Sorry, you need to enable JavaScript to visit this website.
Skip to main content

WHOIS Task Force Minutes

Last Updated:
Date

WHOIS Task Force

26 July 2005 - Minutes

ATTENDEES:
GNSO Constituency representatives:

Jordyn Buchanan - Chair
gTLD Registries constituency - Ken Stubbs
gTLD Registries constituency - David Maher
Registrars constituency - Tim Ruiz (alternate)
Registrars constituency - Ross Rader
Registrars constituency - Tom Keller
Non Commercial Users Constituency - Milton Mueller
Commercial and Business Users constituency - Marilyn Cade
Internet Service and Connectivity Providers constituency - Tony Harris
Internet Service and Connectivity Providers constituency - Maggie Mansourkia
Internet Service and Connectivity Providers constituency - Greg Ruth

Liaisons
At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer - absent
GAC Liaison - Suzanne Sene - absent - apologies

ICANN Staff:
Olof Nordling - Manager, Policy Development Coordination
Maria Farrell Farrell - ICANN GNSO Policy Officer
GNSO Secretariat - Glen de Saint Géry

Absent:
Registrars constituency - Paul Stahura
Commercial and Business Users Constituency - David Fares - apologies
Intellectual Property Interests Constituency - Steve Metalitz - apologies
Intellectual Property Interests Constituency - Niklas Lagergren - apologies
Non Commercial Users Constituency - Kathy Kleiman
Non Commercial Users Constituency - Frannie Wellings
Commercial and Business Users Constituency - Sarah Deutsch - apologies

MP3 Recording
Action point summary

Agenda
1. Discuss and review the constituency statements on the Conflict with National Laws procedure due Thursday 21 July 2005 and next steps on recommendation
2. Discuss in depth the tiered access documents from task forces 1 and 2 to assess usefulness as a framework for any further work.

1. Discuss and review the constituency statements on the conflict with national laws procedure due Thursday 21 July 2005 and next steps on recommendation

Status of constituency statements received:
The Intellectual Property Interests
The Non Commercial Users constituency on recommendation 2,
gTLD registry constituency statements
The Registrar constituency is 14 days out on the conflicts.
The Internet Service Providers and Connectivity Providers constituency end of week 29 July 2005 and the remaining on tasks 1 & 2 a week later.
The Non Commercial Users constituency posted their statement on recommendation 2, the statement on Whois purpose will be ready in a couple of days. The tasks 1 &2 on how the technical and administrative contacts were populated were giving the most trouble as there were no serious responses
Jordyn urged all the constituencies to submit their statements as soon as possible.

Brief overview of the constituency statements:

David Maher, the gTLD registries constituency supported the statement in its current form and suggested a system of tiered access to resolve the conflict issue. From Steve Metalitz’s extensive memorandum on the subject it would seem as though war has been declared if the IPC thinks the present system complies with the European data protection laws. There is a total lack of consensus in the proceeding.

Maggie Mansourkia, the ISPCP was generally supportive, but suggested some language tweaks about uniformity of the process. Ultimately the goal of the ISP was greater accuracy so any movement towards that would be supported.

Milton Mueller commented that the NCUC statement was short and supported the recommendation. They viewed it as a stop gap measure pending comprehensive implementation.

Ross Rader stated that the draft put to the Registrar constituency was very similar to what the task force was pursuing, with one or two minor amendments and would likely be supported. The current election/ratification process in the constituency, a 14 day process, needed to be executed.

Jordyn Buchanan commented, in the absence of an IPC member, their statement appeared to make no major revisions to the actual policy recommendations. In general, apart from minor tweaks, it seemed that the task force had reached the point where work on the recommendations could be finalised on the list.

Timeline:
Goal:
23 August or earlier - a formal vote of the task force on the final form of the recommendation
13 September - Staff would need to do the initial report for public comment for 21 days (would allow the required 7 days to present the document to Council )
22 September. - Council call is scheduled

It was agreed that if the statements were received sooner, the task force could vote earlier. Some task force members were of the opinion that the Initial report could be drafted with the constituency statements outstanding so as to deliver on time as the formal voting process in certain the constituencies took time.

Jordyn Buchanan encouraged task force members to work any proposed amendments or modifications arising from the constituency statements on the list and if a constituency was likely to suggest modifications, it should be brought to the attention of the mailing list as soon as possible.

