[gnso-dow123] Whois task force 123 draft minutes 10 May 2005
[To:gnso-dow123[at]gnso.icann.org] Dear task force members, Please find attached the draft minutes for the Whois task force meeting on 10 May 2005, that include Maria Farrell's preliminary summary after each agenda item. Please let me know what changes you would like made. Thank you very much. Kind regards, Glen de Saint Géry GNSO Secretariat - ICANN gnso.secretariat[at]gnso.icann.org http://gnso.icann.org <!--#set var="bartitle" value="WHOIS Task Forces 1 2 3 teleconference minutes"--> <!--#set var="pagetitle" value="WHOIS Task Force 1 2 3 teleconference minutes"--> <!--#set var="pagedate" value="10 May 2005" value=""--> <!--#set var="bgcell" value="#ffffff"--> <!--#include virtual="/header.shtml"--> <!--#exec cmd="/usr/bin/perl /etc/gnso/menu.pl 'WHOIS Task Force 1 2 3 teleconference minutes'"--> <h4 align="center"><font face="Arial, Helvetica, sans-serif"><b>WHOIS Task Forces 1 2 3<br> <br> 10 May 2005 - Minutes</b></font></h4> <p><font face="Arial, Helvetica, sans-serif"><b>ATTENDEES:<br> GNSO Constituency representatives:<br> </b> Jordyn Buchanan - Co-Chair<br> Registrars constituency - Ross Rader <br> Registrars constituency - Paul Stahura <b><br> </b>gTLD Registries constituency - David Maher<br> Commercial and Business Users constituency - Marilyn Cade<br> Internet Service and Connectivity Providers constituency - Tony Harris <br> Internet Service and Connectivity Providers constituency - Greg Ruth <br> gTLD Registries constituency - Ken Stubbs <br> Intellectual Property Interests Constituency - Steve Metalitz<br> Intellectual Property Interests Constituency - Niklas Lagergren <br> Non Commercial Users Constituency - Milton Mueller <br> Non Commercial Users Constituency - Kathy Kleiman<br> <br> <br> <strong>Liaisons</strong><br> At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer<br> At-Large Advisory Committee (ALAC) liaisons - Bret Fausett - absent - apoloies <br> </font></p> <p><font face="Arial, Helvetica, sans-serif"><b>ICANN Staff</b>: <br> Maria Farrell Farrell - ICANN GNSO Policy Officer<br> <br> <b>GNSO Secretariat </b>- Glen de Saint Géry <br> <br> <b>Absent:</b><br> Commercial and Business Users Constituency - David Fares -apologies <b><br> </b>Commercial and Business Users Constituency - Sarah Deutsch - apologies <br> Registrars constituency - Tom Keller<br> Registrars constituency - Tim Ruiz - apologies <br> Non Commercial Users Constituency - Marc Schneiders<br> Non Commercial Users Constituency - Frannie Wellings <br> Internet Service and Connectivity Providers constituency - Maggie Mansourkia <br> </font> <font face="Arial, Helvetica, sans-serif"><br> </font> <font face="Arial, Helvetica, sans-serif"><br> <a href="http://gnso-audio.icann.org/WHOIS-20050510-tf123.mp3%20">MP3 Recording</a><br> <a href="http://forum.icann.org/lists/gnso-dow123/msg00291.html">Preliminary Summary by Maria Farrell <br> </a><br> <strong>Jordyn Buchanan</strong> proposed the following <strong>agenda:</strong><br> 1. Minutes and Action Items<br> 2. Tiered Access<br> 3. Public comments on notification <br> 4. Terms of Reference produced by Bruce Tonkin </font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>1. Minutes and Action Items <br> Jordyn Buchanan</strong> commented on the role of the 3 documents:<br> 1. The MP3 recording is posted very soon after the call<br> 2. Maria Farrell posts an action summary intended to summarise the actions agreed upon plus a very high level context discussion which is not intended to be an ongoing record of the task force. <br> 3. The minutes that summarise the call.<br> <strong>Marilyn Cade</strong> commended the staff for initiating the action summary, suggested renaming it to perhaps preliminary summary and that the actions be replicated in the minutes which would remind task force members of what was agreed to as actionable items.<br> <strong>Jordyn Buchanan</strong> stated that he was opposed to editing the action summary and to the point that people don’t agree with the minutes, then a caveat should be in the minutes.<br> He further commented that Maria would be take into account any lack of unanimity in the task force. Any constituency was free to respond to the action summary and record their statements on the mailing list in the archives. <br> <strong>Marilyn Cade</strong> stated that it was not clear from the minutes in several places where was work suggested, i.e. when Maria was going to research the WDPRS, the work assignments, how the feedback would come back into the task force. Secondly when reference was made to a document in the call, the appropriate link should be in the minutes.