<<<
Chronological Index
>>> <<<
Thread Index
>>>
[council] Last WHOIS Issues report
- To: "GNSO Council" <council@xxxxxxxxxxxxxx>
- Subject: [council] Last WHOIS Issues report
- From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 28 Oct 2007 08:21:17 +1000
- List-id: council@xxxxxxxxxxxxxx
- Sender: owner-council@xxxxxxxxxxxxxx
- Thread-index: AcgY57F+OvrcnlMQQVWiIXed+7hq+Q==
- Thread-topic: Last WHOIS Issues report
Hello All,
The issues report that initiated this current WHOIS PDP, was prepared by Louis
Toutton in May 2003.
See: http://www.icann.org/gnso/issue-reports/whois-privacy-report-13may03.htm
Here is an interesting quote:
"The staff recommends that the GNSO Council not initiate a PDP on any of the
Whois/privacy issues until significant additional work is done on investigating
the factual background, in analyzing interrelationships of the issues, and in
more clearly delineating the issues to be pursued. Additional work in these
areas should provide the necessary understanding of the circumstances
surrounding the uses and misuses of Whois, their effects on privacy concerns,
and the issues and their inter-relationships. "
Here are the positions of the constituencies at the time - 4 years ago:
"Non-Commercial Users - Place great emphasis on privacy of Whois data.
Commercial Users - Place great emphasis on accountability of uses of the
Internet, and therefore on accessibility of Whois data for legitimate purposes.
Intellectual Property Interests - Stress the importance of ready access to
accurate Whois data to support investigation of cybersquatting, copyright
violations, and counterfeiting activities.
ISPs - Support ready access to accurate Whois data to facilitate resolution of
network problems and sourcing of spam.
Registrars - View registrant data as an important business asset which should
not be made available to competitors. (In this regard, registrars are largely
aligned with resellers.) Registrars also receive complaints from registrants
reporting that they have received unsolicited renewal notices, and other offers
by phone, postal mail, fax, or e-mail targeted at registrants using the
information available via Whois. However, registrars also need a mechanism to
access the registrant data of competitors to confirm authorization of
transfers. Registrars also bear the expense of providing registrar-level Whois
service.
gTLD Registries - Registry operators bear the expense of providing
registry-level Whois service, and may also view the aggregate data as an
important business asset that should not be made available to competing
registry operators."
Below is the list of issues catalogued:
Issues Concerning Data Collection
1. Should the elements of data that registrars are required to collect at the
time of registration of a domain name be revised? (See Registrar Accreditation
Agreement (RAA) § 3.2.)
2. Should registrars be prohibited by ICANN from collecting additional items of
data?
3. Should all registrants, or certain classes of registrants (see Issue 18
below), be afforded the option of not providing some or all elements that
registrars are required to collect and, if so, which elements?
4. Should the current mechanism for pseudonymous registration be changed or
supplemented with one or more alternative mechanisms? (See RAA § 3.7.7.3.)
Should steps be taken to encourage broader availability of this mechanism?
5. Are the current requirements that registrars make disclosures to, and obtain
consent by, registrants concerning the uses of collected data adequate and
appropriate? (See RAA §§ 3.7.7.4 to 3.7.7.6.)
Issues Concerning Data Quality
6. Are the procedures currently followed by registrars adequate to promote
accurate, complete, and up-to-date data, as required by both privacy and
accountability principles? (See RAA §§ 3.7.7.1, 3.7.7.2, and 3.7.8, as well as
the GNSO s Whois recommendations on accuracy adopted by the ICANN Board on 27
March 2003.)
7. What should be the consequences when a registrant provides inaccurate or
incomplete data, or fails to correct inaccurate or incomplete data? (See RAA §§
3.7.7.1, 3.7.7.2, and 3.7.8.) Are safeguards needed to prevent abusive reports
of inaccuracies? Should certain classes of registrants (see Issue 18 below) be
permitted to provide inaccurate or incomplete data?
Issues Concerning Data Handling
8. Are the current requirements that registrars handle personal data according
to the notices given at the time of registration, and in a manner that avoids
loss, misuse, unauthorized access or disclosure, alteration, or destruction,
adequate and appropriate? (See RAA §§ 3.7.7.7 and 3.7.7.8.)
9. Are the current requirements for handling of registrar data by registry
operators adequate and appropriate?
Issues Concerning Data Disclosure
10. Are the current means of query-based access appropriate? Should both
web-based access and port-43 access be required? (RAA § 3.3.1.)
11. What are the purposes for providing public query-based access? Are the
elements currently required to be disclosed in public query-based access
adequate and appropriate? (RAA § 3.3.1.)
12. What measures, if any, should registrars and registry operators be
permitted to take to limit data mining of Whois servers?
13. Should access to data be differentiated based on the party receiving
access, or based on the use to which the data will be put? If so, how should
differentiated access be implemented and how should the cost of differentiation
be funded?
14. Should the current requirement that registrars provide bulk Whois access
for non-marketing uses be further limited or eliminated? (RAA § 3.3.6, as well
as the GNSO s Whois recommendations on accuracy adopted by the ICANN Board on
27 March 2003.)
Issues Concerning Data Use
15. Which uses of Whois data by members of the public should be permitted
(e.g., resolving technical problems, sourcing spam, identifying online
merchants, law enforcement activities, identifying online infringers for
enforcement of intellectual property rights, etc.)? Which uses should be
prohibited?
16. How should restrictions on permissible uses by members of the public be
enforced? (RAA §§ 3.3.6.3 to 3.3.6.5.)
17. To what extent is Whois data actually used to the harm of registrants
(e.g., identity theft, spam, stalking, and other harassment)?
Issues Concerning Classification of Registrants
18. Should certain types of registrants (e.g., those using domains for
political and similar activities) be exempt from the usual requirements to
provide data, or to have it available in Whois? How should the eligibility of
particular registrants for these exemptions be determined? Are measures
required to address the possibility of abuses in the classification procedure?
Issues Concerning Commercial Confidentiality and Rights in Data
19. Should registrars have the option, independent of their customers, to
protect the confidentiality of Whois data based on registrars proprietary
rights to that data? Are the current provisions permitting registrars to claim
proprietary rights in personal data about their customers appropriate? (RAA §
3.5.)
20. Should there be ICANN requirements limiting registrars' ability to sell or
use Whois data, or other data collected about customers, for commercial
purposes?
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|