23 June 2005 Proposed agenda and related documents List of attendees:
Philip Sheppard - Commercial & Business Users C.
Marilyn Cade - Commercial & Business Users C.
Grant Forsyth - Commercial & Business Users C
Greg Ruth - ISCPC
Antonio Harris - ISCPC - absent - apologies - proxy to Tony Holmes/Greg Ruth
Tony Holmes - ISCPC
Thomas Keller- Registrars
Ross Rader - Registrars
Bruce Tonkin - Registrars
Ken Stubbs - gTLD registries
Philip Colebrook - gTLD registries
Cary Karp - gTLD registries
Lucy Nichols - Intellectual Property Interests C - absent
Niklas Lagergren - Intellectual Property Interests C
Kiyoshi Tsuru - Intellectual Property Interests C. - absent
Robin Gross - Non Commercial Users C.- - absent - apologies - proxy to Ross Rader
Marc Schneiders - Non Commercial Users C. - absent - apologies - proxy Robin Gross/Norbert Klein/Tom Keller/Ross Rader/Bruce Tonkin
Norbert Klein - Non Commercial Users C. - absent - apologies - proxy to Ross Rader
Alick Wilson - Nominating Committee appointee
Maureen Cubberley - Nominating Committee appointee 14 Council Members ICANN Staff
Dr. Paul Twomey - President and CEO
Kurt Pritz - Vice President, Business Operations
Maria Farrell - ICANN GNSO Policy Support Officer
Glen de Saint G�ry - GNSO Secretariat
Paul Verhoef - Vice President, Policy Development Support - absent - apologies
Olof Nordling - Manager, Policy Development Coordination - absent - apologies GNSO Council Liaisons
Suzanne Sene - GAC Liaison
Bret Fausett - acting ALAC Liaison Michael Palage - ICANN Board member MP3 Recording Quorum present at 14:06 CET. Bruce Tonkin chaired this teleconference. Item 1: Approval of the Agenda Agenda approved Item 2: Approval of the
Minutes of 2 June 2005
Ken Stubbs moved the adoption of the minutes of 2 June 2005.
Motion approved. One abstention from Alick Wilson. Decision 1: The minutes of 2 June 2005 were adopted Item 2: Staff Report
- current areas of work - WHOIS, new gTLDs, transfers, IDNs
- update on strategic/operational planning process
- status on meeting agenda for Luxembourg
- update from Paul Twomey on WSIS/WGIG Update from Dr. Paul Twomey on WSIS/WGIG developments.
Dr. Paul Twomey referred to the presentation he made to the Working Group for Internet Governance in Geneva on 14 June 2005. ICANN staff, Board members, and some GNSO council members have been actively participating in the WSIS process but it was the first time ICANN had publicly commented on the working group process prior to its final deliberations. Detailed discussions were held with Nitin Desai, chairman of the working group, and it was agreed to highlight the potential Government responsibilities on the ICANN Board.
The wording, the context and the future implications were given particular attention.
The wording was carefully chosen "It might be appropriate now to consider some change to the role of the governments on the ICANN Board especially in terms of voting rights and it would seem appropriate for governments themselves to evaluate possible ways for further improvements of the GAC."
This statement was in answer to the growing discomfort of Governments in general with an Advisory Council.
Stuart Lynn's 2002 Evolution and Reform Process, explicitly called for governments to play a much larger role in the ICANN Board and in the funding of ICANN. Dr Twomey, as chair of the GAC at the time, stated that OECD governments and other government response was that they could not support funding and with regard to representation they agreed that another government could not represent their interests, so a non voting liaison was considered the better outcome. The French and the German governments in particular said that it was not a stable outcome and there may be an alternative model in the future.
The World Summit on the Information Society (WSIS) has been a continuation of that dialogue. Dr Twomey further commented that if ICANN had been situated outside of the United States it might not receive the same criticism and might not be having the same dialogue about the roles of government in ICANN. It would appear that it has become a proxy for the perceptions of the role that the United States plays in modern politics.
ICANN was caught in a difficult bind, being a bottom up community based organization but having to deal with a diplomatic United Nation type conference where the two cultures work completely differently. A fairly consistent message heard from certain governments was that the ICANN bottom up process and the bylaws were being ignored.
