ICANN ICANN Email List Archives

[gnso-dow123]


<<< Chronological Index >>>    <<< Thread Index >>>

[gnso-dow123] Envoi d'un message : minutes-DOW123tf01mar05.shtm

  • To: gnso-dow123@xxxxxxxxxxxxxx
  • Subject: [gnso-dow123] Envoi d'un message : minutes-DOW123tf01mar05.shtm
  • From: "GNSO.SECRETARIAT@xxxxxxxxxxxxxx" <gnso.secretariat@xxxxxxxxxxxxxx>
  • Date: Fri, 04 Mar 2005 00:12:43 +0100

[To: gnso-DOW123[at]gnso.icann.org]
minutes-DOW123tf01mar05.shtml


Please find the transcript of the Whois task force 123 call held on 1 March 2005.


Please let me know whether  there are any changes to be made.

Thank you very much!

Glen


-- Glen de Saint Géry GNSO Secretariat - ICANN gnso.secretariat[at]gnso.icann.org http://gnso.icann.org
<!--#set var="bartitle" value="WHOIS Task Forces 123 Teleconference 
Transcription"-->
<!--#set var="pagetitle" value="WHOIS Task Forces 123 Teleconference 
Transcription"-->
<!--#set var="pagedate" value="01 March 2005"-->
<!--#set var="bgcell" value="#ffffff"-->
<!--#include virtual="/header.shtml"-->
<!--#exec cmd="/usr/bin/perl /etc/gnso/menu.pl 'WHOIS Task Forces 123 
Teleconference Transcription'"-->
<p align="center"><font face="Arial, Helvetica, sans-serif"><b>WHOIS Task 
Forces 
  1, 2, 3 <br>
  Teleconference Transcription</b></font></p>
<p align="center"><font face="Arial, Helvetica, sans-serif"><b>1 March 2005 <br>
  </b></font></p>
<p><font face="Arial, Helvetica, sans-serif"><b>Participants:<br>
  </b>Bruce Tonkin - GNSO Chair <b><br>
  </b> Jeff</font>  <font face="Arial, Helvetica, sans-serif">Neuman<b> 
  - </b>Co -Chair<b><br>
  </b>Jordyn Buchanan
  - Co - Chair<br>
  Marilyn Cade
  <b><br>
  </b>David Fares <br>
  David Maher<br>
  Antonio Harris<br>
  Paul Stahura <br>
  Ross Rader
  <br>
  Ken Stubbs
  <br>
  <br>
  Stephan Welzel - Presenter - DENIC
  <br>
  Philip Colebrook - 
  Presenter - Global Names Registry <br>
  Kim von Arx - Presenter - CIRA <br>
  Jonathan Nevett - Presenter - Networksolutions<br>
  Tim Ruiz - Presenter - Domains by Proxy  <br>
  Martin Garthwaite - E-Nom <br>
  <br>
  <br>
  <br>
  Visitors<br>
  Grant Forsyth  GNSO Council <br>
  Markus Heyder<br>
  Ryan Lehning <br>
  Eric Larsen<br>
  Joy Johnson<br>
  John Rodriguez <br>
  Joe West
  <br>
  John Wright
  <br>
  </font> <font face="Arial, Helvetica, sans-serif"><br>
</font><font face="Arial, Helvetica, sans-serif">  </font> </p>
<p><font face="Arial, Helvetica, sans-serif">ICANN GNSO Policy Officer - Maria 
Farrell <br>
  ICANN Staff manager: Barbara 
  Roseman<br>
  GNSO Secretariat: Glen de Saint G&eacute;ry - absent <br>
  <b><br>
  </b></font><font face="Arial, Helvetica, 
sans-serif"><strong>Coordinator</strong> Good afternoon, and thank you for 
standing by. At this time all participants are in a listen-only mode until the 
question and answer session of the conference. Today&rsquo;s conference is 
being recorded. If you have any objections, you may disconnect at this time. 
Your host for today is<strong> Jordan Buchanan</strong>. Sir, you may 
begin.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Thanks, everyone, and thanks for joining us. As hopefully you all know, we are 
going to be having a series of presentations or discussions from various 
registrars and registry operators who either have interesting whois policies or 
provide some sort of proxy service or privacy service. The six entities that we 
have lined up for today are Denic; Cira; dot-ca; The Global Name Registry; and 
then three registrars who provide privacy services, Networksolutions, E-nom and 
Domains by Proxy, which I guess is technically not a registrar but affiliated 
with a good ID group of registrars.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> Because this is quite late in 
Europe, we&rsquo;re going to start with our European presenters, and in 
particular, we are going to start with <strong>Stephan Welzel of 
Denic</strong>, and we&rsquo;ll try to do Q&amp;A after each of the presenters. 
We&rsquo;ll also try to make some time maybe at the end of the conference for 
general discussion. So I&rsquo;m going to just go ahead and turn it over to 
Stephan to tell us a little bit about Denic&rsquo;s whois implementation and 
how they differentiate between data port 43, port 80 versus what they provide 
to registrars and any other interesting tidbits that he&rsquo;d like to provide 
to us. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel</strong> Okay, 
thank you, so I&rsquo;m Stephan Welzel. I&rsquo;m general counsel to Denic, the 
dot-de registry, and I&rsquo;ll try to be very brief, and I think I can be very 
brief because our whois routes are amazingly uncomplicated I would say. First, 
I would like to tell you which data we actually asked the registrants to 
provide. That is of course the name and the postal address of the main name 
holder or registrant as you would say in the gTLD environment. Also, the name 
of the postal address of the administrative contact. For the administrative 
contact, we also ask for the phone number, the fax number and the e-mail 
address, and then for the technical contact, that would be the actual technical 
contact and then the zone contact, we also ask for name, postal address, phone 
and fax numbers and e-mail address. That&rsquo;s the data we then have for 
every registrar to maintain, but that&rsquo;s not the data everyone can look up 
in our whois. We have some restrictions there. What people can look up in the 
public whois is the name and the address of the registrant and all the 
contacts. Then in addition to that, the phone and fax number and e-mail address 
of the technical and the zone contact, so not for the administrative contact. 
We have the administrative contact&rsquo;s phone number and fax number and 
e-mail address, but you won&rsquo;t find that in the whois. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> We have two kinds of public 
whois, the port 80 or Web whois. You find the data there I just mentioned. We 
actually have implemented a two-step process to access this data. When you type 
a domain name into the whois, first you get a Web site that tells you only 
whether that domain name is registered or not, and if you&rsquo;re interested 
in getting the actual data for that domain name, you need to click on an exact 
button, and with that, you accept some rules. It&rsquo;s a little text that 
says you cannot use the data for business purposes and stuff like that. 
That&rsquo;s frankly pretty much symbolic, but still it&rsquo;s something that 
we implemented. Actually, statistics show that the vast majority of people that 
use the Web whois don&rsquo;t even take this second step, so the vast majority 
of people are just interested in finding out whether a domain is registered or 
not.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> For the port 43 whois, the same 
rules apply. The only difference is that these restrictions on the useage of 
the data are just being sent when this port 43 connection is set up for the 
first time. After that, people get the data without any additional steps to be 
taken. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> The whois for our registrars, 
which are members is a bit different at least partly. For the domain names that 
a registrar administers himself for their customers, he has access to all data 
we have stored for those domain names. That means including phone number, fax 
number and e-mail address of the admin contact. For domain names administered 
by other registrars, the registrars get the same data as are given in the 
public whois.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> That&rsquo;s actually what we are 
doing with our whois. I could perhaps say a few words on why we are doing it 
this way. I don&rsquo;t think that I need to explain why we believe there 
should be a whois and why we think it&rsquo;s necessary. I could tell you 
something about the legal restrictions. Of course we have a Data Protection 
Act. We have to because there are EU directors on that. This Data Protection 
Act says you cannot make data available to the third parties&mdash;third 
parties will also be the public&mdash;unless this is necessary to meet your 
obligations from a contract. That&rsquo;s probably not what would be applicable 
here, but you also can make data available to third parties when this is 
necessary to protect or preserve your own interests. That&rsquo;s what we refer 
to. It&rsquo;s necessary to have a whois because it&rsquo;s in the interest of 
the registry and the community, because people need to be able to find out who 
the holder of a domain name is, who the contacts are for a certain domain name. 