<br> <br> <strong>1) Previous week’s ‘action point summary'<br> Decisions</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong> * ICANN staff & task force chair (i.e. Jordyn & Maria) will be especially careful in future to record only unanimously agreed actions and decisions as decisions of the task force.<br> * The ‘action point summary’ will be called a ‘preliminary summary’ from now on.<br> * Actions in the preliminary summary will state clearly how the actions will be presented back to the task force, e.g. if a report will be made to the list or on a future call.<br> * Actions in the preliminary summary will also be included in the minutes prepared by Glen, under the heading of the relevant agenda item.<br> * Staff will endeavour to include in the minutes urls to reports/websites/etc. referred to in the minutes.<br> * If participants disagree with the minutes, a caveat should be added to the minutes retrospectively.<br> </strong><br> <strong>Actions</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong> * No specific actions, but the decisions will all be implemented in staff and chair’s official record-keeping from this point on. <br> <br> 2. Tiered Access </strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan</strong> referred to T<a href="http://forum.icann.org/lists/gnso-dow123/msg00256.html">om Keller's draft statement from the registrar’s constituency</a> and a proposal from <a href="http://forum.icann.org/lists/gnso-dow123/msg00257.html">Thomas Roessler from ALAC on a possible PKI based access model</a> based broadly on the guidelines TF2 had suggested for tiered access.<br> In addition, there have been submissions <a href="http://forum.icann.org/lists/gnso-dow123/msg00022.html">from various tld operators</a> <BR> to the various approaches TLDs took with regards to limiting access to Whois data:<br> Stephan Welzel - Presenter - DENIC <BR> Philip Colebrook - Presenter - Global Names Registry <BR> <a href="http://forum.icann.org/lists/gnso-dow123/msg00018.html">Kim von Arx - Presenter - CIRA </a><BR> Jonathan Nevett - Presenter - Networksolutions<BR> Tim Ruiz - Presenter - Domains by Proxy <BR> Martin Garthwaite - E-Nom . <br> Recently .name launched a beta version of the tiered access approach that had been incorporated into their contracts but not implemented till now. <br> There are a number of documented approaches to the problem.<br> It would be useful initially to look at the requirements and use cases and examine the various purposes of Whois so that the resulting policy proposals are based on identification and current requirements.<br> <br> <strong>Marilyn Cade </strong>stated that Whois is currently used by large and small businesses to:<br> - identify names to be used which might already be in use because a new product or service is being conceived <br> - to see what is in the market to avoid confusing customers or even to confuse customers <br> - because they’re introducing a competitive product<br> - to see what competitors are doing because that may affect the entry into the market. .. <br> - it is also used for trademark policing, phishing, trademark attacks, other kinds of attacks. <br> Internet service providers or other big companies operating their own networks use it for phishing or other kinds of network attacks. Both DNS Whois and IP whois is used <br> - on trademarks, they are looking for who is using the name, looking to see if a confusingly similar name or the same name is being used, to deal with infringement, customer confusion or to contact them. Mostly companies are avoiding customer confusion. Very small companies do their own trademark policing.<br> - someone, sometimes even the CEO looks at who is using the trademarks. The NetNanny example is well known where someone had used the name for access to child pornography.<br> Follow up can range from cease and desist to ‘hi, I’m interested in the name and am interested in purchasing it’.<br> <br> <strong>Jordyn Buchanan</strong> asked what sort of information the security department would be looking for in phishing.<br> Marilyn Cade responded that in her experience, one was encountering an attack on the network or a phising problem and one was looking for any means to take the site down, find the person and advise them that they are involved in the attack. The apparent culprit may be engaged in a drone problem, or may be a relay on spam. It is not always the first person contacted that ends up being the person responsible for the problem on the network. Often need more than one point of contact is needed in looking for the person. Phishing often starts at 6:00pm on Friday and runs through the weekend.<br> <br> <strong>Jordyn Buchanan</strong> summarised the objective in being either to take down the site or notify the person.