[gnso-dow123] Whois task force 123 draft minutes 10 May 2005
[To:gnso-dow123[at]gnso.icann.org] Dear task force members, Please find attached the draft minutes for the Whois task force meeting on 10 May 2005, that include Maria Farrell's preliminary summary after each agenda item. Please let me know what changes you would like made. Thank you very much. Kind regards, Glen de Saint Géry GNSO Secretariat - ICANN gnso.secretariat[at]gnso.icann.org http://gnso.icann.org <!--#set var="bartitle" value="WHOIS Task Forces 1 2 3 teleconference
minutes"-->
<!--#set var="pagetitle" value="WHOIS Task Force 1 2 3 teleconference
minutes"-->
<!--#set var="pagedate" value="10 May 2005" value=""-->
<!--#set var="bgcell" value="#ffffff"-->
<!--#include virtual="/header.shtml"-->
<!--#exec cmd="/usr/bin/perl /etc/gnso/menu.pl 'WHOIS Task Force 1 2 3
teleconference minutes'"-->
<h4 align="center"><font face="Arial, Helvetica, sans-serif"><b>WHOIS Task
Forces
1 2 3<br>
<br>
10 May 2005 - Minutes</b></font></h4>
<p><font face="Arial, Helvetica, sans-serif"><b>ATTENDEES:<br>
GNSO Constituency representatives:<br>
</b> Jordyn Buchanan - Co-Chair<br>
Registrars constituency - Ross Rader <br>
Registrars constituency - Paul Stahura <b><br>
</b>gTLD Registries constituency - David Maher<br>
Commercial and Business Users constituency - Marilyn Cade<br>
Internet Service and Connectivity Providers constituency - Tony Harris <br>
Internet Service and Connectivity Providers constituency - Greg Ruth <br>
gTLD Registries constituency - Ken Stubbs <br>
Intellectual Property Interests
Constituency - Steve Metalitz<br>
Intellectual Property Interests Constituency - Niklas Lagergren <br>
Non Commercial Users Constituency - Milton Mueller <br>
Non Commercial Users Constituency - Kathy Kleiman<br>
<br>
<br>
<strong>Liaisons</strong><br>
At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer<br>
At-Large Advisory Committee (ALAC) liaisons - Bret Fausett - absent -
apoloies <br>
</font></p>
<p><font face="Arial, Helvetica, sans-serif"><b>ICANN Staff</b>: <br>
Maria Farrell Farrell - ICANN GNSO Policy Officer<br>
<br>
<b>GNSO Secretariat </b>- Glen
de Saint Géry <br>
<br>
<b>Absent:</b><br>
Commercial and Business Users Constituency - David Fares -apologies <b><br>
</b>Commercial and Business Users Constituency - Sarah Deutsch - apologies
<br>
Registrars constituency - Tom Keller<br>
Registrars constituency - Tim Ruiz - apologies <br>
Non Commercial Users Constituency
- Marc Schneiders<br>
Non Commercial Users Constituency - Frannie Wellings <br>
Internet Service and Connectivity Providers constituency - Maggie Mansourkia
<br>
</font> <font face="Arial, Helvetica, sans-serif"><br>
</font> <font face="Arial, Helvetica, sans-serif"><br>
<a href="http://gnso-audio.icann.org/WHOIS-20050510-tf123.mp3%20";>MP3
Recording</a><br>
<a
href="http://forum.icann.org/lists/gnso-dow123/msg00291.html";>Preliminary
Summary
by Maria Farrell <br>
</a><br>
<strong>Jordyn Buchanan</strong> proposed the following
<strong>agenda:</strong><br>
1. Minutes and Action Items<br>
2. Tiered Access<br>
3. Public comments on notification
<br>
4. Terms of Reference produced by Bruce Tonkin </font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>1. Minutes and Action
Items <br>
Jordyn Buchanan</strong> commented on the role of the 3 documents:<br>
1. The MP3 recording is posted very soon after the call<br>
2. Maria Farrell posts an action summary intended to
summarise the actions agreed upon plus a very high level context discussion
which is not intended to be an ongoing record of the task force. <br>
3. The
minutes that summarise the call.<br>
<strong>Marilyn Cade</strong> commended the staff for initiating the action
summary, suggested renaming it to perhaps preliminary summary and that the
actions be replicated in the minutes which would remind task force members of