</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> On the other hand&mdash;and that 
is possibly a German specialty&mdash;we have a law that requires everyone who 
has a commercial Web site, and a commercial Web site you already have when you 
just have some Amazon ICANN on it that&rsquo;s linked to Amazon. Amazon in this 
case there is linked to a commercial Web site. When you have a commercial Web 
site, you need to put your name and address and phone number and fax number and 
e-mail address on it. That is required by law. So we say, and the Data 
Protection Authorities go along with this, most people that have a domain name 
will have a Web site, and in principal, when one has a Web site, then his or 
her personal data has to be on that Web site anyway. So there&rsquo;s nothing 
wrong with whois. Whether the data&rsquo;s also available in our whois 
doesn&rsquo;t make much of a difference. It is not quite accurate to argue this 
way, but this is what we do, and this is again what also the data protection 
authorities accept. So that&rsquo;s basically it.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Great, thanks, Stephen. Before I open it up for general question and answer, 
can I just ask two questions for clarification for you? First of all, you 
mentioned that when people were attempting to access the data through port 43, 
the first time they tried, you somehow implemented a mechanism to get to the 
agreement to the terms. How is that implemented, do you know? </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel</strong> If 
it&rsquo;s via port 43, then we do not get their agreement by some action. We 
just sent them the data and add some text saying there are restrictions, you 
cannot use them for commercial purposes whatever. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Okay, and so the same data is saying regardless the information&rsquo;s 
accessed over a port 43 or port 80, is that? </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Wel</strong>zel With 
the port 80, in the first step, you get a Web site that says you cannot use it 
for certain purposes. Then you need to click on the button that says, &ldquo;I 
accept,&rdquo; and then you get the data. So it&rsquo;s a two-step process 
there.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> The 
actual data is an identical set of data that&rsquo;s provided at the end of the 
process for port 80 and port 43?</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel</strong> 
Yes.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Great, and my follow-up question would be, since you provide a richer set of 
data to your registrars, I presume your contracts with them may limit the 
purposes that they can use the data for once they obtain it.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel </strong>We 
provide more data than you get from our public whois only with regard to the 
domain names that are being administered by that certain registrar. We 
don&rsquo;t have any special rule on that in the contract with the registrars 
because we assume that the registrars know this data about their customers 
anyway. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Thank you. Hopefully we can now open this up for any other questions from the 
participants involved.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> Coordinator Thank you. One 
moment, please, for our first question. At this time, there are no 
questions.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> 
Jordan, if I can ask a question.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J.Buchanan</strong> Yes, 
absolutely. </font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman 
</strong>Stephen, it&rsquo;s Jeff Neuman. The question I want to ask is, is 
there any kind of special way that you deal with law enforcement or other 
entities, lawyers, attorneys who request more information?</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welze</strong>l 
Firstly, obviously, they have access to the public whois. Secondly, if they 
want to know more than they get from the public whois, they can ask us. If they 
can convince us by writing a short sentence on what this is all about that they 
need that data, they get it. That also by the way applies to any other part. If 
anyone can show that he has a legitimate interest in learning more than he can 
obtain from the whois, then there&rsquo;s no data protection problem with 
giving that additional information to that person, and we indeed give it to 
them.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman </strong>How do 
you usually give it to them just &hellip;?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welze</strong>l It 
depends. If we know who that is, then we e-mail it. Otherwise, we feel more 
comfortable when we get the request in writing, and then we usually end in 
writing. This is actually more frequently being used by intellectual property 
lawyers than by law enforcement agencies.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman </strong>Have 
there been any complaints that the information is not quick enough or any 
complaints from law enforcement or IT attorneys?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel </strong>Not to 
my knowledge, no because the threshold actually is not very high, in 
particular, not for law enforcement agencies. So they say we are dealing with 
someone who whatever has a fraudulent Web site and we want to know since when 
he registered that domain name. That&rsquo;s sufficient. We don&rsquo;t want to 
learn any details. We just need to know they really need that information. 
</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> Last 
question, so it&rsquo;s all done manually? There&rsquo;s no automated way to 
&hellip;</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel 
</strong>That&rsquo;s being dealt with manually then, yes. Perhaps I can add 
this. We have perhaps I would say no more than ten requests like this per 
month. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> Mr. 
Buchanan, we do have some questions. Would you like to take them at this 
time?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> Yes, 
please.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> 
Thank you. Our first question comes from Ryan Lehning .</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>R. Lehning </strong>Just 
a clarification on the data that&rsquo;s made available. You said the only 
e-mail address is for the tech contacts, is that right?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel</strong> And 
the zone contact.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>R. Lehning</strong>  So 
e-mail addresses are not available for admin contact and &hellip; not through 
the registrar?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel 
</strong>Correct. We have this also called domain name guidelines that are 
available in English also in the Web site.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> Our 
next questions from <strong>Marilyn Cade</strong>.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Cade</strong> I think 
actually most of my questions have been answered, but I did have a general 
question. Tell me what a zone contact is.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel</strong> 
That&rsquo;s the person that is supposed to be responsible for the zone. I can 
read from the domain name guidelines. Zone contact looks after the name service 
for the domain.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> Our 
next question comes from<strong> Ken Stubbs</strong>. </font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Stubbs</strong> The 
question I would have would be basically around disclosure in the registration 
agreement. First of all, I&rsquo;m assuming that the registration agreement for 
dot-de domains is consistent in its form throughout all of the registrars. If 
it isn&rsquo;t, how much leeway is a registrar allowed?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> Secondly, does the registration 
agreement specifically disclose that the registry has at its option the ability 
to decide whether or not to disclose the registrant&rsquo;s data? Are there any 
guidelines given in the registration agreement as to what basis the registry 
uses for making its decision whether or not to disclose this data to third 
parties?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel </strong>The 
first question, the registration agreement is the same for all registrants 
because for dot-de domain names, the registration contract is between the 
registrant and the registry directly. So it&rsquo;s the same for all.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> The second question, in the terms 
and conditions, we point out that there is a public whois, so we do not ask for 
the consent of the registrant. We just give the information that the data will 
be published in the whois. That is sufficient according to German data 
protection law. There&rsquo;s nothing about additional information that we give 
out in case someone asks for it and can prove that he has a legitimate interest 
because that is something that is required by law anyway, and there&rsquo;s no 
necessity to point that out to people. It&rsquo;s actually obvious 
anyway.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator </strong>Our 
next question comes from <strong>Markus Heyder.</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Heyder </strong>Yes, I 
want to get back to the requirement on the German law for commercial Web sites 
to post their contact information on the Web site itself. Does that 
classification rely on self classification by the registrars or the Web site 
operators? Or how does that work?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel</strong> 
That&rsquo;s the law that says if you have a commercial Web site&mdash;and we 
have court decisions on that&mdash;that&rsquo;s the reason why I know that 
already one commercial link makes a Web site commercial in that way. At the end 
of the day, and in each individual case, that could only be decided by court in 
the end. We don&rsquo;t care about individual cases. This is just an overall 
argument saying most people have a Web site. Most Web sites have at least a 
commercial link, at least one commercial link, and therefore, people have to 
put their data on their Web site anyway so whois doesn&rsquo;t make any 
difference.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator </strong>At 
this time, there are no additional questions. </font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Thank you. Thanks very much for your time, Stephen, and this has been very 
enlightening. The task force I&rsquo;m sure is very appreciative of the time 
you&rsquo;ve taken late in the evening there in Germany.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Welzel</strong> 
You&rsquo;re welcome. Thanks for having me. Most of this you can find on the 
Web site in English. That would be Denic.de., and if you have any additional 
questions, I&rsquo;m happy to answer them via e-mail. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> Our 
next presenter today will be <strong>Philip Colebrook</strong> from The Global 
Name Registry. Hi, Philip. GNR has negotiated an interesting whois policy with 
ICANN, which hopefully Philip can speak a little bit about. You can also let us 
know, Philip, the status of its implementation. If you would, that would be 
very helpful.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook</strong> 
Sure thing. First, I&rsquo;ll give a bit of a background firstly. For those who 
aren&rsquo;t aware, dot-name is a  gTLD registry designed for individuals who 
are &hellip; registry offering a full whois service. Initially whois 
specifications were in the formats of other standard and extensive search. 
Standard search was available both on port 43 and Web-based, with the extensive 
being available on Web base. Those split the searches into essentially two 
different search results, one which didn&rsquo;t contain the registrant&rsquo;s 
phone, fax numbers and e-mail addresses and one which did. Those are the main 
differences between the two.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> We engaged in discussion with the 
information commissioner, whois responsible for overseeing the Data Protection 
Act in the UK. This Act lays down principles derived from European directors on 
privacy on how basic control such as global net registries should treat the 
private information of individuals. Of course these discussions are also going 
on with ICANN when you try just one goal post of compliance with a local 
jurisdiction, it can affect the other, which in our case is contractual 
requirements.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> I think the ICANN board gave us a 
sense in the end of 2002 to revise whois specification. This specification 
actually broke down the search into four different fields. The initial search 
is a summary search available to the public at no cost. It&rsquo;s a very basic 
search, many providing information as to whether its main product or whether 
other products e-mail forwarding to &hellip; registration exists in the 
registrations data. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> Hidden classification of search 
is a fact search again available to the public at no cost. This provides 
information relating to the registrar, admin, billing, tech contacts with 
fields being name, address, phone number and e-mail contacts, and the creation 
and expiration date, but not provide registrant information of the type of 
e-mail, phone and fax contact. </font></p>
<p>&nbsp; </p>
<p> <font face="Arial, Helvetica, sans-serif">Third </font><font face="Arial, 
Helvetica, sans-serif"> classification of the revised whois specification is a 
detailed search, and this involves a password. The password is obtained once an 
online application form is completed. The whois contains an appendix of our 
agreement with ICANN, the option of registry charging a nominal amount for this 
or using other methods for passing out its viable information. I&rsquo;ll come 
to that stage of our development in a moment, but from our perspective at the 
moment, actually charging is fraught with difficulties, not least of which is 
that we actually end up dealing with more personal information in terms of 
credit cards. Credit card numbers are different. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> Further aspects of a detailed 
search involve specification by the applicant that they&rsquo;re not using the 
search for spamming, marketing, and they&rsquo;re using it for lawful purpose. 
