Bruce,
Here are my comments.
Many Registrars already severely restrict access to port-43. If the
description below is endorsed by the task force, then more registrars will
follow this trend.
The issue is with the phrase "data mining for the purposes of marketing".
Who decides when a purpose qualifies as "marketing"?
I don't care what the purpose of the port-43 data mining is. Data mining of
whois data via port-43 should be prohibited. Period. This includes
Registrars.
Essentially this description is saying that it is OK to data mine whois data
via port-43, such as for fee-based commercial searching and monitoring
services as long as its not for "marketing". This is a huge loophole.
The Bulk access provision exists to satisfy any and all legal uses of the
whois data. Any entity circumventing this provision to obtain the data via
port-43 FOR ANY REASON, is doing so to avoid paying the registrar for the
data.
This should be acknowledged in the description below and addressed.
Sincerely,
Tom Barrett
EnCirca
-----Original Message-----
From: owner-registrars@xxxxxxxxxxxxxx
[mailto:owner-registrars@xxxxxxxxxxxxxx] On Behalf Of Bruce Tonkin
Sent: Wednesday, October 22, 2003 5:52 AM
To: Registrars Constituency
Subject: [registrars] terms of reference for task force on data mining
Hello All,
The GNSO WHOIS steering group is finalising the terms of references for
three areas of activity.
- data mining
- data colleted and displayed (core privacy issue)
- accuracy
The text below is for the first of those areas, and will be considered by
the GNSO Council in Carthage for possible consideration. The text for the
other two areas will be available within 24 hours.
Regards,
Bruce
Registrars Representative on the GNSO Council
-----Original Message-----
From: Bruce Tonkin
Sent: Wednesday, 22 October 2003 7:49 PM
To: 'council@xxxxxxxxxxxxxx'
Subject: WHOIS area 1 terms of reference
For consideration at the Council meeting on 29 Oct 2003. Note the text
assumes that the area will be treated within a separate task force. The
Council may decide to combine the three areas into a single task force.
Regards,
Bruce
Title: Restricting access to WHOIS data for marketing purposes
Participants:
- 1 representative from each constituency
- ALAC liaison
- GAC liaison
- ccNSO liaison
- SECSAC liaison
- liaisons from other GNSO WHOIS task forces
Description of Task Force:
==========================
In the recent policy recommendations relating to WHOIS:
(see http://www.icann.org/gnso/whois-tf/report-19feb03.htm)
it was decided that the use of bulk access WHOIS data for marketing should
not be permitted. However, these recommendations did not directly address
the issue of marketing uses of Whois data obtained through either of the
other contractually required means of access: Port 43 and web-based. Bulk
access under license may be only a minor contributor to the perceived
problem of use of Whois data for marketing purposes. A subset of a
registrar's Whois database that is sufficiently large for data mining
purposes may be obtained through other means, such as a combination of using
free zonefile access (via signing a registry zonefile access agreement - the
number of these in existence approaches 1000 per major registry) to obtain a
list of domains, and then using anonymous (public) access to either port-43
or interactive web pages to retrieve large volumes of contact information.
Once the information is initially obtained it can be kept up-to-date by
detecting changes in the zonefile, and only retrieving information
related to the changed records. This process is often described as
"data mining". The net effect is that large numbers of Whois records are
easily available for marketing purposes, and generally on an anonymous basis
(the holders of this information are unknown).
The purpose of this task force is to determine what contractual changes (if
any) are required to allow registrars to protect domain name holder data
from data mining for the purposes of marketing The focus is on the
technological means that may be applied to achieve these objectives and
whether any contractual changes are needed to accommodate them.
In-scope
========
The purpose of this section to clarify the issues should be considered in
proposing any policy changes.
The task force should consider the effects of any proposed policy changes on
the ability of groups such as law enforcement, intellectual property,
internet service providers, and consumers to continue to retrieve
information necessary to perform their functions.
The task force should consider the effects of any proposed policy changes on
the competitive provision of domain name services including WHOIS access and
transfers, and on the competitive provision of value-added services using
WHOIS information.
Out-of-scope
============
To ensure that the task force remains narrowly focussed to ensure that its
goal is reasonably achievable and within a reasonable time frame, it is
necessary to be clear on what is not in scope for the task force.
The task force should not aim to specify a technical solution. This is the
role of registries and registrars in a competitive market, and the role of
technical standardisation bodies such as the IETF. Note the IETF presently
has a working group called CRISP to develop an improved protocol that should
be capable of implementing the policy outcomes of this task force. However,
the task force should seek to achieve an understanding of the various
technological means that could be applied to prevent or inhibit data mining
with an eye toward evaluating their impact on other uses and their
compatibility with the currently applicable contracts.
The task force should not review the current bulk access agreement
Provisions, except to the extent that these can be improved to enhance
protection against marketing uses and to facilitate other uses. These
were
the subject of a recent update in policy in March 2003.
The task force should not study the amount of data available for public
(anonymous) access for single queries. Any changes to the data collected or
made available will be the subject of a separate policy development process.
Tasks/Milestones
================
- collect requirements (e.g., volume, frequency, format of query
results) from non-marketing users of contact information (this could be
extracted from the Montreal workshop and also by GNSO constituencies, and
should also include accessibility requirements (e.g based on W3C
standards) [milestone 1 date]
- review general approaches to prevent automated electronic data mining and
ensure that the requirements for access are met (including accessibility
requirements for those that may for example be visually
impaired)
[milestone 2 date]
- determine whether any changes are required in the contracts to allow
the approaches to be used above (for example the contracts require the
use of the port-43 WHOIS protocol and this may not support approaches to
prevent data mining) [milestone 3 date]
Each milestone should be subject to development internally by the task
force, along with appropriate public comment processes (e.g seeking specific
advice from the technical community, or from WHOIS service
operators) to ensure that as much input as possible is taken into account.