more discussion on call of 13 April 2004: [dow1tf] Summary of Points from Last Call (6 April 2004)
this version represents further discussion from the call today (13 April 2004). All,
In such cases, there may be a need to restrict access to that data. In our call, we grouped the individual data elements of Whois into three categories: 1) Sensitive Data; 2) Non-Sensitive Data; 3) Data which may be sensitive (i.e., where there was disagreement).
* Admin Contact Phone Number * Admin Contact Fax Number
* Registrant Address Line 1 (i.e., exact street address) * Admin Contact Address Line 1 suggestion for technical contact information: instead of displaying technical contact information, a means would be available via 3rd party (e.g. registrar) to obtain data Technical Contact Name * Technical Contact Address (Full information) * Technical Contact Phone Number * Technical Contact Fax Number * Technical Contact e-mail address Data Which May Be Sensitive (More exploration needed) beyond the technical capacity of the average registrar (potential burden to registrars in terms of bandwidth and server capacity) 3) To the extent that restrictions are imposed on access to Whois information, this should not be taken to mean that we are addressing all of the privacy implications nor the entire problem of data mining. In addition, as in all cases, National law, as applicable, should be taken into consideration. implication for how ICANN contracts are structured in terms of conflicts in law (what if local law contradicts ICANN contract) -- Keep competition equitable, so what happens if there is an advantage or disadvantage because of national law. Which company's laws are applicable to the contract. Structure contract for least common denominator? 4) To the extent that Sensitive Data is required to be publicly disclosed by Whois TF 2, then at a minimum, the requestor of Whois information ("Requestor") should be required to identify themselves to the Whois Provider (i.e., the Registrar or the Registry [in the case of thick registries]) along with the reasons for which it seeks the data. Such information should be made available to the registrant whose Whois information is sought ("Registrant"). The group recognizes, however, that an exception may need to be granted to
law enforcement officials, who may need the information without having to provide the reasons to the Registrant. This point needs to be explored more. Legitimate users should have a process that is simple, effective, and timely for their access. It will require additional work to determine who constitutes a "legitimate user." Action item: look back at first Whois taskforce data to see if this issue of sharing restricted information has been discussed already? Particularly look for .name information about burden of costs involved in notification practices. [Tony Harris] 5) The group has not proposed any mechanisms to deal with Whois information displayed through the Web except that it was recognized that Web-based GUIs (i.e., CAPTCHA), is not an effective block for data mining, although it was acknowledged that it has provided an important obstacle in many cases.
c) If Sensitive Data will be displayed, then Port 43 not be able to provide the functionality described in Section 4 above. d) The Group may not be fundamentally opposed to an automated mechanism to retrieve Sensitive Data as long as the Requestor is identified and that information is disclosed to the Registrant. |