This detailed search provides further information including the registrant 
address and admin contact phone numbers, which were not previously 
available.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> The final search is the extensive 
search, giving the most complete list of details. The applicant has to again 
enter into an online agreement with GNR, and this provides a persistent 
password and continuous access. The applicant has to agree that the access is 
for specific purposes, which may include enforcement of legal rights and law 
enforcement, therefore catering for people such as law enforcement bodies or IP 
interests. There is also a provision in the agreement where the applicant 
agrees not to share the information to outsiders, restricting the distribution 
of the whois information. In our registry, we&rsquo;ve explicitly stated in the 
agreement, the registry will revoke the access if the use is in breach of the 
specified purposes. The information revealed by the extensive search gives 
complete information, registrant's e-mail, phone number and fax number. 
</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> Dot name is a bit of peculiar 
position in that we do have a gTLD tied to that individual so there will very 
often be direct correlation between individuals and the actual whois records 
associated with facts in many cases. Admin, tech and billing will actually be 
the same as the registrar contact. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> We&rsquo;re still in the process 
of development of the revise to a specification currently operating the 
original whois specification. Things are moving very fast. Change is happening 
quickly in the area of privacy in the EU and also in the UK. We maintain 
content with the information commissioner. There&rsquo;s not such an 
enforcement position, but rather it provides us with advice and guidance. Of 
course, we are following very closely the work of the whois task forces. Coming 
back to something I mentioned previously, there is the balancing act involved 
here. Trying to keep all the sectors happy is something that is at the 
forefront of our mind. Therefore, we are following closely developments, for 
example, of a technical side such as the CRISP virus protocol. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> Generally speaking, we feel that 
the revised specification does actually provide for legitimate use of whois 
information, depending on the actual applicant. We think that cases for law 
enforcement requirement and IP interest, and have indications that it does 
actually satisfy the local requirements, both in the UK and in the EU 
generally. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> We&rsquo;re also noting that 
privacy developments are happening in other jurisdictions, which will feed into 
the work of the task force. So we follow those as well. At the moment, 
it&rsquo;s difficult for me, in the absence of actual further output from whois 
task forces and the results of the policy development process to give a 
specific idea of when we&rsquo;ll be implementing a revised whois 
specification. We really do look for guidance from the Whois task force for 
this. That&rsquo;s really a brief background, Jordan, on that. I&rsquo;ll be 
happy to answer any questions that anyone may have.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
That&rsquo;s very helpful. We would like to open it up for questions again. 
While we wait, Jeff, do you have any questions that you&rsquo;d like to 
pose?</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman </strong>Yes, 
just a clarification &hellip; of the Commissioner, did they ever indicate that 
the current whois is in violation of the UK privacy laws? In other words, if 
you were to display everything, have they ever said that would be 
unacceptable?</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook</strong> No, 
we ran through discussions in 2002 which led to whois two, and of course those 
were based on the existing whois data base. We were given guidance that we did 
need to move to &hellip; provide the information available &hellip; out 
further, but when we outlined results of extensive searches under the current 
system versus standard searches, for example, in December 2004, we had 30 
extensive searches versus two million of the standard searches, so the 
information commissioner was apprised of the fact that the specification 
occurring at the moment does significantly restrict access to 
registrant&rsquo;s personal details.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> The 
only other question I had is, do you differentiate between port 43 and 
Web-based?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook 
</strong>Sure. Port 43 actually under the revised specification wouldn&rsquo;t 
provide results of the detailed or extensive search with the registrant&rsquo;s 
e-mail, phone number and fax number would provide results for the standard 
search. So in many respects, very similar to the situation as present where 
port 43 access simply provides the standard search results without registrant 
e-mail, phone/fax details.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> At 
this time, there are no audio questions.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan 
</strong>Actually, let me pose one more briefly myself, and Phil, as you 
mentioned that in the revised specification there is some sort of 
different&mdash;do you intend to say that there&rsquo;s different treatment 
explicitly for like IP interests or law enforcement?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook</strong> No, 
those were the examples that really come to the forefront of my mind in terms 
of people who would be seeking the specific information. No, it&rsquo;s people 
certifying that they have a specific purpose, including the enforcement of 
legal rights. So no, it&rsquo;s not specifically restricted to IP interests or 
law enforcement, although certainly they would be I imagine the bulk of 
users.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Sure, and other than that declaration, you wouldn&rsquo;t make any attempt to 
validate the purpose?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook 
</strong>Currently, we reviewed extensive search entries, and from memory, 
most, if not all, have been filled in completely. Certainly in the absence of 
correct certification or details, we would have no hesitation in restricting 
access on that basis.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Sorry, let me re-explain my question. Not that you don&rsquo;t validate what 
they&rsquo;ve entered is complete. You don&rsquo;t necessarily&mdash;as you 
said, it was a law enforcement investigation. You wouldn&rsquo;t try to 
validate that they are actually law enforcement.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook</strong> As 
a practical measure, certainly yes. </font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan </strong>Do 
we still have no questions, Michelle?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> 
There are no additional questions. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
We&rsquo;ll give everyone about 30 seconds to queue up, and otherwise, Philip, 
I think we will thank you very much for your time.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> 
I&rsquo;m sorry, this is Jeff. Is there an estimated timeframe as to when it 
will come up, this whois two?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook</strong> 
When the actual implementation will be done. We did have some idea last year. 
However, as we&rsquo;ve been following the whois task force work more closely, 
and it has extended. Unfortunately, Jeff, I can&rsquo;t actually give a 
specific date to you, no.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinato</strong>r We 
do have one question. Would you like to take this?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Please.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator 
</strong>Thank you. Marilyn Cade, your line is open.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Cade</strong> We I 
think say thanks to you often as we continue to hear about your progressive 
evolution in this phase, and I appreciate the fact that dot-name is done 
informative briefings for the previous task force as well as this one. You 
probably have more experience in the gTLD space than perhaps some of the other 
registries right now. We had talked a little bit about the fact that you do 
have the ability to charge, but you haven&rsquo;t implemented that, and you 
explained one problem being you would then have more person identifiable 
information. Initially, I thought there were also issues about what the charge 
might be and that there would be a reliance on credit cards for that 
process.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook 
</strong>That&rsquo;s correct, Marilyn. The charging issues obviously were 
reflected in appendix o as approved by the board as far as distribution of any 
income that comes from them &hellip; to the registrar that made the search in 
the case of port 43. Aside from the actual revenue gathering, making &hellip; 
for implementing credit cards collection under these circumstances and in this 
jurisdiction prove to be problematic to a certain extent. Unfortunately, I 
don&rsquo;t have access or in front of me all of the relevant details of when 
those discussions were held. It was a little before my time, but certainly, if 
you have any further queries relating to the specific aspect, I will be very 
happy to discuss it with you. </font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Cade </strong>Yes, I 
think it would be helpful. We may come back to you perhaps at another time, but 
people tend to think this would be easy to implement. We&rsquo;d need to really 
better understand that.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Colebrook</strong> 
Yes, as did we. It is something you think you&rsquo;ve found a remedy here, but 
it does open up other issues. Certainly, I would be happy to assist the task 
force in the future should you desire.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Thanks very much, Phil. Do we have any other questions at this time?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> 
There are no additional questions.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> So 
with that, Philip, I would like to thank you very much for your time once again 
on behalf of the task force and your insight. I think as Marilyn indicated, 
that name has a very interesting perspective in the gTLD  space here, and 
it&rsquo;s very fascinating to hear about it.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> Our next presentation is coming 
from Cira, and it will be provided by Kim Von Arx. I hope I&rsquo;m saying that 
right. I sent around a PowerPoint that Kim provided to the task force, and now 
Kim&rsquo;s going to talk to you.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx</strong> Yes, 
hello. I&rsquo;m the general counsel and the director of policy development at 
Cira in Canada, and this presentation which I actually prepared here. Well, I 
prepared that some time ago actually for a center for the legal and regulatory 
group down there, and based upon the timeframe in which I&rsquo;m 
supposed&mdash;or at least the time which I have to talk about this, I&rsquo;m 
just going to go very quickly through this and give you in essence just the 
highlights of our new policy and compare this very quickly to our old. Then 
after that, I&rsquo;m just going to give you I think as far as understanding 
what your interest then is to the responses and reactions by for example IP and 
law enforcement, other groups overall.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> So to just quickly go through the 
second page, my PowerPoint just gives you a general outline of what the entire 
talk would be about, and first of all, the old whois, which is in essence the 
same as it is currently under the gTLD, the workers playing almost everything, 
which we&rsquo;re collecting. Then after that, I just wanted to quickly touch 
upon the Personal Information Protection Electronics Document Act, which is 
very similar to the privacy directive in the European Union, and then the 
relevant statutes which were then enacted in some other countries in Europe. 
