AW: [registrars] Revised draft for TF2

["Thomas Keller" <tom@xxxxxxxxxx>]

Eric,

-----Ursprüngliche Nachricht-----
Von: Eric Brunner-Williams [mailto:brunner@xxxxxxxxxxx] 
Gesendet: Dienstag, 13. April 2004 16:08
An: Thomas Keller
Cc: Ross Wm. Rader; registrars@xxxxxxxx; brunner@xxxxxxxxxxx
Betreff: Re: [registrars] Revised draft for TF2 


Thomas,

I suggest adopting the language that the W3C's P3P activity has evolved.
It isn't the only possible choice, but they have spent some time on it,
so terms like <purpose> and who's purpose is expressed in a <purpose>
statement, the sense I get of this morning's exchange of notes between
Ross and yourself, could be about well-defined terms, rather than a new
discussion about terms and the application, in our case, whois policy
varients.

Thanks I will have a look at it.


Also, could you post a text copy of the word document?

See the attached document

tom


The recent data collection of the TF 2 and the undertaken analyses of a sample of existing national privacy regulations, and domain name registries policies has shown that there is an increasing awareness of privacy rights in an increasing number of countries all around the world. As culture varies in these countries, the views on what can be done or not in terms of privacy varies as well. This variety of views does not allow to find a common denominator which would enable a one size fits all policy but needs to be addressed on a local level country by country to truly enable and promote international competition as it is stated in the ICANN principles and consequently leads to the general rule that :

No Registrar should be forced to be in breach with its local jurisdiction regarding the collection, display and distribution of personal data to be able to provide ICANN approved domain registrations regardless whether the WHOIS service is provided by themselves or another party. 

Having established this rule it is recognized that enabling and promoting competition in regard to the ICANN principles, does not allow to bring disadvantage to any party. Such a disadvantage might arise for a Registrar where no existing local privacy regulation is in place in comparison to a Registrar working in a legally more restricted environment. This may lead to a situation where a customer decides to transfer his domain names away to a ?better protected place?. Therefore a low standard for the display of WHOIS data, which must be followed if no local legislation is prohibiting doing so, must be set. The term standard in this case is not only referring to the data fields that must be displayed if there is no contradicting local legislation but also to the format such data fields must have if they exist. Having said this it must be mentioned that the way the format is defined should not be part of an ICANN process but be left to the technical involved parties or technical standardization bodies like IETF. Another disadvantage that has been identified is the Bulkwhois obligation. Thought that Bulkwhois is absolutely not acceptable in many legislations and can not be enforced in these countries it should be considered to strike this obligation for all ICANN contracting parties to establish a international, plain playing field.

The issue of what data elements should be published on the WHOIS has been passionately discussed over the last month and a lot of good reasons have been brought forth from parties
claiming to need the data for various legitimate uses as well as from parties advocating that personal data should not be displayed due to the potential misuse. 

The widely supported conclusion the Registrars arrived to during the course of the discussion is that since all arguments might be valid, depending on the viewpoint, a balance has to be found. Considering the ways the data is retrieved and used today, it is impossible to control and by no means transparent to the data subject what happens to its data and therefore puts it into a disadvantage in comparison with the data user. It would therefore be a big step into the right direction if access to WHOIS data would not be anonymous but that the party requesting the data must be able to reliably and standardized identify itself and its use of the data before extensive personal data is revealed. 

Following this reasoning WHOIS access can be divided into three levels:

	1. Data displayed to an anonymous user
	2. Data displayed to a known user with known use
	3. Data displayed to an administrative entity like a Registrar
	
All of these levels have to be treaded in a different way to maintain the balance at one hand and allow administrative actions on the other.

1. Data displayed to an anonymous user

Data displayed to an anonymous user should consist out of the following elements unless the Registrant or Registrar decides to provide additional data:

   1.1 	Name of the Registrant
   1.2 	Country of the Registrant
   1.3 	Name of the Admin-C
   1.4 	Country of the Admin-C
   1.5  	Name of the Technical Contact
   1.6  	Country of the Technical Contact
   1.7	Point of contact of the Technical Contact i.e. a website.
   1.8	Nameserver names
   1.9	Registrar of Record
   1.10	Creation date
   1.11	The non-auto renewed expiration date
   1.12	The date were the WHOIS information last changed
   1.13 	The domain name itself
   
Having in mind the different uses the WHOIS data is subject to nowadays it shall be mentioned that it is the general view of the Registrar Constituency that the WHOIS service originally was solely established to be able to reach a technical person in case a domain setup causes problems to the public. It is the Registrars opinion that this ?basic functionality? must in any case be persevered but can be reached by less privacy intrusive methods like i.e. a website with an contact form. 

2. Data displayed to a known user with known use

Data displayed to a known user with known use should consist out of the following elements unless the Registrant or Registrar decides to provide additional data:

	2.1 	Name of the Registrant
	2.2 	Postal Address of Registrant
	2.3 	Name of Admin-C
	2.4 	Postal Address of Admin-C
   2.5  	Name of the Technical Contact
   2.6  	Postal Address of the Technical Contact
   2.7  	Email Address of the Technical Contact
      2.8 	Telephone number of the Technical Contact
   2.9 	Nameserver information
   2.10 	Registrar of record
   2.11	Creation date
   2.12	The non-auto renewed expiration date
   2.13	The date were the WHOIS information last changed
   2.14 	The domain name itself
   



3. Data displayed to an administrative entity like a Registrar or Registry

This level should not be viewed as WHOIS data but as data necessary for administrative means like transfers. It therefore may be that the data is not displayed through the WHOIS service but is made available to the administrative entity by other services/protocols like EPP. To ensure that all needed data is readily available such a service must provide at least the following elements
 
	3.1 	Name of the Registrant
	3.2 	Postal Address of the Registrant
	3.3 	Email Address of the Registrant
	3.4 	Name of the Admin-C
	3.5 	Postal Address of Admin-C
   3.6	Email Address of the Registrant
   3.7  	Name of the Technical Contact
   3.8  	Postal Address of the Technical Contact
   3.9  	Email Address of the Technical Contact
      3.10 	Telephone number of the Technical Contact
   3.11	Nameserver information
   3.12 	Registrar of record
   3.13	Creation date
   3.14	The non-auto renewed expiration date
   3.15	The date were the WHOIS information last changed
   3.16 	The domain name itself