[gnso-dow123] REVISED WHOIS Issues discussed at the GNSO Council meeting 2 June 2005
[To: gnso-dow123[at]gnso.icann.org] Dear All, Please find attached the revised extract from the draft GNSO Council minutes dealing with the 2 Items on WHOIS issues that were discussed during the GNSO Council teleconference held on 2 June 2005. Thanks to Marilyn Cade and Tim Ruiz for the observations about the minutes, they have been revised accordingly. Please remember that the Whois task force call starts half an hour later today, that is at 7:00 PDT, 10:00 am EST, 14:00 UTC, and 16:00 CET! Let me know if you have any questions. Thank you very much. Kind regards, -- Glen de Saint Géry GNSO Secretariat - ICANN gnso.secretariat[at]gnso.icann.org http://gnso.icann.org <!--#set var="bartitle" value="Draft WHOIS related GNSO Council minutes"--> <!--#set var="pagetitle" value="Draft WHOIS related GNSO Council minutes"--> <!--#set var="pagedate" value="2 June 2005" value=""--> <!--#set var="bgcell" value="#ffffff"--> <!--#include virtual="/header.shtml"--> <!--#exec cmd="/usr/bin/perl /etc/gnso/menu.pl 'Draft WHOIS related GNSO Council minutes'"--> <h4 align="center"><font face="Arial, Helvetica, sans-serif"><b>Extract of the draft GNSO Council minutes<br> relating to the WHOIS task force items </b></font></h4> <p><font face="Arial, Helvetica, sans-serif"><b> GNSO Council Teleconference held on 2 June 2005<br> </b><strong><br> Item 3: Consideration of the final report from the WHOIS task force with respect to improving notification and consent for the use of contact data in the Whois system. <BR> <A href="http://www.gnso.icann.org/mailing-lists/archives/council/msg00963.html">http://www.gnso.icann.org/mailing-lists/archives/council/msg00963.html</A><br> </strong><br> <strong>Bruce Tonkin</strong> referred to his <a href="http://gnso.icann.org/mailing-lists/archives/council/msg00977.html">posting to the Council list</a> stating, that with respect to considering the <a href="http://www.gnso.icann.org/mailing-lists/archives/council/msg00963.html">final report </a>from the WHOIS task force on improving notification and consent for the use of contact data in the Whois system, the GNSO council would follow the <a href="http://www.icann.org/general/bylaws.htm#AnnexA">ICANN bylaws, section 10, of Annex A</a>, for the Policy Development Process. <br> Section 10 states:<br> 10. Council Deliberation<br> </font> <font face="Arial, Helvetica, sans-serif">a. Upon receipt of a Final Report, the Council chair will<br> (i) distribute the Final Report to all Council members; <br> The <a href="http://gnso.icann.org/mailing-lists/archives/council/msg00963.html">Final report has been distributed</a> to all council members and <br> (ii) call for a Council meeting, which has been done on 2 June 2005.<br> "The Council may commence its deliberation on the issue prior to the formal meeting, including via in-person meetings, conference calls, e-mail discussions or any other means the Council may choose. The deliberation process shall culminate in a formal Council meeting either in person or via teleconference, wherein the Council will work towards achieving a Supermajority Vote to present to the Board."<br> <strong><br> Bruce Tonkin </strong>proposed adjourning the vote until the next council meeting on 23 June 2005 to assure that proxy votes had specific voting instructions, but using the current debate to determine if Council could reach a Supermajority vote, 66%, based on the recommendation or whether changes were needed. <br> If the Council could reach a SuperMajority vote on the recommendation, the Council might decide to create an implementation committee to flesh out some of the implementation details before providing the Final Report <br> to the Board.<br> If the Council could not reach a SuperMajority position, then the Council members that voted against the recommendations needed to provide written reasons within 5 days for inclusion in the Final Report to the Board why they voted against the recommendation. <br> </font><font face="Arial, Helvetica, sans-serif"><br> <a href="http://gnso.icann.org/mailing-lists/archives/council/docEAuV3mXmul.doc">Text of the recommendation: </a></font></p> <font face="Arial, Helvetica, sans-serif"></font><p><font face="Arial, Helvetica, sans-serif">"1. Registrars must ensure that disclosures regarding availability<br> and third-party access to personal data associated with domain names<br> actually be presented to registrants during the registration process.<br> Linking to an external web page is not sufficient. </font></p> <font face="Arial, Helvetica, sans-serif"></font><p><font face="Arial, Helvetica, sans-serif">2. Registrars must ensure that these disclosures are set aside from<br> other provisions of the registration agreement if they are presented to<br> registrants together with that agreement. Alternatively, registrars may<br> present data access disclosures separate from the registration<br> agreement. The wording of the notice provided by registrars should, to<br> the extent feasible, be uniform. <br> <br> 3. Registrars must obtain a separate acknowledgement from<br> registrants that they have read and understand these disclosures. This<br> provision does not affect registrars' existing obligations to obtain<br> registrant consent to the use of their contact information in the WHOIS<br> system. "<br> <br> <strong><br> Philip Sheppard</strong>, representing the Commercial and Business Users constituency, <strong>Niklas Lagergren,</strong> a task