what was agreed to as actionable items.<br>
<strong>Jordyn Buchanan</strong> stated that he was opposed to editing the
action summary and to the point that people don’t agree with the minutes,
then a caveat should be in the minutes.<br>
He further commented that Maria would be take into account any lack of
unanimity in the task force. Any constituency was free to respond to the action
summary and record their statements on the mailing list in the archives. <br>
<strong>Marilyn Cade</strong> stated that it was not clear from the minutes in
several places where was work suggested, i.e. when Maria was going to research
the WDPRS, the work assignments, how the feedback would come back into the
task force. Secondly when reference was made to a document in the call, the
appropriate link should be in the minutes.<br>
<br>
<strong>1) Previous week’s ‘action point summary'<br>
Decisions</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong> * ICANN staff & task
force chair (i.e. Jordyn & Maria) will be especially careful in future to
record only unanimously agreed actions and decisions as decisions of the task
force.<br>
* The ‘action point summary’ will be called a ‘preliminary
summary’ from now on.<br>
* Actions in the preliminary summary will state clearly how the actions will
be presented back to the task force, e.g. if a report will be made to the list
or on a future call.<br>
* Actions in the preliminary summary will also be included in the minutes
prepared by Glen, under the heading of the relevant agenda item.<br>
* Staff will endeavour to include in the minutes urls to
reports/websites/etc. referred to in the minutes.<br>
* If participants disagree with the minutes, a caveat should be added to the
minutes retrospectively.<br>
</strong><br>
<strong>Actions</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong> * No specific actions,
but the decisions will all be implemented in staff and chair’s official
record-keeping from this point on. <br>
<br>
2. Tiered Access
</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan</strong>
referred to T<a
href="http://forum.icann.org/lists/gnso-dow123/msg00256.html";>om Keller's draft
statement from the registrar’s constituency</a> and a proposal from <a
href="http://forum.icann.org/lists/gnso-dow123/msg00257.html";>Thomas Roessler
from ALAC on a possible PKI based access model</a> based broadly on the
guidelines TF2 had suggested for tiered access.<br>
In addition, there have been submissions <a
href="http://forum.icann.org/lists/gnso-dow123/msg00022.html";>from various tld
operators</a> <BR>
to the various approaches TLDs took with regards to limiting access to Whois
data:<br>
Stephan Welzel - Presenter - DENIC <BR>
Philip Colebrook - Presenter - Global Names Registry <BR>
<a href="http://forum.icann.org/lists/gnso-dow123/msg00018.html";>Kim von Arx
- Presenter - CIRA </a><BR>
Jonathan Nevett - Presenter - Networksolutions<BR>
Tim Ruiz - Presenter - Domains by Proxy <BR>
Martin Garthwaite - E-Nom . <br>
Recently .name launched a beta version of the tiered access approach that had
been incorporated into their contracts but not implemented till now. <br>
There are a number of documented approaches to the problem.<br>
It would be useful initially to look at the requirements and use cases and
examine the various purposes of Whois so that the resulting policy proposals
are based on identification and current requirements.<br>
<br>
<strong>Marilyn Cade </strong>stated that Whois is currently used by large
and small businesses to:<br>
-
identify names to be used which might already be in use because a new
product or service is being conceived <br>
-
to see what is in the market to avoid confusing customers or even to confuse
customers <br>
-
because they’re introducing a competitive product<br>
- to see what competitors are doing because that may affect the entry into the
market.