Then just very generally our method as to how we actually approached this 
entire consultation or this attempt to change to whois. Then our new proposals 
to it, and then just quickly some responses, and of course I&rsquo;m open for 
questions.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> I said the old whois, or actually 
the current one even which we are using is in essence exactly the same one as 
the gTLD one. Then sometime in 2003 actually, the Personal Information 
Electronic Documents Act, which we call here PIEDA or PIPEDA in short, came 
about, which is as I said very similar to the European Privacy Directorate, and 
it is obviously protecting the individual&rsquo;s personal information. 
</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> So the basic idea behind that is 
that everybody whose information is being collect and then possibly used, 
disclosed, will have to actually provide consent or informed consent to that 
particular use or disclosure. One of the conditions is that you cannot per se 
provide certain services with the condition that they have to provide you with 
the consent unless it is absolutely reasonable and necessary to do so. 
</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> In addition to that, our most 
recent, but recently ever since the Act came into effect for the private 
sector, the Privacy Commissioner here, the Federal Privacy Commissioner here, 
stated that even organizations of smaller size, for example, employees between 
five to twelve, may very well be subject or protected under the First 
Information Protection Electronic Documents Act. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> So in essence it is a very 
burdensome statute. I don&rsquo;t know whether you have heard from some 
European registries. I just very quickly listened into, so I assume that my 
predecessor or my previous speaker was from the UK and probably touched upon 
the European privacy directive, and I&rsquo;m sure you are very familiar with 
the various privacy approaches in various countries. I don&rsquo;t want to go 
into any more detail about that. So that&rsquo;s just moving down to our 
method. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> The first thing we wanted to do 
is actually just find out what people actually knew about privacy and about 
whois in general. So we did a public survey, interviewed various people and 
actually also invited various stakeholders and interest groups and known entity 
organizations to comment on various aspects of privacy and the whois in 
general. Thereafter, we actually then started to develop, based on the 
information we then gathered, we actually seemed further down just a couple of 
tables, we then started to develop a privacy draft policy which we then wanted 
to consult on, and we just recently completed actually our consultation. 
We&rsquo;re still receiving some reports, so it&rsquo;s actually some 
suggestions from various people, no particular organizations, actually, the IP 
and law enforcement organizations which provide or have provided various 
suggestions as to how the privacy of the whois policy could be proved in 
general, but overall, we perceive that as quite a significant level of support 
in favor of the policy apart from the usual lobbying groups who are against 
this kind of approach to the whois in general. The problem that we&rsquo;re 
having overall is anyway, we are forced in essence by the law anyway to very 
much pursue the approach that we have taken now albeit I do know that there are 
some obviously some leeway we can still take, and we&rsquo;re still now 
currently analyzing all the suggestions we have received. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> This quickly leads me actually 
down to what our whois actually does. We in essence are dividing our 
registrants between two categories for the purposes of whois, which is 
individuals and organizations. In &hellip; organizations, there is actually 
sub-category as well. Anyway, at least individuals, they can, or they are 
actually just automatically not displayed in the whois unless they actually 
explicitly consent and tell us that they do want to be displayed in the whois. 
</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> So the only thing we actually 
displayed for individuals is the domain name, the registrar, the DNS entries 
and the various stage which actually are associated with it, for example, 
expiry date and the last change date. For organizations, we still display the 
exact information that we displayed prior to that or we&rsquo;re displaying 
right now without any holding back of any information whatsoever. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> In regard to organizations, we do 
have one exception. There are&mdash;and we haven&rsquo;t actually now currently 
developed the process by which an organization can actually apply for 
it&mdash;we do have a process for which an organization can apply to not have 
the information disclosed for whatever reason they might actually feel that 
they are entitled not to have it disclosed. The reasons why we actually came up 
with that exclusion are actually twofold. One is because as I mentioned before, 
the privacy commissioner&rsquo;s statement that there are certain organizations 
which are of relatively small size are also entitled under PIPEDA to the 
protection of their personal information. So if there&rsquo;s an organization 
which can certainly show us that they are only an organization of five 
employees, and then therefore they are protected under certain criteria of 
PIPEDA, then they may meet those requirements.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> In addition to that, of course 
there are certain other entities which may require certain privacy aspects to 
their existence and albeit it&rsquo;s probably not the best example because 
they might very well just actually hide their name, but for example, battered 
women organizations which certainly doesn&rsquo;t necessarily want to have 
their entire contact details displayed out on the Internet for everybody to 
see. They may very well be eligible to not have the information 
displayed.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> In regards to registrars are own 
certified registrars. They would have still access to obviously their own 
registrants who have all of the information which they&rsquo;ve collected in 
the first place themselves. In addition to that, they will have access to 
registrants for whom they are not the registrars for certain particular 
purposes. That would be actually implemented by the way it would just have to 
go through a certain check box system where they just say &hellip; we&rsquo;re 
accessing information based on whatever criteria. For example, for transfer of 
domain names or transference of domain name from one registrar to another or 
from one registrant to another registrant by way of another registrar transfer, 
and for example, mergers, or whatever other transactions may require access to 
registrants information for whom the registrar is not the registrar of 
record.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> So in addition to that, of course 
there are certain exceptions that there are certain organizations or certain 
reasons for other organizations to access the information, and for that, of 
course, we are requiring actually some kind of judicial order anyway or 
judgment, which actually allows some organizations to obtain the information in 
general. We do however for dispute resolution purposes currently one policy 
rules and procedures, which stipulates that a party which is pursuing or 
thinking about pursuing a dispute resolution proceeding is entitled to obtain 
all the domain names that they&rsquo;re associated with one particular 
registrant. Obviously, if you no longer display certain names, they can no 
longer do that, but what we are going to change, we&rsquo;re going to change 
that particular policy to if there is somebody who wants to pursue a certain 
domain name because they believe that a certain domain name has been registered 
in bad faith or again stating within our policies and procedures, they can then 
pursue within the dispute resolution policy in the rules, and they can then 
submit a domain name and say that any name that is associated with that 
registrant that is associated with that domain name, they would like to 
actually obtain all the domain names that are associated with that particular 
registrant. So what we would then supply to them is all the names of the domain 
names that are actually associated with that particular registrant. If they do 
then want to actually &hellip; a CDRP, a dispute resolution process, they would 
then access or approach the individual service providers who then in turn would 
access or actually contact us and obtain the content details for that 
particular registrant, and then they would send out the respective complaints 
and documentation that are required.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> I think that actually covers all 
of the most pertinent aspects of the policy overall, and like I said, we did a 
public consultation so far, and we&rsquo;ve had in favor about 86. I think 
we&rsquo;ve gotten a few more in, so it might be now somewhere in the 90s, and 
again, we&rsquo;ve had somewhere in the low 30s, mid-30s, and those were mainly 
law enforcement and IP rights holders and some citizens and actually some 
registrants. The main reason why registrants were actually going to this from 
what I understand is because they don&rsquo;t understand yet how this entire 
process would be implemented and as far as understanding what actually is the 
impact to their overall operations to some significant degree. So we would have 
to obviously prepare this quite effectively and thoroughly before we can launch 
this and impose it upon our registrars.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> That is it. In regards to the 
arguments which were actually put forth against it, and one of the main 
arguments which actually was always put forth obviously is that data would 
prevent law enforcement for that matter, IP rights orders or rights holders in 
general, to obtain of course the information on the Web, and therefore would 
increase their effort or their time commitment to obtain information. Quite 
often of course we&rsquo;ve gotten the information that if they had to do that, 
they would then suddenly have to inundate us with subpoenas and other 
enforcement orders, whoever it might be, whichever department of the 
Government, for example, it might be or some other law enforcement agency to 
obtain the information. </font></p>
<p> <font face="Arial, Helvetica, sans-serif">Of course IP rights orders, their 
main argument was that would cost their clients actually a significant amount 
of money to obtain the appropriate court documents to obtain the information. 
That&rsquo;s pretty much it, and I&rsquo;m certainly happy to respond to any 
questions.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> 
Thanks, Kim. So Michelle, we would like to open it up for questions again. 