On the positive side there are indications that the ITU executive initiative to take over some of ICANN's roles has failed. The WSIS process has taken an enormous amount of time, money, staff and Board resources but has succeeded to shift ICANN as the problem, to focus on government representation and defining public interest. The result of the intense efforts has been that none of the regional blocks at the heart of the United Nations system has threatened ICANN's position or placed the ITU in a strong position.
The WGIG was foreseen to move forward and the potential outcomes could focus on defining the role of public policy and the role of governments. Looking ahead ICANN should expect a battle, as diplomats will insist on the models they are used to, the Chinese and Brazilians will be calling for an intergovernmental treaty based body and council, there will be preoccupation with how the present role of the US government should be taken over, internationalised and made accountable to some sort of council. There was a discussion on a multi stakeholder forum for policy issues. OECD countries would like to focus not only on DNS issues but other types of internet governance which could be broadly defined. It is foreseen that in the next 2 or 3 years developing countries, the Middle East and China are going to focus on the IP addressing system and DNS system.
Marilyn Cade commented that it was a continuum. The WSIS, in theory, was a summit of heads of State with no outside participation only the opportunity to comment, but there was a follow on mechanism and in some countries there are bodies that deal with spam, cyber security, access to the backbone, and regulatory efforts. Three other Internet related events should be noted:
1. The World Development Telecommunications Assembly in March 2006 when the ITUD sector will meet which is largely driven by the least developed countries, but not China
2. The ITU Plenipotentiary in the fall of 2007
3. A Treaty conference in 2007/2008
In answer to a question from Alick Wilson, Dr Twomey stated that with the exception of the Geneva statement and the community statement in Mar del Plata there has not been a formal ICANN statement, but it is envisioned that ICANN will formally comment on the Working Group (WGIG) outcome, available on July 18 and the responses will be part of the WSIS prepcom in Tunis.
Philip Sheppard, asked whether, given three options, greater Government participation in ICANN, doing nothing or an organisation with as yet undefined responsibility, if the last one would not be the most likely.
Dr. Twomey responded that what could be envisioned was an alternative restructuring of the GAC functions, which might include the GAC staying and there being another type of entity with broader and higher level political interest in the Internet or the same sort of organisation but that organisation taking up the GAC function. He was of the opinion that the latter type would be dangerous because peer equality was the core ICANN concept and cross constituencies, business, technical, At Large groups were not the natural thinking of political governments which were concerned about power and seizing power. Dr. Twomey expressed a personal fear about models arising such as a Government Council to which ICANN would be subsidiary, or a Government Council that would examine public policy issues and would freeze because of the different interpretations of public policy.
Funding was mentioned but there was no definite answer.
Dr. Twomey's assessment of the United States Government position was one of watching and listening while in the European Union changes have been seen in the French position.
Bruce Tonkin requested an update on Paul Verhoef's vacant position, to which Dr. Twomey responded that an advertisement for a replacement had been posted but it was far from conclusion. In the interim the policy support and the representational function in Europe had been split in two with Olof Nordling and Anne Rachel Inne taking on the respective leadership. Kurt Pritz is in the process of looking for someone with experience of the community to become a counsellor or assistant to Olof Nordling who will be the key, full time contact point for policy work. The attributes of the applicants will guide how the structure should continue, if it should be incorporated back into one position or if it should be split. There was no time frame set.
Bruce Tonkin suggested that now was the appropriate time for the discussion as they appeared to be two separate positions and should appear in the operating plan under separate budget items, particularly with the end of the financial year approaching.
Bruce Tonkin thanked Dr. Paul Twomey for addressing the council. Defer the rest of staff report to Items 5, 6, 7 Item 3: Consideration of the final report from the WHOIS task force with respect to improving notification and consent for the use of contact data in the Whois system.
http://www.gnso.icann.org/mailing-lists/archives/council/msg00963.html Bruce Tonkin, drew Council's attention to the structure of the Registrar Accreditation Agreement (RAA) where the terms and conditions of each registrar were different. In this way registrars differentiated themselves and competed. Some requirements were mandatory such as the accurate and reliable registrant contact information and the registrars' statement as to how the collected data would be used. The registrar was under obligation to make contact information available through the public WHOIS service.
