RE: [dow1tf] Language proposal regarding the two policy proposals

["Neuman, Jeff" <Jeff.Neuman@xxxxxxxxxx>]

All,

I really like this formulation of the alternatives and have put it into the
report.  I will be circulating the report in a few hours.

Jeff

-----Original Message-----
From: Milton Mueller [mailto:mueller@xxxxxxx]
Sent: Wednesday, May 26, 2004 3:11 AM
To: dow1tf@xxxxxxxxxxxxxx; roseman@xxxxxxxxx; Jeff.Neuman@xxxxxxxxxx
Subject: [dow1tf] Language proposal regarding the two policy proposals


TF members:
My understanding of one outcome of the telecon
last night was that we agreed that the report would
present two policy alternatives regarding approval
of access to sensitive data via port 43. One was the "white list" concept
and the other was based
on authorization of specific uses. We will
describe both and ask for public comment to find
out which one is preferred. 

In this message I propose some language describing
those alternatives. My belief is that we should sketch out the basic ideas
in general terms and not get caught up in debates over implementation
details at this time. Rather, we should simply state relevant questions that
would need to be answered, as we have already done with the Whtie List
concept. 

=======

If Port 43 access were retained, the group discussed two alternative methods
of regulating access to sensitive data via port 43. 

One would have a central authority (not a registry or registrar) approve
entities that could use Port 43.  This option became known as a "White List"
of IP addresses.  In this scenario, a White List would be created of
Requestors that are believed to be nonmarketing users of Whois information
(i.e.,  Law Enforcement, Consumer organization, Intellectual Property
Organizations, etc.)  This list would be provided to the registries and
registrars and only those Requestors sending requests through Port 43 would
be allowed to access the Whois information.  Questions arose concerning (a)
who would operate this White List, (b) what would be the criteria for being
on this White List, (c) whether it was actually feasible to implement; (d)
secondary use of access, and (e) a process for dealing with abuses. 

The other alternative would approve specific individual _uses_ of sensitive
Whois data rather than giving blanket approvals to user entities. Each time
a requestor wanted to gain access to Whois information it would submit an
automated request to the regstrar. The request wuold identify the requestor
and also identify the specific purpose for which the data was requested
(i.e., suspected trademark infringement, a desire to contact the domin name
holder for sale of the name, suspected consumer fraud, etc.). This option
would give all Internet users the same rights to access sensitive Whois
data, but would require them to acquire certificates to authenticate their
identification. It would also require the creation of a "list of approved
purposes" by ICANN.