<br> <br> <strong>Tony Harris</strong> commented that some of the <a href="http://www.gnso.icann.org/mailing-lists/archives/dow1tf/docgLY6nT14Bz.doc">ISPCP uses of Whois data were referenced in the constituency statements submitted to the Whois task force 1 on 27 April 2004<br> </a>1. to research and verify domain registrants that could vicariously cause<br> liability for ISPs because of illegal, deceptive or infringing content.<br> The end goal is to initiate legal proceedings and to protect the isp for liability. </font></p> <p><font face="Arial, Helvetica, sans-serif"> 2. to prevent or detect sources of security attacks of their networks and<br> servers<br> Every element that can be traced should be available to the ISP<br> <br> 3. to identify sources of consumer fraud, spam and denial of service attacks<br> and incidents<br> 4. to effectuate UDRP proceedings<br> 5. to support technical operations of ISPs or network administrators in the case, for example, consumer fraud, </font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Steve Metalitz</strong> referred to the <a href="http://www.gnso.icann.org/issues/whois-privacy/whois-workshop-03feb04.shtml">Montreal meetings</a> in June 2003, where companies used the Whois to manage their own portfolio of domain names. Expanding on domain names for sites where illegal activity was going on, e.g. trademark counterfeiting or copyright piracy, one source of information is to contact the registrar and the party responsible and in other cases to try to get the site taken down. It is not simply a question of identifying the registrant but the technical or admin contact contact has to be contacted to achieve the objectives. <br> <strong>Steve Metalitz </strong>referred to the work that had been done in the <a href="http://www.gnso.icann.org/issues/whois-privacy/Whois-tf1-preliminary.html">Whois task force 1 preliminary report</a> where each constituency was asked the question.</font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan</strong> summarised that in illegal activities the objectives were to:<br> - contact the registrant<br> - contact the technical or admin contact<br> - find out who he domain name holder is.<br> - take the site down<br> - to initiate legal action<br> <strong><br> Ken Stubbs</strong> commented that to a great extent the display of the data should be directly related to the nature of the owner. It should be incumbent on financial institutions, organizations that provided services and products to the public to provide more information for use by the public. In phishing cases sometimes the only way is to contact the financial institution itself and let them know what is going on and not necessarily through their website. Law enforcement agencies do not know how to deal with this. For individuals, there may be more of an obligation to stratify the information provided, but for institutions, there is an obligation to protect the customers</font><font face="Arial, Helvetica, sans-serif"><br> He went on to say that it would be difficult to justify the need of Whois for the registries other than maintain redundancy in the case of failure on the part of the registrar.<br> <strong>Marilyn Cade</strong> asked what the difference was between a thin and thick registry in policing a trademark .<br> <strong>Jordyn Buchanan</strong> explained that in com and net with a thin registry, there would be referral to the registrar while with the thick registries, the registrar still maintains the Whois data and all or much of the same data should be available from the registrar as from the registry, perhaps with the exception of .name.</font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Wendy Seltzer</strong> added that it should be noted that other historical uses are finding people to harass them, or finding people who would like to remain private to serve frivolous notice and take down, finding people who thought they were hidden behind proxy services, and intimidating people and shutting down free speech.<br> <strong>Jordyn Buchanan</strong> explained that the current transfers policy allows the transfer to be authorized in one of 3 ways:<br> - to receive a confirmation from the email address listed by the registrant or the admin contact.