ICANN/GNSO GNSO Email List Archives

[whois-sc]


<<< Chronological Index >>>    <<< Thread Index >>>

[whois-sc] DRAFT 3: Task force 2

  • To: <whois-sc@xxxxxxxx>
  • Subject: [whois-sc] DRAFT 3: Task force 2
  • From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
  • Date: Fri, 3 Oct 2003 22:59:06 +1000
  • Sender: owner-whois-sc@xxxxxxxxxxxxxx
  • Thread-index: AcOJriNjZpm8DfqER1mMy9ykQeOvzg==
  • Thread-topic: DRAFT 3: Task force 2

Hello All,

The attached draft 3 is an enhancement of Draft 1 (presented at the 1st
teleconference), and Draft 2 (modified by Milton Mueller and presented
at the last teleconference).  This draft incorporates some text provided
to me by Milton Mueller following the call, and also incorporates
comments received during the call.

Look for [** to detect changes.

I invite further input.

Regards,
Bruce Tonkin


Title: Review of data collected and displayed

Participants:
- 1 representative from each constituency
- ALAC liaison
- GAC liaison
- ccNSO liaison
- SECSAC liaison
- liaisons from other GNSO WHOIS task forces

Description of Task Force:
==========================

There are domain name holders that are concerned about their privacy,
both in terms of data that is collected and held about them, and also in
terms of what data is made available to other parties.

[**INSERT** At the same time, domain names, associated email addresses,
and web sites located by domain names can be used in connection with
fraud, criminal activity, and intellectual property infringement.  This
gives rise to a need for accurate identification of the registrant,
and/or a need to reliably contact the individual or organization that is
the registered name holder.]

[**INSERT** Similar trade-offs between privacy concerns and
identification affect the technical functions of Whois.] 
Extensive contact information can assist a registrar or network provider
to contact a domain name holder in the event of a technical problem or
in the event of domain name expiration.  However, a domain name holder
may be prepared to make a personal decision to accept a lower standard
of service (e.g take their own steps to be reminded of when a domain
expires) in return for greater privacy.  A domain name holder may be
prepared to provide extensive contact information to their domain name
provider, but would prefer to control what information is available for
public access. 

[**INSERT** Identifiers in other media typically attempt to balance
identification and privacy concerns.] 
For example a telephone customer may provide detailed address
information to a telephone service provider, but may elect not to have
this information displayed in a public whitepages directory.  Note
however that national laws often permit access to the complete
information to groups such as law enforcement and emergency services
personnel.  

[**INSERT** Although the GNSO has in the past adopted new policies (See
http://www.icann.org/gnso/whois-tf/report-19feb03.htm) regarding the
accuracy of data and bulk access, the prior Task Force chose to defer
considerations of privacy to a future point.] 

Another issue is that there is limited public understanding of the
present contractual obligations.  Most domain name holders are unaware
that their information is being displayed publically via the present
port-43 and interactive web access methods,  
[**INSERT** or is made available to third parties under the bulk WHOIS
access agreement.]

The purpose of this task force is to determine:

[***NOTE the list below has been reordered with (a) now corresponding to
issue 5 in the WHOIS Privacy issues report, which was identified by
several constituencies as a high priority issue**]

a) What is the best way to inform registrants of what information about
themselves is made publicly available when they register a domain name
and what options they have to restrict access to that data and receive
notification of its use?

b) What is the minimum required information about registrants that must
be collected at the time of registration to maintain adequate
contact-ability?

c) Should domain name holders be allowed to remove certain parts of the
required contact information from anonymous (public) access, and if so,
what data elements can be withdrawn from public access and what
contractual changes (if any) are required to enable this? Should
registrars be required to notify domain name holders when the withheld
data is released to third parties?



To ensure that the task force remains focussed and that its goal is
achievable and within a reasonable time frame, it is necessary to be
clear on what is out of scope for the task force.

Out-of-scope
============

The task force should not examine the mechanisms available for anonymous
public access of the data - this is the subject of a separate task
force.

The task force should not examine mechanisms for law enforcement access
to the data collected.  This is generally subject to varying local laws,
and may be the subject of a future task force.

The task force should not study new methods or policies for ensuring the
accuracy of the required data,  
[**INSERT as this will be subject of a separate task force]. 
However, it should study whether giving registrants the ability to
withhold data from public, anonymous access will increase user
incentives to keep the contact information they supply current and
accurate.

The task force should not consider issues regarding registrars' ability
to use Whois data for their own marketing purposes, or their claims of
proprietary rights to customers' personal data. 

Tasks/Milestones
================
This Task Force would begin at the same time as the other one and
execute its duties in the following order:

[**NOTE the following list has been re-ordered to take into account item
5 of the WHOIS Privacy issues report, which was identified by several
constituencies as a high priority item]

1. Examine the current methods by which registrars and their resellers
inform registrants of the purpose for which contact data is collected,
and how that data will be released to the public. Examine whether policy
changes (or published guidelines) are necessary to improve how this
information is provided to registrants.

2. Conduct an analysis of the existing uses of the registrant data
elements currently captured as part of the domain name registration
process. Develop list of minimal required elements for  contact-ability.
The intent is to determine whether all of the data elements now
collected are necessary for current and foreseeable needs of the
community, and if so, how they may be acquired with the greatest
accuracy, least cost, and in compliance with applicable privacy,
security, and stability considerations.

3. [** INSERT Document existing methods by which registrants can
maintain anonymity and assess their adequacy]  Decide what options will
be given to registrants to remove data elements from public access and
what contractual changes  (if any) are required to enable this.

[** INSERT 4. Taking into account the outcomes in 2 and 3, re-examine
the methods by which registrars inform registrants of the use of their
contact data by third parties and the options registrants might have to
remove data elements from public view.]





<<< Chronological Index >>>    <<< Thread Index >>>