into a single definition with unanimous support.

              • If
                the task force cannot do this, then document carefully the two
                formulations and the rationale for each.

              • When considering 'use of a domain
                name', be clear about whether you mean the name or the DNS record
                itself, and also the relationship between the domain name and the
                end content — using examples will be helpful.

              The Whois Task Force will soon publish a
              preliminary task force report on the ICANN website for public
              comment.

              Bruce Tonkin encouraged public
              comments on the purpose of Whois, saying the more input we get from
              the public, the better the outcome will be. He recommended the
              following to those commenting on the preliminary task force report on
              Whois purpose:

              • Explain the use cases, i.e. give
                practical examples and explain how the differences between the two
                definitions may affect those practical examples.




              4 (b) PUBLIC QUESTIONS AND COMMENTS
              ON PURPOSE OF WHOIS

              Matt Hooker said that as he
              needed the registrant information as he needs their legal addresses
              in order to serve legal processes on registrants if necessary, he
              preferred the first formulation. He spoke against private
              registrations creeping into the Whois and said it was not sufficient
              to have information about a registrant's legal representative or
              other contact. Accuracy of the Whois information was very important.

              Jordyn Buchanan said that both
              formulations currently allow for the concept of agency, i.e. an agent
              representing the registrant but capable of resolving issues on their
              behalf or putting requesters in touch with someone who can rapidly
              contact the registrant. For example, the registrant may not be the
              correct person to resolve technical issues.

              Kathy Kleiman said the privacy
              conference on Tuesday discussed the ability to protect the
              individual, small political organizations that may be criticizing
              governments or corporations, and the need to balance the ability to
              contact someone to resolve a technical or legal problem while
              protecting the privacy of the individual. The decision of the GNSO
              Council on Monday, 28 November 2005 to agree a recommendation on
              conflicts with national privacy laws
              (http://gnso.icann.org/issues/tf-final-rpt-25oct05.htm)
              was an excellent first step, but just a first step because it does
              not allow registrars and registries to come into voluntary,
              pro-active compliance with their data protection laws.

              Edward Hasbrouck suggested two
              extra optional fields in the GNSO; one specifying the jurisdiction
              where the registrant accepts legal process or considers its governing
              jurisdiction, and another specifying that one of the existing
              contacts is authorized to accept legal process on behalf of the
              registrant or to designate an alternate agend for serving legal
              process. Consumers should know where an Internet company asserts as
              its jurisdiction.

              Milton Mueller said the
              discussion was losing focus on the issue at hand; the purpose of
              Whois within ICANN's mission. He asked how Matt Hooker's and
              Edward Hasbrouck's suggestions fit with ICANN's mission which is
              about the coordination of unique identifiers on the Internet. Issues
              relating to the regulation of e-commerce are not part of ICANN's
              mission. Milton Mueller therefore supported the first formulation of
              the purpose of Whois above.

              Jordyn Buchanan said that after
              the task force has completed work on the purpose of Whois, it will
              get down to more concrete items including Whois data accuracy.

              Marilyn Cade said that the
              previous Whois task force had produced recommendations on bulk access
              to the Whois data and this is an issue that the Council may also look
              at for ideas on how to limit data-mining and restrict the uses of
              bulk access to the data.

              Wendy Seltzer echoed Milton
              Mueller's statement about ICANN's limited mission and the limited
              role of Whois information, saying Whois should be limited to what's
              technically required because domain names facilitate more than
              commerce, e.g. speech.

              Bruce Tonkin said registrants do
              not always have control over the content of the website the domain
              name points to, so when we use the term 'use of' the domain name,
              it should be recalled that all the domain name does is provide a link
              and a mapping from a name to an IP address. Normally, it's
              necessary to also look up the operator of the I.P. address in
              question.


              Annex A — WHOIS Task Force Terms of Reference

              On
              2 June 2005, The GNSO Council agreed the following terms of reference
              for the Whois Task Force:



              The
              mission of The Internet Corporation for Assigned Names and Numbers
              ("ICANN") is to coordinate, at the overall level, the
              global Internet's systems of unique identifiers, and in particular to
              ensure the stable and secure operation of the Internet's unique
              identifier systems.

              In
              performing this mission, ICANN's bylaws set out 11 core values to
              guide its decisions and actions. Any ICANN body making a
              recommendation or decision shall exercise its judgment to determine
              which of these core values are most relevant and how they apply to
              the specific circumstances of the case at hand, and to determine, if
              necessary, an appropriate and defensible balance among competing
              values.