<br> </font><font face="Arial, Helvetica, sans-serif"> - a valid electronic signature, <br> - physical copy of the FOA that is supported by a notarized identity document </font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Marilyn Cade</strong> noted the uses by law enforcement such as websites on protecting children online, the centre for missing and exploited children. <a href="http://www.icann.org/presentations/mithal-whois-workshop-24jun03.pdf">Maneesha Mithal</a> United States Federal Trade Commission gave a <a href="http://www.icann.org/presentations/mithal-whois-workshop-24jun03.pdf">presentations in Montrea</a>l on law enforcement uses of Whois. It is also currently being used in a trans border crime investigation to do with drugs and other crimes. </font> </p> <p><font face="Arial, Helvetica, sans-serif"><strong>Kathy</strong> <strong>Kleiman</strong> seconded Wendy Seltzer saying that for all the reasons why Whois should be used there were reasons why it should not be available</font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan summarised:</strong><br> - that a list of reasons for the use of Whois data had been articulated<br> - </font><font face="Arial, Helvetica, sans-serif"> failings in the current whois implementation should be examined as a follow up on requirements around access to the data.<br> <br> </font><font face="Arial, Helvetica, sans-serif"><strong>2 Information exchange on tiered access<br> Decisions<br> No decisions taken – agenda item was for information sharing only. </strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Actions</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong> * Jordyn will prepare a list of follow-up topics on access to data and post them to the list.<br> * List participants to review the follow-up topics and prioritise them for future discussion. </strong></font></p> <p> </p> <p> </p> <p><font face="Arial, Helvetica, sans-serif"><strong>3 Public comments on notification</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Two comments have been received so far. The deadline for public comments on notification is Thursday, 12 May 2005. The task force report and public comment forum are at; http://gnso.icann.org/issues/whois/whois-tf123-final-rpt-22apr05.shtml</strong></font></p> <p> <font face="Arial, Helvetica, sans-serif"><strong><br> Maria will prepare the public comments report and circulate it as part of the Final Task Force Report on recommendations for improving notification and consent for the use of contact data in the Whois system by Monday, 16 May 2005 at the latest for discussion on the next task force call on Tuesday 17 May. </strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Actions:</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong> * No new actions</strong></font></p> <p><font face="Arial, Helvetica, sans-serif">4. <a href="http://forum.icann.org/lists/gnso-dow123/msg00258.html">Terms of Reference provided by Bruce Tonkin<br> <strong><br> </strong></a><strong>Milton Mueller</strong> stated that the NCUC would submit a formal set of amendments.<br> Some of them regarded clarification, e.g. in the first paragraph and how the current RAA defines the purpose of Whois, should be restructured for clarity.<br> The NCUC would want to define the primary goal of the task force differently, that is, as reconciling the Whois requirements of the RAA with the needs to ensure privacy protection for personal data of individuals who may be registered name holders or the administrative or technical contact for a domain name. The NCUC believes that it would be a clearer focus for the task force. With the statement "improve the effectiveness of the Whois service" the NCUC believes that it opens the door for modifications of all shapes and given the fact that the task force had been working on this for 2 years and had not produced anything a clearer focus was needed. The NCUC feels that the privacy issues should be resolved before there can be a coherent decision on accuracy. The NCUC has proposed that the first three tasks be retained in the terms of reference and the 4th task be deferred.<br> <br> <strong>Kathy Kleiman</strong> suggested, in the 2nd paragraph, the goals of the whois service, the goals to ensure privacy protection for the personal data of individuals should be expanded to replace" personal" with "sensitive" data of individuals and organizations and companies. The issue for the NCUC was that the non-profit organizations involved in human and civil rights, covered a variety of areas where one did not know where the physical person was but that the message being sent out should be that sensitive data of individuals, organizations and companies was protected under national law and under the United Nations declaration of human rights. Thus, personal data of individuals, should be changed to look at the sensitive data of individuals, organizations and companies.