Bruce Tonkin suggested examining the difference between the Whois task force recommendation 1 and the current RAA requirements. Text of Recommendation Recommendations for improving notification and consent for the use of contact data in the Whois system. 1. Registrars must ensure that disclosures regarding availability and third-party access to personal data associated with domain names actually be presented to registrants during the registration process.
Linking to an external web page is not sufficient.
2. Registrars must ensure that these disclosures are set aside from other provisions of the registration agreement if they are presented to registrants together with that agreement. Alternatively, registrars may present data access disclosures separate from the registration agreement. The wording of the notice provided by registrars should, to the extent feasible, be uniform.
3. Registrars must obtain a separate acknowledgement from registrants that they have read and understand these disclosures. This provision does not affect registrars’ existing obligations to obtain registrant consent to the use of their contact information in the WHOIS system. Maria Farrell reported on the summary findings of registrar notification compliance with the RAA. a full compliance examination had not been done. 3.7.7.4 of the RAA, Registrar shall provide notice to each new or renewed Registered Name Holder stating: 3.7.7.4.1 The purposes for which any Personal Data collected from the applicant are intended;
Out of the top 10 registrars, 8 complied and out of the Random 10 registrars, 5 complied 3.7.7.4.2 The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator);
In each category, the top 10 registrars and the random sample, 9 registrars complied. 3.7.7.4.3 Which data are obligatory and which data, if any, are voluntary; and
N/A
(information generally available in web-forms rather than terms and conditions)
2(information generally available in web-forms rather than terms and conditions but 2 registrars explicitly mentioned in terms) 3.7.7.4.4 How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them.
There were 9 in the top 10 category and 8 in the random selection 9 of the top 10 and 10 of the random registrars required Explicit consent (by ticking a box) while 9 of the top 10 and 2 of the randomly selected registrars had a separate privacy page. Regarding ‘purpose’, 2 of the randomly chosen registrars and 4 of the top 10 registrars provided explicit purposes of data collection. An example of explicit purpose is: “The purposes for the collection of Registrant Information by X registrar are : 1. to accurately, efficiently, and effectively process the registration application of the Registrant and administer on a continuing and global basis the registration of Domain Names by itself and in coordination with ICANN and other ICANN accredited Registrars.
2. to identify to users of the Internet the Registrants of specific Domain Names
3. to enable X registrar to identify, for its own business purposes, geographic, commercial, and marketing trends in the use and registration of Domain Names and
4. to abide by the requirements of the ICANN as that body may from time to time require the disclosure and processing of Registrant Information. …
5. to correct mistakes made by X registrar or other ICANN accredited Registrars and the registry in the registration of a Domain Name
6. for the resolution of disputes concerning a Domain Name.” Most registrars simply listed or broadly referred to uses to which data may be put: “You agree that Y registrar may use and rely on any such information provided by you for all purposes in connecting with your services, subject to Y registrar’s privacy policy.” Bruce Tonkin commented that there was no specific requirement to inform about Whois but there had to be specific information about the use of the data.
Two questions arise:
1. Does the registrar make clear that the information is going to be disclosed in the public WHOIS service.
2. Where do the registrars disclose that information.
Different legal jurisdictions
Registrars act in different legal jurisdictions and in different countries so there is no standard with regard to privacy policy information. In some jurisdictions it is a requirement while in others not. The recommendation should focus on the objective rather than specify the implementation. Bruce Tonkin commented that the first part of the recommendation was very similar to the existing contractual requirement in the RAA 3.77.42 which is the recipients of data and under the new policy is just another way of saying the same thing:
Registrars must ensure that disclosures regarding availability and third-party access to personal data associated with domain names actually be presented to registrants during the registration process. Is the intent to be specific about Whois which is a service that provides data because registrars can legally collect data and give it to marketing companies provided that it is stated in their terms and conditions. Maureen Cubberley and Bruce Tonkin both thought is was necessary to clarify the problem to be solved. One of the criticisms of the report was that it jumped into the recommendation rather than state clearly the problem, objective and the solution. An impact analysis would be desirable. Bruce Tonkin summarised: 1. Registrars must ensure that disclosures regarding availability and third-party access to personal data associated with domain names actually be presented to registrants during the registration process.