.. <br>
- it is also used for trademark policing, phishing, trademark attacks, other
kinds of attacks. <br>
Internet service providers or other big companies operating their own networks
use it for phishing or other kinds of network attacks. Both DNS Whois and IP
whois is used <br>
- on trademarks, they are looking for who is using the name, looking to see if
a confusingly similar name or the same name is being used, to deal with
infringement, customer confusion or to contact them. Mostly companies are
avoiding customer confusion. Very small companies do their own trademark
policing.<br>
- someone, sometimes even the CEO looks at who is using the trademarks. The
NetNanny example is well known where someone had used the name for access to
child pornography.<br>
Follow up can range from cease and desist to ‘hi, I’m interested in
the name and am interested in purchasing it’.<br>
<br>
<strong>Jordyn Buchanan</strong> asked what sort of information the security
department would be looking for in phishing.<br>
Marilyn Cade responded that in her experience, one was encountering an attack
on the network or a phising problem and one was looking for any means to take
the site down, find the person and advise them that they are involved in the
attack. The apparent culprit may be engaged in a drone problem, or may be a
relay on spam. It is not always the first person contacted that ends up being
the person responsible for the problem on the network. Often need more than
one point of contact is needed in looking for the person. Phishing often starts
at 6:00pm on Friday and runs through the weekend.<br>
<br>
<strong>Jordyn Buchanan</strong> summarised the objective in being either to
take down the site or notify the person.<br>
<br>
<strong>Tony Harris</strong> commented that some of the <a
href="http://www.gnso.icann.org/mailing-lists/archives/dow1tf/docgLY6nT14Bz.doc";>ISPCP
uses of Whois data were referenced in the constituency statements submitted to
the Whois task force 1 on 27 April 2004<br>
</a>1. to research and verify domain registrants that could vicariously
cause<br>
liability for ISPs because of illegal, deceptive or infringing content.<br>
The end goal is to initiate legal proceedings and to protect the isp for
liability. </font></p>
<p><font face="Arial, Helvetica, sans-serif"> 2. to prevent or detect sources
of security attacks of their networks and<br>
servers<br>
Every element that can be traced should be available to the ISP<br>
<br>
3. to identify sources of consumer fraud, spam and denial of service
attacks<br>
and incidents<br>
4. to effectuate UDRP proceedings<br>
5. to support technical operations of ISPs or network administrators in the
case, for example, consumer fraud, </font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Steve Metalitz</strong>
referred to the <a
href="http://www.gnso.icann.org/issues/whois-privacy/whois-workshop-03feb04.shtml";>Montreal
meetings</a> in June 2003, where companies used the Whois to manage their own
portfolio of domain names. Expanding on domain names for sites where illegal
activity was going on, e.g. trademark counterfeiting or copyright piracy, one
source of information is to contact the registrar and the party responsible and
in other cases to try to get the site taken down. It is not simply a question
of identifying the registrant but the technical or admin contact contact has
to be contacted to achieve the objectives. <br>
<strong>Steve Metalitz </strong>referred to the work that had been done in
the <a
href="http://www.gnso.icann.org/issues/whois-privacy/Whois-tf1-preliminary.html";>Whois
task force 1 preliminary report</a> where each constituency was asked the
question.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan</strong>
summarised that in illegal activities the objectives were to:<br>
- contact the registrant<br>
- contact the technical or admin contact<br>
- find out who
he domain name holder is.<br>
- take the site down<br>
- to initiate legal action<br>
<strong><br>
Ken Stubbs</strong> commented that to a great extent the display of the data
should be directly related to the nature of the owner. It should be incumbent
on financial institutions, organizations that provided services and products to
the public to provide more information for use by the public. In phishing
cases sometimes the only way is to contact the financial institution itself and
let them know what is going on and not necessarily through their website. Law
enforcement agencies do not know how to deal with this. For individuals, there
may be more of an obligation to stratify the information provided, but for
institutions, there is an obligation to protect the customers</font><font
face="Arial, Helvetica, sans-serif"><br>
He went on to say that it would be difficult to justify the need of Whois for
the registries other than maintain redundancy in the case of failure on the
part of the registrar.<br>
<strong>Marilyn Cade</strong> asked what the difference was between a thin and
thick registry in policing a trademark .<br>
<strong>Jordyn Buchanan</strong> explained that in com and net with a thin
registry, there would be referral to the registrar while with the thick
registries, the registrar still maintains the Whois data and all or much of the
same data should be available from the registrar as from the registry, perhaps
with the exception of .name.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Wendy Seltzer</strong>
added that it should be noted that other historical uses are finding people to
harass them, or finding people who would like to remain private to serve
frivolous notice and take down, finding people who thought they were hidden
behind proxy services, and intimidating people and shutting down free
speech.<br>
<strong>Jordyn Buchanan</strong> explained that the current transfers policy
allows the transfer to be authorized in one of 3 ways:<br>
- to receive a confirmation from the email address listed by the registrant or
the admin contact.<br>
</font><font face="Arial, Helvetica, sans-serif"> - a valid electronic
signature, <br>
-
physical copy of the FOA that is supported by a notarized identity document
</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Marilyn Cade</strong>
noted the uses by law enforcement such as websites on protecting children
online, the centre for missing and exploited children. <a
href="http://www.icann.org/presentations/mithal-whois-workshop-24jun03.pdf";>Maneesha
Mithal</a> United States Federal Trade Commission gave a <a
href="http://www.icann.org/presentations/mithal-whois-workshop-24jun03.pdf";>presentations
in Montrea</a>l on law enforcement uses of Whois. It is also currently being
used in a trans border crime investigation to do with drugs and other crimes.