              ICANN has
              agreements with gTLD registrars and gTLD registries that require the
              provision of a WHOIS service via three mechanisms: port-43, web based
              access, and bulk access. The agreements also require a Registered
              Name Holder to provide to a Registrar accurate and reliable contact
              details and promptly correct and update them during the term of the
              Registered Name registration, including: the full name, postal
              address, e-mail address, voice telephone number, and fax number if
              available of the Registered Name Holder; name of authorized person
              for contact purposes in the case of an Registered Name Holder that is
              an

              organization, association, or corporation; the name, postal
              address, e-mail address, voice telephone number, and (where
              available) fax number of the technical contact for the Registered
              Name; and the name, postal address, e-mail address, voice telephone
              number, and (where available) fax number of the administrative
              contact for the Registered Name. The contact information must be
              adequate to facilitate timely resolution of any problems that arise
              in connection with the Registered Name.

              A registrar
              is required in the Registrar Accreditation Agreement (RAA) to take
              reasonable precautions to protect Personal Data from loss, misuse,
              unauthorized access or disclosure, alteration, or destruction.

              The goal of
              the WHOIS task force is to improve the effectiveness of the WHOIS
              service in maintaining the stability and security of the Internet's
              unique identifier systems, whilst taking into account where
              appropriate the need to ensure privacy protection for the Personal
              Data of natural persons that may be Registered Name Holders, the
              authorised representative for contact purposes of a Register Name
              Holder, or the administrative or technical contact for a domain name.

              Tasks:

              (1)
              Define the purpose of the WHOIS service in the context of ICANN's
              mission and relevant core values, international and national laws
              protecting privacy of natural persons, international and national
              laws

              that relate specifically to the WHOIS service, and the
              changing nature of Registered Name Holders.

              (2)

              Define the purpose of the Registered Name Holder, technical, and
              administrative contacts, in the context of the purpose of WHOIS, and
              the purpose for which the data was collected.

              Use the
              relevant definitions from Exhibit
              C of the Transfers Task force report
              as a starting
              point:

              (from
              http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03
              .htm

              ):

              "Contact:
              Contacts are individuals or entities associated with domain name
              records. Typically, third parties with specific inquiries or concerns
              will use contact records to determine who should act upon specific
              issues related to a domain name record. There are typically three of
              these contact types associated with a domain name record,
              the

              Administrative contact, the Billing contact and the Technical
              contact. Contact, Administrative: The administrative contact is an
              individual, role or organization authorized to interact with the
              Registry or Registrar on behalf of the Domain Holder. The
              administrative contact should be able to answer non-technical
              questions about the domain name's registration and the Domain Holder.
              In all cases, the Administrative Contact is viewed as the
              authoritative point of contact for the domain name, second only to
              the Domain Holder.

              Contact,
              Billing: The billing contact is the individual, role or organization
              designated to receive the invoice for domain name registration and
              re-registration fees.

              Contact,
              Technical: The technical contact is the individual, role or
              organization that is responsible for the technical operations of the
              delegated zone. This contact likely maintains the domain name
              server(s) for the domain. The technical contact should be able to
              answer technical questions about the domain name, the delegated zone
              and work with technically oriented people in other zones to solve
              technical problems that affect the domain name and/or zone.



              Domain
              Holder: The individual or organization that registers a specific
              domain name. This individual or organization holds the right to use
              that specific domain name for a specified period of time, provided
              certain conditions are met and the registration fees are paid. This
              person or organization is the "legal entity" bound by the
              terms of the relevant service agreement with the Registry operator
              for the TLD in question."

              (3)
              Determine what data collected should be available for public access
              in the context of the purpose of WHOIS. Determine how to access data
              that is not available for public access. The current elements that
              must be displayed by a registrar are:

              - The name
              of the Registered Name;

              - The names
              of the primary nameserver and secondary nameserver(s) for the
              Registered Name;

              - The
              identity of Registrar (which may be provided through Registrar's
              website);

              - The
              original creation date of the registration;

              - The
              expiration date of the registration;

              - The name
              and postal address of the Registered Name Holder;

              - The name,
              postal address, e-mail address, voice telephone number, and (where
              available) fax number of the technical contact for the Registered
              Name; and

              - The name,
              postal address, e-mail address, voice telephone number, and (where
              available) fax number of the administrative contact for the
              Registered Name.