I&rsquo;ll actually start off by asking the first question once again &hellip; 
That is, how do you differentiate between individuals and organizations for the 
purposes of determining what data is displayed?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx</strong> 
It&rsquo;s actually more a self-determination by the registrant. In essence, as 
you can imagine, anybody could theoretically become a registered domain name 
under his or her own name and then still run the business or actually run some 
kind of Web site for an organization on that particular domain name. So it is 
in essence a self-determination.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> Is 
there some sort of field when they register, like a check box, that&rsquo;s 
organization or individual?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Von Arx 
</strong>That&rsquo;s correct. Actually, the thing is, the way our system 
works, because the only people or the only organizations or persons who can 
actually register Canadian domain names are any organizations or entities which 
have a link to Canada, which includes obviously citizens of Canada, a permanent 
resident of Canada, country of Canada or any organization which is a foreign 
organization which does have a registered trademark in Canada.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> So when you actually apply or 
when you sign up for a domain name, you have to pick from a list of almost 18 
different legal types, and actually we&rsquo;re trying to reduce those to 
hopefully four or five. So at the moment there are about 18 different legal 
ties which range from like I said a citizen, permanent resident, aboriginal 
people, aboriginal groups, churches, associations and registered trademark 
holders of Canada. That&rsquo;s how we actually distinguish between those, and 
then within those 18 groups, and they&rsquo;re about four of those which would 
be categorized under the big heading of individuals, and then the rest of the 
groups would be categorized under the big heading of organizations. </font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Okay, thanks, Kim. Are there other questions?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>Coordinato</strong>r Yes, 
our first question comes from Ryan Lehning.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>R. Lehning</strong> Just 
a couple of questions. I think this is following up on the last question, but 
there&rsquo;s no way to differentiate between individuals and organizations. 
That&rsquo;s correct? What I&rsquo;m getting at is that a person who works for 
a large company could register the domain name on behalf of herself or on 
behalf of the large company using her own name and be called an individual in 
that context so that even a Web site for Coke, cocacola.com, if I registered it 
as an individual, there would be essentially no registrant or very much 
information at all in the database.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx</strong> 
That&rsquo;s correct.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>R. Lehning</strong> Even 
though the actual domain name is pointing to a well-known trademark for a huge 
company.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx</strong> 
That&rsquo;s correct.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>R. Lenhning</strong> The 
next question is, do you continue to collect the same information that 
you&rsquo;ve collected under the previous policy?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx </strong>We 
would, yes. Actually, most likely we are intending to actually collect a little 
bit more, but yes, generally speaking, we are still at least collecting this 
much.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>R. Lehning</strong> 
You&rsquo;re collecting more information than you did?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx </strong>Not 
yet, and until we actually do that, it&rsquo;s probably going to take awhile 
because the thing that we actually are doing currently, the only information 
we&rsquo;re collecting is the registrant&rsquo;s name, their legal type, the 
administrative contact details, which includes the name and the contact details 
as well as the technical contact details, but we&rsquo;ve never actually 
collected the registrant&rsquo;s contact details. Now in the future, hopefully 
within the next two or three years, we&rsquo;re planning currently around it to 
possibly collect registrant information and contact details, but this is 
actually set apart from the whois itself. Anyway, for the purposes of your 
particular question, we are still going to continue to collect the same 
information.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> I just wanted to follow up on the 
question overall when you raised the issue as to the distinction between 
individual and organizations. I do understand what obviously the overall 
dilemma with that is, that as you said correctly that Coca-Cola or IBM could 
very well have actually individually having registered the domain name, and 
then there&rsquo;s virtually no information displayed in the whois. Obviously, 
the first thing with that is that those large organizations in general are 
starting at least to develop the idea that this is really some kind of possible 
IP rights or at least some kind of rights which they should at least secure 
within their own name. That&rsquo;s just a separate topic altogether, but in 
any event, while we were certainly thinking about this, and we were considering 
what we could do about this, and we certainly considered &hellip; approach for 
example where they actually said you either are engaged in commercial or 
non-commercial activity, but the main problem which we had with that overall is 
just the idea that if we went down that particular road, we opened the huge can 
of worms by suddenly making a determination as to how you use a particular 
domain name and possibly what actually even the content of certain Web sites. 
That is exactly the area which I think at least from a legal and policy point 
of view are certainly at least quite sensitive and dangerous, and so for the 
time being, we certainly don&rsquo;t want to go down that path. So to just tell 
you how we actually got to that particular conclusion.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>Coordinator</strong> Our 
next question comes from Ken Stubbs. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Stubbs</strong> Yes, I 
apologize if this is something you&rsquo;ve covered that I missed, but I 
believe you said that the responsibility of sale with the registrant to 
self-declare as to whether or not the domain was being registered by an 
individual versus a corporation or organization that might be required to 
disclose or provide more additional data. Am I correct there?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Von Arx 
</strong>That&rsquo;s correct, yes.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Stubbs</strong> The 
next step is, is there any enforcement mechanism when there is a determination 
made that in fact at the time the individual registered the domain, the 
registration information that was provided i.e. the category, was either 
misleading or the information was intentionally false with respect to the 
category. I think you know what I&rsquo;m getting at.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx</strong> I 
certainly know what you&rsquo;re asking, and I&rsquo;m &hellip; say no. There 
is no intention to actually enforce or look behind the intention of every 
registration. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Stubbs</strong> So for 
all intents and purposes, it&rsquo;s strictly more or less a decision on the 
part of the registrant as to how much information they want to provide. If 
there&rsquo;s no enforcement, then the party for all intents and purposes could 
provide information that was basically much more sparse than was 
originally&mdash;let&rsquo;s put it this way&mdash;that was originally intended 
for the underlying nature of the registrant. In other words, if I took an 
individual registration for in fact a business selling let&rsquo;s say illegal 
cable box converters or something like that, the only enforcement mechanism 
might possibly be the courts that could force the domain to be taken down. Is 
that correct?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx 
</strong>Actually, yes. You&rsquo;re quite correct about that. Even right now, 
the only way that&mdash;for example, we don&rsquo;t touch domain names unless 
we get a court order telling us that we have to take it down. Even if we get a 
complaint that there is a domain name which utilizes or actually sells for 
example illegal content, however horrific it might be, we do not touch that. 
The main reason for that is because we are not in the business of policing 
content of Web site or the use of domain names unless it is clearly in 
violation of our own policies for example, obviously &hellip; whatever, if it 
doesn&rsquo;t meet our very own internal policies, but we certainly don&rsquo;t 
touch the legality of illegality of domain names and the use thereof because 
that sort of puts us now suddenly into the position of adjudicator, and 
that&rsquo;s certainly something which we don&rsquo;t want to do because then 
somebody makes an allegation, and then we actually have to go out there and do 
the fact finding and then make the adjudication. That certainly is not the most 
efficient way to go about it in making those kind of judgment calls. So 
absolutely we pass that off to a third party in order to make sure that there 
is at least a more effective justice executed than if we did it ourselves. 
</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Stubbs</strong> So in 
effect then there&rsquo;s no obligation on the part of any of your credited 
registrars to determine or to at least advise the registrant of the nature of 
this. For all intents and purposes of what you&rsquo;re saying is you&rsquo;ll 
take anything anybody gives you&mdash;I&rsquo;m not criticizing, I just want to 
make sure that I clearly understand it&mdash;I mean I don&rsquo;t understand 
the underlying basis for that other than avoiding the work that you were 
talking about and putting yourself in that position. I just want to make sure 
that I&rsquo;m clear on that, that for all intents and purposes, there&rsquo;s 
no policing&mdash;I don&rsquo;t like to use the word 
policing&mdash;there&rsquo;s no real enforcement mechanism, nor is there any 
remedy for intentional misrepresentation in a registration. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Von Arx</strong> Just 
generally speaking, I have to just back up a little. The first thing is, and 
we&rsquo;re not going to change that either. What we actually do here is when a 
registration comes through our system, we have actually at least one or two 
people who look at every single registration and the contact details and all 
the information that comes with the registration. They actually physically look 
at it to make a determination as to whether it meets our requirement or not. So 
for example if somebody actually registered as Snow White and the Seven 
Dwarves, then that just gets chucked. So that&rsquo;s absolutely one of our 
test mechanisms for the accuracy of the information overall.</font></p>
<p> <font face="Arial, Helvetica, sans-serif">In terms of later on audits, we 
still have for example in our registrant agreement in same on actually post the 
registrars for example, there is the obligation that they have to make sure 
that the information that is supplied to us is at any time and all times 
accurate. By the information being accurate, we are only referring to for 
example the actual contact details, which really do refer to the particular 
individual, particular party. What I understand you&rsquo;re most likely 
probably alluding to is more the actual use of the domain name whether it is 
for example used as an individual for whatever family album, family Web site, 
or whether it&rsquo;s being used as whatever it is, a Coca-Cola commercial Web 
site. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Stubbs</strong> 
Actually, I&rsquo;m more concerned about the examples of domains being used for 
phishing and for obtaining information illegally, principally identity theft 
and so forth. Maybe you&rsquo;re not seeing as much of that let&rsquo;s say in 
Canada as we are in the U.S. here, but on a regular basis, I constantly get 
phished, and it&rsquo;s extremely difficult in some cases to get those domains 
taken down even if you can prove that the domain clearly is not being used by 
the party who they&rsquo;re acting fraudulently on behalf of.</font></p>
<p> <font face="Arial, Helvetica, sans-serif">So if you got an e-mail from the 
Royal Bank of Canada, and it&rsquo;s hypothetically a Canadian domain name that 
is clearly being used for illegal purposes. What you&rsquo;re telling me is you 
won&rsquo;t do anything unless you have some sort of a legal order for you to 
do that. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Von Arx</strong> 
That&rsquo;s right, and actually, the phishing problems we certainly have here 
probably not as prominently as it is in the States or elsewhere, but we 
certainly do have quite significant problems with that as well. On top of that 
of course, we just recently just a couple of days ago actually, we were still 
faced with an issue where some prominent parliamentarians here, their names 
were registered by some other radical organization which is now currently using 
the domain names, which are associated with the parliamentarian&rsquo;s names 
for some other political purposes which are not in line with their political 
view. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Stubbs</strong> I 
understand.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Von Arx</strong> Of 
course we were contacted by the lawyers of the parliamentarians, and they 
certainly ordered us to take them down, but our issue is overall no, we cannot 
get into the business of that especially if you don&rsquo;t look all the way 
back to when there were various ISPs which introduced their own mail lists and 
obviously e-mail overall. There were some of course which was guaranteed that 
there&rsquo;s never ever going to be anything illegal or defamatory on their 
mailing lists and e-mails. Then of course they were probably 99.999% correct, 
but then there&rsquo;s one that is 0.001% or there&rsquo;s one e-mail which 
went through that cost them and suddenly the continued success, and they just 
went completely belly up.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> So there&rsquo;s always the issue 
of becoming a publisher versus only a single ISP. In general I try to do only 
the conduit of transferring certain information. That&rsquo;s at least from a 
soft key analogy which we in general are adopting or have adopted. I do 
absolutely understand what you&rsquo;re saying, but this is just sort of exact 
in line with what we&rsquo;ve done for the last four years. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> 
Thanks is Jordan. Unfortunately, we&rsquo;re running a little 
bit&mdash;</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>K. Stubbs</strong> I 
apologize for taking up so much time there, Jordan. </font></p>
<p> <font face="Arial, Helvetica, sans-serif">J. Buchanan No problem, Ken. 
