RE: [gnso-dow123] WHOIS Issues discussed at the GNSO Council meeting 2 June 2005

["Tim Ruiz" <tim@xxxxxxxxxxx>]

c. "Linking to an external web page is not sufficient." was supported by the
Registrars

 

The above excerpt from the minutes below is not correct is it? I believe
that it was *not* supported by the Registrars.

 

Tim

 

 

-----Original Message-----
From: owner-gnso-dow123@xxxxxxxxx [mailto:owner-gnso-dow123@xxxxxxxxx] On
Behalf Of GNSO.SECRETARIAT@xxxxxxxxxxxxxx
Sent: Monday, June 06, 2005 7:35 AM
To: gnso-dow123@xxxxxxxxxxxxxx
Subject: [gnso-dow123] WHOIS Issues discussed at the GNSO Council meeting 2
June 2005

 


Extract of the draft GNSO Council minutes
relating to the WHOIS task force items 


GNSO Council Teleconference held on 2 June 2005

Item 3: Consideration of the final report from the WHOIS task force with
respect to improving notification and consent for the use of contact data in
the Whois system. 
http://www.gnso.icann.org/mailing-lists/archives/council/msg00963.html

Bruce Tonkin referred to his posting
<http://gnso.icann.org/mailing-lists/archives/council/msg00977.html>  to the
Council list stating, that with respect to considering the final
<http://www.gnso.icann.org/mailing-lists/archives/council/msg00963.html>
report from the WHOIS task force on improving notification and consent for
the use of contact data in the Whois system, the GNSO council would follow
the ICANN bylaws, section 10,
<http://www.icann.org/general/bylaws.htm#AnnexA>  of Annex A, for the Policy
Development Process. 
Section 10 states:
10. Council Deliberation
a. Upon receipt of a Final Report, the Council chair will
(i) distribute the Final Report to all Council members; 
The Final
<http://gnso.icann.org/mailing-lists/archives/council/msg00963.html>  report
has been distributed to all council members and 
(ii) call for a Council meeting, which has been done on 2 June 2005.
"The Council may commence its deliberation on the issue prior to the formal
meeting, including via in-person meetings, conference calls, e-mail
discussions or any other means the Council may choose. The deliberation
process shall culminate in a formal Council meeting either in person or via
teleconference, wherein the Council will work towards achieving a
Supermajority Vote to present to the Board."

Bruce Tonkin proposed adjourning the vote until the next council meeting on
23 June 2005 to assure that proxy votes had specific voting instructions,
but using the current debate to determine if Council could reach a
Supermajority vote, 66%, based on the recommendation or whether changes were
needed. 
If the Council could reach a SuperMajority vote on the recommendation, the
Council might decide to create an implementation committee to flesh out some
of the implementation details before providing the Final Report 
to the Board.
If the Council could not reach a SuperMajority position, then the Council
members that voted against the recommendations needed to provide written
reasons within 5 days for inclusion in the Final Report to the Board why
they voted against the recommendation. 

Text
<http://gnso.icann.org/mailing-lists/archives/council/docEAuV3mXmul.doc>  of
the recommendation: 

"1. Registrars must ensure that disclosures regarding availability
and third-party access to personal data associated with domain names
actually be presented to registrants during the registration process.
Linking to an external web page is not sufficient. 

2. Registrars must ensure that these disclosures are set aside from
other provisions of the registration agreement if they are presented to
registrants together with that agreement. Alternatively, registrars may
present data access disclosures separate from the registration
agreement. The wording of the notice provided by registrars should, to
the extent feasible, be uniform. 

3. Registrars must obtain a separate acknowledgement from
registrants that they have read and understand these disclosures. This
provision does not affect registrars' existing obligations to obtain
registrant consent to the use of their contact information in the WHOIS
system. "


Philip Sheppard, representing the Commercial and Business Users
constituency, Niklas Lagergren, a task force member and representing the
Intellectual Property Interests constituency and Maureen Cubberley, elected
by the Nominating Committee all spoke in favour of the recommendation as
being clear, concise, implementable, maintained privacy as well as a high
standard of data protection. 

Tom Keller, a task force member and Bruce Tonkin, both representing the
Registrar constituency spoke against the recommendation. 
Tom Keller, against supporting the recommendation, commented that it placed
too much constraint on Registrars, it was unnecessary to single out one
issue especially in view of the
<http://gnso.icann.org/mailing-lists/archives/council/docvXuOBc9Yat.doc>
list of issues to be clarified, and pointed out that there was a difference
between acknowledgement and consent.
Bruce Tonkin commented from a registrars view point that the recommendation
dealt with consumer education and moved away from ICANN's core issues
regarding security and stability. There were many elements of registrar
agreements that consumers should be made aware of such as delete, expiration
of names practices, UDRP requirements, registering names in good faith, and
rather than single one ICANN, the Intellectual Property and Business Users
should be encouraging their communities to read all the terms and
conditions.
Regarding part one, Registrars support making information about WHOIS
practices available, but disagreed that it was not possible to use a link to
a separate webpage. This is a standard way of linking to privacy policies
and terms and conditions. 
Obtaining a separate acknowledgement from registrants placed an unnecessary
burden on the registration process. 
The Registrar <http://www.icann.org/registrars/ra-agreement-17may01.htm#2>
Accreditation Agreement had a standard text that registrars should use to
inform registrants 2.7.4 

Ken Stubbs, a task force member and a gTLD registries constituency
representative, proposed a uniform disclosure policy agreed on by the
registrars.

