ICANN/GNSO GNSO Email List Archives

[council]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [council] Fourth draft of WHOIS task force terms of reference

  • To: "'Bruce Tonkin'" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>, <council@xxxxxxxxxxxxxx>
  • Subject: RE: [council] Fourth draft of WHOIS task force terms of reference
  • From: "Maria Farrell" <maria.farrell@xxxxxxxxx>
  • Date: Thu, 26 May 2005 20:29:18 +0200
  • In-reply-to: <57AD40AED823A7439D25CD09604BFB540143CB79@balius.mit>
  • Sender: owner-council@xxxxxxxxxxxxxx
  • Thread-index: AcVgvamsKCp/T2kxQ/qWkq8DJVvx5ABYIdeA

Dear all,

I have two editing suggestions regarding the terms of reference.  One is to
tighten or footnote the language about the Internet's unique identifiers in
the first paragraph so that it can't be interpreted as including other
unique identifiers such as IP numbers.  I know the text in this draft is
there to avoid opening up other debates, so I will try to find some existing
language that describes ICANN's role.  Failing that, I'll suggest a footnote
to narrow the scope of the term. 

Secondly, I suggest adding to item 5 on resolving legal obligations a
specific and limiting reference to the Whois task force's work item
"Recommendation 2, draft Procedure for conflicts when there are conflicts
between a registrar's of registry's legal obligations under local privacy
laws and their contractual obligations to ICANN". This would be to keep it
clear that the task force is charged with completing this current work item
only. 

I attach a revised draft with the second change made to point 5. I will send
follow-up language on my first suggested change asap. 

Best regards, Maria Farrell

-----Original Message-----
From: owner-council@xxxxxxxxxxxxxx [mailto:owner-council@xxxxxxxxxxxxxx] On
Behalf Of Bruce Tonkin
Sent: Wednesday, May 25, 2005 2:16 AM
To: council@xxxxxxxxxxxxxx
Subject: [council] Fourth draft of WHOIS task force terms of reference

Hello All,

Below is a fourth draft of the WHOIS task force terms of reference.

I reviewed the input from Marilyn Cade, Niklas Lagergren, and Tim Ruiz (on
the WHOIS mailing list).

The main changes are:

(1) Added a second paragraph that reflects the need to consider ICANN core
values using text extracted from Article 1,Section 2 of the ICANN Bylaws
(http://www.icann.org/general/bylaws.htm#I)

(2) In the third paragraph I extracted the full text of the obligation of
the Registered Name Holder to provide data from clause 3.7.7.1 of the
Registrars Accreditation Agreement (see
http://www.icann.org/registrars/ra-agreement-17may01.htm )

(3) In task 1, I have also added the need to consider laws that relate
specifically to WHOIS

For example, from searching at: http://thomas.loc.gov, I have identified the
U.S. Fraudulent Online Identity Sanctions Act 2004, which seems to provide
penalties in the case of a Registered Name Holder doing something wrong with
the domain, and at the same time providing materially false contact
information to a domain name registrar, domain
name registry, or other domain name registration authority.   Note
however this Act doesn't specifically mention the WHOIS service.   The
current requirement for Registered Name Holders to provide correct
information is consistent with this Act.

The various privacy laws around the world would seem to directly apply to
WHOIS with respect to Personal Data.

If members of the task force are aware of specific laws that related to
WHOIS then they can post them to the list, and advise ICANN staff.

I believe that in some countries, parties selling services on the Internet
must display their contact information on the website (and presumably in
emails) that is used to provide the service as part of
consumer protection laws.    These laws may not have any requirement
with respect to WHOIS.


(4) In task 3, I added the definition of "Domain Holder" from the Transfers
Policy report.

(5) I added a new task 5, that relates to the work on conflicts between the
ICANN agreement and local laws.


With respect to further changes to task 4 relating to accuracy, I noted that
Niklas wished to include work on preventing the initial collection
of inaccurate data.   Marilyn also referenced a provision in the
registrars accreditation agreement that states that if a consensus policy is
created in this area, that registrars must comply (which is of course
redundant as registrars have to comply with any consensus
policy).   I understand that this issue has been discussed at length
within the previous WHOIS Task Force 3, and that there did not seem to be a
chance in the short term of reaching consensus on further work on improving
data collection.  In the last few meetings of the WHOIS Task Force 3, there
did seem to me to be willingness to improve the process of reporting, and
responding to reports, on WHOIS inaccuracy, and potentially doing some
verification of data provided in response to an
accuracy complaint.    I have drafted the terms of reference to be
consistent with the work items that have been discussed so far in Mar Del
Plata and in other recent meetings of the WHOIS task force and the
GNSO Council.   I suggest that further work on improving accuracy of
data collection, would be more appropriate once other aspects of the
WHOIS service have been refined.   

I have not added a task relating to requiring registrants to explicitly
agree to the WHOIS provisions, as this work has as I understand it been
completed by the task force (the final report is almost complete), and will
be discussed at the Council before these terms of reference will be
approved.

Regards,
Bruce Tonkin


Fourth Draft of Terms of Reference for WHOIS task force

The mission of The Internet Corporation for Assigned Names and Numbers
("ICANN") is to coordinate, at the overall level, the global Internet's
systems of unique identifiers, and in particular to ensure the stable and
secure operation of the Internet's unique identifier systems. 

