ICANN/GNSO GNSO Email List Archives

whois-tf3-report-comments


<<< Chronological Index >>>    <<< Thread Index >>>

Thoughts on the TF3 report

  • To: whois-tf3-report-comments@xxxxxxxxxxxxxx
  • Subject: Thoughts on the TF3 report
  • From: Karl Auerbach <karl@xxxxxxxxxxxx>
  • Date: Mon, 5 Jul 2004 15:38:07 -0700 (PDT)

Thoughts on the TF3 (accuracy) report (WHOIS TASK FORCE 3 - IMPROVE
THE ACCURACY OF DATA COLLECTED FROM GTLD REGISTRANTS PRELIMINARY
REPORT)

I find the report to be inadequate and lacking both the factual and
logical foundation to support its conclusions and recommendations.

The report begins by failing to comprehend the meaning of "accuracy".

Accuracy is not an absolute term.  One definition of accuracy is the
absence of incorrect information.  In that regard, a blank field on a
form is completely accurate.  The task force's report makes it clear
that this is not the definition of accuracy that is being used by the
task force.  If the task force wishes its report to itself be able to
claim that it is accurate then the task force must necessarily
articulate what it means by accuracy.

I submit that accuracy is measured by context.  In the case of
business data the typical metric of accuracy is whether the data
exchanged, in all directions among all parties to the transaction, is
whether that data is sufficient to support the business being
transacted.

In the case of domain name registrations, the parties to the
transaction are the registrar and customer (registrant) or his/her
agent.  There are no other parties to the transaction.  (The report of
task force 1 makes it clear that when examined on the basis of real
numbers rather than chicken-little-like anecdotes that the interests
of trademark owners in domain name transactions are based on events so
rare and of such individually miniscule impact on the internet
community as to amount to a factor that can be best remedied through
recourse to traditional legal processes.)

As measured in the context of the registrar-customer transaction the
first metric of accuracy is whether the information conveyed at the
time of the registration is sufficient to support that registration.
The second metric is whether the information conveyed is sufficient to
maintain the relationship.  And the final metric is whether the
information at the time of potential renewal is sufficient to support
renewal, if the potential for such renewal was part of the original
understanding.

Before going further it is necessary to distinguish the concept of
"accuracy" from that of "precision".  It is perfectly accurate for
every domain name registrant in existence to indicate that he or she
lives on planet Earth.  But most would not consider that to be
usefully precise.

At the time of the initial registration of a domain name the following
information needs to be conveyed:

   Customer-to-Registrar:
       Desired domain name
       List of name servers

    Registrar-to-Customer:
      Whether the name requested name has been allocated to the
      customer (implying that the name and customer's name server
      list have been placed into the appropriate zone file.)

Not all registrations involve money and billing.  Nor do all
registrations necessarily impute a desire for renewal - one area of
domain name businesses that have been arbitrarily foreclosed until now
by ICANN have been non-renewable, short term registrations for
single-time events, elections, movies, etc.

If a registration involves the payment of a fee, then the exchange of
information must be adequate to facilitate the payment of that fee.
After that payment, that information is no longer needed to support
the registration process.  It is a well known principle of privacy
that information should be retained only if it is relevant to a
transaction.  Thus a registrar that is desirous of protecting privacy
would be acting quite within reason should it erase transactional
information once that information has ceased to be of value.

Maintenance of the relationship between registrar and customer is
largely driven by the needs of the customer.  For that reason there is
no particular reason, in the context of maintenance of the
registration information (i.e. the list of name servers) for the
registrar to retain precise, that thus privacy infringing, information
regarding the customer.

Third parties who today bombard the DNS whois databases are not
parties to the maintenance relationship.  As task force 1 indicated,
such third parties ought to be required to make a preliminary showing
that they have reason to examine the registration data.  The degree of
precision of the data disclosed must, therefore, vary in conformance
with the degree of precision of that showing and of the nature of the
purported grievance.

Finally, renewal processing only requires sufficient information to
consummate the renewal transaction at the time of the transaction -
there is no need for such information to be exchanged in advance of
renewal or to be retained after renewal.

Additional data gathering and maintenance burdens the system with
additional costs.  Absent a clear showing of illegal activity on the
part of the majority of domain name registrars and customers it would
be improper to impose such costs on all transactions.  Yet the task
force's report seems to have elevated the ill-actions of a very, very
few into a blanket accusation against all domain name registrants as a
self-bootstrapping argument to encumber the entire domain registration
system with excess costs and an institutional system of excess
information disclosure amounting to a wholesale violation of the
privacy of every member of the community of internet users.

If the demands of such third parties trigger the gathering and
maintenance of data above and beyond the data used for registration,
maintenance, and renewal then those third parties ought to pay the
costs of such gathering and maintenance.

                --karl--
                Karl Auerbach



<<< Chronological Index >>>    <<< Thread Index >>>