</font></p> <p><strong><font face="Arial, Helvetica, sans-serif">Jordyn Buchanan</font></strong><font face="Arial, Helvetica, sans-serif"> requested the task force to consider points in the terms of reference that had unanimous support of the task force to put forward to the Council<br> <br> <strong>Marilyn Cade</strong> suggested that the task force members post to the list which could be read out to the council and wanted to clarify if the task force thought that the work on tiered access could be placed in 3.<br> (3) Determine what WHOIS data elements should be available for public access that are needed to maintain the stability and security of the Internet. Determine how to access data that is not available for public access. The current elements that must be displayed by a registrar are: - The name of the Registered Name; - The names of the primary nameserver and secondary nameserver(s) for the Registered Name; - The identity of Registrar (which may be provided through Registrar's website); - The original creation date of the registration; - The expiration date of the registration; - The name and postal address of the Registered Name Holder; - The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and - The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name.<br> <br> <strong>Ross Rader</strong> cautioned about using the paragraph as a placeholder for tiered access. That second sentence should include, a conclusion on tiered access. The most important part of that statement was first determining what should be made available.<br> <br> <strong>Jordyn Buchanan</strong> viewed the 3rd item as incorporating tiered access.<br> <br> <strong>Steve Metalitz</strong> asked whether the terms of reference the recommendations 1 and recommendation 2.<br> <br> </font><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan</strong> did not think that they were incorporated.</font> </p> <p><font face="Arial, Helvetica, sans-serif"><strong>Marilyn Cade</strong> responding in her council role, commented that the terms of reference were intended to guide the work of the task force so would need to encompass the existing work.</font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Ross Rade</strong>r said that the task force needed clarification on:<br> - whether the terms of reference were new or revised as there was a different process for each.<br> - i</font><font face="Arial, Helvetica, sans-serif">f they were new terms of reference for a new task force, the present task force would need to create a list of the outstanding work and consider the forward process, whether it would be handed to the new task force or put into a queue for future work. <br> - with regard to definitions, most of that work was picked up by the transfers task force under<br> definitions from Exhibit C of the Transfers Task force report as a starting point (from <A href="http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm">http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm</A>):</font></p> <p><strong><font face="Arial, Helvetica, sans-serif">Jordyn Buchanan proposed:</font></strong><font face="Arial, Helvetica, sans-serif"><br> - informing council that there was consensus in the task force suggesting that the ongoing work be included in the terms of reference<br> - requesting council to clarify if the terms of reference were to be considered new or revised <br> - add clarifying language referring to to the work of the transfers task force on the various contacts.</font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>4 Summary Task Force terms of reference</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Participants with comments on the terms of reference were encouraged to send them to the list and Jordyn will summarise the feedback on the GNSO Council call on Thursday 12 May, 2005.</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Actions</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>· Participants should email their positions on the terms of reference to the task force list.</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>· Jordyn will make suggestions regarding the task force’s consensus views to the GNSO Council, ask that the Council clarifies whether the terms of reference are new or revised, and also ask for clarifying language to be added regarding the work of the transfers task force on the various contracts.</strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>· Maria will clip the definitions in Exhibit C and send to the list. <br> <br> Next call<br> 17 May 2005<br> Discuss the draft final report and finalise it for sending to council. </strong></font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan</strong> thanked everyone for their participation and the call ended at 16:45 CET </font> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <h1> </h1> <p> </p> <p align="center"> </p> <p> </p> |