force member and representing the Intellectual Property Interests constituency and <strong>Maureen Cubberley</strong>, elected by the Nominating Committee all spoke in favour of the recommendation as being clear, concise, implementable, maintained privacy as well as a high standard of data protection. </font></p> <p><font face="Arial, Helvetica, sans-serif"><strong>Tom Keller</strong>, a task force member and <strong>Bruce Tonkin</strong>, both representing the Registrar constituency spoke against the recommendation. <br> <strong>Tom Keller, </strong>against supporting the recommendation, commented that it placed too much constraint on Registrars, it was unnecessary to single out one issue especially in view of the<a href="http://gnso.icann.org/mailing-lists/archives/council/docvXuOBc9Yat.doc"> list of issues</a> to be clarified, and pointed out that there was a difference between acknowledgement and consent.<br> <strong>Bruce Tonkin</strong> commented from a registrars view point that the recommendation dealt with consumer education and moved away from ICANN's core issues regarding security and stability. There were many elements of registrar agreements that consumers should be made aware of such as delete, expiration of names practices, UDRP requirements, registering names in good faith, and rather than single one ICANN, the Intellectual Property and Business Users should be encouraging their communities to read all the terms and conditions.<br> Regarding part one, Registrars support making information about WHOIS practices available, but disagreed that it was not possible to use a link to a separate webpage. This is a standard way of linking to privacy policies and terms and conditions. <br> Obtaining a separate acknowledgement from registrants placed an unnecessary burden on the registration process. <br> The <a href="http://www.icann.org/registrars/ra-agreement-17may01.htm#2">Registrar Accreditation Agreement</a> had a standard text that registrars should use to inform registrants 2.7.4 <br> <br> <strong>Ken Stubbs</strong>, a task force member and a gTLD registries constituency representative, proposed a uniform disclosure policy agreed on by the registrars.<br> <br> <strong>Jordyn Buchanan</strong>, the chair of the combined WHOIS task force, commented that the current recommendation arose from concern the <a href="http://gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html">Whois task force 2</a> had expressed that in the current notification to registrants it was neither very conspicuous nor obvious that their data would be published in a public data base.<br> <B><a href="http://gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html#NotificationandConsent">2.1 Notification and Consent</a></B></font></p> <P><font face="Arial, Helvetica, sans-serif">"According to the ICANN Registrar Accreditation Agreement (RAA), Registrars are required to form an agreement with Registered Name Holders containing the following elements. </font></P> <P><font face="Arial, Helvetica, sans-serif">Section 3.7.7 of the RAA addresses the requirements of the Registrar/Registrant agreement, including the need for accurate and reliable registrant contact information. To the extent the notice to registrants of data elements collected and displayed are not clear or may be overlooked by registrants based on the overall length and complexity of the registration agreement, it is useful to change the format so that better notice is delivered to registrants. The task force finds that disclosures regarding availability and access to Who is data should be set aside from other provisions of a registration agreement by way of bigger or bolded font, a highlighted section, simplified language or otherwise made more conspicuous. </font></P> <P><font face="Arial, Helvetica, sans-serif">It follows that separate consent to the Whois disclosures is also useful. By obtaining separate consent from registrants, at the time of agreement, to the specific Whois data provisions, it would further draw attention to and facilitate better understanding of the registrar’s Whois disclosure policy."</font></P> <p><font face="Arial, Helvetica, sans-serif"><strong>In summary:</strong><br> a. There could be general agreement on: <br> 2." Registrars must ensure that these disclosures are set aside from other provisions of the registration agreement if they are presented to registrants together with that agreement. Alternatively, registrars may<br> present data access disclosures separate from the registration agreement. The wording of the notice provided by registrars should, to the extent feasible, be uniform. "<br> <br> b. This recommendation would appear to be unacceptable <br> 3. Registrars must obtain a separate acknowledgement from registrants that they have read and understand these disclosures. This provision does not affect registrars' existing obligations to obtain registrant consent to the use of their contact information in the WHOIS system."<br> <br> c. "Linking to an external web page is not sufficient." was not supported by the Registrars <br> <strong><br> ACTION ITEM:<br> Marilyn Cade </strong>suggested as an administrative assignment to the ICANN policy staff:<br> <strong>Review of the top 10 registrars and a random selection of 10 other registrars to determine how registrars make registrants aware of their obligations to provide contact information for public display via the WHOIS service. <br> Report back to Council and the combined Whois task force.