</font> </p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Kathy</strong>
<strong>Kleiman</strong> seconded Wendy Seltzer saying that for all the reasons
why Whois should be used there were reasons why it should not be
available</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan
summarised:</strong><br>
- that a list of reasons for the use of Whois data had been articulated<br>
-
</font><font face="Arial, Helvetica, sans-serif"> failings in the current whois
implementation should be examined as a follow up on requirements around access
to the data.<br>
<br>
</font><font face="Arial, Helvetica, sans-serif"><strong>2 Information exchange
on tiered access<br>
Decisions<br>
No decisions taken – agenda item was for information sharing only.
</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Actions</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong> * Jordyn will prepare a
list of follow-up topics on access to data and post them to the list.<br>
* List participants to review the follow-up topics and prioritise them for
future discussion. </strong></font></p>
<p> </p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif"><strong>3 Public comments on
notification</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Two comments have been
received so far. The deadline for public comments on notification is Thursday,
12 May 2005. The task force report and public comment forum are at;
http://gnso.icann.org/issues/whois/whois-tf123-final-rpt-22apr05.shtml</strong></font></p>
<p> <font face="Arial, Helvetica, sans-serif"><strong><br>
Maria will prepare the public comments report and circulate it as part of the
Final Task Force Report on recommendations for improving notification and
consent for the use of contact data in the Whois system by Monday, 16 May 2005
at the latest for discussion on the next task force call on Tuesday 17 May.
</strong></font></p>
<p><font face="Arial, Helvetica,
sans-serif"><strong>Actions:</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong> * No new
actions</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif">4. <a
href="http://forum.icann.org/lists/gnso-dow123/msg00258.html";>Terms of
Reference provided by Bruce Tonkin<br>
<strong><br>
</strong></a><strong>Milton Mueller</strong> stated that the NCUC would
submit a formal set of amendments.<br>
Some of them regarded clarification, e.g. in the first paragraph and how the
current RAA defines the purpose of Whois, should be restructured for
clarity.<br>
The NCUC would want to define the primary goal of the task force differently,
that is, as reconciling the Whois requirements of the RAA with the needs to
ensure privacy protection for personal data of individuals who may be
registered name holders or the administrative or technical contact for a domain
name. The NCUC believes that it would be a clearer focus for the task force.