              (4)
              Determine how to improve the process for notifying a registrar of
              inaccurate WHOIS data, and the process for investigating and
              correcting inaccurate data. Currently a registrar "shall, upon
              notification by any person of an inaccuracy in the contact
              information associated with a Registered Name sponsored by Registrar,
              take reasonable steps to investigate that claimed inaccuracy. In the
              event Registrar learns of

              inaccurate contact information
              associated with a Registered Name it sponsors, it shall take
              reasonable steps to correct that inaccuracy."

              (5)

              Determine how to resolve differences between a Registered Name
              Holder's, gTLD Registrar's, or gTLD Registry's obligation to abide by
              all applicable laws and governmental regulations that relate to the
              WHOIS service, as well as the obligation to abide by the terms of the
              agreements with ICANN that relate to the WHOIS service. [Note this
              task refers to the current work in the WHOIS task force called
              'Recommendation 2', A Procedure for conflicts, when there are
              conflicts between a registrar's of registry's legal obligations under
              local privacy laws and their contractual obligations to ICANN.]


              Annex B — ICANN's core values

              ICANN's
              core values are as follows:

              1. Preserving and enhancing the
                operational stability, reliability, security and global
                interoperability of the Internet.

              2. Respecting the creativity, innovation
                and flow of information made possible by the Internet by limiting
                ICANN's activities to those matters within ICANN's mission
                requiring or significantly benefiting from global coordination.

              3. To the extent feasible and appropriate,
                delegating coordination functions to or recognizing the policy role
                of other responsible entities that reflect the interests of affected
                parties.

              4. Seeking and supporting broad, informed
                participation reflecting the functional, geographic and cultural
                diversity of the Internet at all levels of policy development and
                decision-making.

              5. Where feasible and appropriate,
                depending on market mechanisms to promote and sustain a competitive
                environment.

              6. Introducing and promoting competition
                in the registration of domain names where practicable and beneficial
                in the public interest.

              7. Employing open and transparent policy
                development mechanisms that (i) promote well-informed decisions
                based on expert advice, and (ii) ensure that those entities most
                affected can assist in the policy development process.

              8. Making decisions by applying documented
                policies neutrally and objectively, with integrity and fairness.

              9. Acting with a speed that is responsive
                to the needs of the Internet while, as part of the decision-making
                process, obtaining informed input from those entities most affected.

              10. Remaining accountable to the Internet
                community through mechanisms that enhance ICANN's effectiveness.

              11. While remaining rooted in the private
                sector, recognizing that governments and public authorities are
                responsible for public policy and duly taking into account
                governments' or public authorities' recommendations.

              These
              are the core values as re-stated in the most recent ICANN Strategic
              Plan (page 4) posted on the ICANN website in May 2005:
              http://www.icann.org/strategic-plan/strategic-plan-v7_3.pdf
              a>

              2

              The source of the definitions of these terms does not define
              "Registered Name Holder," but rather "Domain Holder" (see
              http://www.icann.org/gnso/transfers-tf/report-exhc-12feb
              03.htm
              ).
              The IPC presumes the two terms are being used interchangeably.

              3
              ICANN web site, "Memorandum of Understanding Between the U.S.
              Department of Commerce and the Internet Corporation for Assigned
              Names and Numbers, Amendment 6",
              http://www.icann.org/general/amend6-jpamou-17sep03.htm .


              4
              ICANN web site, "Bylaws for Internet Corporation for Assigned
              Names and Numbers", [Section X, 1],
              http://www.icann.org/general/archive-bylaws/bylaws-08apr05.htm#X-1 .


              5
              U.S. Senate web site, "Senators of the 109th Congress",
              http://www.senate.gov/general/contact_information/senators_cfm.cfm .

              8
              Missouri Professional Auctioneers Association web site,
              http://www.moauctioneers.org/VMemberList.asp

              9

              Web Design by Cookie, "Guide to Domain Name Status Codes",
              http://www.wdbc.com/domain/status-codes.cfm

              10
              See Article 29 Working Party Opinion 2/2003 on the
              application of the data protection principles to the Whois
              directories, available at

              http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2003/wp7…

              Page
              67 of 67 18
              January, 2006

              Author:
              ICANN — Maria Farrell Prelim TF Report — Whois purpose

              Version
              1.4