Re: [gnso-acc-sgb] Reaction to access proposal 2

[Dan Krimm <dan@xxxxxxxxxxxxxxxx>]

Wout,

Can you clarify whether OPTA needs "bulk" access or only "query" access as
part of Type 3?

I understand "bulk" access to mean full-scale download of all Whois data in
a registrar's database at once, as a single integrated dataset.  I
understand "query" access to involve access to single-domain info,
single-registrant info, related spellings of a registrant or domain, et
cetera.  That is, query access does not provide the full database all at
once, but only selected parts of it that are relevant to a specific
investigation.

At this point I do not understand why anyone pursuing anti-fraud action
would need access to a full database in bulk form, as long as no part of
the data is precluded from access under a specific query specification.  So
perhaps we should break out Type 3 into two separate options.  Personally,
I would be *much* less sanguine about bulk access than unlimited query
access, especially if there are no records kept of queries.

-----

Now, let me address your questions below:

As for "contractual/legal restriction of queries": I understand this to
mean that queries need to be explicitly related to an investigation that is
underway under some legal process.  I would assume that OPTA does not need
Whois data for anything other than such cases that it is actively
investigating.

I'm not sure what questions remain with regard to "particular domains" or
"particular registrants".  Can you elaborate on what is not clear there?

As for who will keep/audit records: this is not answered in detail and
remains to be worked out.  One possible option is to have records
kept/audited by a distinct branch of government separate from the branch
that conducts the investigation.  This obviously may require different
choices in different jurisdictions.  Would you have any suggestion as to
how this might be arranged in a way that satisfies OPTA's requirements?

As for sanctions: this might be accomplished by the branch that
keeps/audits records, but again it remains to be defined in detail.

These ideas originated in the attempt to distinguish indirect/intermediated
non-governmental access from direct governmental access.  However, the idea
of keeping an audit trail is one that seems plausible to apply to
government entities as well, even under a paradigm of direct access,
allowing for the stipulations that Carole brought up in the last call about
special circumstances that ought to legitimately constrain audit trail
activation.

Bottom line:  Given that details remain to be fully defined, can you
suggest any parameters for defining those details in a way that would allow
OPTA to support Type 2 access for government entities?

Thanks,
Dan



At 5:43 PM +0200 6/1/07, Natris, Wout de wrote:
>All,
>
>Wednesday last OPTA was asked to help define definitions used in access
>type 2. Sorry, but this is not OPTA's role. Writing definitions is
>something that has to be worked at by policy makers, not enforcers. What
>OPTA can do at this stage, is show why we are disturbed if type 2 access
>is chosen. Too much uncertainty hangs around all these words that need to
>be defined.
>
>What is meant by:
>
>query based access?
>contractual/legal restriction of queries?
>particular domains?
>particular registrants?
>who will keep records?
>who will audit?
>who will sanction?
>
>Too much is uncertain about type 2 access, so OPTA cannot support it.
>Type 3 access works better by far for OPTA.
>
>Wout
>
>
>
>
>+++++++++++++++++++++++++++++++++++++++++++++
>Disclaimer
>Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is 
>beschermd door een beroepsgeheim.
>Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van 
>verspreiding, vermenigvuldiging
>of ander gebruik ervan niet is toegestaan.
>Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, 
>verzoeken wij u ons daarvan
>direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail 
>mailto:mail@xxxxxxx en het bericht te vernietigen.
>Dit e-mailbericht is uitsluitend gecontroleerd op virussen.
>OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en 
>juistheid van dit bericht en er kunnen 
>geen rechten aan worden ontleend.
>
>
>This e-mail message may contain confidential information or information 
>protected by professional privilege.
>If it is not intended for you, you should be aware that any distribution, 
>copying or other form of use of
>this message is not permitted.
>If it has apparently reached you by mistake, we urge you to notify us by phone 
>+31 70 315 3500
>or e-mail mailto:mail@xxxxxxx and destroy the message immediately.
>This e-mail message has only been checked for viruses.
>The accuracy, relevance, timeliness or completeness of the information 
>provided cannot be guaranteed.
>OPTA expressly disclaims any responsibility in relation to the information in 
>this e-mail message.
>No rights can be derived from this message.