Fortunately, it doesn&rsquo;t look like there are other questions, and we are 
running a little bit short on time, so Kim, I&rsquo;m going to have to thank 
you very much for your time and your insights, and with that, we&rsquo;re going 
to move on to the next presenter. Thanks again, Kim.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>K. Von Arx </strong>Thank 
you. Bye.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> Now 
that we&rsquo;ve had three presentations from registries, the next three 
presentations are from either registrars or affiliates of registrars who offer 
privacy services. I&rsquo;m hoping that there may be a little bit of overlap 
here so we can make up a little bit of the time we&rsquo;re behind, but 
I&rsquo;m going to start with Jonathan Nevett of Network Solutions to talk 
about their privacy offering, and we also have Domains by Proxy and E-Nom later 
on the call. Jonathan.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Nevett </strong>Hey, 
Jordan, can you hear me?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> Yes, 
now I can. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Nevett 
</strong>I&rsquo;ll keep this real brief. Essentially we have what we call a 
private registration product that we sell to our domain customers. If anyone 
has Internet access at their desk right now, if you go to whois and you look up 
at novaaffiliatemarketing.com, you can see what one of our private registration 
customer&rsquo;s snapshot will look like. Essentially, unlike some of the other 
private registration-type products out there, we don&rsquo;t offer a proxy 
service where we become the actual registrant. What we do is we&rsquo;ll keep 
the existing registrant&rsquo;s name up, and then list a Network Solutions P.O. 
Box and contact information so if anyone needs to contact those customers, 
they&rsquo;ll do it through us. We&rsquo;ll serve as a quasi-agent for the 
registrant, but we do not take the place of the registrant. If someone wants to 
contact one of our private registration customers, they could do it by e-mail, 
and we have a rotating e-mail address where every ten days it will change, 
which helps prevent spamming. Then we&rsquo;ll just automatically forward those 
e-mails to the actual registrant, or we set up as I mentioned a P.O. Box that 
will accept U.S. mail and then forward that on to our customers. Then we also 
list a phone number where if anyone wants to reach the registrant, they could 
call the number, and then they&rsquo;ll receive information on how to contact 
the registrant either by e-mail or postal mail.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> So you see the snapshot and how 
it works. As far as our agreement with our customers, we have a separate 
section of our service agreement which relates just to this private 
registration product, essentially goes through the terms and conditions, the 
most important part of which is that if we get any kind of third party claims 
about infringement or any of the legal issues, or if there&rsquo;s law 
enforcement activity or any threat in the legal action, we reserve the right to 
withdraw their private registration service and disclose the contact 
information. We obviously reserve a large section of that for us to protect 
ourselves as an entity and also protect any of these third parties that may 
have a legitimate claim against one of our private registration customers. 
That&rsquo;s all I have to talk about, but I&rsquo;m happy to answer any 
questions about how our service works. You&rsquo;ll probably hear from the 
other registrars, how they do it, and I think you&rsquo;ll hear from at least 
one of them that does it via proxy versus the way we do it.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan 
</strong>Thanks, Jonathan. So we can go ahead and open this up for 
questions.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator 
</strong>Thank you. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan 
</strong>I&rsquo;ll play my historical role of asking the first question, 
Jonathan. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Neuman</strong> You 
beat me to it there, Jordan.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> 
Followed by Jeff, and my question is, Jonathan, I see in the example that you 
gave actually so there is still an address and a phone number listed as well. 
What happens if I send mail to that or if I call that phone number?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Nevett</strong> If you 
send mail to the address, we will forward it to the registrant. We&rsquo;ll 
forward it to the registrant, and then if you call the number that we have, 
we&rsquo;re not going to forward the phone call, but what we&rsquo;ll do is 
explain on the phone call, you&rsquo;ll get an operator, and the operator will 
explain how the third party can either write or e-mail to the actual 
registrant, and they&rsquo;ll go through the process where we would just 
forward that on.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> 
Thanks. Jeff?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Neuma</strong>n Just 
on that, do you have a separate e-mail address for each registrant so 
you&rsquo;re able to separate out?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Nevett</strong> Yes, 
we have a separate e-mail address for each registrant, and it rotates every ten 
days. It&rsquo;s an admin contact or a tech contact. Separate e-mail 
addresses.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> The 
only way you&rsquo;ll actually disclose that information is by &hellip; 
</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett </strong>No. 
There are scenarios that we lay out in our service agreement. It&rsquo;s not 
necessarily a subpoena. Depending on the circumstance, it could be a letter or 
something else. Like I said, we reserve the big right for ourselves to waive 
the private registration service if we need to.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> So if 
an IT attorney wanted to know or law enforcement just wanted to know the 
identity without sending anything to the registrant, what kind of processes do 
you all have?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett</strong> 
We&rsquo;ll examine it on a case-by-case basis and see what they&rsquo;re 
asking for and what information they&rsquo;re providing.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> Hey, 
Michelle, start questions.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>Coordinato</strong>r 
Certainly. Our first question comes from Steve Metalitz.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>S. Metalitz </strong>This 
is Steve Metalitz. I have two brief questions, and I apologize if either of 
them is answered in your presentation which I don&rsquo;t have access to. 
First, in the ordinary course, if someone sends an e-mail to the address that 
is provided on the private registration service, what happens to that? Is it 
auto forwarded, or is it looked at at all by Network Solutions?</font></p>
<p> <strong><font face="Arial, Helvetica, sans-serif">J. 
Nevett</font></strong><font face="Arial, Helvetica, sans-serif"> It&rsquo;s 
filtered for spam, and then auto forwarded to the registrant. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>S. Metalitz </strong>My 
next question is, in the case where you decide to kick somebody out of the 
private registration service, what data then goes in to the whois? What data 
would then be accessible in whois?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Nevett</strong> The 
actual data that they provided us in the registration process. </font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Metalitz</strong> So 
you ask registrants to provide the same contact information whether they are 
seeking to be in the private registration service or not?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett</strong> Yes, 
that&rsquo;s right. </font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Coordinato</strong>r At 
this time, there are no additional questions.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Thanks for your time, and Jeff, maybe at some point, our dot-U.S. customers 
could get the service back because we think it&rsquo;s a good service. 