<br> <br> </strong></font><font face="Arial, Helvetica, sans-serif"><strong>Timeframe: one week <br> Vote adjourned until the next Council meeting June 23 2005, all councillors unable to attend that meeting should provide proxy votes with instructions. <br> </strong></font><br> <FONT face="Arial, Helvetica, sans-serif"><strong>Item 4. Approval of new<a href="http://www.gnso.icann.org/mailing-lists/archives/council/msg00968.html"> terms of reference for combined WHOIS task force</a>, and approval of membership and voting rules.<br> Bruce Tonkin </strong>commented that the current <a href="http://www.gnso.icann.org/mailing-lists/archives/council/msg00968.html">terms of reference</a>, version 5, had undergone minor additions since the council meeting held on <a href="http://www.gnso.icann.org/meetings/minutes-gnso-12may05.htm">May 12, 2005. </a><br> <br> <strong>Niklas Lagergren proposed:<br> </strong></FONT><strong><FONT face="Arial, Helvetica, sans-serif"> that a requirement be added to the <a href="http://www.gnso.icann.org/mailing-lists/archives/council/msg00968.html">draft terms of reference v5, task 4</a>, to develop a policy for up-front verification of WHOIS information.<br> </FONT></strong><FONT face="Arial, Helvetica, sans-serif"><br> Discussion on the motion:<br> <strong>Marilyn Cade</strong> stated that the Commercial and Business Users constituency supported the need for accurate data, but noted that there are concerns about the "unfunded mandate" approach, and she did not support adding in the up front verification processes to the terms of reference for a variety of reasons. <br> <strong>Bruce Tonkin</strong> suggested investigating the incidence of WHOIS problem reports, how frequent was their follow up and was the complaint system working <br> <br> The motion received <strong>12 votes in favour</strong>, <strong>7 votes against</strong> and <strong>6 abstentions</strong> (count as votes against) out of a<strong> total of 26 votes</strong>. Kiyoshi Tsuru no vote, absent without proxy<br> <strong>The motion failed.<br> <br> Bruce Tonkin </strong>proposed a vote:<br> <strong>to accept the <a href="http://www.gnso.icann.org/mailing-lists/archives/council/msg00968.html">Draft terms of reference v5</a> for the combined WHOIS task force. </strong></FONT></p> <font face="Arial, Helvetica, sans-serif">The motion received <strong>22 votes in favour, </strong>out of a total of 26 votes, (4 councillors were absent for the vote). <br> <strong>The motion carried</strong><br> <br> <strong>Marilyn Cade </strong>proposed instructions on the process:<br> - The task force should be encouraged to have an interactive relationship with Council by reporting on a continual basis the stages of work undertaken.<br> In order to define the purpose of WHOIS, the current uses should be identified and data collected by previous task forces with the help of the ICANN policy staff should be documented. <br> <br> <strong>The GNSO Council accepted the <a href="http://gnso.icann.org/policies/terms-of-reference.html">Terms of Reference for the combined WHOIS task force</a>, noted below: </strong><br> <br> The mission of The Internet Corporation for As</font><font face="Arial, Helvetica, sans-serif">signed Names and Numbers ("ICANN") is to coordinate, at the overall level, the global Internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the Internet's unique identifier systems. </font> <p align="justify"><font face="Arial, Helvetica, sans-serif">In performing this mission, ICANN's bylaws set out 11 core values to guide its decisions and actions. Any ICANN body making a recommendation or decision shall exercise its judgment to determine which of these core values are most relevant and how they apply to the specific circumstances of the case at hand, and to determine, if necessary, an appropriate and defensible balance among competing values.</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">ICANN has agreements with gTLD registrars and gTLD registries that require the provision of a WHOIS service via three mechanisms: port-43, web based access, and bulk access. The agreements also require a<br> Registered Name Holder to provide to a Registrar accurate and reliable contact details and promptly correct and update them during the term of the Registered Name registration, including: the full name, postal<br> address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an<br> organization, association, or corporation; the name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and the name, postal<br> address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name. The contact information must be adequate to facilitate timely resolution of<br> any problems that arise in connection with the Registered Name.</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">A registrar is required in the Registrar Accreditation Agreement (RAA) to take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access or disclosure, alteration, or destruction.</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">The goal of the WHOIS task force is to improve the effectiveness of the WHOIS service in maintaining the stability and security of the Internet's unique identifier systems, whilst taking into account where<br> appropriate the need to ensure privacy protection for the Personal Data of natural persons that may be Registered Name Holders, the authorised representative for contact purposes of a Register Name Holder, or the administrative or technical contact for a domain name.