Re: [registrars] RE: Call for Constituency statements on Whois tf 1/2 recommendations

["Marcus Faure" <faure@xxxxxxxxxxx>]

CORE endorses this motion.


Marcus


> Bruce,
> 
> I take your comments as a friendly amendment. The motion so amended
> follows below.
> 
> MEMBERS PLEASE NOTE: There are two endorsements to this motion, it needs
> three more endorsements for a total of five. Bruce, with your friendly
> amendment now included, does it have your endorsement?
> 
> Tim
> 
> 
> <MOTION>
> The Registrar Constituency position is that these recommendations are
> over-reaching, unrealistic and inappropriate.
> 
> Specifically...
> 
> RE: 1. Registrars must ensure that disclosures regarding availability
> and third-party access to personal data associated with domain names
> actually be presented to registrants during the registration process. 
> Linking to an external web page is not sufficient.
> 
> It is inappropriate to view the registration exercise as a policy 
> education process. It is a registration process and should be as
> simple, straightforward and unburdened as possible for registrants to
> conclude. The current trend to "cram" all sorts of notices, and
> prescribe the method of notification, into the registration process
> interferes with the potential simplicity of this process.
> 
> Furthermore, presenting anything to the registrant during the
> registration process is an entirely new obligation that would require 
> many registrars to completely re-establish their method of registration.
> For wholesale registrars, this represents a highly onerous burden.
> 
> Lastly, this recommendation is highly unclear. What is a disclossure
> regarding availability? Availability of what? This should be defined.
> 
> This recommendation would be acceptable in the following form (with the
> potential to include a reference to "availability" if 
> agreeable clarification is forthcoming);
> 
> 1. Registrars must ensure that disclosures regarding availability and
> third-party access to personal data associated with domain names 
> actually be AVAILABLE to registrants during the registration process.
> 
> RE: 2. Registrars must ensure that these disclosures are set aside from
> other provisions of the registration agreement if they are presented to
> registrants together with that agreement.  Alternatively, registrars may
> present data access disclosures separate from the registration
> agreement. The wording of the notice provided by registrars should, to
> the extent feasible, be uniform.
> 
> Prescribing the form and scope of my legal agreeements with my
> registrants is inappropriate and without precedent under current
> agreements. This entire clause should be removed from the
> recommendations.
> 
> RE: 3. Registrars must obtain a separate acknowledgement from registrars
> that they have read and understand these disclosures.  This provision
> does not affect registrars' existing obligations to obtain registrant
> consent to the use of their contact information in the WHOIS system.
> 
> Presumably, this was intended to read "acknowledgement from Registrants
> that...", nonetheless requiring separate acknowledgement is an
> unworkable condition that cannot be practically implemented in the
> current environment. Today, a Registrar is required to bind a
> Registrant to a series of obligations. It is a well known fact that
> customers do not read point-of-sale agreements. This is especially true
> of click-wrap agreements. Ascertaining whether or not a Registrant has
> read and understands those obligations is beyond the scope of existing
> registration processes.
> 
> It is really only appropriate to obtain a Registrants agreement that
> their data will be included in the Whois and make this a condition of
> registration in a fashion similar to the other terms a Registrant must
> agree to prior to undertaking a registration.
> 
> Since this is already required in the current RAA in sub-sections
> 3.7.7.4, 3.7.7.5, and 3.7.7.6, this recommendation should be removed
> from the Task Force recommendations.
> </MOTION>
> 
>  
> -------- Original Message --------
> Subject: RE: [registrars] RE: Call for Constituency statements on Whois
> tf 1/2 recommendations
> From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
> Date: Sun, January 09, 2005 8:58 pm
> To: "Tim Ruiz" <tim@xxxxxxxxxxx>, ross@xxxxxxxxxx
> Cc: registrars@xxxxxxxx
> 
> Hello All,
> 
> The original titles of WHOIS TF1/2 were:
> 
> "Restricting access to WHOIS data for marketing purposes"
> 
> And
> 
> "Review of data collected and displayed" 
> 
> The recommendation relating to the display of a term of service doesn't
> actually address either of the two problems.
> 
> Under the current arrangements, it is a term of service for obtaining a
> domain name for the data to be collected and displayed.  It is one of
> many terms of service.
> 
> I thought obtaining a registrant's consent may be helpful for some
> registrars to meet their local laws with respect to privacy, but I have
> been recently informed that where the consent is compulsory to acquire
> the service - it is not really consent.
> 
> Many registrars seek explicit consent from registrants to receive other
> marketing information.  This is optional and is not a term of service.
> It makes sense to offer this choice explicitly.
> 
> It doesn't make sense that linking to an external web page should not be
> sufficient for the WHOIS requirements, when it is sufficient for all
> other terms of service.
> 
> It is standard industry practice to present privacy policies in a
> separate webpage.
> 
> I would prefer the recommendation to be reworded as:
> 
> "Registrars must ensure that disclosures regarding availability and
> third-party access to personal 
> data associated with domain names actually be AVAILABLE to registrants
> during the registration 
> process."
> 
> In summary I see no point in seeking explicit consent to a term of the
> registration agreement, until consent is actually an option.  Hopefully
> with tiered access, a user could consent to be in the public data, with
> the default being that the data is protected via some sort of access
> control.
> 
> Regards,
> Bruce Tonkin 
>