Linking to an external web page is not sufficient.
This was similar to existing contractual requirements in the RAA 3.77.42 2. Registrars must ensure that these disclosures are set aside from other provisions of the registration agreement if they are presented to registrants together with that agreement. Alternatively, registrars may present data access disclosures separate from the registration agreement. The wording of the notice provided by registrars should, to the extent feasible, be uniform.
Part 2 was new, disclosures should be set aside from other parts of the RAA and Maria agreed that it was hard to identity in the RAA where these disclosures were to be found.
This would be an improvement on the status quo which was that these conditions could be spread across 10 or 13 pages of terms and conditions and adding a requirement that they should be is one place was the only improvement to be seen. 3. Registrars must obtain a separate acknowledgement from registrants that they have read and understand these disclosures. This provision does not affect registrars’ existing obligations to obtain registrant consent to the use of their contact information in the WHOIS system.
This was not supported by the registrars.
Reasons for this were:
- people click whatever box they need to get the registration done and it adds more boxes to click.
- the gain is small and costs are high as registrars would have to create data base elements and record all the information. Marilyn Cade questioned whether with certain compromises, the constituencies could view item 2 as an improvement and that if the last sentence "Linking to an external web page is not sufficient." in item 1 were struck it would be acceptable as she emphasised the importance of reaching consensus policy.
To questions from Ken Stubbs, Bruce Tonkin responded that a distinction should be made between ICANN issues and national law issues. ICANN registrars could act as they wished as long as it was included in the registrars' terms and conditions. On the national law side there were stronger requirements for explicit consents where the data was being used for something other than it was intended. National laws were quite different from ICANN's requirements. When National laws changed registrars had to make the appropriate change. It is a requirement of any business practice to pay attention to the local laws. Bruce Tonkin summarised saying that when registrants provided their information to the registrar they presumed that the information would only be used for the purposes of renewing the domain name unless they explicitly consented to it being used for something else.
The issue arose from the ICANN requirements that the data was published publicly, and the Whois task force was suggesting the necessity for a new policy that required registrars to disclose what they were doing with the data but in reality registrars were already required to do that. Marilyn Cade was proposing to check whether registrars were complying with that requirement, Maria Farrell was saying that mostly they were but that the wording could be an the issue because in some cases the actual service of providing WHOIS and having it in a publicly available data base was only indirectly mentioned by some registrars knowing that the data was given to ICANN or made available according to ICANN's requirements. The Business Constituency was concerned about making the notice clear and conspicuous, while Ross Rader was of the opinion that what constituted decent disclosure and notice could optimally be dealt with in best practices.
Possible compromises :
Item 1 was existing policy - ask staff to determine compliance with existing policy
Item 2 is new a requirement
Item 3 cannot be supported from the registrars perspective as costs were not commensurate with the benefit. The existing requirement is to have to agree to the terms and conditions Bruce Tonkin clarified that the privacy policies varied according to jurisdiction, mentioned nothing about WHOIS and were not an ICANN issue. Bruce Tonkin reminded Council that one of issues being addressed were the deficiencies in the ICANN processes. There was a requirement for registrars to provide WHOIS but no explicit requirement to tell customers about WHOIS. The amended version Ross Rader proposed as a policy objective that would be acceptable to the registrars constituency allowed registrars flexibility in how they disclosed the WHOIS requirements, based on common practice across Internet ecommerce transactions, the expectations of their customers, and the national laws within which different registrars operate.
"In order to accomplish this, changes to the current recommendations are required.
These changes are:
- - removal of second sentence from the first recommendation that prevents a link to an external web page
- - removal of the third recommendation that requires separate acknowledgement
The amended recommendations would read as follows: 1. Registrars must ensure that disclosures regarding availability and third-party access to personal data associated with domain names actually be presented to registrants during the registration process. 2. Registrars must ensure that these disclosures are set aside from other provisions of the registration agreement if they are presented to registrants together with that agreement. Alternatively, registrars may present data access disclosures separate from the registration agreement. The wording of the notice provided by registrars should, to the extent feasible, be uniform. " Bruce Tonkin clarified, in response to question form Ken Stubbs that for any wording to be introduced into the RAA all registrars had to agree or it had to be a consensus policy. Bruce Tonkin proposed a straw poll to ascertain constituency views on the direction proposed by various Council members on the call.