Jordyn Buchanan, the chair of the combined WHOIS task force, commented that
the current recommendation arose from concern the Whois
<http://gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html>
task force 2 had expressed that in the current notification to registrants
it was neither very conspicuous nor obvious that their data would be
published in a public data base.
2.1
<http://gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html#Notif
icationandConsent>  Notification and Consent

"According to the ICANN Registrar Accreditation Agreement (RAA), Registrars
are required to form an agreement with Registered Name Holders containing
the following elements. 

Section 3.7.7 of the RAA addresses the requirements of the
Registrar/Registrant agreement, including the need for accurate and reliable
registrant contact information. To the extent the notice to registrants of
data elements collected and displayed are not clear or may be overlooked by
registrants based on the overall length and complexity of the registration
agreement, it is useful to change the format so that better notice is
delivered to registrants. The task force finds that disclosures regarding
availability and access to Who is data should be set aside from other
provisions of a registration agreement by way of bigger or bolded font, a
highlighted section, simplified language or otherwise made more conspicuous.


It follows that separate consent to the Whois disclosures is also useful. By
obtaining separate consent from registrants, at the time of agreement, to
the specific Whois data provisions, it would further draw attention to and
facilitate better understanding of the registrar's Whois disclosure policy."

In summary:
a. There could be general agreement on: 
2." Registrars must ensure that these disclosures are set aside from other
provisions of the registration agreement if they are presented to
registrants together with that agreement. Alternatively, registrars may
present data access disclosures separate from the registration agreement.
The wording of the notice provided by registrars should, to the extent
feasible, be uniform. "

b. This recommendation would appear to be unacceptable 
3. Registrars must obtain a separate acknowledgement from registrants that
they have read and understand these disclosures. This provision does not
affect registrars' existing obligations to obtain registrant consent to the
use of their contact information in the WHOIS system."

c. "Linking to an external web page is not sufficient." was supported by the
Registrars 

ACTION ITEM:
Marilyn Cade suggested as an administrative assignment to the ICANN policy
staff:
Review of the top 10 registrars and a random selection of 10 other
registrars to determine how registrars make registrants aware of their
obligations to provide contact information for public display via the WHOIS
service. 
Report back to Council and the combined Whois task force.

Timeframe: one week 
Vote adjourned until the next Council meeting June 23 2005, all councillors
unable to attend that meeting should provide proxy votes with instructions. 

Item 4. Approval of new
<http://www.gnso.icann.org/mailing-lists/archives/council/msg00968.html>
terms of reference for combined WHOIS task force, and approval of membership
and voting rules.
Bruce Tonkin commented that the current terms
<http://www.gnso.icann.org/mailing-lists/archives/council/msg00968.html>  of
reference, version 5, had undergone minor additions since the council
meeting held on May 12, 2005.
<http://www.gnso.icann.org/meetings/minutes-gnso-12may05.htm>  

Niklas Lagergren proposed:
that a requirement be added to the draft
<http://www.gnso.icann.org/mailing-lists/archives/council/msg00968.html>
terms of reference v5, task 4, to develop a policy for up-front verification
of WHOIS information.

Discussion on the motion:
Marilyn Cade stated that the Commercial and Business Users constituency
supported the need for accurate data, but did not support mandating how the
data should be validated. 
Bruce Tonkin suggested investigating the incidence of WHOIS problem reports,
how frequent was their follow up and was the complaint system working 

The motion received 12 votes in favour, 7 votes against and 6 abstentions
(count as votes against) out of a total of 26 votes. Kiyoshi Tsuru no vote,
absent without proxy
The motion failed.

Bruce Tonkin proposed a vote:
to accept the Draft
<http://www.gnso.icann.org/mailing-lists/archives/council/msg00968.html>
terms of reference v5 for the combined WHOIS task force. 

The motion received 22 votes in favour, out of a total of 26 votes, (4
councillors were absent for the vote). 
The motion carried

Marilyn Cade proposed instructions on the process:
- The task force should be encouraged to have an interactive relationship
with Council by reporting on a continual basis the stages of work
undertaken.
In order to define the purpose of WHOIS, the current uses should be
identified and data collected by previous task forces with the help of the
ICANN policy staff should be documented. 

The GNSO Council accepted the Terms
<http://gnso.icann.org/policies/terms-of-reference.html>  of Reference for
the combined WHOIS task force, noted below: 

The mission of The Internet Corporation for Assigned Names and Numbers
("ICANN") is to coordinate, at the overall level, the global Internet's
systems of unique identifiers, and in particular to ensure the stable and
secure operation of the Internet's unique identifier systems. 

