Comments on Section 1.3.3 of the P&P Initial Report

[Jeff Kiser <jfkiser@xxxxxxxxx>]

Here are my comments on the questions raised in section 1.3.3 of the
initial report:

--------------

1.) *Should registrants of domain names associated with commercial
activities and which are used **for online financial transactions be
prohibited from using, or continuing to use, P/P **services? If so, why,
and if not, why not?*

I think all registrants should be allowed to continue to use P/P services
to protect their information from Publication in the WHOIS database,
including registrants which use their websites for online financial
transactions.

Many small business owners use their home address as their business
address, and I do not think these people should need to publicly display
their home address just because they want to accept payment on their
website.

Publishing physical and email addresses in the public WHOIS database is
harmful to registrants.  This public information enables undesirable third
parties to mine registrants' email addresses and spam them or try to steal
registrants' identities with them.  Requiring this information to be
Published for owners of "transactional" websites also seems to take the
"guilty until proven innocent" stance, rather than the "innocent until
proven guilty" stance; I don't appreciate that attitude.

Even if the proposed form of manditory Publication was not harmful to
registrants, I don't believe the Publication would provide any substantial
benefit over the current system which already allows LEA's to get access to
that information with a court order.  Most consumers don't even know about
the WHOIS database, and fewer would try checking it to gain assurance about
a financial transaction.  Even if a consumer did lookup public WHOIS
information to gain assurance about a financial transaction, how much
assurance does it give them?  If a registrant is trying to be malicious,
they would just enter fake information.  I don't believe that any consumer
would actually attempt contact with the registrant via WHOIS information,
or certainly the number of consumers who would do so is extremely low.

2.)  *If you agree with this position, do you think it would be useful to
adopt a definition of **“commercial” or “transactional” to define those
domains for which P/P service registrations **should be disallowed? If so,
what should the definition(s) be?*

I do not agree with the position, so I do not think it necessary to define
"commercial" vs. "transactional" in this case.

I do want to point out, though, that I think it would be impractical to
enforce any accurate definition of "transactional".  Who would be
responsible for determining whether a site is "transactional"?  How would
that party or parties be able to continuously monitor every website on the
Internet to determine if and when the website changes status to or from
"transactional"?

The challenge only becomes more difficult due to the difficulty of
precicely defining "transactional" in a simple way.  What does it mean for
a site to accept payment?  What if a site just links to a payment gateway
such as PayPal, such that the financial transaction happens off-site; would
sites like these count as "transactional" even though they use another
company's payment services?  This use case is very common for e-commerce
websites.  What about a website which iframes a "transactional" site; is
that site "transactional" too?  What about sites which do not have
navigable web pages but which expose, for example, a REST API which is
capable of processing payments?  What about websites which use such APIs
behind the scenes?  These cases blur the lines, and even if the lines were
clear, these cases are not easy to detect without direct reporting from the
website owner.

Constantly keeping track of which sites are "transactional" would be a
monumentally difficult task which would require a large amount of resources
to accomplish, and I think that would be wasteful.  I also do not think
that the reporting responsibility should be passed on to website owners as
a way to solve this problem: that kind of self-reporting would lead to all
kinds of inconsistencies.

3.)  *Would it be necessary to make a distinction in the WHOIS data fields
to be displayed as a **result of distinguishing between domain names used
for online financial transactions and **domain names that are not?*

Since I'm not in favor of attempting to define and maintain a list of which
sites are "transactional" for practical reasons, I am likewise not in favor
of displaying this in the WHOIS database.  I do not see how this
information would be useful.

If the idea is that consumers would want to know which sites are trying to
get their money for the purposes of avoid those sites to get an "honest"
opinion, this would not work.  Websites can propagate all kinds of bad
information in the name of affiliate advertising while not charging the
consumer anything; these sites would not be labeled "transactional".  Also,
nothing would stop business websites from requesting contact information
and performing any financial transactions they desire offline.

Because of this, I don't think having "transactional" websites labeled as
such in WHOIS would ammount to anything meaningful for anyone.  It might
even instill a false sense of security for consumers, which would be a bad
thing.

-------------

In summary, I think that:
a.) prohibiting P&P services for "transactional" websites is unnecessary
and undesirable
b.) defining and maintaining a list of "transactional" websites is very
impractical, and
c.) there are no practical benefits to be gained by either proposal.

- Jeff