Action Point Summary

1           Constituency statements on recommendation 2 (conflicts with national data protection laws)

 

Not all of the statements had yet been circulated to the list, so discussion on the statements was postponed till the next call. 

 

Actions

  • Constituencies that haven’t already sent their constituency statement to the list are asked to do so as quickly as possible.
  • Participants should alert the task force through the mailing list if they believe their constituency statements will propose significant amendments to the recommendation.
  • The task force will work on the mailing list to finalise the recommendation.
  • A formal vote on the recommendations will be taken on during the call on 23 August or earlier if the statements are received and the discussion sufficiently advanced.
  • Time will be reserved on the next task force conference call (August 9th) to discuss whether the recommendation is ready to be advanced to an initial report.

2. Discuss in depth the tiered access documents from task forces 1 and 2 to assess usefulness as a framework for any further work.
Jordyn Buchanan proposed discussing Ross Rader's compilation of the previous task force 1&2 recommendations and frameworks and Thomas Roessler's PKI based system on tiered access. The task force was not presupposing recommending tiered access as an outcome with regard to task no. 3. but it would be useful to review past work on tiered access to ascertain whether there would be agreement on how useful the frameworks would be if other work were necessary. The Task Force 1 report made an important distinction to divide Whois data into "sensitive" data and "non-sensitive" data but that the definition was left open and it was decided that the issue belonged in task force 2. issue.

Quoting from the recommendations:
"1. Dependence on Whois Task Force

The output of this Whois Task Force depends heavily on the output of Whois TF 2 (which data elements are included in the publicly available Whois). The more sensitive the data: (a) the more value there is to the data; (b) the more likely such data is to be mined, (c) the more this impacts the privacy rights of individuals and (d) creates an incentive for the registrant to make the data inaccurate. In such cases, there may be a need to restrict access to that data.

2. Value of Whois Data

It is believed that if only data deemed to be non-sensitive by the Internet community ("Non-Sensitive Data") were to be publicly displayed (whether on the Web, Port 43 or other automated process), the data itself has little value, is less likely to be data mined, and has little effect on privacy rights. Therefore, imposing restrictions on access to Non-Sensitive data may not be necessary.

Note, that we have assumed that the less sensitive the data is, the less valuable the data will be and the less data mining will occur. However, there is still some value to the information and therefore, there may be a need for query limits to prevent denial of service attacks. "

Jordyn Buchanan commented that Port 43 could not identify the user or the use, the question had not been put to the technical briefings the task force had. It was one problem, to collect and display data and another to see if it was accurate.

Answering Ross Rader's question on DRM solutions, to sense of the validity of the conclusion, none were discussed in detail, there was a paper from Thomas Roessler, but no experts were brought in.

Jordyn Buchanan commented that the level of appetite for tiered access systems had to be assessed, there had to be agreement that going through the work of the task forces 1 & 2 was worthy of consideration, which parts of the previous work would be useful to adopt, what was ongoing work, were there large gaps of work that needed to be done before continuing along the tiered access path.

Marilyn Cade commented that for a CBUC point of view she was comfortable with closing or keeping open the working session on tiered access. However the perception of the law enforcement people was that the task force was examining tiered access which created a public view that the work was underway and the task force needed to be responsible for it.

Ross Rader queried whether the GAC/ Whois task force closed session in Luxembourg constituted part of the input to the task force.

Milton Mueller commented that the task force had got off on the wrong foot. Tiered access was not mentioned in the task forces current description of work there were other items. Tiered access might emerge from the process as one of the solutions but the present discussion was premature and not relevant to what the task force was currently supposed to be doing.

Ken Stubbs expressed concern that ICANN could be in a position of being caught between different governments with different agencies putting increased pressure on privacy issues.

Tony Harris commented that tiered access did not come out of the blue but was a logical development of the privacy issue as the only way to accommodate it would be to have tiered access or otherwise the data would be taken away from everyone which would be a problem. Down the road, tiered access if applied was a major overhaul of the display and functionality and someone had to figure out who would pay for it.

Jordyn Buchanan responded to Milton, that the task force could drop the discussion but that tiered access might be in the scope of task 3 and if it were, the current work would not be wasted as given the calendar and progression of topics, it was not time that the task force would have used for something else.