In performing this mission, ICANN's bylaws set out 11 core values to guide
its decisions and actions. Any ICANN body making a recommendation or
decision shall exercise its judgment to determine which of these core values
are most relevant and how they apply to the specific circumstances of the
case at hand, and to determine, if necessary, an appropriate and defensible
balance among competing values.

ICANN has agreements with gTLD registrars and gTLD registries that require
the provision of a WHOIS service via three mechanisms: port-43, web based
access, and bulk access. The agreements also require a
Registered Name Holder to provide to a Registrar accurate and reliable
contact details and promptly correct and update them during the term of the
Registered Name registration, including: the full name, postal
address, e-mail address, voice telephone number, and fax number if available
of the Registered Name Holder; name of authorized person for contact
purposes in the case of an Registered Name Holder that is an
organization, association, or corporation; the name, postal address, e-mail
address, voice telephone number, and (where available) fax number of the
technical contact for the Registered Name; and the name, postal
address, e-mail address, voice telephone number, and (where available) fax
number of the administrative contact for the Registered Name. The contact
information must be adequate to facilitate timely resolution of
any problems that arise in connection with the Registered Name.

A registrar is required in the Registrar Accreditation Agreement (RAA) to
take reasonable precautions to protect Personal Data from loss, misuse,
unauthorized access or disclosure, alteration, or destruction.

The goal of the WHOIS task force is to improve the effectiveness of the
WHOIS service in maintaining the stability and security of the Internet's
unique identifier systems, whilst taking into account where
appropriate the need to ensure privacy protection for the Personal Data of
natural persons that may be Registered Name Holders, the authorised
representative for contact purposes of a Register Name Holder, or the
administrative or technical contact for a domain name.

Tasks:

(1) Define the purpose of the WHOIS service in the context of ICANN's
mission and relevant core values, international and national laws protecting
privacy of natural persons, international and national laws
that relate specifically to the WHOIS service, and the changing nature of
Registered Name Holders.

(2) Define the purpose of the Registered Name Holder, technical, and
administrative contacts, in the context of the purpose of WHOIS, and the
purpose for which the data was collected. Use the relevant definitions from
Exhibit <http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm>  C
of the Transfers Task force report as a starting point 
(from http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):

"Contact: Contacts are individuals or entities associated with domain
name records. Typically, third parties with specific inquiries or
concerns will use contact records to determine who should act upon
specific issues related to a domain name record. There are typically
three of these contact types associated with a domain name record, the
Administrative contact, the Billing contact and the Technical contact.

Contact, Administrative: The administrative contact is an individual,
role or organization authorized to interact with the Registry or
Registrar on behalf of the Domain Holder. The administrative contact
should be able to answer non-technical questions about the domain name's
registration and the Domain Holder. In all cases, the Administrative
Contact is viewed as the authoritative point of contact for the domain
name, second only to the Domain Holder.

Contact, Billing: The billing contact is the individual, role or
organization designated to receive the invoice for domain name
registration and re-registration fees.

Contact, Technical: The technical contact is the individual, role or
organization that is responsible for the technical operations of the
delegated zone. This contact likely maintains the domain name server(s)
for the domain. The technical contact should be able to answer technical
questions about the domain name, the delegated zone and work with
technically oriented people in other zones to solve technical problems
that affect the domain name and/or zone.
Domain Holder: The individual or organization that registers a specific
domain name. This individual or organization holds the right to use that
specific domain name for a specified period of time, provided certain
conditions are met and the registration fees are paid. This person or
organization is the "legal entity" bound by the terms of the relevant
service agreement with the Registry operator for the TLD in question."

(3) Determine what data collected should be available for public access in
the context of the purpose of WHOIS. Determine how to access data that is
not available for public access. The current elements that must be displayed
by a registrar are:

- The name of the Registered Name;

- The names of the primary nameserver and secondary nameserver(s) for the
Registered Name;

- The identity of Registrar (which may be provided through Registrar's
website);

- The original creation date of the registration;

- The expiration date of the registration;

- The name and postal address of the Registered Name Holder;

- The name, postal address, e-mail address, voice telephone number, and
(where available) fax number of the technical contact for the Registered
Name; and

- The name, postal address, e-mail address, voice telephone number, and
(where available) fax number of the administrative contact for the
Registered Name.

(4) Determine how to improve the process for notifying a registrar of
inaccurate WHOIS data, and the process for investigating and correcting
inaccurate data. Currently a registrar "shall, upon notification by any
person of an inaccuracy in the contact information associated with a
Registered Name sponsored by Registrar, take reasonable steps to investigate
that claimed inaccuracy. In the event Registrar learns of
inaccurate contact information associated with a Registered Name it
sponsors, it shall take reasonable steps to correct that inaccuracy."

(5) Determine how to resolve differences between a Registered Name Holder's,
gTLD Registrar's, or gTLD Registry's obligation to abide by all applicable
laws and governmental regulations that relate to the
WHOIS service, as well as the obligation to abide by the terms of the
agreements with ICANN that relate to the WHOIS service. [Note this task
refers to the current work in the WHOIS task force called 'Recommendation
2', A Procedure for conflicts, when there are conflicts between a
registrar's of registry's legal obligations under local privacy laws and
their contractual obligations to ICANN.]