ICANN/GNSO GNSO Email List Archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [registrars] Top 5 WHOIS/Privacy issues from the Staff Manage r's report

  • To: "'Bruce Tonkin'" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>, Registrars@xxxxxxxx
  • Subject: RE: [registrars] Top 5 WHOIS/Privacy issues from the Staff Manage r's report
  • From: "Cute, Brian" <bcute@xxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 8 Sep 2003 13:31:21 -0400
  • Sender: owner-registrars@xxxxxxxxxxxxxx

Bruce's list of issues provides a good basis for identifying the central
work of any Task Force on WHOIS.  However, I am  concerned that the process
is heading in a direction that will result in the unnecessary delay of a
resolution to the general policy questions teed up in the WHOIS process.

The Staff Manager's Report recommends multiple, sequential task forces to
address the issues identified in the Report.  I believe this recommendation
overstates the complexity of the issues and does not square with the amount
of issue identification and policy-oriented discourse that has taken place
in the past few months (and years for that matter).  While some of the
issues in question may not appear "easy" to resolve, concerned parties have
certainly identified all of the overarching questions that must be
addressed.  

As an exercise, identifying a "top 5" list (out of 20 issues in the Report)
will certainly lend toward a splintered and drawn out process.  Then, of
course, various constituencies will present their "top 5" list and the
overall list will likely be subject to negotiation with each constituency
vying to have their "pet" issues in the final top 5 list.  Result of
negotiation will invariably be a second set of issues (and perhaps a
third...) that will likely be addressed in a subsequent Task Force.

I believe that the 4 fundamental questions that must be addressed in the
WHOIS policy process are as follows:  

1.	What data should registrars be obligated to collect from
registrants?  
2.	What data should registrars be obligated to share with third
parties?
3.	Which parties should have access to WHOIS data and on what basis?
4.	What manner or method should registrars use to provide access to
WHOIS data?

I also believe that the 20 issues identified in the Staff Report all fall
under one of these four questions.  Careful consideration should be given to
logically organizing and consolidating outstanding issues (as opposed to
competing prioritization by different constituencies) in order to achieve a
quicker and more balanced resolution to the outstanding issues.

-----Original Message-----
From: Bruce Tonkin [mailto:Bruce.Tonkin@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 3:53 AM
To: Registrars@xxxxxxxx
Subject: [registrars] Top 5 WHOIS/Privacy issues from the Staff
Manager's report


Hello All,

The GNSO WHOIS Steering Group is attempting to identify the major issues
listed in the Staff Manager's Report on WHOIS Privacy.

The list of issues is included below for reference.

The Registrars constituency has been asked to provide to the steering group
through its representatives (Tom Keller and Mark Jeftovic) the top 5 issues
out of the list of 20 issues in the staff managers report that are important
to registrars and their customers.

I am not sure what process we should use to form a constituency position.

Here is a start based on input provided to the steering group by the
registrars representatives (listed by the issue number in the staff
manager's report):

(5) Are the current requirements that registrars make disclosures to, and
obtain consent by, registrants concerning the uses of collected data
adequate and appropriate?

(10) Are the current means of query-based access appropriate? Should both
web-based access and port-43 access be required?

(12) What measures, if any, should registrars and registry operators be
permitted to take to limit data mining of Whois servers? 

(13) Should access to data be differentiated based on the party receiving
access, or based on the use to which the data will be put? If so, how should
differentiated access be implemented and how should the cost of
differentiation be funded? 

(14) Should the current requirement that registrars provide bulk Whois
access for non-marketing uses be further limited or eliminated? (RAA §
3.3.6, as well as the GNSO's Whois recommendations on accuracy adopted by
the ICANN Board on 27 March 2003.) 


It seems we could get input from the list from various registrars to see
what their top 5 issues are, or we could start with the list above and seek
a vote from the constituency to see if it accepts this as the short list
from registrars.

The steering group will take the major issues identified by the
constituencies and begin to develop the terms of reference for one or more
task forces to begin the policy development process.

In any case the steering group requires input within a 2-3 week timeframe.

