[registrars] Whois-sc: input requested

[Mark Jeftovic <markjr@xxxxxxxxxxx>]

After the conference call for the whois-sc of Aug 7/8th the table
attached citing the intersection of the main concerns of the various
participating members was compiled.

The next step is an attempt to narrow this down to 5 key points.

All members are to report back with their list of 5 points by thursday
september 4th. I apologize for the lack of notice, we've been pretty
busy with all the worm, virus, blackouts, etc. (I'm sure there's a lot
of that going around).

I think Tom Keller is away from email at the moment, for my part I've
assembled a "default position" which I hope covers the major Registrar
concerns wrt whois privacy. In lieu of any input, comment of feedback,
I will be submitting the following five points (see attached text file):

8, 10, 12, 14, 17

Regards, mark

-- 
Mark Jeftovic <markjr@xxxxxxxxxxx>
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237

                   WHOIS Privacy Issue Table, August 14
   
   ISSUE Business users gTLD registries Internet Service providers Non
   Commercial users Registrars Intellectual Property Interests TOTAL
   1. Should the elements of data that registrars are required to
   collect at the time of registration of a domain name be revised? (See
   Registrar Accreditation Agreement (RAA) § 3.2.)
   2. Should registrars be prohibited by ICANN from collecting
   additional items of data?
   3. Should all registrants, or certain classes of registrants (see
   Issue 18 below), be afforded the option of not providing some or all
   elements that registrars are required to collect and, if so, which
   elements? 1 1 2
   4. Should the current mechanism for pseudonymous registration be
   changed or supplemented with one or more alternative mechanisms? (See
   RAA § 3.7.7.3.) Should steps be taken to encourage broader
   availability of this mechanism? 1 1
   5. Are the current requirements that registrars make disclosures to,
   and obtain consent by, registrants concerning the uses of collected
   data adequate and appropriate? (See RAA §§ 3.7.7.4 to 3.7.7.6.) 1 1 1
   1 4
   6. Are the procedures currently followed by registrars adequate to
   promote accurate, complete, and up-to-date data, as required by both
   privacy and accountability principles? (See RAA §§ 3.7.7.1, 3.7.7.2,
   and 3.7.8, as well as the GNSOs Whois recommendations on accuracy
   adopted by the ICANN Board on 27 March 2003.) 1 1 2
   7. What should be the consequences when a registrant provides
   inaccurate or incomplete data, or fails to correct inaccurate or
   incomplete data? (See RAA §§ 3.7.7.1, 3.7.7.2, and 3.7.8.) Are
   safeguards needed to prevent abusive reports of inaccuracies? Should
   certain classes of registrants (see Issue 18 below) be permitted to
   provide inaccurate or incomplete data? 1 1 2
   8. Are the current requirements that registrars handle personal data
   according to the notices given at the time of registration, and in a
   manner that avoids loss, misuse, unauthorized access or disclosure,
   alteration, or destruction, adequate and appropriate? (See RAA §§
   3.7.7.7 and 3.7.7.8.)
   9. Are the current requirements for handling of registrar data by
   registry operators adequate and appropriate?
   10. Are the current means of query-based access appropriate? Should
   both web-based access and port-43 access be required? (RAA § 3.3.1.)
   1 1 1 1 1 5
   11. What are the purposes for providing public query-based access?
   Are the elements currently required to be disclosed in public
   query-based access adequate and appropriate? (RAA § 3.3.1.)
   12. What measures, if any, should registrars and registry operators
   be permitted to take to limit data mining of Whois servers? 1 1 1 1 1
   5
   13. Should access to data be differentiated based on the party
   receiving access, or based on the use to which the data will be put?
   If so, how should differentiated access be implemented and how should
   the cost of differentiation be funded? 1 1 2
   14. Should the current requirement that registrars provide bulk Whois
   access for non-marketing uses be further limited or eliminated? (RAA
   § 3.3.6, as well as the GNSOs Whois recommendations on accuracy
   adopted by the ICANN Board on 27 March 2003.) 1 1 2
   15. Which uses of Whois data by members of the public should be
   permitted (e.g., resolving technical problems, sourcing spam,
   identifying online merchants, law enforcement activities, identifying
   online infringers for enforcement of intellectual property rights,
   etc.)? Which uses should be prohibited? 1 1
   16. How should restrictions on permissible uses by members of the
   public be enforced? (RAA §§ 3.3.6.3 to 3.3.6.5.)
   17. To what extent is Whois data actually used to the harm of
   registrants (e.g., identity theft, spam, stalking, and other
   harassment)?
   18. Should certain types of registrants (e.g., those using domains
   for political and similar activities) be exempt from the usual
   requirements to provide data, or to have it available in Whois? How
   should the eligibility of particular registrants for these exemptions
   be determined? Are measures required to address the possibility of
   abuses in the classification procedure? 1 1 2
   19. Should registrars have the option, independent of their
   customers, to protect the confidentiality of Whois data based on
   registrars proprietary rights to that data? Are the current
   provisions permitting registrars to claim proprietary rights in
   personal data about their customers appropriate? (RAA § 3.5.)
   20. Should there be ICANN requirements limiting registrars' ability
   to sell or use Whois data, or other data collected about customers,
   for commercial purposes? 1 1 2
   TOTAL 5 5 5 5 5 5 30