Tim Ruiz was of the opinion that the task force should be spending its effort and time on resolving the purpose of Whois as tasks 2 & 3 in the terms of reference depended on the resolution of the former being.

Marilyn Cade commented that it would be useful for the task force chair, Jordyn Buchanan, to join the GNSO Council call in view of the council wanting to work interactively with the task force.

Tim Ruiz excused himself and left the call.

Ross Rader commented that recognizing and describing the tiered access systems already available that were not very granular systems, would help destigmatise the concept and build bridges. Tucows' had massive database and all employees got access to all of it, people who did not work there got less access, other registrars got additional levels of detailed access that members of the intellectual property and business community did not get access to, and law enforcement agents got complete access. Cost, structure and implementation depended on what might be decided and what the system looked like. Ross commented further that there were things the registrars would be happy to bear the cost on.

Ross Rader, responding to Marilyn Cade's question whether the interpretation could be extended into proxy and anonymous services said that he was referring to the structures that the formal contracts or formal policy had ‘forced upon us'. Informally or anecdotally local disruptions had been adopted, without judging whether they were good or bad, that were not an intention of current policy and thus a form of tiered access already existed.

Tony Harris withdrew his remarks about cost after hearing Ross Rader who went on to say it was an acknowledgement that "there are thick and expensive and light and inexpensive ways to do things".
Ross Rader clarified that his document was only an attempt to frame tiered access.

Jordyn Buchanan summarised the discussion on cost:
1. there were more and less costly approaches to implementing tiered access.
2. there may be circumstances where registrars would be willing to bear some costs but not apply to any costs.

Thus Jordyn concluded that registrars would bear lower cost systems but not higher cost ones, to which Ross responded that he would not give an answer to that, but proposed looking at solutions that made sense, calculate the cost, and then figure out how to pay for them.

Marilyn Cade asked whether, given the diversity of business models among the registrars, there would have to be agreement from them in the RAA to implement the cost?

Jordyn Buchanan responded that when recommendations were made, the impact on the contracts would need to be assessed. There were rules on obtaining approval from the registrar constituency, and although there were several hundred registrars, a group of registrars only had one vote if they were under common control.

Ross Rader added that the constituency was not the comprehensive list of the total number of accredited registrars. There were currently about 55 members and the voting rules required a majority. The bylaws made provision for pooling of interest restrictions that prevented essentially multiple accreditations controlling the vote. For example, at one point one of the largest registrars had 4 accreditations, they only had one vote. In any vote, there are 17-25 votes normally needed to carry the vote. Another example, register.com had 2 subsidiaries but only one vote. So if there happened to be a company with 200 subsidiaries accredited, they would still only have one vote. If the top 80% equaled 35 registrars, the membership of the constituency would get you to that level.

Jordyn Buchanan in summary:
1. A statement of how the existing system provided a state of rough tiered access.
There had been some work on how proxy services were done by task force 2 but framing it in the status quo of the tiered access system was not explicitly pursued in the past.
2. Request the staff to take a look at what data element registrars are required to collect at present that they were not required to display on Whois, that is part of the contractual agreement
3. Request the staff to review the work done by previous task forces on proxy services and provide key findings.

There will be staff resources available during Maria's leave period.

Action Point Summary
2 Tiered access – documents from task forces 1 and 2

The task force discussed tiered access in the context of documents sent to the list by Ross Rader and Thomas Roessler. The discussion did not pre-suppose any specific action on tiered access.

Actions

* Ross Rader will research the issue of current registrar implementations of types of tiered access. The goal is to either document the issue or propose similar work to the list. Ross will also consider whether staff support is needed for this work.
* Maria Farrell will produce information on differences between data elements registrars are required to collect and display.
* Maria Farrell will provide information from a review of work done by previous task forces on proxy services.

Proposed Agenda for the next call :

9 August 2005
Discuss the recommendation on conflict with national laws and ascertain whether an advance could be made to an initial report.
Substantive discussion on the purpose of Whois, ensure constituency statements are present.

The next Whois task force teleconference:
Tuesday 9 August 2005 at 9:30 EST 13:30 UTC

Jordyn Buchanan thanked all the task force members for participating.

The WHOIS task force call ended at 17 :00 CET

 

-