WHOIS Task Forces 1 and 2 Teleconference 9 November, 2004 - Minutes
GNSO Constituency representatives:
gTLD Registries constituency: - Jeff Neuman - Co-Chair
Registrars constituency - Jordyn Buchanan - Co-Chair
Registrars constituency - Paul Stahura
Registrars constituency - Tom Keller
Intellectual Property Interests Constituency - Steve Metalitz
Internet Service and Connectivity Providers constituency: - Antonio Harris
Internet Service and Connectivity Providers constituency - Maggie Mansourkia
Commercial and Business Users constituency - Marilyn Cade
Commercial and Business Users constituency - David Fares
Non Commercial Users Constituency - Milton Mueller
At-Large Advisory Committee (ALAC) liaisons - Thomas Roessler
ICANN Staff Manager: Barbara Roseman -
GNSO Secretariat: Glen de Saint Géry
gTLD Registries constituency - David Maher - absent - apologies
Non Commercial Users Constituency - Marc Schneiders - apologies
Intellectual Property Interests Constituency - Niklas Largergren
Intellectual Property Interests Constituency - Jeremy Banks
Amadeu Abril l Abril
At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer
Agenda: Step by step procedure re: conflicts with law
Milton Mueller revised the document discussed on the call on 26 October 2004
The text was again revised by Steve Metalitz
Jeff Neuman, wearing his lawyer's hat, added the following comments that mostly related to preserving confidentiality for the registry/registrar, especially the attorney-client privilege in jurisdictions that recognize such privilege.
DRAFT PROCEDURE FOR CONFLICTS
The following procedures are intended to facilitate reconciliation of any conflicts between local/national mandatory privacy laws or regulations and applicable provisions of the ICANN contract regarding the collection, display and distribution of personally identifiable data via Whois.
Step One: Notification of Initiation of Action
Once receiving notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance with the RAA ("Whois Proceeding"), a Registrar/ Registry must within thirty (30) days provide ICANN's General Counsel with the following information:
� Summary description of the nature and status of the action (e.g., inquiry, investigation, litigation, threat of sanctions, etc.)
- Contact information for the responsible official of the registrar for resolving the problem.
� Contact information for the responsible territorial government agency and a statement from the registrar authorizing ICANN to communicate with those officials on the matter. If the registrar is prevented by applicable law from granting such authorization, the notification should document this.
� The text of the applicable law or regulations upon which the local government is basing its action or investigation, if such information has been indicated by the government.
Meeting the notification requirement permits Registrars/Registries to participate in investigations and respond to court orders, regulations, or enforcement authorities in a manner and course deemed best by their counsel.
Depending on the specific circumstances of the Whois Proceeding, the Registrar/Registry may request that ICANN keep all correspondence between the parties confidential pending the outcome of the Whois Proceeding.
Step Two: Consultation
Unless impractical under the circumstances, the ICANN General Counsel may[j2] , upon receipt and review of the notification (which shall include dialogue with the registrar/registry if appropriate), begin a process of consultation with the local/national enforcement authorities together with the registrar/registry. The goal of the consultation process shall be to seek to resolve the problem in a manner that preserves the ability of the registrar to comply with its contractual obligations to the greatest extent possible.
If the investigation or other matter ends without requiring any changes and/or the required changes in registrar/registry practice do not, in the opinion of the General Counsel, constitute a deviation from the R.A.A., then the General Counsel and the registrar/registry need to take no further action.
If the registrar/registry is required by local law enforcement authorities to make changes in its practices affecting compliance with contractual obligations before any consultation process can occur, the registrar/registry shall promptly notify the General Counsel of the changes made and the law/regulation upon which the action was based. The Registrar/Registry may request that ICANN keep all correspondence between the parties confidential pending the outcome of the Whois Proceeding. Step
Three: General Counsel analysis and recommendation
If the local/national government requires changes that, in the opinion of the General Counsel, prevent full compliance with contractual WHOIS obligations, ICANN shall refrain, on a provisional basis, from taking enforcement action against the registrar/registry for non-compliance, while the General Counsel prepares a report and recommendation and submits it to the ICANN Board for a decision. The report must contain:
i. A summary of the law or regulation involved in the conflict;
ii. Specification of the part of the registrar's contractual WHOIS obligations for which the exception is requested; and
iii. Recommendation of whether ICANN should agree to an exception for the registrar/registry from one or more identified WHOIS contractual provisions. The report shall include a detailed justification of its recommendation. .