</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Nevett </strong>Duly 
noted.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> I 
had to throw it in. Thanks, Jonathan. So the next presentation we have on a 
very similar topic or very similar service although there may be differences 
will be Tim Ruiz representing Domains by Proxy.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz </strong>Thank 
you, Jordan. Just let me clear up one thing. I&rsquo;m not representing Domains 
by Proxy. I&rsquo;m representing the GoDaddy Group of registrars. Certainly, 
Domains by Proxy is a service we use. It&rsquo;s a sister company in the 
GoDaddy Group, so I just want to make that clear. What precipitated Domains by 
Proxy primarily was concerns over individual&rsquo;s privacy. I don&rsquo;t 
know how many of you follow Bob Parsons&rsquo; blog, but there&rsquo;s an 
interesting post up there today in regards to that and how Domains by Proxy was 
conceived. In the instance he relates there was in regards to a lady who was 
being stalked. So that&rsquo;s the background behind what got us thinking about 
a service like Domains by Proxy, of course today, any individual organization 
or business can use Domains by Proxy to keep their person identifiable or 
contact information private and not a public whois.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> The way Domains by Proxy works is 
through the main registration process. The customer who would have become the 
registrant, actually at one point elects to allow Domains by Proxy or requests 
Domains by Proxy to become the registrant of the domain name. So the domain 
name is actually registered in the name of Domains by Proxy. They are the 
registrant, and then subsequently, the customer agrees or license the use of 
the domain name from Domains by Proxy. There is a very detailed agreement on 
how that works, but basically it gives the customer the full benefits of domain 
name registration without becoming the domain name registrant and having their 
contact information become public. So they can cancel the domain name at their 
choosing. They can completely manage the DNS, attach e-mail services, hosting, 
etc. the same as if they had been the registrant, but again, with Domains by 
Proxy actually being a registrant of the name.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> What we then display in the whois 
is the Domains by Proxy contact information, which is Domains by Proxy as the 
registrant, the admin contact and the technical contact, their address, and 
then a unique e-mail address that is created per domain. So a particular 
customer might have several domains that are using the Domains by Proxy service 
or use Domains by Proxy as the registrant, but each one of those would have a 
different e-mail address based on the domain name. E-mail to that address is 
passed through. It&rsquo;s spam filtered using our proprietary technology and 
then actually forwarded to the appropriate party. Mail that comes to the 
Domains by Proxy address for that domain name, if that mail is certified mail 
or it&rsquo;s traceable mail, then it is forwarded on to the appropriate party. 
Otherwise, it&rsquo;s considered junk mail, and phone calls very similar to 
what Jon&rsquo;s describing, how Network Solutions handles that. If a customer 
calls, and they&rsquo;re looking for what they consider to be the registrant, 
we try to tell them here&rsquo;s how you can write to the e-mail address or 
here&rsquo;s where to send mail. If it&rsquo;s illegal or some sort of dispute 
issue, then they might be forwarded on to the legal department for Domains by 
Proxy.</font></p>
<p> <font face="Arial, Helvetica, sans-serif">n the agreement, the customer of 
course is required to keep the contact information that they store with Domains 
by Proxy. It&rsquo;s all the same contact information they would have normally 
provided through registration of a domain name. They&rsquo;re required to keep 
that up to date. Any changes to that information, they&rsquo;re required to 
notify Domains by Proxy within five days. If Domains by Proxy has any question 
or issue or concern over the efficacy of that data, they are required to 
respond to those inquiries within five days, and failure to do so in either 
event would result in the cancellation of their Domains by Proxy 
service.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> Again, it&rsquo;s a pretty broad 
section. It&rsquo;s section four in the Domains by Proxy agreement that&rsquo;s 
available on the Web site, so I won&rsquo;t go into detail about it, but again, 
it&rsquo;s broad. It&rsquo;s to allow Domains by Proxy the ability to take 
action when reasonably necessary in canceling a Domains by Proxy registration 
or at least canceling the account. If the person using the domain name&rsquo;s 
involved in spam, illegal activities, if we should receive a court order from 
law enforcement, or if they&rsquo;re involved in child pornography, clear 
violations of trademark rights or other intellectual property rights, would all 
be reasons why Domains by Proxy may take quick and immediate action to cancel 
their service with any one customer.</font></p>
<p> <font face="Arial, Helvetica, sans-serif">Sometimes of course those areas 
are a little bit gray. They&rsquo;re harder to discern. So probably most cases, 
a dialogue takes place between the complainant unless it has to do with a court 
order. We file that immediately, but otherwise, a dialogue takes place between 
the complainant and the Domains by Proxy customer in order to try to resolve 
the situation before action is taken. But if it would help, I could provide 
that agreement to the list, or it can be seen pretty easily in the legal 
section at domainsbyproxy.com. I guess that&rsquo;s pretty much the service and 
the way it works, and I&rsquo;ll try to answer any questions that you&rsquo;ve 
got.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> 
Thanks, Tim, and Michelle, I guess we can once again open up for 
questions.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>Coordinator </strong>One 
moment please.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> 
While we&rsquo;re waiting the moment, Tim, let me ask you. So if a Domains by 
Proxy registration is canceled because one of the various recent reasons that 
you listed, since Domains by Proxy is the registrant, does that mean that the 
domain is just deleted, or does that transfer of registrant happen at that 
point and the name&rsquo;s returned to the person entered into the original 
agreement with Domains by Proxy.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz 
</strong>There&rsquo;s a potential that it could just be canceled, but the 
customer actually agrees that the registration of the domain will revert to 
them, and their contact information would be come publicly available in the 
whois.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> Do 
we have other questions, Michelle?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> Yes, 
our first question comes from Steve Metalitz. </font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>S. Metalitz </strong>Tim, 
thank you for the presentation. I just have one question. If someone believes 
that there is an infringement of intellectual property rights associated with 
the registration, how would they proceed to try to get the full contact 
information? Who would they contact in order to start the process that you 
talked about?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz </strong>They 
could either call the number that&rsquo;s listed in the contact information, or 
they could write to Domains by Proxy&rsquo;s legal complaints department. That 
address is clearly available on the Web site. Of course, it&rsquo;s actually 
the address in the contact information as well that&rsquo;s displayed for the 
domain name, and the phone number is there, too.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Metalitz</strong> But 
if they wanted to start the process quickly, the only way they could do that is 
to call that number where the operator is located?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz</strong> Right, 
and that call should be forwarded. If it&rsquo;s in regards to a legal matter 
or a legal concern, that call should be forwarded to the legal department for 
further discussion.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator </strong>At 
this time, there are no additional questions. Actually, one question just came 
up. Bruce Tonkin, your line is open.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>B. Tonkin</strong> Yes, 
this is Bruce Tonkin speaking. I just had a question for fed by Steve 
Metalitz&rsquo;s end and for the two proxy providers, but what are the legal 
requirements? If you&rsquo;re an intellectual property or some other group 
that&rsquo;s wanting to send a legal letter to the holder of the domain name, 
what are the requirements for delivering that letter? Is it possible for you to 
use one of these proxy services, or is it the case that you need to have their 
actual details to formally serve a legal notice? I just want to understand the 
legal construct.</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>T. Ruiz </strong>Bruce, 
this is Time. I don&rsquo;t know quite how to answer the question. I can tell 
you what we do if we were to receive a certified letter like that to the 
Domains by Proxy address for that domain. It would be forwarded straight on to 
the actual customer whois using that domain name.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>B. Tonkin</strong> Tim, 
is there any guarantee that you do that? I&rsquo;m just interested if the legal 
company were sending a letter through Domains by Proxy, is Domains by Proxy 
guaranteeing in some way that it will pass that on, in other words, if the 
person sending the letter had some confidence that that won&rsquo;t 
happen.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz</strong> I guess 
there&rsquo;s nothing that we guarantee to the sender. Of course &hellip; would 
be many, but that is certainly part of our agreement with our Domains by Proxy 
customer that that will occur. The only mail that doesn&rsquo;t get forwarded 
on is if it&rsquo;s not otherwise traceable in some way.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>B. Tonkin</strong> Can 
Steve Metalitz help us answer the question whether that&rsquo;s adequate from a 
legal point of view as the sender? Probably he has to come and ask a question 
to do that.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> I 
think actually, Bruce, do you have any other questions, and if not, we can 
encourage Steve to maybe re-ask the question if he feels like he would want to 
answer that?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> 
Steve Metalitz, your line is open.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Metalitz</strong> 
I&rsquo;m sorry, I didn&rsquo;t know how to get the line open. I don&rsquo;t 
think there&rsquo;s any single answer to Bruce&rsquo;s question. It depends on 
the purposes for which you were sending the notice. The question is are you 
putting the registrant on notice so that any future fringing activity will be 
willful or with knowledge of infringement? So obviously you want to reach the 
actual registrant and not rely upon it being passed through by the proxy. I 
suppose the agreement that the registrant has with the proxy could address this 
question, but I don&rsquo;t know if it does.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz </strong>I think 
the thing to keep in mind is probably like Steve said, it&rsquo;s probably 
different answers depending on the service you&rsquo;re talking about. Domains 
by Proxy is the registrant, so in some way, they are the ones legally 
responsible. At least up to that point, when that notice first comes or 
there&rsquo;s the initial concern with any infringement, perhaps the Network 
Solutions a little different because the original customer becomes the 
registrant of the domain name. So that might be a different 
situation.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan </strong>Tim, 
let me ask actually briefly. I don&rsquo;t know if you can comment on this, but 
are there circumstances in which Domains by Proxy has become engaged in 
litigation because someone didn&rsquo;t know who to sue, and so they sued 
Domains by Proxy instead?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz</strong> 
Yes.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> Any 
other questions at this time?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>Coordinator</strong> 
There are no additional questions.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan </strong>So 
thanks, Tim. We&rsquo;ll now move on to our final presenter of the day, whois 
Paul Stahura from eNom.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Stahura</strong> 
Actually, <strong>Martin Garthwaite </strong>is going to be making the 
presentation.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> Is 
he on your same line, Paul?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>P. Stahura</strong> 
Yes.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Okay, great. Martin is next.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Garthwaite</strong> 
Hi, this is actually a presentation of the service provided to eNom by Whois 
Privacy Protection, Inc. It&rsquo;s very similar to the Domains by Proxy 
service where Whois Privacy Protection, Inc. is listed as the registrant and 
address, phone and fax numbers are provided. An e-mail address is provided. 