With the statement "improve the effectiveness of the Whois service"
the NCUC believes that it opens the door for modifications of all shapes and
given the fact that the task force had been working on this for 2 years and
had not produced anything a clearer focus was needed. The NCUC feels that the
privacy issues should be resolved before there can be a coherent decision on
accuracy. The NCUC has proposed that the first three tasks be retained in the
terms of reference and the 4th task be deferred.<br>
<br>
<strong>Kathy Kleiman</strong> suggested, in the 2nd paragraph, the goals of
the whois service, the goals to ensure privacy protection for the personal
data of individuals should be expanded to replace" personal" with
"sensitive" data of individuals and organizations and companies. The
issue for the NCUC was that the non-profit organizations involved in human and
civil rights, covered a variety of areas where one did not know where the
physical person was but that the message being sent out should be that
sensitive data of individuals, organizations and companies was protected under
national law and under the United Nations declaration of human rights. Thus,
personal data of individuals, should be changed to look at the sensitive data
of individuals, organizations and companies.</font></p>
<p><strong><font face="Arial, Helvetica, sans-serif">Jordyn
Buchanan</font></strong><font face="Arial, Helvetica, sans-serif"> requested
the task force to consider points in the terms of reference that had unanimous
support of the task force to put forward to the Council<br>
<br>
<strong>Marilyn Cade</strong> suggested that the task force members post to
the list which could be read out to the council and wanted to clarify if the
task force thought that the work on tiered access could be placed in 3.<br>
(3) Determine what WHOIS data elements should be available for public access
that are needed to maintain the stability and security of the Internet.
Determine how to access data that is not available for public access. The
current elements that must be displayed by a registrar are: - The name of the
Registered Name; - The names of the primary nameserver and secondary
nameserver(s) for the Registered Name; - The identity of Registrar (which may
be provided through Registrar's website); - The original creation date of the
registration; - The expiration date of the registration; - The name and postal
address of the Registered Name Holder; - The name, postal address, e-mail
address, voice telephone number, and (where available) fax number of the
technical contact for the Registered Name; and - The name, postal address,
e-mail address, voice telephone number, and (where available) fax number of the
administrative contact for the Registered Name.<br>
<br>
<strong>Ross Rader</strong> cautioned about using the paragraph as a
placeholder for tiered access. That second sentence should include, a
conclusion on tiered access. The most important part of that statement was
first determining what should be made available.<br>
<br>
<strong>Jordyn Buchanan</strong> viewed the 3rd item as incorporating tiered
access.<br>
<br>
<strong>Steve Metalitz</strong> asked whether the terms of reference the
recommendations 1 and recommendation 2.<br>
<br>
</font><font face="Arial, Helvetica, sans-serif"><strong>Jordyn
Buchanan</strong> did not think that they were incorporated.</font> </p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Marilyn Cade</strong>
responding in her council role, commented that the terms of reference were
intended to guide the work of the task force so would need to encompass the
existing work.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Ross Rade</strong>r said
that the task force needed clarification on:<br>
- whether the terms of reference were
new or revised as there was a different process for each.<br>
-
i</font><font face="Arial, Helvetica, sans-serif">f they were new terms of
reference for a new task force, the present task force would need to create a
list of the outstanding work and consider the forward process, whether it would
be handed to the new task force or put into a queue for future work. <br>
- with regard to definitions, most of that work was picked up by the transfers
task force under<br>
definitions from Exhibit C of the Transfers Task force report as a starting
point (from <A
href="http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm";>http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm</A>):</font></p>
<p><strong><font face="Arial, Helvetica, sans-serif">Jordyn Buchanan
proposed:</font></strong><font face="Arial, Helvetica, sans-serif"><br>
-
informing council that there was consensus in the task force suggesting
that the ongoing work be included in the terms of reference<br>
- requesting council to clarify if the terms of reference were to be considered
new or revised <br>
-
add clarifying language referring to to the work of the transfers task force
on the various contacts.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>4 Summary Task Force terms
of reference</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Participants with comments
on the terms of reference were encouraged to send them to the list and Jordyn
will summarise the feedback on the GNSO Council call on Thursday 12 May,
2005.</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Actions</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>· Participants
should email their positions on the terms of reference to the task force
list.</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>· Jordyn will make
suggestions regarding the task force’s consensus views to the GNSO
Council, ask that the Council clarifies whether the terms of reference are new
or revised, and also ask for clarifying language to be added regarding the work
of the transfers task force on the various contracts.</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>· Maria will clip
the definitions in Exhibit C and send to the list. <br>
<br>
Next call<br>
17 May 2005<br>
Discuss the draft final report and finalise it for sending to council.
</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan</strong>
thanked everyone for their participation and the call ended at 16:45 CET
</font> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<h1> </h1>
<p> </p>
<p align="center"> </p>
<p> </p>
|