[registrars] TF2 draft last call
Hello, please find attached the next version of our draft for TF2. Please be reminded that today is the last day for constituency statements to the TF Best, tom -- Thomas Keller Domain Services Schlund + Partner AG Brauerstrasse 48 Tel +49-721-91374-534 76135 Karlsruhe, Germany Fax +49-721-91374-215 http://www.schlund.de tom@xxxxxxxxxx The following is the draft statement of the Registrar Constituency. It has not yet gone to a vote, nor does it have the concensusconsensus of the Constituency as certain parts of the statement remain under dispute among the registrars that have participated in the on-line discussion. The statement does, however, represent the broad outlines of the Constituency?s thinking regarding TF 2 issues. The recent data collection of the Task Force (TF) 2 and the undertaken analysesanalysis of a sample of existing national privacy regulations, and domain name registries? policies has shown that there is an increasing awareness of privacy rights in an increasing number of countries all around the world. As culture varies in theseDepending on the countries? cultural and historical perspectives, their views with respect toon what can be done or notis allowed or appropriate in terms of privacy varyies as well. This variety of views does not allow to find a common denominator which that would enable allow a ?one size fits all? policy. Instead, it requires but needs to be addressed on a local level country by countryand national rules in order to truly enable and promote international competition, as it is stated in theper ICANN principles. As a and consequence,tly leads to the general rule thatshould be that : No Registrar should be forced to be in breach with its local jurisdiction laws regarding the collection, display and distribution of personal data in order to be able to provide ICANN approved domain registrations, regardless of whether the WHOIS service is provided by themselves such registrar or another party under agreement with such registrar. Having established this rule it is recognized thatE enabling and promoting competition in regard to- per the ICANN principles - would, does not allow to bringthe disadvantaging ofe to any partyregistrar. Such aA registrar may be disadvantaged in this way if might arise for a Registrar where no existing local privacy regulation is in place in comparison to a Registrar working in a legally more restricted environment. This may lead to a situation where a customer were decides to transfer his domain names away to a registrar in a ?better protected placejurisdiction.?. Therefore a uniform low standard for the display of WHOIS data must be set, which must be followed if nounless local legislation is prohibitsing doing so, must be set. The term standard in this case is not only referring toBoth the data fields that must be displayed if there is no contradicting local legislation but also toand the format such data fields must have if they existmust be standardized, although . Having said this it must be mentioned that the way the format is defined should not be part of an ICANN process but be left to the technical involved parties or technical standardization for the formatting can be left to bodies like the IETF. Another such disadvantage that has been identified is the Bulk whois obligation. Thought thatAccording to a recent presentation by George Papapavlou, Bulk whois is absolutely not acceptable under the EU Privacy Directive and in many legislations other jurisdictions and can not be enforced in these those countries. Therefore, TF 2 it should be considered torecommend strikinge this obligation for all ICANN contracting parties to establish a international, plain playing field.in order to establish a level playing field for all registrars world-wide. The issue of what which data elements should be published on the WHOIS whois has been passionately discussed over the last several months, with many and a lot of good reasons have been brought forth from both by the parties claiming to need the data for various legitimate uses, as well as from thoseparties advocating that personal data should not be displayed due to the potential misuse. The widely supported conclusion the Registrars arrived to during the course of the discussion is that since all arguments might be valid, depending on the viewpoint, a balance has to be foundAfter much discussion, registrars have found a solution that balances these viewpoints. Considering Tthe ways the data is retrieved accessed and used today, it ismakes it impossible to control. and by noIn fact means transparent to the data subject does not know what happens to its his data and therefore is actuallyputs it into a disadvantaged in comparison with the data user. Consequently, iIt would therefore be a big step into the right direction if access to sensitive WHOIS whois data would not be anonymous, but that the party requesting the data must be ableidentify itself and its use of the data in to a reliabley and standardized identify itself and its use of the datamanner before extensive personal data is revealed. Following this reasoning WHOIS access can be divided into three levels: 1. Data displayed to an anonymous user 2. Data displayed to a known user with for a knowna known use 3. Data displayed to an administrative entity like a Registrar All of these levels have to be treaded in a different way to maintain the balance at one hand and allow administrative actions on the other. 1. Data displayed to an anonymous user Data displayed to an anonymous user should consist out of the following elements unless the Registrant or Registrar decides to provide more data: 1.1 Name of the Registrant 1.2 Country of the Registrant 1.3 Name of the Admin-C 1.4 Country of the Admin-C 1.5 Name of the Technical Contact 1.6 Country of the Technical Contact 1.7 Point of contact of the Technical Contact i.e. a website. 1.8 Nameserver names 1.9 Registrar of Record 1.10 Creation date 1.11 The non-auto renewed expiration date 1.12 The date were the WHOIS information last changed 1.13 The domain name itself Having in mind the different uses the WHOIS whois data is subject to nowadays, it shall be mentioned that it is the general view of the Registrar Constituency that the WHOIS whois service was originally was solely established to be able to reachsolely to facilitate contacts for a technical person in case a domain setup causes problems to the publicreasons. It is the Registrars opinion that thisThis ?basic functionality? must in any case be prerservered, but can be reached accomplished by less privacy intrusive methods, such as like i.e. a website with an contact formaccess. 2. Data displayed to a known user with known use Data displayed to a known user with known use should consist out of the following elements, unless the Registrant or Registrar decides to provide more data: 2.1 Name of the Registrant 2.2 Postal Address of Registrant 2.3 Name of Admin-C 2.4 Postal Address of Admin-C 2.5 Name of the Technical Contact 2.6 Postal Address of the Technical Contact 2.7 Email Address of the Technical Contact 2.8 Telephone number of the Technical Contact 2.9 Nameserver information 2.10 Registrar of record 2.11 Creation date 2.12 The non-auto renewed expiration date 2.13 The date were the WHOIS information last changed 2.14 The domain name itself It shall be mentioned that not all uses of the data as well as the system are permissible and can be ground for an exclusion of a user from the system. A list of such impermissible uses should be recommended by the Taskforce. 3. Data displayed to an administrative entity like a Registrar or Registry This level should not be viewed as WHOIS whois data, but as data necessary for administrative means like transfers. It therefore may be thatPotentially the data is would not be displayed through the WHOIS whois service, but is made available to the administrative entity by other services or /protocols like EPP. To ensure that all needed data is readily available, such a service must provide at least the following elements 3.1 Name of the Registrant 3.2 Postal Address of the Registrant 3.3 Email Address of the Registrant 3.4 Name of the Admin-C 3.5 Postal Address of Admin-C 3.6 Email Address of the Registrant 3.7 Name of the Technical Contact 3.8 Postal Address of the Technical Contact 3.9 Email Address of the Technical Contact 3.10 Telephone number of the Technical Contact 3.11 Nameserver information 3.12 Registrar of record 3.13 Creation date 3.14 The non-auto renewed expiration date 3.15 The date were the WHOIS information last changed 3.16 The domain name itself Attachment:
tf2_draft_v.04.doc Attachment:
tf2_draft_v_04.pdf
|