Grant Forsyth, Philip Colebrook, Cary Karp, Tony Holmes, Greg Ruth, Ross Rader, Tom Keller, Ken Stubbs, Niklas Lagergren, Maureen Cubberley, Alick Wilson, Marilyn Cade, Philip Sheppard supported the direction
Bret Fausett, from an ALAC point of view, added that implementation should be given to the Registrars as culture and language variations were necessary in order to make it clear and conspicuous.
Suzanne Sene, the GAC Liaison, commented that the suggestions were respectful of National law and would provide a resume to the GAC working group which was scheduled to meet on Saturday 9 July 2005 in Luxembourg. Bruce Tonkin commented that approving a policy and the date of implementation could be two separate decisions. ACTION:
Bruce Tonkin proposed:
- that to gauge the extent of the problem, ICANN staff should confirm the compliance of the top 30 registrars, with the RAA.
(Top 20 registrars present approximately 78% , top 30 present approximately 85% of the market)
- rewording the recommendation incorporating the council discussion
- Council to seek agreement at constituency level and discuss this in Luxembourg.
- expressing thanks for the work task force has done and notify those on the task force that the discussions were in the best interests of consensus policy. Item 4 Voting on the Whois task force - deferred Item 5: New gTLDs
- update from staff Kurt Pritz commented that the purpose of the draft staff paper on "New TLD questions" was to describe issues to be considered and answers to the questions and whether other issues should be considered before a new round of TLDs was launched or designated.
The paper on "New TLD questions" should be considered as work in process and as such the GNSO is being asked for advice, which is distinct from the role of the GNSO as a policy body and all policy related issues that arise out of the input will be referred to the Supporting Organisations for decision making.
Philip Sheppard referring to his posting commented that one essential correction in the matrix was needed making clear that the GNSO was a policy developing body rather than a consultative body as it currently appeared.
Bruce Tonkin commented on the title of the paper, "New TLD" rather than "gTLD" and said that there could be a reciprocal statement regarding ccTLDS. The ccNSO may be interested in international character versions of ccTLDs or as longer words than the 2 letter acronyms. Further, once the technical question was answered of how many domain names could be in the system before it became unstable, most of other questions split up into gTLD and ccTLD issues because from a policy point of view, the result could be different on some of the questions depending on whether it was a ccTLD or gTLD.
Marilyn Cade thanked the ICANN staff for the paper and expressed disappointment about the lack of involvement of the Council at an earlier stage and further commented that the CBUC had been opposed to monetizing the TDL space.
Bret Fausett supported Marilyn Cade and expressed concern that if ICANN was taking a new direction receiving large amounts of money from the delegation of new gTLDs, different from the past registry cost recovery mode, there needed to be significant conversation on the issue. ACTION
- Certain clarifications should be made before commenting on the questions.
- Possible discussions with the interested members of the ccNSO and GNSO in Luxembourg Item 6: update of GNSO Council meetings in Mar del Plata Item 7: Any other business
1. Luxembourg agenda
Stratplan / Operational plan ACTION:
Kurt Pritz would post to Council a summary of the Strategic planning events scheduled in Luxembourg 2. GAC/GNSO working group Sunday 10 July 14:00 - 18:00
Suzanne Sene said that due to the sensitivity of the working session invitations had been extended to the relevant communities, the GNSO, ccNSO, the WHOIS task force and the SSAC. It was intended to be an educational session for the GAC on the range of public policy uses of WHOIS data, highlighting the law enforcement uses and at the Vancouver meetings other aspects such as privacy would be highlighted. 3. Marilyn Cade announced that the Nominating committee was soliciting candidates. Bruce Tonkin declared the GNSO meeting closed and thanked everybody for participating.
The meeting ended: 16: 30 CET. | 