[dow1tf] FW: Constituency Statement for Task Force 1

["Neuman, Jeff" <Jeff.Neuman@xxxxxxxxxx>]

All,

I drafted this for my constituency.  I am not sure if this will help you all
as well.  Again the top part of the note is from my own personal perspective
and my own interpretations (not as chair, but as a registry).  I am going to
send this note to Bob C. from the registrars as well with the same caveats.

Jeff
>  -----Original Message-----
> From: 	Neuman, Jeff  
> Sent:	Friday, March 19, 2004 10:06 AM
> Subject:	Constituency Statement for Task Force 1
> 
> All,
> 
> In response to questions raised on our list regarding the constituency
> statements due for WHOIS Task Force 1, I have attached the Terms of
> Reference to this e-mail.  
> 
> I believe in looking at the Terms of Reference below and the discussions
> within the Task Force, our constituency should address the following
> questions:
> 
> 1)  What types of access should be made available for viewing WHOIS
> information? (Web-based access, Port 43, Bulk Access, etc.)
> 2)  What has been the effect on the registries systems of having to make
> available WHOIS information via Port 43 and the web?
> 3)  Have we noticed a problem with data mining?  If so, do we have any
> facts to support this?
> 4)  If the answer to #3 is yes, have we instituted any mechanisms to deal
> with such mining (i.e., put in speed bumps on Port 43, or a cloudy GIF on
> web-based access?  If yes, what has been the effect of instituting these
> measures?
> 5)  Is it feasible to have tiered access to WHOIS information (i.e., only
> some groups being able to use Port 43, while all others using web based
> access)?  If so, how could that be implemented?  What are the pros and
> cons?  What issues would still need to be worked out?  
> 6)  In other words, how can we ensure that legitimate parties (however
> that is defined) have access to Whois information, but also reduce data
> mining and the burdens on our systems.
> 
> When writing this statement, we need to keep in mind the following
> assumptions:
> 
> a)  We need to assume there will be a WHOIS and that the WHOIS will need
> to be made publicly available.
> b)  We should not comment on what fields should be publicly available, nor
> on how to ensure their accuracy.  These are important questions, but ones
> that should be answered through the work of the other task forces.
> c)  The issue of Privacy plays a role, in that in many cases, the result
> of automated data mining is the sale of personally identifiable
> information.  However, other than that aspect, we should not comment in
> this statement on EU legislation or other privacy laws.  These are
> important, but not as part of the work of our task force.
> 
> Hope that helps.
> 
> Jeff
> 
> 
> 
> 
> 
> Description of Task Force:
> ========================== 
> 
> In the recent policy recommendations
> <http://www.icann.org/gnso/whois-tf/report-19feb03.htm> relating to WHOIS:
> it was decided that the use of bulk access WHOIS data for marketing should
> not be permitted. However, these recommendations did not directly address
> the issue of marketing uses of Whois data obtained through either of the
> other contractually required means of access: Port 43 and web-based. Bulk
> access under license may be only a minor contributor to the perceived
> problem of use of Whois data for marketing purposes. A subset of a
> registrar's Whois database that is sufficiently large for data mining
> purposes may be obtained through other means, such as a combination of
> using free zonefile access (via signing a registry zonefile access
> agreement - the number of these in existence approaches 1000 per major
> registry) to obtain a list of domains, and then using anonymous (public)
> access to either port-43 or interactive web pages to retrieve large
> volumes of contact information. Once the information is initially obtained
> it can be kept up-to-date by detecting changes in the zonefile, and only
> retrieving information related to the changed records. 
> This process is often described as "data mining". The net effect is that
> large numbers of Whois records are easily available for marketing
> purposes, and generally on an anonymous basis (the holders of this
> information are unknown). 
> 
> The purpose of this task force is to determine what contractual changes
> (if any) are required to allow registrars and registries to protect domain
> name holder data from data mining for the purposes of marketing The focus
> is on the technological means that may be applied to achieve these
> objectives and whether any contractual changes are needed to accommodate
> them. 
> 
> In-scope 
> ======== 
> The purpose of this section to clarify the issues should be considered in
> proposing any policy changes. 
> 
> The task force should consider the effects of any proposed policy changes
> on the ability of groups such as law enforcement, intellectual property,
> internet service providers, and consumers to continue to retrieve
> information necessary to perform their functions. 
> 
> The task force should consider the effects of any proposed policy changes
> on the competitive provision of domain name services including WHOIS
> access and transfers, and on the competitive provision of value-added
> services using WHOIS information. 
> 
> Out-of-scope 
> ============ 
> To ensure that the task force remains narrowly focussed to ensure that its
> goal is reasonably achievable and within a reasonable time frame, it is
> necessary to be clear on what is not in scope for the task force. 
> 
> The task force should not aim to specify a technical solution. This is the
> role of registries and registrars in a competitive market, and the role of
> technical standardisation bodies such as the IETF. Note the IETF presently
> has a working group called CRISP to develop an improved protocol that
> should be capable of implementing the policy outcomes of this task force.
> However, the task force should seek to achieve an understanding of the
> various technological means that could be applied to prevent or inhibit
> data mining with an eye toward evaluating their impact on other uses and
> their compatibility with the currently applicable contracts. 
> 
> The task force should not review the current bulk access agreement
> Provisions, except to the extent that these can be improved to enhance
> protection against marketing uses and to facilitate other uses. These were
> the subject of a recent update in policy in March 2003. 
> 
> The task force should not study the amount of data available for public
> (anonymous) access for single queries. Any changes to the data collected
> or made available will be the subject of a separate policy development
> process. 
> 
> Tasks/Milestones 
> ================ 
> - collect the stated needs and the justification for those needs from
> non-marketing users of contact information (this could be extracted from
> the Montreal workshop and also by GNSO constituencies, and should also
> include accessibility requirements (e.g based on W3C standards) [milestone
> 1 date]
> - review general approaches to prevent automated electronic data mining
> and ensure that the requirements for access are met (including
> accessibility requirements for those that may for example be visually
> impaired) [milestone 2 date] 
> - determine whether any changes are required in the contracts to allow the
> approaches to be used above (for example the contracts require the use of
> the port-43 WHOIS protocol and this may not support approaches to prevent
> data mining) [milestone 3 date] 
> 
> Each milestone should be subject to development internally by the task
> force, along with appropriate public comment processes (e.g seeking
> specific advice from the technical community, or from WHOIS service
> operators) to ensure that as much input as possible is taken into account.
> 
> 	
> 
> Jeffrey J. Neuman, Esq. 
> Director, Law & Policy 
> NeuStar, Inc. 
> Loudoun Tech Center 
> 46000 Center Oak Plaza 
> Building X 
> Sterling, VA 20166 
> p: (571) 434-5772 
> f: (571) 434-5735 
> e-mail: Jeff.Neuman@xxxxxxxxxx 
>