RE: [registrars] RE: Call for Constituency statements on Whois tf 1/2 recommendations

[Tim Ruiz <tim@xxxxxxxxxxx>]

Bruce,

I take your comments as a friendly amendment. The motion so amended
follows below.

MEMBERS PLEASE NOTE: There are two endorsements to this motion, it needs
three more endorsements for a total of five. Bruce, with your friendly
amendment now included, does it have your endorsement?

Tim


<MOTION>
The Registrar Constituency position is that these recommendations are
over-reaching, unrealistic and inappropriate.

Specifically...

RE: 1. Registrars must ensure that disclosures regarding availability
and third-party access to personal data associated with domain names
actually be presented to registrants during the registration process. 
Linking to an external web page is not sufficient.

It is inappropriate to view the registration exercise as a policy 
education process. It is a registration process and should be as
simple, straightforward and unburdened as possible for registrants to
conclude. The current trend to "cram" all sorts of notices, and
prescribe the method of notification, into the registration process
interferes with the potential simplicity of this process.

Furthermore, presenting anything to the registrant during the
registration process is an entirely new obligation that would require 
many registrars to completely re-establish their method of registration.
For wholesale registrars, this represents a highly onerous burden.

Lastly, this recommendation is highly unclear. What is a disclossure
regarding availability? Availability of what? This should be defined.

This recommendation would be acceptable in the following form (with the
potential to include a reference to "availability" if 
agreeable clarification is forthcoming);

1. Registrars must ensure that disclosures regarding availability and
third-party access to personal data associated with domain names 
actually be AVAILABLE to registrants during the registration process.

RE: 2. Registrars must ensure that these disclosures are set aside from
other provisions of the registration agreement if they are presented to
registrants together with that agreement.  Alternatively, registrars may
present data access disclosures separate from the registration
agreement. The wording of the notice provided by registrars should, to
the extent feasible, be uniform.

Prescribing the form and scope of my legal agreeements with my
registrants is inappropriate and without precedent under current
agreements. This entire clause should be removed from the
recommendations.

RE: 3. Registrars must obtain a separate acknowledgement from registrars
that they have read and understand these disclosures.  This provision
does not affect registrars' existing obligations to obtain registrant
consent to the use of their contact information in the WHOIS system.

Presumably, this was intended to read "acknowledgement from Registrants
that...", nonetheless requiring separate acknowledgement is an
unworkable condition that cannot be practically implemented in the
current environment. Today, a Registrar is required to bind a
Registrant to a series of obligations. It is a well known fact that
customers do not read point-of-sale agreements. This is especially true
of click-wrap agreements. Ascertaining whether or not a Registrant has
read and understands those obligations is beyond the scope of existing
registration processes.

It is really only appropriate to obtain a Registrants agreement that
their data will be included in the Whois and make this a condition of
registration in a fashion similar to the other terms a Registrant must
agree to prior to undertaking a registration.

Since this is already required in the current RAA in sub-sections
3.7.7.4, 3.7.7.5, and 3.7.7.6, this recommendation should be removed
from the Task Force recommendations.
</MOTION>

 
-------- Original Message --------
Subject: RE: [registrars] RE: Call for Constituency statements on Whois
tf 1/2 recommendations
From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
Date: Sun, January 09, 2005 8:58 pm
To: "Tim Ruiz" <tim@xxxxxxxxxxx>, ross@xxxxxxxxxx
Cc: registrars@xxxxxxxx

Hello All,

The original titles of WHOIS TF1/2 were:

"Restricting access to WHOIS data for marketing purposes"

And

"Review of data collected and displayed" 

The recommendation relating to the display of a term of service doesn't
actually address either of the two problems.

Under the current arrangements, it is a term of service for obtaining a
domain name for the data to be collected and displayed.  It is one of
many terms of service.

I thought obtaining a registrant's consent may be helpful for some
registrars to meet their local laws with respect to privacy, but I have
been recently informed that where the consent is compulsory to acquire
the service - it is not really consent.

Many registrars seek explicit consent from registrants to receive other
marketing information.  This is optional and is not a term of service.
It makes sense to offer this choice explicitly.

It doesn't make sense that linking to an external web page should not be
sufficient for the WHOIS requirements, when it is sufficient for all
other terms of service.

It is standard industry practice to present privacy policies in a
separate webpage.

I would prefer the recommendation to be reworded as:

"Registrars must ensure that disclosures regarding availability and
third-party access to personal 
data associated with domain names actually be AVAILABLE to registrants
during the registration 
process."

In summary I see no point in seeking explicit consent to a term of the
registration agreement, until consent is actually an option.  Hopefully
with tiered access, a user could consent to be in the public data, with
the default being that the data is protected via some sort of access
control.

Regards,
Bruce Tonkin