Regards,
Bruce Tonkin



Issues Concerning Data Collection

1. Should the elements of data that registrars are required to collect at
the time of registration of a domain name be revised? (See Registrar
Accreditation Agreement (RAA) § 3.2.)

2. Should registrars be prohibited by ICANN from collecting additional items
of data?

3. Should all registrants, or certain classes of registrants (see Issue 18
below), be afforded the option of not providing some or all elements that
registrars are required to collect and, if so, which elements?

4. Should the current mechanism for pseudonymous registration be changed or
supplemented with one or more alternative mechanisms? (See RAA § 3.7.7.3.)
Should steps be taken to encourage broader availability of this mechanism?

5. Are the current requirements that registrars make disclosures to, and
obtain consent by, registrants concerning the uses of collected data
adequate and appropriate? (See RAA §§ 3.7.7.4 to 3.7.7.6.)

Issues Concerning Data Quality

6. Are the procedures currently followed by registrars adequate to promote
accurate, complete, and up-to-date data, as required by both privacy and
accountability principles? (See RAA §§ 3.7.7.1, 3.7.7.2, and 3.7.8, as well
as the GNSO's Whois recommendations on accuracy adopted by the ICANN Board
on 27 March 2003.)

7. What should be the consequences when a registrant provides inaccurate or
incomplete data, or fails to correct inaccurate or incomplete data? (See RAA
§§ 3.7.7.1, 3.7.7.2, and 3.7.8.) Are safeguards needed to prevent abusive
reports of inaccuracies? Should certain classes of registrants (see Issue 18
below) be permitted to provide inaccurate or incomplete data?

Issues Concerning Data Handling

8. Are the current requirements that registrars handle personal data
according to the notices given at the time of registration, and in a manner
that avoids loss, misuse, unauthorized access or disclosure, alteration, or
destruction, adequate and appropriate? (See RAA §§ 3.7.7.7 and 3.7.7.8.)

9. Are the current requirements for handling of registrar data by registry
operators adequate and appropriate?

Issues Concerning Data Disclosure

10. Are the current means of query-based access appropriate? Should both
web-based access and port-43 access be required? (RAA § 3.3.1.)

11. What are the purposes for providing public query-based access? Are the
elements currently required to be disclosed in public query-based access
adequate and appropriate? (RAA § 3.3.1.)

12. What measures, if any, should registrars and registry operators be
permitted to take to limit data mining of Whois servers?

13. Should access to data be differentiated based on the party receiving
access, or based on the use to which the data will be put? If so, how should
differentiated access be implemented and how should the cost of
differentiation be funded?

14. Should the current requirement that registrars provide bulk Whois access
for non-marketing uses be further limited or eliminated? (RAA § 3.3.6, as
well as the GNSO's Whois recommendations on accuracy adopted by the ICANN
Board on 27 March 2003.)

Issues Concerning Data Use

15. Which uses of Whois data by members of the public should be permitted
(e.g., resolving technical problems, sourcing spam, identifying online
merchants, law enforcement activities, identifying online infringers for
enforcement of intellectual property rights, etc.)? Which uses should be
prohibited?

16. How should restrictions on permissible uses by members of the public be
enforced? (RAA §§ 3.3.6.3 to 3.3.6.5.)

17. To what extent is Whois data actually used to the harm of registrants
(e.g., identity theft, spam, stalking, and other harassment)?

Issues Concerning Classification of Registrants

18. Should certain types of registrants (e.g., those using domains for
political and similar activities) be exempt from the usual requirements to
provide data, or to have it available in Whois? How should the eligibility
of particular registrants for these exemptions be determined? Are measures
required to address the possibility of abuses in the classification
procedure?

Issues Concerning Commercial Confidentiality and Rights in Data

19. Should registrars have the option, independent of their customers, to
protect the confidentiality of Whois data based on registrars' proprietary
rights to that data? Are the current provisions permitting registrars to
claim proprietary rights in personal data about their customers appropriate?
(RAA § 3.5.)

20. Should there be ICANN requirements limiting registrars' ability to sell
or use Whois data, or other data collected about customers, for commercial
purposes? 



<<< Chronological Index >>>    <<< Thread Index >>>