Re: [gnso-acc-sgb] ESA proposal for sub-group (b) of Whois Working Group

["Milton Mueller" <mueller@xxxxxxx>]

Michael:

It is good that ESA honestly acknowledges that it prefers unrestricted
publication of all whois data. 

I see a disturbing contradiction between your concept of "legitimate
purpose" and the following statement in your proposal: 

"If stated purpose(s) for access fits within one or more of the
specified categoriesthe requestor would be entitled to universal access
to the full registration records of all gTLDs." 

This means that anyone who has a legitimate need for one registrant's
additional whois data at one particular moment is thereby entitled to
all registrants whois data in perpetuity. I don't think that proposal
will get very far. In effect, it reproduces the status quo but costs a
heck of a lot more, doesn't it?

Let us grant that a private party, such as a bank, has a legitimate
purpose in accessing the full whois record of a site or family of sites
that is actually, or merely suspected of, phishing. 

Under your proposal, that "legitimate purpose" would give them unlimited
access not only to actual or suspected phishers, but to anyone and
everyone else, at any time. In other words, the form of access granted
has no correlation to the legitimate purpose. 

This is flatly illegal in the EU, for sure. 

Another observation: you list "determining availability of domain names"
as a legitimate purpose. But availability can be determined without any
of the data elements that would be shielded from public view under the
OPoC proposal.