[dow1tf] Language proposal regarding the two policy proposals

["Milton Mueller" <mueller@xxxxxxx>]

TF members:
My understanding of one outcome of the telecon
last night was that we agreed that the report would
present two policy alternatives regarding approval
of access to sensitive data via port 43. One was the "white list" concept and the other was based
on authorization of specific uses. We will
describe both and ask for public comment to find
out which one is preferred. 

In this message I propose some language describing
those alternatives. My belief is that we should sketch out the basic ideas in general terms and not get caught up in debates over implementation details at this time. Rather, we should simply state relevant questions that would need to be answered, as we have already done with the Whtie List concept. 

=======

If Port 43 access were retained, the group discussed two alternative methods of regulating access to sensitive data via port 43. 

One would have a central authority (not a registry or registrar) approve entities that could use Port 43.  This option became known as a "White List" of IP addresses.  In this scenario, a White List would be created of Requestors that are believed to be nonmarketing users of Whois information (i.e.,  Law Enforcement, Consumer organization, Intellectual Property Organizations, etc.)  This list would be provided to the registries and registrars and only those Requestors sending requests through Port 43 would be allowed to access the Whois information.  Questions arose concerning (a) who would operate this White List, (b) what would be the criteria for being on this White List, (c) whether it was actually feasible to implement; (d) secondary use of access, and (e) a process for dealing with abuses. 

The other alternative would approve specific individual _uses_ of sensitive Whois data rather than giving blanket approvals to user entities. Each time a requestor wanted to gain access to Whois information it would submit an automated request to the regstrar. The request wuold identify the requestor and also identify the specific purpose for which the data was requested (i.e., suspected trademark infringement, a desire to contact the domin name holder for sale of the name, suspected consumer fraud, etc.). This option would give all Internet users the same rights to access sensitive Whois data, but would require them to acquire certificates to authenticate their identification. It would also require the creation of a "list of approved purposes" by ICANN.