[dow1tf] Summary of Major Points from the Last Call

["Neuman, Jeff" <Jeff.Neuman@xxxxxxxxxx>]

All,

Here are the major points we gathered from the last call.  None of these are
final positions, but they represent our thinking as of the last call.
Please be ready to comment on this:

1)  The output of this Whois Task Force depends heavily on the output of
Whois TF 2 (which data elements are included in the publicly available
WHOIS).  The more sensitive the data, the more there may be a need to
restrict access to that data.  In our call, we labeled the following as
"Non-Sensitive data":  Domain Name, Associated Registrar information, IP
Address, Creation Date, Expiration Data, Last Updated Date and Technical
Contact information.  The remaining data currently in the Whois (i.e., Admin
Contact, Technical Contact, and Billing Contact information) was deemed by
the group to be "Sensitive Data".

2) It is believed that the less "Sensitive" data that is provided, the less
likely it would be for data mining to occur. 

3)  To the extent that restrictions are imposed on access to Whois
information, this should not be taken to mean that we are addressing all of
the privacy implications nor the entire problem of data mining.  In
addition, as in all cases, National law should be taken into consideration.

4)  To the extent that Sensitive Data is required to be publicly disclosed
by Whois TF 2, then at a minimum, the requestor of Whois information
("Requestor") should be required to identify themselves to the Whois
Provider (i.e., the Registrar or the Registry [in the case of thick
registries]) along with the reasons for which it seeks the data.  Such
information should be made available to the registrant whose Whois
information is sought ("Registrant").  The group recognizes, however, that
an exception may need to be granted to certain law enforcement officials ho
may need the information without having to provide the reasons to the
Registrant.  This point needs to be explored more.

5)  The group has not proposed any mechanisms to deal with Whois information
displayed through the Web except that it was recognized that Web-based GUIs
(i.e., CAPTCHA), is not an effective block for data mining, although it was
acknowledged that it has provided an important obstacle in many cases.

6) What to do about Port 43?

The group discussed this in great length.  Currently, Port 43 does not
provide a way for a requestor to identify him or herself or the reasons for
which it is seeking the data.  As long as this is the case, the group is
leaning towards recommending that Port 43 should be abolished.  However, the
group did note that to the extent another Port (or other mechanism) can be
used for the identification of Requestors, the reasons for which they seek
the data, and for providing that information to the Registrant, then such
mechanism should be explored.  The majority of the group believed that it is
still important for timely access of Whois information to "legitimate users"
(to the extent that can be defined).

7)  Other Ideas

In addition, if Port 43 were retained, the group discussed the possibility
of having a central authority (not a registry or registrar) to approve
entities that could use Port 43 (i.e., a "White List" of IP addresses).  In
this scenario, a White List would be created of Requestors that have proven
themselves as "legitimate users" of Whois information (i.e.,  Law
Enforcement, Consumer organization, Intellectual Property Organizations,
etc.)  This list would be provided to the registries and registrars and only
those Requestors sending requests through Port 43 would be allowed to access
the Whois information.  Questions arose concerning (a) who would operate
this White List, (b) what would be the criteria for being on this White
List, and (c) whether it was actually feasible to implement.

Please feel free to comment.

Jeffrey J. Neuman, Esq. 
Director, Law & Policy 
NeuStar, Inc. 
Loudoun Tech Center 
46000 Center Oak Plaza 
Building X 
Sterling, VA 20166 
p: (571) 434-5772 
f: (571) 434-5735 
e-mail: Jeff.Neuman@xxxxxxxxxx