</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif"><strong>Tasks:</strong></font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">(1) Define the purpose of the WHOIS service in the context of ICANN's mission and relevant core values, international and national laws protecting privacy of natural persons, international and national laws<br> that relate specifically to the WHOIS service, and the changing nature of Registered Name Holders.<br> </font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">(2) Define the purpose of the Registered Name Holder, technical, and administrative contacts, in the context of the purpose of WHOIS, and the purpose for which the data was collected. Use the relevant definitions from <a href="http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm">Exhibit C of the Transfers Task force report </a>as a starting point <br> (from http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):</font></p> <p align="center"><font face="Arial, Helvetica, sans-serif">"Contact: Contacts are individuals or entities associated with domain<br> name records. Typically, third parties with specific inquiries or<br> concerns will use contact records to determine who should act upon<br> specific issues related to a domain name record. There are typically<br> three of these contact types associated with a domain name record, the<br> Administrative contact, the Billing contact and the Technical contact.</font></p> <p align="center"><font face="Arial, Helvetica, sans-serif">Contact, Administrative: The administrative contact is an individual,<br> role or organization authorized to interact with the Registry or<br> Registrar on behalf of the Domain Holder. The administrative contact<br> should be able to answer non-technical questions about the domain name's<br> registration and the Domain Holder. In all cases, the Administrative<br> Contact is viewed as the authoritative point of contact for the domain<br> name, second only to the Domain Holder.</font></p> <p align="center"><font face="Arial, Helvetica, sans-serif">Contact, Billing: The billing contact is the individual, role or<br> organization designated to receive the invoice for domain name<br> registration and re-registration fees.</font></p> <p align="center"><font face="Arial, Helvetica, sans-serif">Contact, Technical: The technical contact is the individual, role or<br> organization that is responsible for the technical operations of the<br> delegated zone. This contact likely maintains the domain name server(s)<br> for the domain. The technical contact should be able to answer technical<br> questions about the domain name, the delegated zone and work with<br> technically oriented people in other zones to solve technical problems<br> that affect the domain name and/or zone.<br> Domain Holder: The individual or organization that registers a specific<br> domain name. This individual or organization holds the right to use that<br> specific domain name for a specified period of time, provided certain<br> conditions are met and the registration fees are paid. This person or<br> organization is the "legal entity" bound by the terms of the relevant<br> service agreement with the Registry operator for the TLD in question."<br> </font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">(3) Determine what data collected should be available for public access in the context of the purpose of WHOIS. Determine how to access data that is not available for public access. The current elements that must be displayed by a registrar are:</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">- The name of the Registered Name;</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">- The names of the primary nameserver and secondary nameserver(s) for the Registered Name;</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">- The identity of Registrar (which may be provided through Registrar's website);</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">- The original creation date of the registration;</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">- The expiration date of the registration;</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">- The name and postal address of the Registered Name Holder;</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">- The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and</font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">- The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name.<br> </font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">(4) Determine how to improve the process for notifying a registrar of inaccurate WHOIS data, and the process for investigating and correcting inaccurate data. Currently a registrar "shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of<br> inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy."<br> </font></p> <p align="justify"><font face="Arial, Helvetica, sans-serif">(5) Determine how to resolve differences between a Registered Name Holder's, gTLD Registrar's, or gTLD Registry's obligation to abide by all applicable laws and governmental regulations that relate to the<br> WHOIS service, as well as the obligation to abide by the terms of the agreements with ICANN that relate to the WHOIS service. [Note this task refers to the current work in the WHOIS task force called 'Recommendation 2', A Procedure for conflicts, when there are conflicts between a registrar's of registry's legal obligations under local privacy laws and their contractual obligations to ICANN.]<br> </font></p> <p align="justify"></p> |