The registrar/registry shall be provided a copy of the report and provided a reasonable opportunity to comment on it to the Board. The Registrar/Registry may request that ICANN keep such report confidential prior to any resolution of the Board.
Step Four: Resolution
The Board shall consider and take appropriate action on the recommendations contained in the General Counsel's report as soon as practicable. Actions could include, but are not limited to:
� Approving the report's recommendations, with or without modifications;
� Scheduling a public comment period on the report; or
� Referring the report to GNSO for its review and comment by a date certain.
Step Five: Public Notice
The Board's resolution of the issue, together with the General Counsel's report, shall ordinarily be made public, along with the reasons for it, and shall be archived on a public website (along with other related materials) for future research. Prior to release of such information to the public, the Registry/Registrar may request that certain information (including, but not limited to, communications between the Registry/Registrar and ICANN, or other privileged/confidential information) be redacted from the public notice. In the event that such redactions make it difficult to convey to the public the nature of the actions being taken by the Registry/Registrar, the General Counsel shall work with the Registry/Registrar on an appropriate notice to the public describing the actions being taken and the justification for such actions.
Unless the Board decides otherwise, if the result of its resolution of the issue is that data elements in the registrar's Whois output will be removed or made less accessible, its resolution shall include the following features:
ICANN shall issue an appropriate notice to the public of the resolution and of the reasons for ICANN's forbearance from enforcement of full compliance with the contractual provision in question.
Footnotes from Jeff Neuman
[j1] I agree that "formal notification" seems a bit too subjective (i.e., what does it mean in each country to be formally notified), but learning is also too restrictive. One can "learn" about an action rather informally or that an action is a possibility, but not necessarily a certainty.
[j2]I am not sure it is appropriate to mandate that ICANN be forced into interjecting itself into a national proceeding. There may be reasons why ICANN may not choose to get involved.
[j3]I do not think this is a reasonable request as it may force registrars to either direct persons to their competitors or worse may lead them into contributing allowing others to violate the privacy protections that they are supposed to be in compliance with. For example, lets say a Registrar A is forced to take down certain Whois fields by its national government. Also assume that certain of Registrar A's customers have domains in a TLD where the Registry Operates a Thick Whois, but that Registry is in another country where the privacy laws are not as strict. Although Registrar A's country may not be able to exert jurisdiction over the registry, and therefore cannot prevent the data from being displayed by the thick registry, I am not sure that a registrar wants to (or may even be allowed to) direct persons to the thick registry site (which it knows is not operating in compliance with Registrar A's national laws).
Milton Mueller's changes provided a one track process and indicated when ICANN would get involved in the process, while Steve Metalitz's changes referred to the "preamble".
Jordyn Buchanan in summary commented that there were 2 questions:
Given that a registrar believed that there was a conflict with local law what would be the minimal change that would be required to the ICANN process ?
Given that point has been determined what minimal deviation from the ICANN contract would be needed in order to comply with national law regulations. Should the registrar be disaccredited based on fulfilling that minimal change?
Jeff Neuman summarized that most people were comfortable with accepting the registrar / registry action but allowing for flexibility where it would effect operations.
Need to add appropriate language to draft
The task force discussed the procedure step by step and agreed on further language changes.
Marilyn Cade proposed that more discussion on the list was required before agreement could be reached.
Jeff Neuman proposed circulating a revised draft to the list with ( ) areas that needed to be addressed, the two principle ones being:
1. Presumption for the Board to accept Registrar and Registry actions and allow flexibility where it affected operations and operability
2. Whether registrars and registries should include in their notice a suggestion of other sources where Whois information could be obtained.
1. Finalize outside experts and outreach to other groups regarding tiered access.
2. Discuss meetings in cape Town
3. Discuss David Maher's proposal on Conspicuous notice
Jeff Neuman and Jordyn Buchanan thanked everyone for their presence and participation.
The call ended at 12:15 EST, 18:15 CET
Next Call: 16 November 2004
see: GNSO calendar