In performing this mission, ICANN's bylaws set out 11 core values to guide
its decisions and actions. Any ICANN body making a recommendation or
decision shall exercise its judgment to determine which of these core values
are most relevant and how they apply to the specific circumstances of the
case at hand, and to determine, if necessary, an appropriate and defensible
balance among competing values.

ICANN has agreements with gTLD registrars and gTLD registries that require
the provision of a WHOIS service via three mechanisms: port-43,
web based access, and bulk access.   The agreements also require a
Registered Name Holder to provide to a Registrar accurate and reliable
contact details and promptly correct and update them during the term of the
Registered Name registration, including: the full name, postal address,
e-mail address, voice telephone number, and fax number if available of the
Registered Name Holder; name of authorized person for contact purposes in
the case of an Registered Name Holder that is an organization, association,
or corporation; the name, postal address, e-mail address, voice telephone
number, and (where available) fax number of the technical contact for the
Registered Name; and the name, postal address, e-mail address, voice
telephone number, and (where available)
fax number of the administrative contact for the Registered Name.   The
contact information must be adequate to facilitate timely resolution of any
problems that arise in connection with the Registered Name.

A registrar is required in the Registrar Accreditation Agreement (RAA) to
take reasonable precautions to protect Personal Data from loss, misuse,
unauthorized access or disclosure, alteration, or destruction.

The goal of the WHOIS task force is to improve the effectiveness of the
WHOIS service in maintaining the stability and security of the Internet's
unique identifier systems, whilst taking into account where appropriate the
need to ensure privacy protection for the Personal Data of natural persons
that may be Registered Name Holders, the authorised representative for
contact purposes of a Register Name Holder, or the administrative or
technical contact for a domain name.

Tasks:

(1) Define the purpose of the WHOIS service in the context of ICANN's
mission and relevant core values, international and national laws protecting
privacy of natural persons, international and national laws that relate
specifically to the WHOIS service, and the changing nature of Registered
Name Holders.


(2) Define the purpose of the Registered Name Holder, technical, and
administrative contacts, in the context of the purpose of WHOIS, and the
purpose for which the data was collected.  
Use the relevant definitions from Exhibit C of the Transfers Task force
report as a starting point (from
http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):

"Contact: Contacts are individuals or entities associated with domain name
records. Typically, third parties with specific inquiries or concerns will
use contact records to determine who should act upon specific issues related
to a domain name record. There are typically three of these contact types
associated with a domain name record, the Administrative contact, the
Billing contact and the Technical contact.

Contact, Administrative: The administrative contact is an individual, role
or organization authorized to interact with the Registry or Registrar on
behalf of the Domain Holder. The administrative contact should be able to
answer non-technical questions about the domain name's registration and the
Domain Holder. In all cases, the Administrative Contact is viewed as the
authoritative point of contact for the domain name, second only to the
Domain Holder.

Contact, Billing: The billing contact is the individual, role or
organization designated to receive the invoice for domain name registration
and re-registration fees.

Contact, Technical: The technical contact is the individual, role or
organization that is responsible for the technical operations of the
delegated zone. This contact likely maintains the domain name server(s) for
the domain. The technical contact should be able to answer technical
questions about the domain name, the delegated zone and work with
technically oriented people in other zones to solve technical problems that
affect the domain name and/or zone.
Domain Holder: The individual or organization that registers a specific
domain name. This individual or organization holds the right to use that
specific domain name for a specified period of time, provided certain
conditions are met and the registration fees are paid. This person or
organization is the "legal entity" bound by the terms of the relevant
service agreement with the Registry operator for the TLD in question."


(3) Determine what data collected should be available for public access in
the context of the purpose of WHOIS.  Determine how to access data that is
not available for public
access.   The current elements that must be displayed by a registrar
are:

- The name of the Registered Name;

- The names of the primary nameserver and secondary nameserver(s) for the
Registered Name;

- The identity of Registrar (which may be provided through Registrar's
website);

- The original creation date of the registration;

- The expiration date of the registration;

- The name and postal address of the Registered Name Holder;

- The name, postal address, e-mail address, voice telephone number, and
(where available) fax number of the technical contact for the Registered
Name; and

- The name, postal address, e-mail address, voice telephone number, and
(where available) fax number of the administrative contact for the
Registered Name.


(4) Determine how to improve the process for notifying a registrar of
inaccurate WHOIS data, and the process for investigating and correcting
inaccurate data.  Currently a registrar "shall, upon notification by any
person of an inaccuracy in the contact information associated with a
Registered Name sponsored by Registrar, take reasonable steps to investigate
that claimed inaccuracy. In the event Registrar learns of inaccurate contact
information associated with a Registered Name it sponsors, it shall take
reasonable steps to correct that inaccuracy."


(5) Determine how to resolve differences between a Registered Name Holder's,
gTLD Registrar's, or gTLD Registry's obligation to abide by all applicable
laws and governmental regulations that relate to the WHOIS service, as well
as the obligation to abide by the terms of the
agreements with ICANN that relate to the WHOIS service.   


Attachment: WHOISterms-v4MF.doc
Description: MS-Word document



<<< Chronological Index >>>    <<< Thread Index >>>