Communications which are set to that contact information is forwarded on to the 
contact information provided by the underlying registrant. When complaints are 
received, we have a very low threshold for turning over the underlying 
information of the party. Basically anybody mentioning the word copyright or 
trademark or bought or anything can be sent the underlying contact information, 
and if the complaint is escalated, then we&rsquo;ll turn off the service so 
that it&rsquo;s available generally in the whois though I would note that most 
people are satisfied to just receive it in response to their initial 
e-mail.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> There is really not a whole lot 
to add on what&rsquo;s been said before. I would say that I&rsquo;m intimately 
involved in the abuse complaints that we get in general on copyright 
complaints, trademark complaints, phishing scams, and I&rsquo;ve never seen a 
phishing scam complaint that had whois privacy protection on it. All of those 
complaints relate to domain names that are registered in the names of real 
people. Typically, they&rsquo;re the victim of credit card theft. They&rsquo;re 
identity theft victims to begin with, and I guess I&rsquo;ll stop there and 
open it up for questions.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> The other point that was made 
there is, is that forwarding address a sufficient address in terms of legal 
process, and I guess I would say that in general my reaction to that was that 
the whois contact information isn&rsquo;t a registered agent anyway. So the 
service of process is determined by local court rules, and if a court 
can&rsquo;t reach a party, there are ways to affect service of process. I guess 
the whois isn&rsquo;t designed to be a registered agent in any event, but our 
experience is that it&rsquo;s a service that allows people who have a 
legitimate reason to keep their identity secret, it provides for that. It 
provides means for third parties to contact them, and then it provides means 
for third parties to find out who that underlying party is with very little 
effort. I guess I&rsquo;ll open it up to questions there.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>J. Buchanan</strong> 
Great, thanks, Martin. Do we have any questions?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>Coordinato</strong>r Yes, 
our first question comes from Steve Metalitz.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Metalitz </strong>I 
just have the same question I had really for Tim, which is how would someone 
who believes their intellectual property rights have been violated, how would 
they invoke this complaint abuse process? Is there an e-mail address they 
actually send to? Is there someone they contact?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Garthwaite</strong> 
There are various e-mail addressees they can use. There&rsquo;s a whois privacy 
protect e-mail address, there&rsquo;s an eNom address, and if they send a fax 
or a letter to the contact information, we open up all that stuff up before we 
forward it on, and if we find the complaint in the correspondence, then 
we&rsquo;ll typically respond right then as well.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Metalitz</strong> What 
would be the preferred way to start that process, or do you have a 
preference?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Garthwaite</strong> 
That preferred way for us is via e-mail, certainly, to one of our &hellip; 
contact points.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>S. Metalitz </strong>Are 
those the ones that are listed on your Web site?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Garthwaite</strong> 
Yes, it is.</font></p>
<p><strong><font face="Arial, Helvetica, sans-serif"> 
Coordinator</font></strong><font face="Arial, Helvetica, sans-serif"> There are 
no additional questions at this time.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> This 
is the first time I don&rsquo;t have a question, either, so that was very 
instructive. Do you have any questions, Jeff?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> No, I 
think between those three presenters, I think not.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan 
</strong>Actually, since I see that I think our former presenters on this topic 
are still on the line, let me ask, do you guys have any sense between the three 
of you or individually how what portion of names that these services are 
applied to eventually become the subject of some sort of complaint?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz</strong> Jordan, 
this is Tim. I don&rsquo;t have any data on that specifically. No, I can only 
say it&rsquo;s a popular service. We do get probably daily complaints of one 
form or another, so we deal with it on a daily basis, but I couldn&rsquo;t give 
you any hard facts.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett</strong> Yes, 
same with us. This is Jon. I don&rsquo;t think it&rsquo;d be that many, though, 
but I don&rsquo;t have any hard data.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Garthwaite 
</strong>This is Martin, eNom&rsquo;s Whois Privacy Protect, and we have a 
large number of names that use the service, people that are registering for 
names for one reason or another, and we have very few complaints about the 
underlying registrants. I think we forward two or three items legitimate mail 
on through the system. That&rsquo;s not counting e-mails, but two or three 
items of physical mail per week, and we probably turn off the service maybe 
once or twice a month. We give out the underlying contact information two or 
three times a month. Actually, I thought there was going to be much more work 
coming out of it, and it&rsquo;s relatively quiet. We&rsquo;ve never been sued. 
Whois Privacy Protect has never been sued as a party, and that&rsquo;s a 
lot.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Thanks, Martin. I think Jeff actually does have a question now.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> This 
question&rsquo;s for Network Solutions, GoDaddy and eNom. I&rsquo;m assuming 
that all three of your services, this is a value added service, so it&rsquo;s 
&hellip; charged for it? It&rsquo;s not a default, is that correct?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett </strong>This 
is Jon. We charge for it.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz </strong>This is 
Tim, we charge for it, yes.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Garthwaite 
</strong>ENom charges as well, and we&rsquo;re offering it due to competitive 
pressures. There&rsquo;s a lot of people that do the same thing. There&rsquo;re 
resellers of eNom that were doing it even before we started. There are third 
parties that aren&rsquo;t even resellers of eNom that do it, and then there 
were other registrars. So it&rsquo;s a fact of life that law firms do it for 
their clients.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> To be 
fair, aside from just having a value add service, do you think that 
there&rsquo;s any other reasons why you would charge? I&rsquo;m trying to throw 
a softball to you all as to why you charge other than just making money. Do you 
find that if you charge, more honest people enter into these types of 
service?</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett 
</strong>We&rsquo;re only speculating, but I would say that would be 
true.</font></p>
<p>&nbsp; </p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Garthwaite</strong> 
Yes, it&rsquo;s funny. The people that are doing crimes on the Internet, 
they&rsquo;re using stolen credit cards, and we find that all the major 
problems that relate to domain names stem back to an identity theft victim, and 
they&rsquo;re listed right there in the whois. For whatever reason, they 
don&rsquo;t bother to click the box to select Whois Privacy Protect and add 
another charge on to this credit card they&rsquo;ve stolen. I don&rsquo;t know 
where to go at that.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> If 
this gives away competitive information, then obviously I don&rsquo;t want you 
guys to disclose it, but you have a certain percentage of names that you would 
classify take advantage of this service. Again feel free not to answer if you 
think it&rsquo;s competitive.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett</strong> I 
think I&rsquo;ll accept your invitation not to answer.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz</strong> 
I&rsquo;ll only say that if the question is how many actually take advantage of 
it, I&rsquo;ll just say it&rsquo;s a lot.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>M. Garthwaite</strong> I 
think we&rsquo;ll say it&rsquo;s a large number of names, but it&rsquo;s a 
small percent.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> If we 
were to ... if we were to send around a question with a way to make it 
anonymous, would you answer the percentage so that wouldn&rsquo;t be 
attributable?</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett 
</strong>Sure.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> 
I&rsquo;m just trying to get some stats for the task force in anonymous ways to 
see how many people or what percentage of registrants take advantage of this 
type of service.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Nevett</strong> That 
sounds like a reasonable request, Jeff, but we would need to see the 
questionnaire of course.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> 
Right.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>T. Ruiz </strong>&hellip; 
of GoDaddy.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Neuman</strong> 
I&rsquo;ve got to figure out how we do it anonymously.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Great. Michelle, am I correct that there&rsquo;s no other questions at this 
time?</font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong>Coordinator 
</strong>There are no additional questions.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>J. Buchanan</strong> 
Okay, so with that I think we will wind down this call. It&rsquo;s gone on for 
nearly two hours, and I realize that&rsquo;s a substantial amount of time for 
everyone to have spent on the call. Hopefully this was educational, and I see 
that we have had a lot of activity on the list over the past few days. I 
certainly encourage that trend. We do also have a call planned for next week 
where we&rsquo;re hoping to see the first outline of a staff report. Actually, 
the first half of a staff report, and we&rsquo;re actually expecting an outline 
from the staff this week for that outline of the report. </font></p>
<p><font face="Arial, Helvetica, sans-serif"> So I will try to inquire with the 
staff as to where that outline is and let everyone know on the list. Other than 
that, I think we&rsquo;ll wrap this up, and I&rsquo;ll thank everyone for their 
time and especially our presenters that may remain on the call. Thank you. 
Thanks, Michelle.</font></p>
<p><font face="Arial, Helvetica, sans-serif"> <strong>Coordinator</strong> 
You&rsquo;re welcome. This concludes the conference. You may disconnect at this 
time.</font></p>
<p>&nbsp;  </p>


<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy